{ "type": "bundle", "id": "bundle--5900a0d3-4c08-4f82-a9ae-2c2f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-27T09:57:55.000Z", "modified": "2017-04-27T09:57:55.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5900a0d3-4c08-4f82-a9ae-2c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-27T09:57:55.000Z", "modified": "2017-04-27T09:57:55.000Z", "name": "Dridex 2017-04-11 : botnet 7200/7500 campaigns", "published": "2017-04-27T15:02:29Z", "object_refs": [ "indicator--5900a0d4-dc1c-4572-96d5-2c3e950d210f", "indicator--5900a0d5-b5d0-4df6-8ff4-0686950d210f", "indicator--5900a0d5-96e4-4caf-bd99-2c48950d210f", "indicator--5900a0d6-3b84-4be5-9850-2c46950d210f", "indicator--5900a0d7-f64c-49ab-8349-4811950d210f", "indicator--5900a0d7-bcf0-4961-8102-0684950d210f", "indicator--5900a0d8-48c8-4799-b8aa-2c2f950d210f", "indicator--5900a0d9-3ebc-4b03-bd33-0686950d210f", "indicator--5900a0da-91f0-46b0-92ee-2c2d950d210f", "indicator--5900a0da-7358-4344-93e7-4360950d210f", "indicator--5900a0db-37ac-42c3-a6b2-0684950d210f", "indicator--5900a0dc-9e5c-4ced-a2bb-2c3e950d210f", "indicator--5900a0dd-e594-4b59-ab3c-2c48950d210f", "indicator--5900a0dd-7678-469b-a1b7-2c46950d210f", "indicator--5900a0de-39f4-4a75-8afb-4357950d210f", "indicator--5900a0df-9c70-4afe-9248-4c00950d210f", "indicator--5900a0df-3060-4899-ac0a-0684950d210f", "indicator--5900a0e0-64f4-4f4d-93d7-0686950d210f", "indicator--5900a0e1-e448-48b4-ac20-2c46950d210f", "indicator--5900a0e2-d588-42c9-85f4-4c4b950d210f", "indicator--5900a0e2-eb90-443d-a16e-2c48950d210f", "indicator--5900a0e3-a838-46e4-9d33-4a40950d210f", "indicator--5900a0e4-3a34-4789-8afd-06bc950d210f", "indicator--5900a0e5-59a4-4c25-a3c9-4217950d210f", "indicator--5900a0e6-a6b4-48ce-8c07-4663950d210f", "indicator--5900a0e6-a04c-4268-85b8-40a1950d210f", "indicator--5900a0e7-f940-4905-8ebe-06bc950d210f", "indicator--5900a0e8-fca4-4bcd-a3ce-4f5e950d210f", "indicator--5900a0e8-d690-4acb-af34-2c37950d210f", "indicator--5900a0e9-c0e4-4f8d-ae33-4841950d210f", "indicator--5900a0ea-ec6c-4600-ba66-2c48950d210f", "indicator--5900a0eb-c7b8-4d60-ba32-2c4c950d210f", "indicator--5900a0eb-b6cc-4777-b723-2c33950d210f", "indicator--5900a0ec-3180-48bd-be0f-4fbb950d210f", "indicator--5900a0ed-f12c-466f-a08e-4e56950d210f", "indicator--5900a0ed-54ac-4b9e-8759-403a950d210f", "indicator--5900a0ee-0a50-45a7-8216-0684950d210f", "indicator--5900a0ef-27c8-43b4-9226-2c2f950d210f", "indicator--5900a0f0-8e10-43c8-84c5-2c42950d210f", "indicator--5900a0f0-c2b0-4785-97db-4366950d210f", "indicator--5900a0f1-8e60-49dd-b0da-2c4c950d210f", "indicator--5900a0f2-7ca0-491d-b39d-4178950d210f", "indicator--5900a0f2-76a8-4cf1-b064-2c44950d210f", "indicator--5900a0f3-3950-4fc9-bbe9-2c3e950d210f", "indicator--5900a0f4-f9a4-48c6-9122-2c4e950d210f", "indicator--5900a0f4-69d4-432c-9003-2c37950d210f", "indicator--5900a0f5-f020-415d-9591-4953950d210f", "indicator--5900a0f6-ba78-4518-ba88-2c4c950d210f", "indicator--5900a0f7-33c8-4356-894d-43be950d210f", "indicator--5900a0f7-c6c8-4574-9364-06bc950d210f", "indicator--5900a0f8-2ce4-43ab-93c0-2c42950d210f", "indicator--5900a0f9-1228-4cff-be14-2c2d950d210f", "indicator--5900a0f9-af84-4dee-86da-2c48950d210f", "indicator--5900a0fa-2f64-46b5-a2fa-2c33950d210f", "indicator--5900a0fb-6600-4c5b-a5d7-4356950d210f", "indicator--5900a0fb-f260-4da2-9c30-4a4c950d210f", "indicator--5900a0fe-5fd0-4e4a-b77a-2c48950d210f", "indicator--5900a0ff-5388-4293-aa1b-2c33950d210f", "indicator--5900a100-21cc-4441-8897-434f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Dridex\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d4-dc1c-4572-96d5-2c3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:56.000Z", "modified": "2017-04-26T13:29:56.000Z", "pattern": "[url:value = 'http://cloud9ss.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d5-b5d0-4df6-8ff4-0686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:57.000Z", "modified": "2017-04-26T13:29:57.000Z", "pattern": "[domain-name:value = 'cloud9ss.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d5-96e4-4caf-bd99-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:57.000Z", "modified": "2017-04-26T13:29:57.000Z", "description": "cloud9ss.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.87.190.234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d6-3b84-4be5-9850-2c46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:58.000Z", "modified": "2017-04-26T13:29:58.000Z", "pattern": "[url:value = 'http://compoclinic.com.br/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d7-f64c-49ab-8349-4811950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:59.000Z", "modified": "2017-04-26T13:29:59.000Z", "pattern": "[domain-name:value = 'compoclinic.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d7-bcf0-4961-8102-0684950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:29:59.000Z", "modified": "2017-04-26T13:29:59.000Z", "description": "compoclinic.com.br", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.1.208.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:29:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d8-48c8-4799-b8aa-2c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:00.000Z", "modified": "2017-04-26T13:30:00.000Z", "pattern": "[url:value = 'http://construction1909.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0d9-3ebc-4b03-bd33-0686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:01.000Z", "modified": "2017-04-26T13:30:01.000Z", "pattern": "[domain-name:value = 'construction1909.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0da-91f0-46b0-92ee-2c2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:02.000Z", "modified": "2017-04-26T13:30:02.000Z", "description": "construction1909.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.171.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0da-7358-4344-93e7-4360950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:02.000Z", "modified": "2017-04-26T13:30:02.000Z", "pattern": "[url:value = 'http://darvonharris.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0db-37ac-42c3-a6b2-0684950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:03.000Z", "modified": "2017-04-26T13:30:03.000Z", "pattern": "[domain-name:value = 'darvonharris.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0dc-9e5c-4ced-a2bb-2c3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:04.000Z", "modified": "2017-04-26T13:30:04.000Z", "description": "darvonharris.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.56.176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0dd-e594-4b59-ab3c-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:05.000Z", "modified": "2017-04-26T13:30:05.000Z", "pattern": "[url:value = 'http://glassorchids.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0dd-7678-469b-a1b7-2c46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:05.000Z", "modified": "2017-04-26T13:30:05.000Z", "pattern": "[domain-name:value = 'glassorchids.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0de-39f4-4a75-8afb-4357950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:06.000Z", "modified": "2017-04-26T13:30:06.000Z", "description": "glassorchids.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.117.161.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0df-9c70-4afe-9248-4c00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:07.000Z", "modified": "2017-04-26T13:30:07.000Z", "pattern": "[url:value = 'http://i-call.it/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0df-3060-4899-ac0a-0684950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:07.000Z", "modified": "2017-04-26T13:30:07.000Z", "pattern": "[domain-name:value = 'i-call.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e0-64f4-4f4d-93d7-0686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:08.000Z", "modified": "2017-04-26T13:30:08.000Z", "description": "i-call.it", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.58.80.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e1-e448-48b4-ac20-2c46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:09.000Z", "modified": "2017-04-26T13:30:09.000Z", "pattern": "[url:value = 'http://itibambu.com.br/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e2-d588-42c9-85f4-4c4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:10.000Z", "modified": "2017-04-26T13:30:10.000Z", "pattern": "[domain-name:value = 'itibambu.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e2-eb90-443d-a16e-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:10.000Z", "modified": "2017-04-26T13:30:10.000Z", "description": "itibambu.com.br", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.45.193.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e3-a838-46e4-9d33-4a40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:11.000Z", "modified": "2017-04-26T13:30:11.000Z", "pattern": "[url:value = 'http://jenya.kossoy.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e4-3a34-4789-8afd-06bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:12.000Z", "modified": "2017-04-26T13:30:12.000Z", "pattern": "[domain-name:value = 'jenya.kossoy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e5-59a4-4c25-a3c9-4217950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:13.000Z", "modified": "2017-04-26T13:30:13.000Z", "description": "jenya.kossoy.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.111.126.118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e6-a6b4-48ce-8c07-4663950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:14.000Z", "modified": "2017-04-26T13:30:14.000Z", "pattern": "[url:value = 'http://lawrenceres.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e6-a04c-4268-85b8-40a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:14.000Z", "modified": "2017-04-26T13:30:14.000Z", "pattern": "[domain-name:value = 'lawrenceres.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e7-f940-4905-8ebe-06bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:15.000Z", "modified": "2017-04-26T13:30:15.000Z", "description": "lawrenceres.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.87.186.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e8-fca4-4bcd-a3ce-4f5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:16.000Z", "modified": "2017-04-26T13:30:16.000Z", "pattern": "[url:value = 'http://marksrepair.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e8-d690-4acb-af34-2c37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:16.000Z", "modified": "2017-04-26T13:30:16.000Z", "pattern": "[domain-name:value = 'marksrepair.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0e9-c0e4-4f8d-ae33-4841950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:17.000Z", "modified": "2017-04-26T13:30:17.000Z", "description": "marksrepair.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.41.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ea-ec6c-4600-ba66-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:18.000Z", "modified": "2017-04-26T13:30:18.000Z", "pattern": "[url:value = 'http://medjobsmatch.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0eb-c7b8-4d60-ba32-2c4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:19.000Z", "modified": "2017-04-26T13:30:19.000Z", "pattern": "[domain-name:value = 'medjobsmatch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0eb-b6cc-4777-b723-2c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:19.000Z", "modified": "2017-04-26T13:30:19.000Z", "description": "medjobsmatch.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.143.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ec-3180-48bd-be0f-4fbb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:20.000Z", "modified": "2017-04-26T13:30:20.000Z", "pattern": "[url:value = 'http://mentalmysteries.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ed-f12c-466f-a08e-4e56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:21.000Z", "modified": "2017-04-26T13:30:21.000Z", "pattern": "[domain-name:value = 'mentalmysteries.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ed-54ac-4b9e-8759-403a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:21.000Z", "modified": "2017-04-26T13:30:21.000Z", "description": "mentalmysteries.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.225.160.236']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ee-0a50-45a7-8216-0684950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:22.000Z", "modified": "2017-04-26T13:30:22.000Z", "pattern": "[url:value = 'http://mentoryourmind.org/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ef-27c8-43b4-9226-2c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:23.000Z", "modified": "2017-04-26T13:30:23.000Z", "pattern": "[domain-name:value = 'mentoryourmind.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f0-8e10-43c8-84c5-2c42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:24.000Z", "modified": "2017-04-26T13:30:24.000Z", "description": "mentoryourmind.org", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.137.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f0-c2b0-4785-97db-4366950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:24.000Z", "modified": "2017-04-26T13:30:24.000Z", "pattern": "[url:value = 'http://outoftheboxpc.org/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f1-8e60-49dd-b0da-2c4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:25.000Z", "modified": "2017-04-26T13:30:25.000Z", "pattern": "[domain-name:value = 'outoftheboxpc.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f2-7ca0-491d-b39d-4178950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:26.000Z", "modified": "2017-04-26T13:30:26.000Z", "description": "outoftheboxpc.org", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.87.186.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f2-76a8-4cf1-b064-2c44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:26.000Z", "modified": "2017-04-26T13:30:26.000Z", "pattern": "[url:value = 'http://ozcom.net/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f3-3950-4fc9-bbe9-2c3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:27.000Z", "modified": "2017-04-26T13:30:27.000Z", "pattern": "[domain-name:value = 'ozcom.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f4-f9a4-48c6-9122-2c4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:28.000Z", "modified": "2017-04-26T13:30:28.000Z", "description": "ozcom.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.35.252']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f4-69d4-432c-9003-2c37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:28.000Z", "modified": "2017-04-26T13:30:28.000Z", "pattern": "[url:value = 'http://perisoft.org/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f5-f020-415d-9591-4953950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:29.000Z", "modified": "2017-04-26T13:30:29.000Z", "pattern": "[domain-name:value = 'perisoft.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f6-ba78-4518-ba88-2c4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:30.000Z", "modified": "2017-04-26T13:30:30.000Z", "description": "perisoft.org", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.40.138.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f7-33c8-4356-894d-43be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:31.000Z", "modified": "2017-04-26T13:30:31.000Z", "pattern": "[url:value = 'http://prime.comcastbiz.net/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f7-c6c8-4574-9364-06bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:31.000Z", "modified": "2017-04-26T13:30:31.000Z", "pattern": "[domain-name:value = 'prime.comcastbiz.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f8-2ce4-43ab-93c0-2c42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:32.000Z", "modified": "2017-04-26T13:30:32.000Z", "description": "prime.comcastbiz.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.87.186.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f9-1228-4cff-be14-2c2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:33.000Z", "modified": "2017-04-26T13:30:33.000Z", "pattern": "[url:value = 'http://semfamily.com/kjv783r']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0f9-af84-4dee-86da-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:33.000Z", "modified": "2017-04-26T13:30:33.000Z", "pattern": "[domain-name:value = 'semfamily.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0fa-2f64-46b5-a2fa-2c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:34.000Z", "modified": "2017-04-26T13:30:34.000Z", "description": "semfamily.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.254.190.157']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0fb-6600-4c5b-a5d7-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:35.000Z", "modified": "2017-04-26T13:30:35.000Z", "pattern": "[url:value = 'http://hyoeyeep.ws/template.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0fb-f260-4da2-9c30-4a4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:35.000Z", "modified": "2017-04-26T13:30:35.000Z", "pattern": "[domain-name:value = 'hyoeyeep.ws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0fe-5fd0-4e4a-b77a-2c48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:38.000Z", "modified": "2017-04-26T13:30:38.000Z", "description": "hyoeyeep.ws", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.76.119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a0ff-5388-4293-aa1b-2c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:39.000Z", "modified": "2017-04-26T13:30:39.000Z", "pattern": "[url:value = 'http://hyoeyeep.ws/sp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5900a100-21cc-4441-8897-434f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-26T13:30:40.000Z", "modified": "2017-04-26T13:30:40.000Z", "pattern": "[url:value = 'http://hyoeyeep.ws/sp.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-26T13:30:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }