{ "type": "bundle", "id": "bundle--591d569d-3c2c-42fa-a2fb-c518950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:41:41.000Z", "modified": "2017-05-18T11:41:41.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--591d569d-3c2c-42fa-a2fb-c518950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:41:41.000Z", "modified": "2017-05-18T11:41:41.000Z", "name": "Password-protected docs 2017-05-17 : Ursnif 2002 - \"someone@mycompany.com-ab1_c23def4lg56hi#78j.docx\"", "context": "suspicious-activity", "object_refs": [ "indicator--591d569e-4c54-4ebd-9674-c525950d210f", "indicator--591d569f-0e30-4633-bc78-c51f950d210f", "indicator--591d56a0-884c-4f78-a3d1-a004950d210f", "indicator--591d56a1-d888-4e6e-b873-c51a950d210f", "indicator--591d56a2-fa00-473c-8c3b-9f05950d210f", "indicator--591d56a3-e37c-4a8c-b5ef-c520950d210f", "indicator--591d56a4-8710-485e-8cb8-c525950d210f", "observed-data--591d56a5-2a4c-47c1-89d6-99a3950d210f", "url--591d56a5-2a4c-47c1-89d6-99a3950d210f", "indicator--591d56a7-a0ac-4137-be18-a005950d210f", "indicator--591d56a8-4f84-46ba-a36e-c520950d210f", "indicator--591d56a8-f7e0-4703-90b5-99a3950d210f", "indicator--591d56a9-a470-4b50-82d3-99a4950d210f", "indicator--591d56aa-faf0-4c29-8cde-c518950d210f", "indicator--591d56ab-8810-4a99-9bf8-a005950d210f", "indicator--591d56ac-4a1c-4292-affc-99a9950d210f", "indicator--591d56ad-10fc-42f4-863d-c525950d210f", "indicator--591d56ae-a3fc-4c51-aeef-a001950d210f", "indicator--591d56ae-048c-4c4e-bb63-a004950d210f", "indicator--591d56af-648c-43bb-8676-9f05950d210f", "indicator--591d56b0-1504-412d-90fa-99a3950d210f", "indicator--591d56b1-6220-4f5f-9754-c51f950d210f", "indicator--591d56b2-d6e8-4827-8a90-99a0950d210f", "indicator--591d56b2-f324-4ef9-8e18-a004950d210f", "indicator--591d56b3-16ec-413b-ab61-99a9950d210f", "indicator--591d56b4-4c8c-4708-83ca-c520950d210f", "indicator--591d56b5-a2d4-42aa-b7d9-a001950d210f", "indicator--591d56b6-37f4-4881-8d8e-99a0950d210f", "indicator--591d56b7-b900-4fee-9104-c524950d210f", "indicator--591d56b8-2070-4e78-ab25-99a9950d210f", "indicator--591d56b8-c4b8-4887-9169-c51c950d210f", "indicator--591d56b9-a1e8-4141-a2c0-c525950d210f", "indicator--591d56bb-a684-4a7a-9e65-a001950d210f", "indicator--591d56bc-5af4-45a8-aff3-a007950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569e-4c54-4ebd-9674-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:02.000Z", "modified": "2017-05-18T08:09:02.000Z", "pattern": "[file:hashes.MD5 = 'bd69c7180be424f1c17129b6ffa0d8e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569f-0e30-4633-bc78-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:03.000Z", "modified": "2017-05-18T08:09:03.000Z", "pattern": "[file:hashes.MD5 = '2b6827c73ebb9acae9d2483b8b23fd76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a0-884c-4f78-a3d1-a004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:04.000Z", "modified": "2017-05-18T08:09:04.000Z", "pattern": "[url:value = 'http://91.247.36.92/132957927.bmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a1-d888-4e6e-b873-c51a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:05.000Z", "modified": "2017-05-18T08:09:05.000Z", "pattern": "[domain-name:value = '91.247.36.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a2-fa00-473c-8c3b-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:06.000Z", "modified": "2017-05-18T08:09:06.000Z", "pattern": "[url:value = 'http://www.librairiescdd.be/sp.png']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a3-e37c-4a8c-b5ef-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:07.000Z", "modified": "2017-05-18T08:09:07.000Z", "pattern": "[domain-name:value = 'www.librairiescdd.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a4-8710-485e-8cb8-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:08.000Z", "modified": "2017-05-18T08:09:08.000Z", "description": "www.librairiescdd.be", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.105.101.143']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591d56a5-2a4c-47c1-89d6-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:40:55.000Z", "modified": "2017-05-18T11:40:55.000Z", "first_observed": "2017-05-18T11:40:55Z", "last_observed": "2017-05-18T11:40:55Z", "number_observed": 1, "object_refs": [ "url--591d56a5-2a4c-47c1-89d6-99a3950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591d56a5-2a4c-47c1-89d6-99a3950d210f", "value": "http://www.php.net/license/3_0.txt" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a7-a0ac-4137-be18-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:11.000Z", "modified": "2017-05-18T08:09:11.000Z", "pattern": "[url:value = 'inclvoluntaryallcondi.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a8-4f84-46ba-a36e-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:12.000Z", "modified": "2017-05-18T08:09:12.000Z", "pattern": "[domain-name:value = 'inclvoluntaryallcondi.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a8-f7e0-4703-90b5-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:12.000Z", "modified": "2017-05-18T08:09:12.000Z", "description": "inclvoluntaryallcondi.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.18.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a9-a470-4b50-82d3-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:13.000Z", "modified": "2017-05-18T08:09:13.000Z", "pattern": "[url:value = 'andninformationfrom.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56aa-faf0-4c29-8cde-c518950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:14.000Z", "modified": "2017-05-18T08:09:14.000Z", "pattern": "[domain-name:value = 'andninformationfrom.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ab-8810-4a99-9bf8-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:15.000Z", "modified": "2017-05-18T08:09:15.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.120.185.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ac-4a1c-4292-affc-99a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:16.000Z", "modified": "2017-05-18T08:09:16.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.230.57.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ad-10fc-42f4-863d-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:17.000Z", "modified": "2017-05-18T08:09:17.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.102.207.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ae-a3fc-4c51-aeef-a001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:18.000Z", "modified": "2017-05-18T08:09:18.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.45.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ae-048c-4c4e-bb63-a004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:18.000Z", "modified": "2017-05-18T08:09:18.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.119.246.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56af-648c-43bb-8676-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:19.000Z", "modified": "2017-05-18T08:09:19.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.86.110.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b0-1504-412d-90fa-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:20.000Z", "modified": "2017-05-18T08:09:20.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.244.96.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b1-6220-4f5f-9754-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:21.000Z", "modified": "2017-05-18T08:09:21.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.170.153.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b2-d6e8-4827-8a90-99a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:22.000Z", "modified": "2017-05-18T08:09:22.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.158.202.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b2-f324-4ef9-8e18-a004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:22.000Z", "modified": "2017-05-18T08:09:22.000Z", "description": "andninformationfrom.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.235.222.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b3-16ec-413b-ab61-99a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:23.000Z", "modified": "2017-05-18T08:09:23.000Z", "pattern": "[url:value = 'licenseprrights.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b4-4c8c-4708-83ca-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:24.000Z", "modified": "2017-05-18T08:09:24.000Z", "pattern": "[domain-name:value = 'licenseprrights.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b5-a2d4-42aa-b7d9-a001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:25.000Z", "modified": "2017-05-18T08:09:25.000Z", "description": "licenseprrights.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.62.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b6-37f4-4881-8d8e-99a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:26.000Z", "modified": "2017-05-18T08:09:26.000Z", "description": "licenseprrights.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.78.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b7-b900-4fee-9104-c524950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:27.000Z", "modified": "2017-05-18T08:09:27.000Z", "description": "licenseprrights.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.98.254.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b8-2070-4e78-ab25-99a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:28.000Z", "modified": "2017-05-18T08:09:28.000Z", "description": "licenseprrights.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.62.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b8-c4b8-4887-9169-c51c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:28.000Z", "modified": "2017-05-18T08:09:28.000Z", "pattern": "[url:value = 'ppublcontricopyright.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b9-a1e8-4141-a2c0-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:29.000Z", "modified": "2017-05-18T08:09:29.000Z", "pattern": "[domain-name:value = 'ppublcontricopyright.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56bb-a684-4a7a-9e65-a001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:31.000Z", "modified": "2017-05-18T08:09:31.000Z", "pattern": "[url:value = 'aboveincludesretainco.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56bc-5af4-45a8-aff3-a007950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:32.000Z", "modified": "2017-05-18T08:09:32.000Z", "pattern": "[domain-name:value = 'aboveincludesretainco.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }