{ "type": "bundle", "id": "bundle--59148a67-8914-4b6e-bc54-419b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-12T15:11:09.000Z", "modified": "2017-05-12T15:11:09.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59148a67-8914-4b6e-bc54-419b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-12T15:11:09.000Z", "modified": "2017-05-12T15:11:09.000Z", "name": "Jaff - file:nm.pdf", "context": "suspicious-activity", "object_refs": [ "indicator--59148a68-251c-437f-a9c3-4739950d210f", "indicator--59148a69-76e4-48ce-980c-4f06950d210f", "indicator--59148a6a-4f40-49f4-bac7-409f950d210f", "indicator--59148a6a-9ecc-4541-a6ca-48c1950d210f", "indicator--59148a6b-ab50-4dc2-8805-42b9950d210f", "indicator--59148a6d-5c70-427d-9859-45b7950d210f", "indicator--59148a6d-3c94-474f-bcb7-446d950d210f", "indicator--59148a6e-a1a8-4509-9fc5-483a950d210f", "indicator--59148a6f-a334-47e0-a3e1-4092950d210f", "indicator--59148a6f-3eb4-4e60-b345-49a1950d210f", "indicator--59148a71-90d0-4a5c-b266-4e6e950d210f", "indicator--59148a71-3bb8-4102-9f4c-4746950d210f", "indicator--59148a72-3ee0-453f-af56-458f950d210f", "indicator--59148a73-d574-4509-afb7-4304950d210f", "indicator--59148a75-ed58-48f6-b4f8-43ee950d210f", "indicator--59148a76-0de0-4b61-9cff-4f70950d210f", "indicator--59148a79-5538-41ad-813b-46ca950d210f", "indicator--59148a7a-0558-4199-9727-48ee950d210f", "indicator--59148a7b-98a8-4613-808a-e06f950d210f", "indicator--59148a7d-d2e4-4972-91d8-4a56950d210f", "indicator--59148a7d-a3f0-447e-8f2c-4f26950d210f", "indicator--59148a7e-cb90-4f80-af92-433d950d210f", "indicator--59148a7f-8e30-4930-b784-4c3a950d210f", "indicator--59148a80-99ac-4a6c-90b8-49c2950d210f", "indicator--59148a80-4a7c-4720-8bb7-4091950d210f", "indicator--59148a81-5af4-4c3c-a0d0-4dfa950d210f", "indicator--59148a82-8e44-426f-898c-4aa6950d210f", "indicator--59148a83-ada8-4a5c-99ea-45b8950d210f", "indicator--59148a84-1dc4-4320-918c-45ac950d210f", "indicator--59148a85-97fc-4ea0-9429-e06f950d210f", "indicator--59148a87-4868-47aa-aca3-406e950d210f", "indicator--59148a87-3750-48cd-85df-4290950d210f", "indicator--59148a88-dba8-4cad-a3c6-4be4950d210f", "indicator--59148a89-87f0-46da-8224-4d34950d210f", "indicator--59148a8a-ac3c-4351-9cb3-4ec1950d210f", "indicator--59148a8b-8974-459d-bc72-4eae950d210f", "indicator--59148a8c-9010-4682-852d-0326950d210f", "indicator--59148a8d-7944-443c-be13-4644950d210f", "indicator--59148a8d-5efc-478b-9ebb-4266950d210f", "indicator--59148a8e-5bf8-407e-991f-4f85950d210f", "indicator--59148a8f-4ba0-428e-b0fc-4aaa950d210f", "indicator--59148a90-d210-48c9-8748-40ce950d210f", "indicator--59148a91-e288-4207-857e-41c7950d210f", "indicator--59148a92-6ca4-4d12-8e47-4058950d210f", "indicator--59148a93-9ffc-42a9-b2b7-032b950d210f", "indicator--59148a94-bd74-4c68-8d7f-4648950d210f", "indicator--59148a95-21d8-41ad-9237-0338950d210f", "indicator--59148a96-5f24-4555-96cb-4e4f950d210f", "indicator--59148a96-ca3c-436f-b26f-4944950d210f", "indicator--59148a97-4c30-4ffb-8ae9-4a42950d210f", "indicator--59148a98-7cf0-4e57-8d97-49c0950d210f", "indicator--59148a99-5e8c-4810-942a-0326950d210f", "indicator--59148a9a-a298-4d7e-9b60-4ac6950d210f", "indicator--59148a9b-e1c8-498f-92a8-42fd950d210f", "indicator--59148a9b-cd74-4d30-8661-4ce6950d210f", "indicator--59148a9c-d5f4-4db9-b95d-032b950d210f", "observed-data--59148aa3-bbe0-4951-866f-032b950d210f", "url--59148aa3-bbe0-4951-866f-032b950d210f", "observed-data--59148aa4-7e6c-4fb9-ab23-4d5a950d210f", "url--59148aa4-7e6c-4fb9-ab23-4d5a950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a68-251c-437f-a9c3-4739950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:36.000Z", "modified": "2017-05-11T15:59:36.000Z", "pattern": "[file:hashes.MD5 = '466db2d02db000f686f48c0700beb840']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a69-76e4-48ce-980c-4f06950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:37.000Z", "modified": "2017-05-11T15:59:37.000Z", "pattern": "[file:hashes.MD5 = '35eed9cafb26975c42b7a621352565d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6a-4f40-49f4-bac7-409f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:38.000Z", "modified": "2017-05-11T15:59:38.000Z", "pattern": "[file:hashes.MD5 = '924c84415b775af12a10366469d3df69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6a-9ecc-4541-a6ca-48c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:38.000Z", "modified": "2017-05-11T15:59:38.000Z", "pattern": "[file:hashes.MD5 = '942c6a039724ed5326c3c247bfce3461']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6b-ab50-4dc2-8805-42b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:39.000Z", "modified": "2017-05-11T15:59:39.000Z", "pattern": "[file:hashes.SHA256 = '5722daf5c0b91363808d46a2c5b93a8f70f0dadd94866148d1d77975ba04d211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6d-5c70-427d-9859-45b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:41.000Z", "modified": "2017-05-11T15:59:41.000Z", "pattern": "[url:value = 'http://5hdnnd74fffrottd.com/af/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6d-3c94-474f-bcb7-446d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:41.000Z", "modified": "2017-05-11T15:59:41.000Z", "pattern": "[domain-name:value = '5hdnnd74fffrottd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6e-a1a8-4509-9fc5-483a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:42.000Z", "modified": "2017-05-11T15:59:42.000Z", "description": "5hdnnd74fffrottd.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.93.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6f-a334-47e0-a3e1-4092950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:43.000Z", "modified": "2017-05-11T15:59:43.000Z", "pattern": "[url:value = 'http://babil117.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a6f-3eb4-4e60-b345-49a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:43.000Z", "modified": "2017-05-11T15:59:43.000Z", "pattern": "[domain-name:value = 'babil117.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a71-90d0-4a5c-b266-4e6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:45.000Z", "modified": "2017-05-11T15:59:45.000Z", "description": "babil117.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '219.118.71.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a71-3bb8-4102-9f4c-4746950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:45.000Z", "modified": "2017-05-11T15:59:45.000Z", "pattern": "[url:value = 'http://boaevents.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a72-3ee0-453f-af56-458f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:46.000Z", "modified": "2017-05-11T15:59:46.000Z", "pattern": "[domain-name:value = 'boaevents.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a73-d574-4509-afb7-4304950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:47.000Z", "modified": "2017-05-11T15:59:47.000Z", "description": "boaevents.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.124.249.18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a75-ed58-48f6-b4f8-43ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:49.000Z", "modified": "2017-05-11T15:59:49.000Z", "pattern": "[url:value = 'http://byydei74fg43ff4f.net/af/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a76-0de0-4b61-9cff-4f70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:50.000Z", "modified": "2017-05-11T15:59:50.000Z", "pattern": "[domain-name:value = 'byydei74fg43ff4f.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a79-5538-41ad-813b-46ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:53.000Z", "modified": "2017-05-11T15:59:53.000Z", "pattern": "[url:value = 'http://easysupport.us/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7a-0558-4199-9727-48ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:54.000Z", "modified": "2017-05-11T15:59:54.000Z", "pattern": "[domain-name:value = 'easysupport.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7b-98a8-4613-808a-e06f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:55.000Z", "modified": "2017-05-11T15:59:55.000Z", "description": "easysupport.us", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.58.93.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7d-d2e4-4972-91d8-4a56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:57.000Z", "modified": "2017-05-11T15:59:57.000Z", "pattern": "[url:value = 'http://edluke.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7d-a3f0-447e-8f2c-4f26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:57.000Z", "modified": "2017-05-11T15:59:57.000Z", "pattern": "[domain-name:value = 'edluke.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7e-cb90-4f80-af92-433d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:58.000Z", "modified": "2017-05-11T15:59:58.000Z", "description": "edluke.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.215.116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a7f-8e30-4930-b784-4c3a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T15:59:59.000Z", "modified": "2017-05-11T15:59:59.000Z", "pattern": "[url:value = 'http://julian-g.ro/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T15:59:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a80-99ac-4a6c-90b8-49c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:00.000Z", "modified": "2017-05-11T16:00:00.000Z", "pattern": "[domain-name:value = 'julian-g.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a80-4a7c-4720-8bb7-4091950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:00.000Z", "modified": "2017-05-11T16:00:00.000Z", "description": "julian-g.ro", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.35.15.215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a81-5af4-4c3c-a0d0-4dfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:01.000Z", "modified": "2017-05-11T16:00:01.000Z", "pattern": "[url:value = 'http://phinamco.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a82-8e44-426f-898c-4aa6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:02.000Z", "modified": "2017-05-11T16:00:02.000Z", "pattern": "[domain-name:value = 'phinamco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a83-ada8-4a5c-99ea-45b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:03.000Z", "modified": "2017-05-11T16:00:03.000Z", "description": "phinamco.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.18.4.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a84-1dc4-4320-918c-45ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:04.000Z", "modified": "2017-05-11T16:00:04.000Z", "pattern": "[url:value = 'http://takanashi.jp/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a85-97fc-4ea0-9429-e06f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:05.000Z", "modified": "2017-05-11T16:00:05.000Z", "pattern": "[domain-name:value = 'takanashi.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a87-4868-47aa-aca3-406e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:07.000Z", "modified": "2017-05-11T16:00:07.000Z", "description": "takanashi.jp", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.188.201.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a87-3750-48cd-85df-4290950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:07.000Z", "modified": "2017-05-11T16:00:07.000Z", "pattern": "[url:value = 'http://techno-kar.ru/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a88-dba8-4cad-a3c6-4be4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:08.000Z", "modified": "2017-05-11T16:00:08.000Z", "pattern": "[domain-name:value = 'techno-kar.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a89-87f0-46da-8224-4d34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:09.000Z", "modified": "2017-05-11T16:00:09.000Z", "description": "techno-kar.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.139.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8a-ac3c-4351-9cb3-4ec1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:10.000Z", "modified": "2017-05-11T16:00:10.000Z", "pattern": "[url:value = 'http://tending.info/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8b-8974-459d-bc72-4eae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:11.000Z", "modified": "2017-05-11T16:00:11.000Z", "pattern": "[domain-name:value = 'tending.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8c-9010-4682-852d-0326950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:12.000Z", "modified": "2017-05-11T16:00:12.000Z", "description": "tending.info", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.75.98.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8d-7944-443c-be13-4644950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:13.000Z", "modified": "2017-05-11T16:00:13.000Z", "pattern": "[url:value = 'http://tiskr.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8d-5efc-478b-9ebb-4266950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:13.000Z", "modified": "2017-05-11T16:00:13.000Z", "pattern": "[domain-name:value = 'tiskr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8e-5bf8-407e-991f-4f85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:14.000Z", "modified": "2017-05-11T16:00:14.000Z", "description": "tiskr.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.230.252.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a8f-4ba0-428e-b0fc-4aaa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:15.000Z", "modified": "2017-05-11T16:00:15.000Z", "pattern": "[url:value = 'http://trans-atm.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a90-d210-48c9-8748-40ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:16.000Z", "modified": "2017-05-11T16:00:16.000Z", "pattern": "[domain-name:value = 'trans-atm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a91-e288-4207-857e-41c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:17.000Z", "modified": "2017-05-11T16:00:17.000Z", "description": "trans-atm.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '201.150.35.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a92-6ca4-4d12-8e47-4058950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:18.000Z", "modified": "2017-05-11T16:00:18.000Z", "pattern": "[url:value = 'http://trialinsider.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a93-9ffc-42a9-b2b7-032b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:19.000Z", "modified": "2017-05-11T16:00:19.000Z", "pattern": "[domain-name:value = 'trialinsider.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a94-bd74-4c68-8d7f-4648950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:20.000Z", "modified": "2017-05-11T16:00:20.000Z", "description": "trialinsider.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.161.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a95-21d8-41ad-9237-0338950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:21.000Z", "modified": "2017-05-11T16:00:21.000Z", "description": "trialinsider.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.168.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a96-5f24-4555-96cb-4e4f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:21.000Z", "modified": "2017-05-11T16:00:21.000Z", "pattern": "[url:value = 'http://vscard.net/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a96-ca3c-436f-b26f-4944950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:22.000Z", "modified": "2017-05-11T16:00:22.000Z", "pattern": "[domain-name:value = 'vscard.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a97-4c30-4ffb-8ae9-4a42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:23.000Z", "modified": "2017-05-11T16:00:23.000Z", "description": "vscard.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.9.105.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a98-7cf0-4e57-8d97-49c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:24.000Z", "modified": "2017-05-11T16:00:24.000Z", "pattern": "[url:value = 'http://wipersdirect.com/f87346b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a99-5e8c-4810-942a-0326950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:25.000Z", "modified": "2017-05-11T16:00:25.000Z", "pattern": "[domain-name:value = 'wipersdirect.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a9a-a298-4d7e-9b60-4ac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:26.000Z", "modified": "2017-05-11T16:00:26.000Z", "description": "wipersdirect.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.165.22.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a9b-e1c8-498f-92a8-42fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:27.000Z", "modified": "2017-05-11T16:00:27.000Z", "pattern": "[url:value = 'http://fkksjobnn43.org/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a9b-cd74-4d30-8661-4ce6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:27.000Z", "modified": "2017-05-11T16:00:27.000Z", "pattern": "[domain-name:value = 'fkksjobnn43.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-11T16:00:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59148a9c-d5f4-4db9-b95d-032b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-12T15:02:17.000Z", "modified": "2017-05-12T15:02:17.000Z", "pattern": "[url:value = 'https://twitter.com/malwrhunterteam/status/862597006363152385']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-12T15:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59148aa3-bbe0-4951-866f-032b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:35.000Z", "modified": "2017-05-11T16:00:35.000Z", "first_observed": "2017-05-11T16:00:35Z", "last_observed": "2017-05-11T16:00:35Z", "number_observed": 1, "object_refs": [ "url--59148aa3-bbe0-4951-866f-032b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59148aa3-bbe0-4951-866f-032b950d210f", "value": "https://www.hybrid-analysis.com/sample/5722daf5c0b91363808d46a2c5b93a8f70f0dadd94866148d1d77975ba04d211?environmentId=100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59148aa4-7e6c-4fb9-ab23-4d5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-11T16:00:36.000Z", "modified": "2017-05-11T16:00:36.000Z", "first_observed": "2017-05-11T16:00:36Z", "last_observed": "2017-05-11T16:00:36Z", "number_observed": 1, "object_refs": [ "url--59148aa4-7e6c-4fb9-ab23-4d5a950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59148aa4-7e6c-4fb9-ab23-4d5a950d210f", "value": "https://www.virustotal.com/hr/file/5722daf5c0b91363808d46a2c5b93a8f70f0dadd94866148d1d77975ba04d211/analysis/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }