{ "type": "bundle", "id": "bundle--59259700-5778-40e2-9800-b458950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:59.000Z", "modified": "2017-05-24T14:22:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59259700-5778-40e2-9800-b458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:59.000Z", "modified": "2017-05-24T14:22:59.000Z", "name": "Jaff 2017-05-24 : \"IMG_1234.pdf\"", "context": "suspicious-activity", "object_refs": [ "indicator--59259743-2c78-4f39-bdb4-43b6950d210f", "indicator--59259742-2c48-4321-8064-4990950d210f", "indicator--59259742-80d4-46c3-aa7b-0cdb950d210f", "indicator--59259741-0530-414b-b35c-436f950d210f", "indicator--5925973f-75c0-4061-9abe-49bc950d210f", "indicator--59259740-40f4-4d93-9ed7-b44f950d210f", "indicator--5925973e-8cc0-40f1-8086-b45c950d210f", "indicator--5925973d-8924-4d1e-a4a5-31d2950d210f", "indicator--5925973c-cadc-455d-8622-486b950d210f", "indicator--5925973b-3e18-45d1-90a9-b459950d210f", "indicator--5925973a-3620-4b70-aa96-4737950d210f", "indicator--5925973a-7510-4c57-ace1-0cd9950d210f", "indicator--59259739-6930-48d4-bfc6-4a53950d210f", "indicator--59259738-efb0-470f-9a11-b456950d210f", "indicator--59259737-c364-4241-995e-4c9c950d210f", "indicator--59259736-4c68-428f-92bd-4f42950d210f", "indicator--59259735-4e0c-4680-a55c-7bd8950d210f", "indicator--59259734-eb70-46eb-b382-4fd0950d210f", "indicator--59259733-7464-4504-af9b-4e38950d210f", "indicator--59259732-78f8-4d0d-ac1d-0cdb950d210f", "indicator--59259731-37c4-4a0a-a436-b458950d210f", "indicator--59259730-8be4-4d2e-add7-4e7b950d210f", "indicator--5925972f-bc14-4493-8180-4927950d210f", "indicator--5925972e-8c78-4ae1-8512-b45c950d210f", "indicator--5925972d-4fbc-4811-9c18-41b5950d210f", "indicator--5925972d-a72c-4924-b52d-0cd9950d210f", "indicator--5925972a-aef0-4d00-a0f9-4dcf950d210f", "indicator--5925972a-15ac-4f7c-9d07-4752950d210f", "indicator--59259729-705c-4d87-977e-4f61950d210f", "indicator--59259727-1ea8-4aa6-9a57-0cdb950d210f", "indicator--59259727-d168-4300-a636-47f4950d210f", "indicator--59259726-d524-4e68-9d4f-b458950d210f", "indicator--59259725-f418-450c-9cf1-4525950d210f", "indicator--59259724-0e9c-4fb1-8a60-b44f950d210f", "indicator--59259724-e1d0-4952-82e7-4696950d210f", "indicator--59259722-e268-4574-a194-b45c950d210f", "indicator--59259722-1bd8-44c7-96a2-31d2950d210f", "indicator--59259720-8824-4b28-9218-472d950d210f", "indicator--5925971f-e800-4d35-84a9-b459950d210f", "indicator--59259702-8d0c-432e-8cae-b45c950d210f", "indicator--59259702-8200-4e7f-b43a-4887950d210f", "indicator--59259704-7f98-4551-82c6-475b950d210f", "indicator--59259705-f070-499f-bef1-b458950d210f", "indicator--59259706-25dc-4542-9007-4754950d210f", "indicator--59259707-de98-4182-8654-4513950d210f", "indicator--59259708-0c24-4e55-99f6-41e4950d210f", "indicator--59259709-c73c-4a1f-8a90-0cdb950d210f", "indicator--5925970a-c2c4-4755-a5c7-4288950d210f", "indicator--5925970b-7d4c-4b05-89bf-4f2c950d210f", "indicator--5925970c-7524-40f5-bcdb-7bd8950d210f", "indicator--5925970d-7544-4ea6-8425-b456950d210f", "indicator--5925970e-a4a0-4fac-940c-0cd9950d210f", "indicator--5925970f-c854-4e1f-88d1-4e0e950d210f", "indicator--59259710-5bd8-4bd6-bf87-405d950d210f", "indicator--59259711-3fe8-41b9-a0ad-4f7e950d210f", "indicator--59259711-4818-4ed4-a14c-31d2950d210f", "indicator--59259712-3078-4667-bdd9-b45c950d210f", "indicator--59259713-8a90-4a78-badc-421d950d210f", "indicator--59259714-e7dc-4af6-a172-b44f950d210f", "indicator--59259715-7d34-4c49-889e-4267950d210f", "indicator--59259716-002c-4d84-b812-43a9950d210f", "indicator--59259719-774c-444f-8905-0cdb950d210f", "indicator--5925971a-75dc-4e3c-8094-4e91950d210f", "indicator--5925971a-b324-4595-a2d3-4c25950d210f", "indicator--5925971b-4b9c-41e7-9d10-7bd8950d210f", "indicator--5925971c-89e8-4d1e-81ca-4593950d210f", "indicator--5925971d-9a78-4791-8d7c-b456950d210f", "indicator--5925971e-6460-441c-bdfc-4cc9950d210f", "indicator--5925971e-9fe4-4016-ac0b-0cd9950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259743-2c78-4f39-bdb4-43b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:59.000Z", "modified": "2017-05-24T14:22:59.000Z", "pattern": "[domain-name:value = 'y887drossetorling.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259742-2c48-4321-8064-4990950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:58.000Z", "modified": "2017-05-24T14:22:58.000Z", "pattern": "[url:value = 'http://y887drossetorling.info/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259742-80d4-46c3-aa7b-0cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:58.000Z", "modified": "2017-05-24T14:22:58.000Z", "description": "williams-fitness.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.44.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259741-0530-414b-b35c-436f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:57.000Z", "modified": "2017-05-24T14:22:57.000Z", "pattern": "[domain-name:value = 'williams-fitness.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973f-75c0-4061-9abe-49bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:55.000Z", "modified": "2017-05-24T14:22:55.000Z", "description": "uslugitransportowe-warszawa.pl", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.68.249.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259740-40f4-4d93-9ed7-b44f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:56.000Z", "modified": "2017-05-24T14:22:56.000Z", "pattern": "[url:value = 'http://williams-fitness.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973e-8cc0-40f1-8086-b45c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:54.000Z", "modified": "2017-05-24T14:22:54.000Z", "pattern": "[domain-name:value = 'uslugitransportowe-warszawa.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973d-8924-4d1e-a4a5-31d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:53.000Z", "modified": "2017-05-24T14:22:53.000Z", "pattern": "[url:value = 'http://uslugitransportowe-warszawa.pl/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973c-cadc-455d-8622-486b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:52.000Z", "modified": "2017-05-24T14:22:52.000Z", "description": "tdtuusula.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.213.201.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973b-3e18-45d1-90a9-b459950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:51.000Z", "modified": "2017-05-24T14:22:51.000Z", "pattern": "[domain-name:value = 'tdtuusula.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973a-3620-4b70-aa96-4737950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:50.000Z", "modified": "2017-05-24T14:22:50.000Z", "pattern": "[url:value = 'http://tdtuusula.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925973a-7510-4c57-ace1-0cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:50.000Z", "modified": "2017-05-24T14:22:50.000Z", "description": "tbhomeinspection.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.33.241.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259739-6930-48d4-bfc6-4a53950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:49.000Z", "modified": "2017-05-24T14:22:49.000Z", "pattern": "[domain-name:value = 'tbhomeinspection.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259738-efb0-470f-9a11-b456950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:48.000Z", "modified": "2017-05-24T14:22:48.000Z", "pattern": "[url:value = 'http://tbhomeinspection.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259737-c364-4241-995e-4c9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:47.000Z", "modified": "2017-05-24T14:22:47.000Z", "description": "tabelaistanbul.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.247.111.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259736-4c68-428f-92bd-4f42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:46.000Z", "modified": "2017-05-24T14:22:46.000Z", "pattern": "[domain-name:value = 'tabelaistanbul.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259735-4e0c-4680-a55c-7bd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:45.000Z", "modified": "2017-05-24T14:22:45.000Z", "pattern": "[url:value = 'http://tabelaistanbul.net/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259734-eb70-46eb-b382-4fd0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:44.000Z", "modified": "2017-05-24T14:22:44.000Z", "description": "pcflame.com.au", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.9.170.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259733-7464-4504-af9b-4e38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:43.000Z", "modified": "2017-05-24T14:22:43.000Z", "pattern": "[domain-name:value = 'pcflame.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259732-78f8-4d0d-ac1d-0cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:42.000Z", "modified": "2017-05-24T14:22:42.000Z", "pattern": "[url:value = 'http://pcflame.com.au/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259731-37c4-4a0a-a436-b458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:41.000Z", "modified": "2017-05-24T14:22:41.000Z", "description": "oliverkuo.com.au", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.54.86.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259730-8be4-4d2e-add7-4e7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:40.000Z", "modified": "2017-05-24T14:22:40.000Z", "pattern": "[domain-name:value = 'oliverkuo.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972f-bc14-4493-8180-4927950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:39.000Z", "modified": "2017-05-24T14:22:39.000Z", "pattern": "[url:value = 'http://oliverkuo.com.au/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972e-8c78-4ae1-8512-b45c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:38.000Z", "modified": "2017-05-24T14:22:38.000Z", "description": "olgasmile.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.195.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972d-4fbc-4811-9c18-41b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:37.000Z", "modified": "2017-05-24T14:22:37.000Z", "pattern": "[domain-name:value = 'olgasmile.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972d-a72c-4924-b52d-0cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:37.000Z", "modified": "2017-05-24T14:22:37.000Z", "pattern": "[url:value = 'http://olgasmile.ru/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972a-aef0-4d00-a0f9-4dcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:34.000Z", "modified": "2017-05-24T14:22:34.000Z", "pattern": "[domain-name:value = 'minnessotaswordfishh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925972a-15ac-4f7c-9d07-4752950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:34.000Z", "modified": "2017-05-24T14:22:34.000Z", "pattern": "[url:value = 'http://minnessotaswordfishh.com/af/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259729-705c-4d87-977e-4f61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:33.000Z", "modified": "2017-05-24T14:22:33.000Z", "description": "khaosoklake.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.104.168.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259727-1ea8-4aa6-9a57-0cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:31.000Z", "modified": "2017-05-24T14:22:31.000Z", "pattern": "[domain-name:value = 'khaosoklake.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259727-d168-4300-a636-47f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:31.000Z", "modified": "2017-05-24T14:22:31.000Z", "pattern": "[url:value = 'http://khaosoklake.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259726-d524-4e68-9d4f-b458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:30.000Z", "modified": "2017-05-24T14:22:30.000Z", "description": "jinyuxuan.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259725-f418-450c-9cf1-4525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:29.000Z", "modified": "2017-05-24T14:22:29.000Z", "pattern": "[domain-name:value = 'jinyuxuan.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259724-0e9c-4fb1-8a60-b44f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:28.000Z", "modified": "2017-05-24T14:22:28.000Z", "pattern": "[url:value = 'http://jinyuxuan.de/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259724-e1d0-4952-82e7-4696950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:28.000Z", "modified": "2017-05-24T14:22:28.000Z", "description": "hr991.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.238.225.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259722-e268-4574-a194-b45c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:26.000Z", "modified": "2017-05-24T14:22:26.000Z", "pattern": "[domain-name:value = 'hr991.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259722-1bd8-44c7-96a2-31d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:25.000Z", "modified": "2017-05-24T14:22:25.000Z", "pattern": "[url:value = 'http://hr991.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259720-8824-4b28-9218-472d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:24.000Z", "modified": "2017-05-24T14:22:24.000Z", "description": "electron-trade.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.118.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971f-e800-4d35-84a9-b459950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:23.000Z", "modified": "2017-05-24T14:22:23.000Z", "pattern": "[domain-name:value = 'electron-trade.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259702-8d0c-432e-8cae-b45c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:54.000Z", "modified": "2017-05-24T14:21:54.000Z", "pattern": "[file:hashes.MD5 = 'be60ac06c22159319bd757e0c35be957']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259702-8200-4e7f-b43a-4887950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:54.000Z", "modified": "2017-05-24T14:21:54.000Z", "pattern": "[file:hashes.MD5 = 'c9c897215e6f805eaf03ad56afd6e331']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259704-7f98-4551-82c6-475b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:56.000Z", "modified": "2017-05-24T14:21:56.000Z", "pattern": "[url:value = 'http://abcenglishclub.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259705-f070-499f-bef1-b458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:57.000Z", "modified": "2017-05-24T14:21:57.000Z", "pattern": "[domain-name:value = 'abcenglishclub.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259706-25dc-4542-9007-4754950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:58.000Z", "modified": "2017-05-24T14:21:58.000Z", "description": "abcenglishclub.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '100.42.56.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259707-de98-4182-8654-4513950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:21:59.000Z", "modified": "2017-05-24T14:21:59.000Z", "pattern": "[url:value = 'http://b.cms-hosting.by/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:21:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259708-0c24-4e55-99f6-41e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:00.000Z", "modified": "2017-05-24T14:22:00.000Z", "pattern": "[domain-name:value = 'b.cms-hosting.by']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259709-c73c-4a1f-8a90-0cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:01.000Z", "modified": "2017-05-24T14:22:01.000Z", "description": "b.cms-hosting.by", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.84.115.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970a-c2c4-4755-a5c7-4288950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:02.000Z", "modified": "2017-05-24T14:22:02.000Z", "pattern": "[url:value = 'http://better57toiuydof.net/af/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970b-7d4c-4b05-89bf-4f2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:03.000Z", "modified": "2017-05-24T14:22:03.000Z", "pattern": "[domain-name:value = 'better57toiuydof.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970c-7524-40f5-bcdb-7bd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:04.000Z", "modified": "2017-05-24T14:22:04.000Z", "description": "better57toiuydof.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.165.236.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970d-7544-4ea6-8425-b456950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:05.000Z", "modified": "2017-05-24T14:22:05.000Z", "pattern": "[url:value = 'http://billiginurlaub.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970e-a4a0-4fac-940c-0cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:06.000Z", "modified": "2017-05-24T14:22:06.000Z", "pattern": "[domain-name:value = 'billiginurlaub.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925970f-c854-4e1f-88d1-4e0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:07.000Z", "modified": "2017-05-24T14:22:07.000Z", "description": "billiginurlaub.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.144.5.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259710-5bd8-4bd6-bf87-405d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:08.000Z", "modified": "2017-05-24T14:22:08.000Z", "pattern": "[url:value = 'http://david-faber.de/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259711-3fe8-41b9-a0ad-4f7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:09.000Z", "modified": "2017-05-24T14:22:09.000Z", "pattern": "[domain-name:value = 'david-faber.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259711-4818-4ed4-a14c-31d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:09.000Z", "modified": "2017-05-24T14:22:09.000Z", "description": "david-faber.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259712-3078-4667-bdd9-b45c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:10.000Z", "modified": "2017-05-24T14:22:10.000Z", "pattern": "[url:value = 'http://digital-helpdesk.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259713-8a90-4a78-badc-421d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:11.000Z", "modified": "2017-05-24T14:22:11.000Z", "pattern": "[domain-name:value = 'digital-helpdesk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259714-e7dc-4af6-a172-b44f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:12.000Z", "modified": "2017-05-24T14:22:12.000Z", "description": "digital-helpdesk.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '163.47.73.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259715-7d34-4c49-889e-4267950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:13.000Z", "modified": "2017-05-24T14:22:13.000Z", "pattern": "[url:value = 'http://dogplay.co.kr/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259716-002c-4d84-b812-43a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:14.000Z", "modified": "2017-05-24T14:22:14.000Z", "pattern": "[domain-name:value = 'dogplay.co.kr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59259719-774c-444f-8905-0cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:17.000Z", "modified": "2017-05-24T14:22:17.000Z", "description": "dogplay.co.kr", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.234.27.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971a-75dc-4e3c-8094-4e91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:18.000Z", "modified": "2017-05-24T14:22:18.000Z", "pattern": "[url:value = 'http://ecoeventlogistics.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971a-b324-4595-a2d3-4c25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:18.000Z", "modified": "2017-05-24T14:22:18.000Z", "pattern": "[domain-name:value = 'ecoeventlogistics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971b-4b9c-41e7-9d10-7bd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:19.000Z", "modified": "2017-05-24T14:22:19.000Z", "description": "ecoeventlogistics.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.116.112.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971c-89e8-4d1e-81ca-4593950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:20.000Z", "modified": "2017-05-24T14:22:20.000Z", "pattern": "[url:value = 'http://elateplaza.com/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971d-9a78-4791-8d7c-b456950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:21.000Z", "modified": "2017-05-24T14:22:21.000Z", "pattern": "[domain-name:value = 'elateplaza.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971e-6460-441c-bdfc-4cc9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:22.000Z", "modified": "2017-05-24T14:22:22.000Z", "description": "elateplaza.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.23.97.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5925971e-9fe4-4016-ac0b-0cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-24T14:22:22.000Z", "modified": "2017-05-24T14:22:22.000Z", "pattern": "[url:value = 'http://electron-trade.ru/FsMflooY']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-24T14:22:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }