{ "type": "bundle", "id": "bundle--591334cc-3b68-47fc-acc9-4763950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:39:53.000Z", "modified": "2017-05-18T11:39:53.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--591334cc-3b68-47fc-acc9-4763950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:39:53.000Z", "modified": "2017-05-18T11:39:53.000Z", "name": "Password-protected docs 2017-05-10 : Ursnif 2002 - \"payment confirmation.ab1_c23def4lg56hi#78j.docx\"", "published": "2017-05-22T12:15:35Z", "object_refs": [ "indicator--591334cf-5cf8-4198-b0e2-e7b0950d210f", "indicator--591334d0-7b2c-4afa-8870-4d91950d210f", "indicator--591334d2-c0b0-4ad7-b745-46d3950d210f", "indicator--591334d4-0c30-438b-a680-44dd950d210f", "indicator--591334d6-af0c-4359-8ca8-4410950d210f", "indicator--591334d8-1bc8-48b5-bd5c-4cbf950d210f", "indicator--591334da-04e8-47b5-9692-4890950d210f", "observed-data--591334dc-9a94-4d9a-a144-4450950d210f", "url--591334dc-9a94-4d9a-a144-4450950d210f", "indicator--591334e2-9b0c-41c2-bd85-4cc4950d210f", "indicator--591334e3-7464-437f-a12b-4e12950d210f", "indicator--591334e5-71dc-43c4-8d8e-42d8950d210f", "indicator--591334e6-60a8-4979-8f60-49b1950d210f", "indicator--591334e8-d9a4-4cd2-b017-479a950d210f", "indicator--591334e9-6790-47c0-aad4-e7b0950d210f", "indicator--591334eb-aef4-4886-8081-4088950d210f", "indicator--591334ec-04c4-4674-a97a-454a950d210f", "indicator--591334ed-ee68-4ac9-96c5-4305950d210f", "indicator--591334ee-b790-48e7-91a7-47f0950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Snifula\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334cf-5cf8-4198-b0e2-e7b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:07.000Z", "modified": "2017-05-10T15:42:07.000Z", "pattern": "[file:hashes.MD5 = 'd09d24fc872b120ebc3cbda20f28d8ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334d0-7b2c-4afa-8870-4d91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:08.000Z", "modified": "2017-05-10T15:42:08.000Z", "pattern": "[file:hashes.MD5 = '21b0ffda74ede6e0d161ddbab84e58d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334d2-c0b0-4ad7-b745-46d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:10.000Z", "modified": "2017-05-10T15:42:10.000Z", "pattern": "[url:value = 'http://urbansoft.cc/sql.db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334d4-0c30-438b-a680-44dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:12.000Z", "modified": "2017-05-10T15:42:12.000Z", "pattern": "[domain-name:value = 'urbansoft.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334d6-af0c-4359-8ca8-4410950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:14.000Z", "modified": "2017-05-10T15:42:14.000Z", "description": "urbansoft.cc", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.238.124.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334d8-1bc8-48b5-bd5c-4cbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:16.000Z", "modified": "2017-05-10T15:42:16.000Z", "pattern": "[url:value = 'http://91.210.166.142/skdata.sql']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334da-04e8-47b5-9692-4890950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:18.000Z", "modified": "2017-05-10T15:42:18.000Z", "pattern": "[domain-name:value = '91.210.166.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591334dc-9a94-4d9a-a144-4450950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:37:44.000Z", "modified": "2017-05-18T11:37:44.000Z", "first_observed": "2017-05-18T11:37:44Z", "last_observed": "2017-05-18T11:37:44Z", "number_observed": 1, "object_refs": [ "url--591334dc-9a94-4d9a-a144-4450950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591334dc-9a94-4d9a-a144-4450950d210f", "value": "http://www.php.net/license/3_0.txt" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e2-9b0c-41c2-bd85-4cc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:26.000Z", "modified": "2017-05-10T15:42:26.000Z", "pattern": "[url:value = 'groupemtheoryparti.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e3-7464-437f-a12b-4e12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:27.000Z", "modified": "2017-05-10T15:42:27.000Z", "pattern": "[domain-name:value = 'groupemtheoryparti.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e5-71dc-43c4-8d8e-42d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:29.000Z", "modified": "2017-05-10T15:42:29.000Z", "pattern": "[url:value = 'thepbinarymaycodewhats.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e6-60a8-4979-8f60-49b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:30.000Z", "modified": "2017-05-10T15:42:30.000Z", "pattern": "[domain-name:value = 'thepbinarymaycodewhats.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e8-d9a4-4cd2-b017-479a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:32.000Z", "modified": "2017-05-10T15:42:32.000Z", "pattern": "[url:value = 'termsphpchoose.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334e9-6790-47c0-aad4-e7b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:33.000Z", "modified": "2017-05-10T15:42:33.000Z", "pattern": "[domain-name:value = 'termsphpchoose.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334eb-aef4-4886-8081-4088950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:35.000Z", "modified": "2017-05-10T15:42:35.000Z", "pattern": "[url:value = 'ttyouuincludingphpnorand.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334ec-04c4-4674-a97a-454a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:36.000Z", "modified": "2017-05-10T15:42:36.000Z", "pattern": "[domain-name:value = 'ttyouuincludingphpnorand.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334ed-ee68-4ac9-96c5-4305950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:37.000Z", "modified": "2017-05-10T15:42:37.000Z", "pattern": "[url:value = 'codeandpromoteuseunder.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591334ee-b790-48e7-91a7-47f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-10T15:42:38.000Z", "modified": "2017-05-10T15:42:38.000Z", "pattern": "[domain-name:value = 'codeandpromoteuseunder.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-10T15:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }