{ "type": "bundle", "id": "bundle--59281443-312c-4b77-aef7-447d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:35.000Z", "modified": "2017-05-26T13:46:35.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59281443-312c-4b77-aef7-447d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:35.000Z", "modified": "2017-05-26T13:46:35.000Z", "name": "Jaff 2017-05-25 : \"Payment Receipt 1234\" - \"1234.pdf\"", "published": "2017-05-26T13:46:53Z", "object_refs": [ "indicator--59281446-b440-4a1f-bbe1-4564950d210f", "indicator--59281448-5fb0-4cb5-8947-44ea950d210f", "indicator--5928144a-5368-4e33-9a4c-4090950d210f", "indicator--5928144b-e848-4515-93fc-4242950d210f", "observed-data--5928144c-050c-439e-a4a2-4225950d210f", "network-traffic--5928144c-050c-439e-a4a2-4225950d210f", "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f", "indicator--5928144c-b160-4179-94a7-450e950d210f", "indicator--5928144d-2364-40f8-bd8a-419a950d210f", "observed-data--5928144f-d4b0-4902-9e5b-416a950d210f", "network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f", "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f", "indicator--59281451-6310-4b31-8b46-495e950d210f", "indicator--59281452-c164-4d7a-996e-4478950d210f", "observed-data--59281454-3bcc-42e1-adfc-4345950d210f", "network-traffic--59281454-3bcc-42e1-adfc-4345950d210f", "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f", "indicator--59281455-57ac-4700-a036-49e8950d210f", "indicator--59281456-bc98-4998-b24f-48ef950d210f", "observed-data--59281457-9e0c-48fb-b518-4cbd950d210f", "network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f", "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f", "indicator--59281458-a294-4496-b8fa-417c950d210f", "indicator--59281459-c67c-4581-84a8-4c22950d210f", "observed-data--5928145c-29ec-4e88-ab66-42a8950d210f", "network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f", "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f", "indicator--5928145d-1898-4496-ae26-4d72950d210f", "indicator--5928145f-24d4-42dc-9a8b-4930950d210f", "observed-data--59281460-0f30-465b-91e7-46b5950d210f", "network-traffic--59281460-0f30-465b-91e7-46b5950d210f", "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f", "indicator--59281461-8144-4204-b00e-4c44950d210f", "indicator--59281463-aac4-46e9-9f4f-4124950d210f", "observed-data--59281463-ae54-4c10-a75a-494c950d210f", "network-traffic--59281463-ae54-4c10-a75a-494c950d210f", "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f", "indicator--59281464-431c-40b2-9ffb-44fd950d210f", "indicator--59281465-a28c-4c77-8f28-4b41950d210f", "observed-data--59281466-6c50-4c9e-8a4a-4043950d210f", "network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f", "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f", "indicator--59281467-9ed0-492a-adb2-46e5950d210f", "indicator--59281468-2890-4110-a2eb-43ec950d210f", "observed-data--5928146a-214c-44dd-96a6-4048950d210f", "network-traffic--5928146a-214c-44dd-96a6-4048950d210f", "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f", "indicator--5928146b-2d3c-43c6-8111-4a64950d210f", "indicator--5928146c-10ec-4dd7-8ea4-4028950d210f", "observed-data--5928146d-0604-4b71-bb95-4f36950d210f", "network-traffic--5928146d-0604-4b71-bb95-4f36950d210f", "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f", "indicator--5928146e-6c10-44d2-b095-4d63950d210f", "indicator--5928146f-0d24-4a49-a4cd-4184950d210f", "observed-data--59281470-4050-4f7e-b23d-476b950d210f", "network-traffic--59281470-4050-4f7e-b23d-476b950d210f", "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f", "indicator--59281471-8b70-4816-bf67-48d9950d210f", "indicator--59281472-c81c-435b-b039-426a950d210f", "observed-data--59281473-c478-4690-850f-4daa950d210f", "network-traffic--59281473-c478-4690-850f-4daa950d210f", "ipv4-addr--59281473-c478-4690-850f-4daa950d210f", "indicator--59281474-9950-4a03-b0f3-44de950d210f", "indicator--59281475-790c-4e0d-b640-4edd950d210f", "observed-data--59281476-a230-41af-bdeb-4e59950d210f", "network-traffic--59281476-a230-41af-bdeb-4e59950d210f", "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f", "indicator--59281477-d734-4382-9133-4ec4950d210f", "indicator--59281478-c9a0-4b5d-9d6c-4ce7950d210f", "observed-data--59281479-0744-419f-b39f-4367950d210f", "network-traffic--59281479-0744-419f-b39f-4367950d210f", "ipv4-addr--59281479-0744-419f-b39f-4367950d210f", "indicator--5928147a-035c-4f27-8493-44b4950d210f", "indicator--5928147a-8038-4e54-a86c-468c950d210f", "observed-data--5928147b-871c-4e2b-9651-4438950d210f", "network-traffic--5928147b-871c-4e2b-9651-4438950d210f", "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f", "indicator--5928147c-7938-4b38-afeb-4108950d210f", "indicator--5928147d-4644-4d6d-bd52-46c6950d210f", "observed-data--5928147e-8b08-44e7-93cb-421e950d210f", "network-traffic--5928147e-8b08-44e7-93cb-421e950d210f", "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f", "indicator--5928147f-1e48-47fd-84c6-49bb950d210f", "indicator--59281480-946c-4499-a3a5-448c950d210f", "observed-data--59281481-58c4-4762-9d00-4d1a950d210f", "network-traffic--59281481-58c4-4762-9d00-4d1a950d210f", "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f", "indicator--59281482-83f4-493e-9db3-4f29950d210f", "indicator--59281483-47f0-475b-9773-4065950d210f", "observed-data--59281484-7858-4442-9586-4f6b950d210f", "network-traffic--59281484-7858-4442-9586-4f6b950d210f", "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f", "indicator--59281485-61c4-4a98-a73e-4dce950d210f", "indicator--59281486-aa6c-4587-9614-4e62950d210f", "observed-data--59281488-da70-4ec5-8893-425b950d210f", "network-traffic--59281488-da70-4ec5-8893-425b950d210f", "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f", "indicator--59281488-86cc-49a5-b908-41dc950d210f", "indicator--59281489-afa8-4910-a727-4706950d210f", "observed-data--5928148a-2608-4290-a255-4f20950d210f", "network-traffic--5928148a-2608-4290-a255-4f20950d210f", "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f", "indicator--5928148b-4b58-4318-aa1a-4f12950d210f", "indicator--5928148c-8448-4df1-9df9-4623950d210f", "observed-data--5928148e-dcac-472d-9c86-4322950d210f", "network-traffic--5928148e-dcac-472d-9c86-4322950d210f", "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f", "indicator--5928148f-ffc8-4e76-8906-4ab2950d210f", "indicator--59281491-4698-485f-96d8-47c8950d210f", "observed-data--59281492-b0b0-4364-8dbf-40a5950d210f", "network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f", "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f", "indicator--59281493-f744-40ba-8f5d-48cc950d210f", "indicator--59281493-a0b4-442d-8d58-409c950d210f", "indicator--59281495-7340-4d49-b253-48d1950d210f", "indicator--59281496-7040-40fa-8e43-4eb5950d210f", "observed-data--59281497-6810-44b9-bcb2-492b950d210f", "network-traffic--59281497-6810-44b9-bcb2-492b950d210f", "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f", "indicator--59282b6e-5a14-46b0-9569-4a0302de0b81", "indicator--59282b6e-e194-42d5-8536-433302de0b81", "observed-data--59282b6f-8ff8-43ed-bb33-411202de0b81", "url--59282b6f-8ff8-43ed-bb33-411202de0b81", "indicator--59282b6f-044c-47c0-b2fe-4bfc02de0b81", "indicator--59282b70-5fd4-4cae-bdc9-4cce02de0b81", "observed-data--59282b70-91c4-446f-92de-47e802de0b81", "url--59282b70-91c4-446f-92de-47e802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281446-b440-4a1f-bbe1-4564950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[file:hashes.MD5 = '9585bc2d5d63b189bf8455d2e05cfb5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281448-5fb0-4cb5-8947-44ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[file:hashes.MD5 = 'fc8c82354bbc40f2662d577863c6b20f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928144a-5368-4e33-9a4c-4090950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://benimkecim.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928144b-e848-4515-93fc-4242950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'benimkecim.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928144c-050c-439e-a4a2-4225950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928144c-050c-439e-a4a2-4225950d210f", "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928144c-050c-439e-a4a2-4225950d210f", "dst_ref": "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f", "value": "95.173.189.215" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928144c-b160-4179-94a7-450e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://better57toiuydof.net/af/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928144d-2364-40f8-bd8a-419a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'better57toiuydof.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928144f-d4b0-4902-9e5b-416a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f", "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f", "dst_ref": "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f", "value": "46.173.218.111" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281451-6310-4b31-8b46-495e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://bionorica.md/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281452-c164-4d7a-996e-4478950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'bionorica.md']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281454-3bcc-42e1-adfc-4345950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281454-3bcc-42e1-adfc-4345950d210f", "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281454-3bcc-42e1-adfc-4345950d210f", "dst_ref": "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f", "value": "176.223.209.7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281455-57ac-4700-a036-49e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://blackstoneconsultants.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281456-bc98-4998-b24f-48ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'blackstoneconsultants.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281457-9e0c-48fb-b518-4cbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f", "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f", "dst_ref": "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f", "value": "192.124.249.6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281458-a294-4496-b8fa-417c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://danthegreat.athost.net/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281459-c67c-4581-84a8-4c22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'danthegreat.athost.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928145c-29ec-4e88-ab66-42a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f", "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f", "dst_ref": "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f", "value": "88.198.4.251" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928145d-1898-4496-ae26-4d72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://derossigroup.it/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928145f-24d4-42dc-9a8b-4930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'derossigroup.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281460-0f30-465b-91e7-46b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281460-0f30-465b-91e7-46b5950d210f", "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281460-0f30-465b-91e7-46b5950d210f", "dst_ref": "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f", "value": "195.130.247.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281461-8144-4204-b00e-4c44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://dianagaertner.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281463-aac4-46e9-9f4f-4124950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'dianagaertner.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281463-ae54-4c10-a75a-494c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281463-ae54-4c10-a75a-494c950d210f", "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281463-ae54-4c10-a75a-494c950d210f", "dst_ref": "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f", "value": "81.169.145.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281464-431c-40b2-9ffb-44fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://dreamybean.de/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281465-a28c-4c77-8f28-4b41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'dreamybean.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281466-6c50-4c9e-8a4a-4043950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f", "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f", "dst_ref": "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f", "value": "81.169.145.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281467-9ed0-492a-adb2-46e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://duktigaflickor.se/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281468-2890-4110-a2eb-43ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'duktigaflickor.se']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928146a-214c-44dd-96a6-4048950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928146a-214c-44dd-96a6-4048950d210f", "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928146a-214c-44dd-96a6-4048950d210f", "dst_ref": "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f", "value": "46.30.213.61" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928146b-2d3c-43c6-8111-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://enseling-gmbh.de/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928146c-10ec-4dd7-8ea4-4028950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'enseling-gmbh.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928146d-0604-4b71-bb95-4f36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928146d-0604-4b71-bb95-4f36950d210f", "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928146d-0604-4b71-bb95-4f36950d210f", "dst_ref": "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f", "value": "81.169.145.162" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928146e-6c10-44d2-b095-4d63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://enzler-elektro.ch/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928146f-0d24-4a49-a4cd-4184950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'enzler-elektro.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281470-4050-4f7e-b23d-476b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281470-4050-4f7e-b23d-476b950d210f", "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281470-4050-4f7e-b23d-476b950d210f", "dst_ref": "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f", "value": "80.86.198.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281471-8b70-4816-bf67-48d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://facecapsule.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281472-c81c-435b-b039-426a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'facecapsule.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281473-c478-4690-850f-4daa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281473-c478-4690-850f-4daa950d210f", "ipv4-addr--59281473-c478-4690-850f-4daa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281473-c478-4690-850f-4daa950d210f", "dst_ref": "ipv4-addr--59281473-c478-4690-850f-4daa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281473-c478-4690-850f-4daa950d210f", "value": "70.35.121.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281474-9950-4a03-b0f3-44de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://holidayhops.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281475-790c-4e0d-b640-4edd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'holidayhops.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281476-a230-41af-bdeb-4e59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281476-a230-41af-bdeb-4e59950d210f", "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281476-a230-41af-bdeb-4e59950d210f", "dst_ref": "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f", "value": "166.62.29.125" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281477-d734-4382-9133-4ec4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://hunter.cz/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281478-c9a0-4b5d-9d6c-4ce7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'hunter.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281479-0744-419f-b39f-4367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281479-0744-419f-b39f-4367950d210f", "ipv4-addr--59281479-0744-419f-b39f-4367950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281479-0744-419f-b39f-4367950d210f", "dst_ref": "ipv4-addr--59281479-0744-419f-b39f-4367950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281479-0744-419f-b39f-4367950d210f", "value": "83.167.255.182" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928147a-035c-4f27-8493-44b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://operadorapuma.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928147a-8038-4e54-a86c-468c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'operadorapuma.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928147b-871c-4e2b-9651-4438950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928147b-871c-4e2b-9651-4438950d210f", "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928147b-871c-4e2b-9651-4438950d210f", "dst_ref": "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f", "value": "192.124.249.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928147c-7938-4b38-afeb-4108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://orchideus.cz/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928147d-4644-4d6d-bd52-46c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'orchideus.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928147e-8b08-44e7-93cb-421e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--5928147e-8b08-44e7-93cb-421e950d210f", "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928147e-8b08-44e7-93cb-421e950d210f", "dst_ref": "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f", "value": "81.31.42.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928147f-1e48-47fd-84c6-49bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://pepmata.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281480-946c-4499-a3a5-448c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'pepmata.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281481-58c4-4762-9d00-4d1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:45:49.000Z", "modified": "2017-05-26T13:45:49.000Z", "first_observed": "2017-05-26T13:45:49Z", "last_observed": "2017-05-26T13:45:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59281481-58c4-4762-9d00-4d1a950d210f", "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281481-58c4-4762-9d00-4d1a950d210f", "dst_ref": "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f", "value": "160.153.129.221" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281482-83f4-493e-9db3-4f29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://pixshoot.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281483-47f0-475b-9773-4065950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'pixshoot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281484-7858-4442-9586-4f6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59281484-7858-4442-9586-4f6b950d210f", "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281484-7858-4442-9586-4f6b950d210f", "dst_ref": "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f", "value": "104.156.51.239" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281485-61c4-4a98-a73e-4dce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://rejtjel.hu/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281486-aa6c-4587-9614-4e62950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'rejtjel.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281488-da70-4ec5-8893-425b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59281488-da70-4ec5-8893-425b950d210f", "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281488-da70-4ec5-8893-425b950d210f", "dst_ref": "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f", "value": "91.82.226.140" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281488-86cc-49a5-b908-41dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://tropicalcoffeebreak.com/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281489-afa8-4910-a727-4706950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'tropicalcoffeebreak.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928148a-2608-4290-a255-4f20950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--5928148a-2608-4290-a255-4f20950d210f", "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928148a-2608-4290-a255-4f20950d210f", "dst_ref": "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f", "value": "162.144.143.109" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928148b-4b58-4318-aa1a-4f12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://vipmarketing.co.il/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928148c-8448-4df1-9df9-4623950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'vipmarketing.co.il']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5928148e-dcac-472d-9c86-4322950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--5928148e-dcac-472d-9c86-4322950d210f", "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5928148e-dcac-472d-9c86-4322950d210f", "dst_ref": "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f", "value": "81.218.71.217" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928148f-ffc8-4e76-8906-4ab2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://vsflot.ru/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281491-4698-485f-96d8-47c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'vsflot.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281492-b0b0-4364-8dbf-40a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f", "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f", "dst_ref": "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f", "value": "81.177.135.191" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281493-f744-40ba-8f5d-48cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://youtoolgrabeertorse.org/af/TrfHn4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281493-a0b4-442d-8d58-409c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'youtoolgrabeertorse.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281495-7340-4d49-b253-48d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[url:value = 'http://dorobratiohdtyszxwk.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59281496-7040-40fa-8e43-4eb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:12.000Z", "modified": "2017-05-26T13:19:12.000Z", "pattern": "[domain-name:value = 'dorobratiohdtyszxwk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59281497-6810-44b9-bcb2-492b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:46:20.000Z", "modified": "2017-05-26T13:46:20.000Z", "first_observed": "2017-05-26T13:46:20Z", "last_observed": "2017-05-26T13:46:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59281497-6810-44b9-bcb2-492b950d210f", "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59281497-6810-44b9-bcb2-492b950d210f", "dst_ref": "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f", "value": "34.225.214.20" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282b6e-5a14-46b0-9569-4a0302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:42.000Z", "modified": "2017-05-26T13:19:42.000Z", "description": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f", "pattern": "[file:hashes.SHA256 = '2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282b6e-e194-42d5-8536-433302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:42.000Z", "modified": "2017-05-26T13:19:42.000Z", "description": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f", "pattern": "[file:hashes.SHA1 = '27f095ac614baa7db8bcd1f5737cdefd8b0bb1ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282b6f-8ff8-43ed-bb33-411202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:43.000Z", "modified": "2017-05-26T13:19:43.000Z", "first_observed": "2017-05-26T13:19:43Z", "last_observed": "2017-05-26T13:19:43Z", "number_observed": 1, "object_refs": [ "url--59282b6f-8ff8-43ed-bb33-411202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59282b6f-8ff8-43ed-bb33-411202de0b81", "value": "https://www.virustotal.com/file/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569/analysis/1495782707/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282b6f-044c-47c0-b2fe-4bfc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:43.000Z", "modified": "2017-05-26T13:19:43.000Z", "description": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e", "pattern": "[file:hashes.SHA256 = 'ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282b70-5fd4-4cae-bdc9-4cce02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:44.000Z", "modified": "2017-05-26T13:19:44.000Z", "description": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e", "pattern": "[file:hashes.SHA1 = '09fcafdc65429b55087227f8942e787e10e1b73c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:19:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282b70-91c4-446f-92de-47e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:19:44.000Z", "modified": "2017-05-26T13:19:44.000Z", "first_observed": "2017-05-26T13:19:44Z", "last_observed": "2017-05-26T13:19:44Z", "number_observed": 1, "object_refs": [ "url--59282b70-91c4-446f-92de-47e802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59282b70-91c4-446f-92de-47e802de0b81", "value": "https://www.virustotal.com/file/ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd/analysis/1495772587/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }