{ "type": "bundle", "id": "bundle--58046227-00a0-47fb-a125-c025950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:18.000Z", "modified": "2016-10-21T14:14:18.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58046227-00a0-47fb-a125-c025950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:18.000Z", "modified": "2016-10-21T14:14:18.000Z", "name": "Spam week 43 (mule acquisition) - probably related to Locky resources", "published": "2016-10-21T14:17:47Z", "object_refs": [ "indicator--58046295-dae4-43f8-9802-4fb9950d210f", "indicator--58046296-9cf8-41df-9bd1-4041950d210f", "indicator--58046296-fcec-43d4-bfd4-4543950d210f", "indicator--58046297-43f4-45ea-8fb1-4069950d210f", "indicator--58046298-8d08-44a4-bc99-4585950d210f", "indicator--58046299-04d0-4911-994a-429a950d210f", "indicator--58046299-e90c-4f3f-8ea6-45a0950d210f", "indicator--5804629a-cb54-4fe8-bf42-4fa0950d210f", "indicator--5804629a-bfe4-4102-b42d-4154950d210f", "indicator--5804629b-af28-4df7-b562-485c950d210f", "indicator--5804629c-af78-4ace-92c0-4edf950d210f", "indicator--5804629c-9538-4c0b-bc11-4607950d210f", "indicator--58064166-63f8-4728-bcbf-bd57950d210f", "indicator--58064166-dfdc-4cb4-855a-bd57950d210f", "indicator--58064166-de0c-470d-b7c0-bd57950d210f", "indicator--58064b14-19dc-4426-8ee8-b516950d210f", "indicator--58064b15-e7c4-415e-9edd-b516950d210f", "indicator--58064b15-d08c-4b11-b655-b516950d210f", "indicator--580782bd-335c-464f-b96a-442f950d210f", "indicator--580782be-7dac-42b7-983e-4ada950d210f", "indicator--580782be-9dc0-4dde-9257-475f950d210f", "indicator--580a22b7-d324-4933-91ea-41a9950d210f", "indicator--580a22b7-f8c0-4c6d-b969-4fba950d210f", "indicator--580a22b7-a07c-460b-9e1a-40b9950d210f", "indicator--580a22b7-4578-4772-9502-4b3d950d210f", "indicator--580a22b8-5228-4e35-9f52-4e2a950d210f", "indicator--580a22b8-fe78-4b32-8104-476f950d210f", "indicator--580a22b8-409c-483c-8d48-4e72950d210f", "indicator--580a22b8-6d90-4e3c-8f76-452a950d210f", "indicator--580a22b8-c1a8-42ba-8fa4-430f950d210f", "indicator--580a22b9-9484-4a1f-a89a-4e00950d210f", "indicator--580a22b9-2f50-4225-95df-42c9950d210f", "indicator--580a22b9-9680-4aa6-a594-467b950d210f", "indicator--580a22b9-c044-4f4f-ab66-4934950d210f", "indicator--580a22ba-7970-4132-9668-47c8950d210f", "indicator--580a22ba-0ee8-4d45-b64a-4ad1950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046295-dae4-43f8-9802-4fb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:09.000Z", "modified": "2016-10-17T05:33:09.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://bdgtest.bluedoor.com.cn/discuz/myfolder/nkrisl2/par/cg-bn/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046296-9cf8-41df-9bd1-4041950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:10.000Z", "modified": "2016-10-17T05:33:10.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'bdgtest.bluedoor.com.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046296-fcec-43d4-bfd4-4543950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:10.000Z", "modified": "2016-10-17T05:33:10.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.46.0.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046297-43f4-45ea-8fb1-4069950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:11.000Z", "modified": "2016-10-17T05:33:11.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://benavent.cat/accionsenegal/wp-content/uploads/2016/09/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046298-8d08-44a4-bc99-4585950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:12.000Z", "modified": "2016-10-17T05:33:12.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'benavent.cat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046299-04d0-4911-994a-429a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:13.000Z", "modified": "2016-10-17T05:33:13.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.73.137']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58046299-e90c-4f3f-8ea6-45a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:13.000Z", "modified": "2016-10-17T05:33:13.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://bestedates.com/wp-content/plugins/woocommerce/templates/checkout/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5804629a-cb54-4fe8-bf42-4fa0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:14.000Z", "modified": "2016-10-17T05:33:14.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'bestedates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5804629a-bfe4-4102-b42d-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:14.000Z", "modified": "2016-10-17T05:33:14.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.162.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5804629b-af28-4df7-b562-485c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:15.000Z", "modified": "2016-10-17T05:33:15.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://canaryislands.website/media/editors/codemirror/mode/ttcn-cfg/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5804629c-af78-4ace-92c0-4edf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:16.000Z", "modified": "2016-10-17T05:33:16.000Z", "description": "compromised resource", "pattern": "[file:name = 'canaryislands.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5804629c-9538-4c0b-bc11-4607950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-17T05:33:16.000Z", "modified": "2016-10-17T05:33:16.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.16.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-17T05:33:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064166-63f8-4728-bcbf-bd57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T15:36:06.000Z", "modified": "2016-10-18T15:36:06.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://bbwsa.com/templates/beez3/html/com_content/article/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T15:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064166-dfdc-4cb4-855a-bd57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T15:36:06.000Z", "modified": "2016-10-18T15:36:06.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'bbwsa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T15:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064166-de0c-470d-b7c0-bd57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T15:36:06.000Z", "modified": "2016-10-18T15:36:06.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.23.93.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T15:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064b14-19dc-4426-8ee8-b516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T16:17:24.000Z", "modified": "2016-10-18T16:17:24.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://billfoundation.org/wp-includes/js/tinymce/plugins/wptextpattern/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T16:17:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064b15-e7c4-415e-9edd-b516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T16:17:25.000Z", "modified": "2016-10-18T16:17:25.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'billfoundation.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T16:17:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58064b15-d08c-4b11-b655-b516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-18T16:17:25.000Z", "modified": "2016-10-18T16:17:25.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.202.112.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-18T16:17:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580782bd-335c-464f-b96a-442f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-19T14:27:09.000Z", "modified": "2016-10-19T14:27:09.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://belevtsev.net/media/plugin_googlemap3/site/moodalbox/img/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-19T14:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580782be-7dac-42b7-983e-4ada950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-19T14:27:10.000Z", "modified": "2016-10-19T14:27:10.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'belevtsev.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-19T14:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580782be-9dc0-4dde-9257-475f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-19T14:27:10.000Z", "modified": "2016-10-19T14:27:10.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.208.1.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-19T14:27:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b7-d324-4933-91ea-41a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:15.000Z", "modified": "2016-10-21T14:14:15.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://faithfulwebhosting.com/wp-content/themes/Divi/epanel/shortcodes/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b7-f8c0-4c6d-b969-4fba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:15.000Z", "modified": "2016-10-21T14:14:15.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'faithfulwebhosting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b7-a07c-460b-9e1a-40b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:15.000Z", "modified": "2016-10-21T14:14:15.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.116.255.248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b7-4578-4772-9502-4b3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:15.000Z", "modified": "2016-10-21T14:14:15.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://fazzini.missionline.org/newsletter/admin/FCKeditor/editor/skins/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b8-5228-4e35-9f52-4e2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:16.000Z", "modified": "2016-10-21T14:14:16.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'fazzini.missionline.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b8-fe78-4b32-8104-476f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:16.000Z", "modified": "2016-10-21T14:14:16.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.62.255.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b8-409c-483c-8d48-4e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:16.000Z", "modified": "2016-10-21T14:14:16.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://feeltohealfitness.com/wp-content/themes/CelebrityMag/images/socialicons/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b8-6d90-4e3c-8f76-452a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:16.000Z", "modified": "2016-10-21T14:14:16.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'feeltohealfitness.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b8-c1a8-42ba-8fa4-430f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:16.000Z", "modified": "2016-10-21T14:14:16.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.63.100.1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b9-9484-4a1f-a89a-4e00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:17.000Z", "modified": "2016-10-21T14:14:17.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://festiv-bras.com/wp-includes/js/tinymce/plugins/wpembed/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b9-2f50-4225-95df-42c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:17.000Z", "modified": "2016-10-21T14:14:17.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'festiv-bras.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b9-9680-4aa6-a594-467b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:17.000Z", "modified": "2016-10-21T14:14:17.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.202.56.129']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22b9-c044-4f4f-ab66-4934950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:17.000Z", "modified": "2016-10-21T14:14:17.000Z", "description": "compromised resource", "pattern": "[url:value = 'http://getdeone.com/wp-content/uploads/2016/08/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22ba-7970-4132-9668-47c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:18.000Z", "modified": "2016-10-21T14:14:18.000Z", "description": "compromised resource", "pattern": "[domain-name:value = 'getdeone.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580a22ba-0ee8-4d45-b64a-4ad1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-10-21T14:14:18.000Z", "modified": "2016-10-21T14:14:18.000Z", "description": "compromised resource", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.238.124.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-10-21T14:14:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }