{ "type": "bundle", "id": "bundle--59318aac-4e04-4616-9682-43ff950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:58:31.000Z", "modified": "2017-06-02T15:58:31.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59318aac-4e04-4616-9682-43ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:58:31.000Z", "modified": "2017-06-02T15:58:31.000Z", "name": "M2M - Jaff 2017-06-02 : \"Invoice INV-1234\" - \"Invoice INV-1234.pdf\"", "published": "2017-06-02T15:58:47Z", "object_refs": [ "indicator--59318aad-9c84-42d9-b8e2-ba67950d210f", "indicator--59318aad-2dbc-4185-8a26-42ec950d210f", "indicator--59318aae-f558-4a98-85c5-bae1950d210f", "indicator--59318aaf-26cc-4c74-bfe7-bb84950d210f", "observed-data--59318aaf-71bc-4df0-b19c-4676950d210f", "network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f", "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f", "indicator--59318ab0-67b4-4200-988a-4b12950d210f", "indicator--59318ab1-0da4-441c-b0e0-43bd950d210f", "observed-data--59318ab2-03c8-4097-af86-415e950d210f", "network-traffic--59318ab2-03c8-4097-af86-415e950d210f", "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f", "indicator--59318ab4-e24c-465a-af2e-bb1d950d210f", "indicator--59318ab5-c09c-4b4f-bd1b-40da950d210f", "observed-data--59318ab7-52d0-4ba6-8bf7-4616950d210f", "network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f", "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f", "indicator--59318ab8-4cf8-4748-b7c9-4a0d950d210f", "indicator--59318ab9-2a0c-4603-95e3-ba67950d210f", "observed-data--59318aba-877c-45f4-92c3-4074950d210f", "network-traffic--59318aba-877c-45f4-92c3-4074950d210f", "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f", "indicator--59318abc-0368-4fb0-8101-49ed950d210f", "indicator--59318abc-73ec-4a13-b070-bae1950d210f", "observed-data--59318abd-3424-4567-bb19-bb84950d210f", "network-traffic--59318abd-3424-4567-bb19-bb84950d210f", "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f", "indicator--59318abe-fff4-4ccc-9101-4ec8950d210f", "indicator--59318abe-438c-471b-a62e-443d950d210f", "observed-data--59318abf-4e34-4b4b-8083-44e3950d210f", "network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f", "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f", "indicator--59318ac0-5194-44d8-9b78-4e37950d210f", "indicator--59318ac0-e094-4c70-9738-4ef2950d210f", "observed-data--59318ac1-6260-4873-9be7-456d950d210f", "network-traffic--59318ac1-6260-4873-9be7-456d950d210f", "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f", "indicator--59318ac2-6814-407a-9008-bb1d950d210f", "indicator--59318ac2-7074-4b26-881c-1b5b950d210f", "observed-data--59318ac3-4374-4076-b502-42dd950d210f", "network-traffic--59318ac3-4374-4076-b502-42dd950d210f", "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f", "indicator--59318ac3-a618-4d43-a0ba-1b03950d210f", "indicator--59318ac4-148c-4ae5-9369-49da950d210f", "observed-data--59318ac7-f610-48ff-9c91-ba67950d210f", "network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f", "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f", "indicator--59318ac8-2d04-419c-b163-46fe950d210f", "indicator--59318ac8-f2f4-48e2-ad99-6559950d210f", "observed-data--59318ac9-6e6c-4355-b30f-4228950d210f", "network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f", "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f", "indicator--59318ac9-82a0-45b8-856b-bae1950d210f", "indicator--59318aca-2b78-4a03-bb75-bb84950d210f", "indicator--59318acc-bb4c-41fc-9e55-475c950d210f", "indicator--59318acc-dbe0-48e3-9d15-435b950d210f", "observed-data--59318acd-5a20-4344-a4da-499f950d210f", "network-traffic--59318acd-5a20-4344-a4da-499f950d210f", "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f", "indicator--59318ace-f694-4699-a4b6-4fd8950d210f", "indicator--59318ace-2648-4358-b884-bb1d950d210f", "observed-data--59318acf-03f8-4cf4-8785-4c58950d210f", "network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f", "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f", "indicator--59318ad1-48a0-41db-951d-1b03950d210f", "indicator--59318ad2-7e48-4aef-89a3-4ecf950d210f", "observed-data--59318ad4-7f18-4f11-9a05-4b36950d210f", "network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f", "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f", "indicator--59318ad5-17e4-42b4-88c0-4060950d210f", "indicator--59318ad6-07e4-4b4e-a52a-bae1950d210f", "observed-data--59318ad8-8024-464f-b3cf-bb84950d210f", "network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f", "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f", "indicator--59318ad9-d22c-48a6-b6b4-46e0950d210f", "indicator--59318ada-bd14-4741-8fd2-44a0950d210f", "observed-data--59318ada-88c0-4100-b367-4ca2950d210f", "network-traffic--59318ada-88c0-4100-b367-4ca2950d210f", "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f", "observed-data--59318adb-41f0-4e85-a023-bb1d950d210f", "network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f", "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f", "indicator--59318adb-0f34-4f11-b527-1b5b950d210f", "indicator--59318adc-5774-4b2e-8a10-41c5950d210f", "observed-data--59318add-fb6c-419d-a0b4-1b03950d210f", "network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f", "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f", "indicator--59318add-6b10-41fb-aa6d-4686950d210f", "indicator--59318ade-e500-474c-9c4e-43a3950d210f", "observed-data--59318ade-763c-46ea-afe6-4dd4950d210f", "network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f", "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f", "indicator--59318adf-0270-4e33-b2f9-ba67950d210f", "indicator--59318adf-24a8-4dfe-951a-4482950d210f", "observed-data--59318ae1-07b0-41fe-9488-6559950d210f", "network-traffic--59318ae1-07b0-41fe-9488-6559950d210f", "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318aad-9c84-42d9-b8e2-ba67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:29.000Z", "modified": "2017-06-02T15:56:29.000Z", "pattern": "[file:hashes.MD5 = '29d88355954e0ef9be171f54567a2703']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318aad-2dbc-4185-8a26-42ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:29.000Z", "modified": "2017-06-02T15:56:29.000Z", "pattern": "[file:hashes.MD5 = '3a85cbd54b6c1afadaf06fbc6f1ef9b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318aae-f558-4a98-85c5-bae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:30.000Z", "modified": "2017-06-02T15:56:30.000Z", "pattern": "[url:value = 'http://dhaniearie.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318aaf-26cc-4c74-bfe7-bb84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:31.000Z", "modified": "2017-06-02T15:56:31.000Z", "pattern": "[domain-name:value = 'dhaniearie.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318aaf-71bc-4df0-b19c-4676950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:31.000Z", "modified": "2017-06-02T15:56:31.000Z", "first_observed": "2017-06-02T15:56:31Z", "last_observed": "2017-06-02T15:56:31Z", "number_observed": 1, "object_refs": [ "network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f", "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f", "dst_ref": "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f", "value": "103.11.75.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab0-67b4-4200-988a-4b12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:32.000Z", "modified": "2017-06-02T15:56:32.000Z", "pattern": "[url:value = 'http://doinlife.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab1-0da4-441c-b0e0-43bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:33.000Z", "modified": "2017-06-02T15:56:33.000Z", "pattern": "[domain-name:value = 'doinlife.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ab2-03c8-4097-af86-415e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:34.000Z", "modified": "2017-06-02T15:56:34.000Z", "first_observed": "2017-06-02T15:56:34Z", "last_observed": "2017-06-02T15:56:34Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ab2-03c8-4097-af86-415e950d210f", "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ab2-03c8-4097-af86-415e950d210f", "dst_ref": "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f", "value": "108.179.228.212" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab4-e24c-465a-af2e-bb1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:36.000Z", "modified": "2017-06-02T15:56:36.000Z", "pattern": "[url:value = 'http://eselink.com.my/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab5-c09c-4b4f-bd1b-40da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:37.000Z", "modified": "2017-06-02T15:56:37.000Z", "pattern": "[domain-name:value = 'eselink.com.my']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ab7-52d0-4ba6-8bf7-4616950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:39.000Z", "modified": "2017-06-02T15:56:39.000Z", "first_observed": "2017-06-02T15:56:39Z", "last_observed": "2017-06-02T15:56:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f", "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f", "dst_ref": "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f", "value": "124.150.140.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab8-4cf8-4748-b7c9-4a0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:40.000Z", "modified": "2017-06-02T15:56:40.000Z", "pattern": "[url:value = 'http://lanphuong.vn/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ab9-2a0c-4603-95e3-ba67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:41.000Z", "modified": "2017-06-02T15:56:41.000Z", "pattern": "[domain-name:value = 'lanphuong.vn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318aba-877c-45f4-92c3-4074950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:42.000Z", "modified": "2017-06-02T15:56:42.000Z", "first_observed": "2017-06-02T15:56:42Z", "last_observed": "2017-06-02T15:56:42Z", "number_observed": 1, "object_refs": [ "network-traffic--59318aba-877c-45f4-92c3-4074950d210f", "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318aba-877c-45f4-92c3-4074950d210f", "dst_ref": "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f", "value": "112.213.85.78" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318abc-0368-4fb0-8101-49ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:44.000Z", "modified": "2017-06-02T15:56:44.000Z", "pattern": "[url:value = 'http://lordheals.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318abc-73ec-4a13-b070-bae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:44.000Z", "modified": "2017-06-02T15:56:44.000Z", "pattern": "[domain-name:value = 'lordheals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318abd-3424-4567-bb19-bb84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:45.000Z", "modified": "2017-06-02T15:56:45.000Z", "first_observed": "2017-06-02T15:56:45Z", "last_observed": "2017-06-02T15:56:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59318abd-3424-4567-bb19-bb84950d210f", "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318abd-3424-4567-bb19-bb84950d210f", "dst_ref": "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f", "value": "192.185.5.93" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318abe-fff4-4ccc-9101-4ec8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:46.000Z", "modified": "2017-06-02T15:56:46.000Z", "pattern": "[url:value = 'http://meiyizixun.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318abe-438c-471b-a62e-443d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:46.000Z", "modified": "2017-06-02T15:56:46.000Z", "pattern": "[domain-name:value = 'meiyizixun.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318abf-4e34-4b4b-8083-44e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:47.000Z", "modified": "2017-06-02T15:56:47.000Z", "first_observed": "2017-06-02T15:56:47Z", "last_observed": "2017-06-02T15:56:47Z", "number_observed": 1, "object_refs": [ "network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f", "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f", "dst_ref": "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f", "value": "103.24.0.218" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac0-5194-44d8-9b78-4e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:48.000Z", "modified": "2017-06-02T15:56:48.000Z", "pattern": "[url:value = 'http://midiconcept.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac0-e094-4c70-9738-4ef2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:48.000Z", "modified": "2017-06-02T15:56:48.000Z", "pattern": "[domain-name:value = 'midiconcept.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ac1-6260-4873-9be7-456d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:49.000Z", "modified": "2017-06-02T15:56:49.000Z", "first_observed": "2017-06-02T15:56:49Z", "last_observed": "2017-06-02T15:56:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ac1-6260-4873-9be7-456d950d210f", "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ac1-6260-4873-9be7-456d950d210f", "dst_ref": "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f", "value": "193.70.38.218" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac2-6814-407a-9008-bb1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:50.000Z", "modified": "2017-06-02T15:56:50.000Z", "pattern": "[url:value = 'http://mountmary.ca/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac2-7074-4b26-881c-1b5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:50.000Z", "modified": "2017-06-02T15:56:50.000Z", "pattern": "[domain-name:value = 'mountmary.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ac3-4374-4076-b502-42dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:51.000Z", "modified": "2017-06-02T15:56:51.000Z", "first_observed": "2017-06-02T15:56:51Z", "last_observed": "2017-06-02T15:56:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ac3-4374-4076-b502-42dd950d210f", "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ac3-4374-4076-b502-42dd950d210f", "dst_ref": "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f", "value": "69.49.101.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac3-a618-4d43-a0ba-1b03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:51.000Z", "modified": "2017-06-02T15:56:51.000Z", "pattern": "[url:value = 'http://newserniggrofg.net/af/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac4-148c-4ae5-9369-49da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:52.000Z", "modified": "2017-06-02T15:56:52.000Z", "pattern": "[domain-name:value = 'newserniggrofg.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ac7-f610-48ff-9c91-ba67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:55.000Z", "modified": "2017-06-02T15:56:55.000Z", "first_observed": "2017-06-02T15:56:55Z", "last_observed": "2017-06-02T15:56:55Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f", "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f", "dst_ref": "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f", "value": "13.58.5.152" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac8-2d04-419c-b163-46fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:56.000Z", "modified": "2017-06-02T15:56:56.000Z", "pattern": "[url:value = 'http://orhangazitur.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac8-f2f4-48e2-ad99-6559950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:56.000Z", "modified": "2017-06-02T15:56:56.000Z", "pattern": "[domain-name:value = 'orhangazitur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ac9-6e6c-4355-b30f-4228950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:57.000Z", "modified": "2017-06-02T15:56:57.000Z", "first_observed": "2017-06-02T15:56:57Z", "last_observed": "2017-06-02T15:56:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f", "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f", "dst_ref": "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f", "value": "109.232.220.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ac9-82a0-45b8-856b-bae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:57.000Z", "modified": "2017-06-02T15:56:57.000Z", "pattern": "[url:value = 'http://resevesssetornument.com/af/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318aca-2b78-4a03-bb75-bb84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:56:58.000Z", "modified": "2017-06-02T15:56:58.000Z", "pattern": "[domain-name:value = 'resevesssetornument.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:56:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318acc-bb4c-41fc-9e55-475c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:00.000Z", "modified": "2017-06-02T15:57:00.000Z", "pattern": "[url:value = 'http://shrideva.co.in/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318acc-dbe0-48e3-9d15-435b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:00.000Z", "modified": "2017-06-02T15:57:00.000Z", "pattern": "[domain-name:value = 'shrideva.co.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318acd-5a20-4344-a4da-499f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:01.000Z", "modified": "2017-06-02T15:57:01.000Z", "first_observed": "2017-06-02T15:57:01Z", "last_observed": "2017-06-02T15:57:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59318acd-5a20-4344-a4da-499f950d210f", "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318acd-5a20-4344-a4da-499f950d210f", "dst_ref": "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f", "value": "103.21.59.168" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ace-f694-4699-a4b6-4fd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:02.000Z", "modified": "2017-06-02T15:57:02.000Z", "pattern": "[url:value = 'http://strassensammler.de/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ace-2648-4358-b884-bb1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:02.000Z", "modified": "2017-06-02T15:57:02.000Z", "pattern": "[domain-name:value = 'strassensammler.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318acf-03f8-4cf4-8785-4c58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:03.000Z", "modified": "2017-06-02T15:57:03.000Z", "first_observed": "2017-06-02T15:57:03Z", "last_observed": "2017-06-02T15:57:03Z", "number_observed": 1, "object_refs": [ "network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f", "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f", "dst_ref": "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f", "value": "81.169.145.86" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ad1-48a0-41db-951d-1b03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:05.000Z", "modified": "2017-06-02T15:57:05.000Z", "pattern": "[url:value = 'http://suninsulation.com.au/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ad2-7e48-4aef-89a3-4ecf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:06.000Z", "modified": "2017-06-02T15:57:06.000Z", "pattern": "[domain-name:value = 'suninsulation.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ad4-7f18-4f11-9a05-4b36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:08.000Z", "modified": "2017-06-02T15:57:08.000Z", "first_observed": "2017-06-02T15:57:08Z", "last_observed": "2017-06-02T15:57:08Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f", "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f", "dst_ref": "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f", "value": "182.160.158.62" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ad5-17e4-42b4-88c0-4060950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:09.000Z", "modified": "2017-06-02T15:57:09.000Z", "pattern": "[url:value = 'http://systemalu.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ad6-07e4-4b4e-a52a-bae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:10.000Z", "modified": "2017-06-02T15:57:10.000Z", "pattern": "[domain-name:value = 'systemalu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ad8-8024-464f-b3cf-bb84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:12.000Z", "modified": "2017-06-02T15:57:12.000Z", "first_observed": "2017-06-02T15:57:12Z", "last_observed": "2017-06-02T15:57:12Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f", "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f", "dst_ref": "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f", "value": "143.95.239.62" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ad9-d22c-48a6-b6b4-46e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:13.000Z", "modified": "2017-06-02T15:57:13.000Z", "pattern": "[url:value = 'http://vibehouserecords.com/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ada-bd14-4741-8fd2-44a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:14.000Z", "modified": "2017-06-02T15:57:14.000Z", "pattern": "[domain-name:value = 'vibehouserecords.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ada-88c0-4100-b367-4ca2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:14.000Z", "modified": "2017-06-02T15:57:14.000Z", "first_observed": "2017-06-02T15:57:14Z", "last_observed": "2017-06-02T15:57:14Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ada-88c0-4100-b367-4ca2950d210f", "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ada-88c0-4100-b367-4ca2950d210f", "dst_ref": "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f", "value": "104.27.176.10" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318adb-41f0-4e85-a023-bb1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:15.000Z", "modified": "2017-06-02T15:57:15.000Z", "first_observed": "2017-06-02T15:57:15Z", "last_observed": "2017-06-02T15:57:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f", "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f", "dst_ref": "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f", "value": "104.27.177.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318adb-0f34-4f11-b527-1b5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:15.000Z", "modified": "2017-06-02T15:57:15.000Z", "pattern": "[url:value = 'http://yoyogi.com.au/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318adc-5774-4b2e-8a10-41c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:16.000Z", "modified": "2017-06-02T15:57:16.000Z", "pattern": "[domain-name:value = 'yoyogi.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318add-fb6c-419d-a0b4-1b03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:17.000Z", "modified": "2017-06-02T15:57:17.000Z", "first_observed": "2017-06-02T15:57:17Z", "last_observed": "2017-06-02T15:57:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f", "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f", "dst_ref": "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f", "value": "27.124.113.33" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318add-6b10-41fb-aa6d-4686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:17.000Z", "modified": "2017-06-02T15:57:17.000Z", "pattern": "[url:value = 'http://zvezda-k.ru/hH60bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318ade-e500-474c-9c4e-43a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:18.000Z", "modified": "2017-06-02T15:57:18.000Z", "pattern": "[domain-name:value = 'zvezda-k.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ade-763c-46ea-afe6-4dd4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:18.000Z", "modified": "2017-06-02T15:57:18.000Z", "first_observed": "2017-06-02T15:57:18Z", "last_observed": "2017-06-02T15:57:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f", "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f", "dst_ref": "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f", "value": "81.177.139.23" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318adf-0270-4e33-b2f9-ba67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:19.000Z", "modified": "2017-06-02T15:57:19.000Z", "pattern": "[url:value = 'http://whoisfoxxrobiouy.net/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59318adf-24a8-4dfe-951a-4482950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:19.000Z", "modified": "2017-06-02T15:57:19.000Z", "pattern": "[domain-name:value = 'whoisfoxxrobiouy.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T15:57:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59318ae1-07b0-41fe-9488-6559950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:57:21.000Z", "modified": "2017-06-02T15:57:21.000Z", "first_observed": "2017-06-02T15:57:21Z", "last_observed": "2017-06-02T15:57:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59318ae1-07b0-41fe-9488-6559950d210f", "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59318ae1-07b0-41fe-9488-6559950d210f", "dst_ref": "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f", "value": "5.101.66.85" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }