{ "type": "bundle", "id": "bundle--593a41df-b920-4f52-bbc3-4abd950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:54:50.000Z", "modified": "2017-06-09T06:54:50.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--593a41df-b920-4f52-bbc3-4abd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:54:50.000Z", "modified": "2017-06-09T06:54:50.000Z", "name": "M2M - Jaff 2017-06-06 : \"Order\" - \"MX-2310U_20170606_123456.pdf\"", "published": "2017-06-09T06:55:56Z", "object_refs": [ "indicator--593a41e0-b224-4faa-ba18-4728950d210f", "indicator--593a41e0-6114-4fab-8a66-497e950d210f", "indicator--593a41e1-8e34-4bc2-bcca-4898950d210f", "indicator--593a41e1-3098-4ffb-bfdb-4f73950d210f", "observed-data--593a41e2-7a04-4f4e-9a83-4159950d210f", "network-traffic--593a41e2-7a04-4f4e-9a83-4159950d210f", "ipv4-addr--593a41e2-7a04-4f4e-9a83-4159950d210f", "indicator--593a41e3-57b8-4f06-a5ac-8bcc950d210f", "indicator--593a41e3-465c-4126-a411-46f4950d210f", "observed-data--593a41e4-9bf4-4fcf-95b3-488b950d210f", "network-traffic--593a41e4-9bf4-4fcf-95b3-488b950d210f", "ipv4-addr--593a41e4-9bf4-4fcf-95b3-488b950d210f", "indicator--593a41e4-bed0-4bc2-86c3-46e6950d210f", "indicator--593a41e5-2834-4b8a-86da-49ae950d210f", "observed-data--593a41e5-e89c-4a73-9db8-4f3a950d210f", "network-traffic--593a41e5-e89c-4a73-9db8-4f3a950d210f", "ipv4-addr--593a41e5-e89c-4a73-9db8-4f3a950d210f", "indicator--593a41e6-d35c-482f-8440-41d7950d210f", "indicator--593a41e7-e7e8-47d9-8e10-4786950d210f", "observed-data--593a41e7-d49c-423b-93b2-436b950d210f", "network-traffic--593a41e7-d49c-423b-93b2-436b950d210f", "ipv4-addr--593a41e7-d49c-423b-93b2-436b950d210f", "indicator--593a41e8-bce8-40e9-9b9b-8a4b950d210f", "indicator--593a41e8-2570-4ca0-b852-4e13950d210f", "observed-data--593a41e9-530c-4229-9979-4f0f950d210f", "network-traffic--593a41e9-530c-4229-9979-4f0f950d210f", "ipv4-addr--593a41e9-530c-4229-9979-4f0f950d210f", "indicator--593a41e9-d090-4123-b1d4-436b950d210f", "indicator--593a41ea-aef4-4601-a3e8-4936950d210f", "observed-data--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "network-traffic--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "ipv4-addr--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "indicator--593a41eb-0288-4606-9f93-431b950d210f", "indicator--593a41eb-f058-4ba7-b448-49f1950d210f", "observed-data--593a41ec-9a2c-48ed-904e-46f4950d210f", "network-traffic--593a41ec-9a2c-48ed-904e-46f4950d210f", "ipv4-addr--593a41ec-9a2c-48ed-904e-46f4950d210f", "indicator--593a41ed-b2e4-4e8b-a24b-4130950d210f", "indicator--593a41ed-84b4-47ac-9a50-4d98950d210f", "observed-data--593a41ee-4668-4308-bbcf-4f97950d210f", "network-traffic--593a41ee-4668-4308-bbcf-4f97950d210f", "ipv4-addr--593a41ee-4668-4308-bbcf-4f97950d210f", "indicator--593a41ee-c7b0-4e71-8602-4b4a950d210f", "indicator--593a41ef-7d54-4d56-a94e-43ef950d210f", "observed-data--593a41ef-caac-4c80-a0aa-4728950d210f", "network-traffic--593a41ef-caac-4c80-a0aa-4728950d210f", "ipv4-addr--593a41ef-caac-4c80-a0aa-4728950d210f", "indicator--593a41f0-da5c-4822-ac44-8a4b950d210f", "indicator--593a41f0-a9d8-43a0-a526-46e6950d210f", "observed-data--593a41f1-3920-4151-b6be-4bda950d210f", "network-traffic--593a41f1-3920-4151-b6be-4bda950d210f", "ipv4-addr--593a41f1-3920-4151-b6be-4bda950d210f", "indicator--593a41f1-65a4-4eea-9dd8-4897950d210f", "indicator--593a41f2-1814-4fcd-85ff-4902950d210f", "observed-data--593a41f3-bc54-41c2-a784-4801950d210f", "network-traffic--593a41f3-bc54-41c2-a784-4801950d210f", "ipv4-addr--593a41f3-bc54-41c2-a784-4801950d210f", "indicator--593a41f3-b658-47ec-af91-4728950d210f", "indicator--593a41f4-84f0-40b7-b61f-8a4b950d210f", "observed-data--593a41f4-99c0-4818-b93b-46e6950d210f", "network-traffic--593a41f4-99c0-4818-b93b-46e6950d210f", "ipv4-addr--593a41f4-99c0-4818-b93b-46e6950d210f", "indicator--593a41f5-88b8-4206-94b7-4cb9950d210f", "indicator--593a41f5-e5d4-4411-bdf2-8bcc950d210f", "observed-data--593a41f6-2b74-449f-b5cb-46f4950d210f", "network-traffic--593a41f6-2b74-449f-b5cb-46f4950d210f", "ipv4-addr--593a41f6-2b74-449f-b5cb-46f4950d210f", "indicator--593a41f7-cca8-465b-b501-45d6950d210f", "indicator--593a41f7-03cc-49f3-9803-49b2950d210f", "observed-data--593a41f8-91fc-41ff-b179-4c50950d210f", "network-traffic--593a41f8-91fc-41ff-b179-4c50950d210f", "ipv4-addr--593a41f8-91fc-41ff-b179-4c50950d210f", "indicator--593a41f8-1f4c-4dc2-8cfa-45b9950d210f", "indicator--593a41f9-44c4-4867-9586-8bcc950d210f", "indicator--593a41fd-a310-48f6-ad1e-8bcc950d210f", "indicator--593a41fe-32fc-4dd0-89c3-8a4b950d210f", "observed-data--593a41fe-82e4-4500-a84d-4b3b950d210f", "network-traffic--593a41fe-82e4-4500-a84d-4b3b950d210f", "ipv4-addr--593a41fe-82e4-4500-a84d-4b3b950d210f", "indicator--593a41ff-e3ac-460e-a28d-40c1950d210f", "indicator--593a4200-03f4-4f0c-80e9-40f5950d210f", "observed-data--593a4201-af84-4092-9bdb-4d80950d210f", "network-traffic--593a4201-af84-4092-9bdb-4d80950d210f", "ipv4-addr--593a4201-af84-4092-9bdb-4d80950d210f", "indicator--593a4201-c300-4406-a2af-4728950d210f", "indicator--593a4202-1d84-4de9-8ccc-4133950d210f", "observed-data--593a4202-6a18-4cfb-b20f-46f4950d210f", "network-traffic--593a4202-6a18-4cfb-b20f-46f4950d210f", "ipv4-addr--593a4202-6a18-4cfb-b20f-46f4950d210f", "indicator--593a4203-81bc-4008-b72c-4e80950d210f", "indicator--593a4203-9ad4-4b5a-8f60-42f1950d210f", "observed-data--593a4204-5334-48e9-a9ff-422a950d210f", "network-traffic--593a4204-5334-48e9-a9ff-422a950d210f", "ipv4-addr--593a4204-5334-48e9-a9ff-422a950d210f", "indicator--593a4204-0918-4fcd-a404-4f24950d210f", "indicator--593a4205-ef04-433f-9cc8-42c5950d210f", "observed-data--593a4206-8cac-4b75-b731-4f3e950d210f", "network-traffic--593a4206-8cac-4b75-b731-4f3e950d210f", "ipv4-addr--593a4206-8cac-4b75-b731-4f3e950d210f", "observed-data--593a4206-b69c-4f87-99df-418e950d210f", "network-traffic--593a4206-b69c-4f87-99df-418e950d210f", "ipv4-addr--593a4206-b69c-4f87-99df-418e950d210f", "indicator--593a4206-88e8-47ba-8457-4218950d210f", "indicator--593a4207-fa80-4507-bfc3-4007950d210f", "observed-data--593a4207-efdc-4da7-898a-46f4950d210f", "network-traffic--593a4207-efdc-4da7-898a-46f4950d210f", "ipv4-addr--593a4207-efdc-4da7-898a-46f4950d210f", "indicator--593a4208-2e20-4c1a-972e-4d9a950d210f", "indicator--593a4208-db38-4951-a9cf-47b6950d210f", "observed-data--593a4209-3180-4269-bc68-8bcc950d210f", "network-traffic--593a4209-3180-4269-bc68-8bcc950d210f", "ipv4-addr--593a4209-3180-4269-bc68-8bcc950d210f", "indicator--593a420a-d21c-42ca-b992-8a4b950d210f", "indicator--593a420a-e9a0-4cb6-bf22-45c8950d210f", "observed-data--593a420b-7c7c-46a4-834d-4a3a950d210f", "network-traffic--593a420b-7c7c-46a4-834d-4a3a950d210f", "ipv4-addr--593a420b-7c7c-46a4-834d-4a3a950d210f", "indicator--593a420b-b8ac-49a0-88cb-46e6950d210f", "indicator--593a420c-72a0-44d7-8112-48f1950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e0-b224-4faa-ba18-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:16.000Z", "modified": "2017-06-09T06:36:16.000Z", "pattern": "[file:hashes.MD5 = '76e150bceffaee4322fa70b2c48ced16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e0-6114-4fab-8a66-497e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:16.000Z", "modified": "2017-06-09T06:36:16.000Z", "pattern": "[file:hashes.MD5 = '5ca3d8cf1cde038e762b535ec4e905fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e1-8e34-4bc2-bcca-4898950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:17.000Z", "modified": "2017-06-09T06:36:17.000Z", "pattern": "[url:value = 'http://10minutesto1.net/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e1-3098-4ffb-bfdb-4f73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:17.000Z", "modified": "2017-06-09T06:36:17.000Z", "pattern": "[domain-name:value = '10minutesto1.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41e2-7a04-4f4e-9a83-4159950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:18.000Z", "modified": "2017-06-09T06:36:18.000Z", "first_observed": "2017-06-09T06:36:18Z", "last_observed": "2017-06-09T06:36:18Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41e2-7a04-4f4e-9a83-4159950d210f", "ipv4-addr--593a41e2-7a04-4f4e-9a83-4159950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41e2-7a04-4f4e-9a83-4159950d210f", "dst_ref": "ipv4-addr--593a41e2-7a04-4f4e-9a83-4159950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41e2-7a04-4f4e-9a83-4159950d210f", "value": "104.219.248.47" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e3-57b8-4f06-a5ac-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:19.000Z", "modified": "2017-06-09T06:36:19.000Z", "pattern": "[url:value = 'http://cafe-bg.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e3-465c-4126-a411-46f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:19.000Z", "modified": "2017-06-09T06:36:19.000Z", "pattern": "[domain-name:value = 'cafe-bg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41e4-9bf4-4fcf-95b3-488b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:20.000Z", "modified": "2017-06-09T06:36:20.000Z", "first_observed": "2017-06-09T06:36:20Z", "last_observed": "2017-06-09T06:36:20Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41e4-9bf4-4fcf-95b3-488b950d210f", "ipv4-addr--593a41e4-9bf4-4fcf-95b3-488b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41e4-9bf4-4fcf-95b3-488b950d210f", "dst_ref": "ipv4-addr--593a41e4-9bf4-4fcf-95b3-488b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41e4-9bf4-4fcf-95b3-488b950d210f", "value": "193.68.112.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e4-bed0-4bc2-86c3-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:20.000Z", "modified": "2017-06-09T06:36:20.000Z", "pattern": "[url:value = 'http://cifroshop.net/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e5-2834-4b8a-86da-49ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:21.000Z", "modified": "2017-06-09T06:36:21.000Z", "pattern": "[domain-name:value = 'cifroshop.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41e5-e89c-4a73-9db8-4f3a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:21.000Z", "modified": "2017-06-09T06:36:21.000Z", "first_observed": "2017-06-09T06:36:21Z", "last_observed": "2017-06-09T06:36:21Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41e5-e89c-4a73-9db8-4f3a950d210f", "ipv4-addr--593a41e5-e89c-4a73-9db8-4f3a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41e5-e89c-4a73-9db8-4f3a950d210f", "dst_ref": "ipv4-addr--593a41e5-e89c-4a73-9db8-4f3a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41e5-e89c-4a73-9db8-4f3a950d210f", "value": "62.113.208.201" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e6-d35c-482f-8440-41d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:22.000Z", "modified": "2017-06-09T06:36:22.000Z", "pattern": "[url:value = 'http://community-gaming.de/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e7-e7e8-47d9-8e10-4786950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:23.000Z", "modified": "2017-06-09T06:36:23.000Z", "pattern": "[domain-name:value = 'community-gaming.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41e7-d49c-423b-93b2-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:23.000Z", "modified": "2017-06-09T06:36:23.000Z", "first_observed": "2017-06-09T06:36:23Z", "last_observed": "2017-06-09T06:36:23Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41e7-d49c-423b-93b2-436b950d210f", "ipv4-addr--593a41e7-d49c-423b-93b2-436b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41e7-d49c-423b-93b2-436b950d210f", "dst_ref": "ipv4-addr--593a41e7-d49c-423b-93b2-436b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41e7-d49c-423b-93b2-436b950d210f", "value": "93.90.178.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e8-bce8-40e9-9b9b-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:24.000Z", "modified": "2017-06-09T06:36:24.000Z", "pattern": "[url:value = 'http://cor-huizer.nl/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e8-2570-4ca0-b852-4e13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:24.000Z", "modified": "2017-06-09T06:36:24.000Z", "pattern": "[domain-name:value = 'cor-huizer.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41e9-530c-4229-9979-4f0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:25.000Z", "modified": "2017-06-09T06:36:25.000Z", "first_observed": "2017-06-09T06:36:25Z", "last_observed": "2017-06-09T06:36:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41e9-530c-4229-9979-4f0f950d210f", "ipv4-addr--593a41e9-530c-4229-9979-4f0f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41e9-530c-4229-9979-4f0f950d210f", "dst_ref": "ipv4-addr--593a41e9-530c-4229-9979-4f0f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41e9-530c-4229-9979-4f0f950d210f", "value": "87.239.14.40" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41e9-d090-4123-b1d4-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:25.000Z", "modified": "2017-06-09T06:36:25.000Z", "pattern": "[url:value = 'http://essentialnulidtro.com/af/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ea-aef4-4601-a3e8-4936950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:26.000Z", "modified": "2017-06-09T06:36:26.000Z", "pattern": "[domain-name:value = 'essentialnulidtro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:26.000Z", "modified": "2017-06-09T06:36:26.000Z", "first_observed": "2017-06-09T06:36:26Z", "last_observed": "2017-06-09T06:36:26Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "ipv4-addr--593a41ea-fc9c-475b-a4b6-4e7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "dst_ref": "ipv4-addr--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41ea-fc9c-475b-a4b6-4e7d950d210f", "value": "119.28.85.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41eb-0288-4606-9f93-431b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:27.000Z", "modified": "2017-06-09T06:36:27.000Z", "pattern": "[url:value = 'http://lcpinternational.fr/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41eb-f058-4ba7-b448-49f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:27.000Z", "modified": "2017-06-09T06:36:27.000Z", "pattern": "[domain-name:value = 'lcpinternational.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41ec-9a2c-48ed-904e-46f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:28.000Z", "modified": "2017-06-09T06:36:28.000Z", "first_observed": "2017-06-09T06:36:28Z", "last_observed": "2017-06-09T06:36:28Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41ec-9a2c-48ed-904e-46f4950d210f", "ipv4-addr--593a41ec-9a2c-48ed-904e-46f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41ec-9a2c-48ed-904e-46f4950d210f", "dst_ref": "ipv4-addr--593a41ec-9a2c-48ed-904e-46f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41ec-9a2c-48ed-904e-46f4950d210f", "value": "81.88.48.95" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ed-b2e4-4e8b-a24b-4130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:29.000Z", "modified": "2017-06-09T06:36:29.000Z", "pattern": "[url:value = 'http://luxurious-ss.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ed-84b4-47ac-9a50-4d98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:29.000Z", "modified": "2017-06-09T06:36:29.000Z", "pattern": "[domain-name:value = 'luxurious-ss.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41ee-4668-4308-bbcf-4f97950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:30.000Z", "modified": "2017-06-09T06:36:30.000Z", "first_observed": "2017-06-09T06:36:30Z", "last_observed": "2017-06-09T06:36:30Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41ee-4668-4308-bbcf-4f97950d210f", "ipv4-addr--593a41ee-4668-4308-bbcf-4f97950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41ee-4668-4308-bbcf-4f97950d210f", "dst_ref": "ipv4-addr--593a41ee-4668-4308-bbcf-4f97950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41ee-4668-4308-bbcf-4f97950d210f", "value": "107.180.4.132" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ee-c7b0-4e71-8602-4b4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:30.000Z", "modified": "2017-06-09T06:36:30.000Z", "pattern": "[url:value = 'http://makh.ch/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ef-7d54-4d56-a94e-43ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:31.000Z", "modified": "2017-06-09T06:36:31.000Z", "pattern": "[domain-name:value = 'makh.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41ef-caac-4c80-a0aa-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:31.000Z", "modified": "2017-06-09T06:36:31.000Z", "first_observed": "2017-06-09T06:36:31Z", "last_observed": "2017-06-09T06:36:31Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41ef-caac-4c80-a0aa-4728950d210f", "ipv4-addr--593a41ef-caac-4c80-a0aa-4728950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41ef-caac-4c80-a0aa-4728950d210f", "dst_ref": "ipv4-addr--593a41ef-caac-4c80-a0aa-4728950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41ef-caac-4c80-a0aa-4728950d210f", "value": "149.126.4.78" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f0-da5c-4822-ac44-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:32.000Z", "modified": "2017-06-09T06:36:32.000Z", "pattern": "[url:value = 'http://marcelrahner.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f0-a9d8-43a0-a526-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:32.000Z", "modified": "2017-06-09T06:36:32.000Z", "pattern": "[domain-name:value = 'marcelrahner.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41f1-3920-4151-b6be-4bda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:33.000Z", "modified": "2017-06-09T06:36:33.000Z", "first_observed": "2017-06-09T06:36:33Z", "last_observed": "2017-06-09T06:36:33Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41f1-3920-4151-b6be-4bda950d210f", "ipv4-addr--593a41f1-3920-4151-b6be-4bda950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41f1-3920-4151-b6be-4bda950d210f", "dst_ref": "ipv4-addr--593a41f1-3920-4151-b6be-4bda950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41f1-3920-4151-b6be-4bda950d210f", "value": "195.178.14.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f1-65a4-4eea-9dd8-4897950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:33.000Z", "modified": "2017-06-09T06:36:33.000Z", "pattern": "[url:value = 'http://mciverpei.ca/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f2-1814-4fcd-85ff-4902950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:34.000Z", "modified": "2017-06-09T06:36:34.000Z", "pattern": "[domain-name:value = 'mciverpei.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41f3-bc54-41c2-a784-4801950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:35.000Z", "modified": "2017-06-09T06:36:35.000Z", "first_observed": "2017-06-09T06:36:35Z", "last_observed": "2017-06-09T06:36:35Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41f3-bc54-41c2-a784-4801950d210f", "ipv4-addr--593a41f3-bc54-41c2-a784-4801950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41f3-bc54-41c2-a784-4801950d210f", "dst_ref": "ipv4-addr--593a41f3-bc54-41c2-a784-4801950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41f3-bc54-41c2-a784-4801950d210f", "value": "69.90.161.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f3-b658-47ec-af91-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:35.000Z", "modified": "2017-06-09T06:36:35.000Z", "pattern": "[url:value = 'http://mitservices.net/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f4-84f0-40b7-b61f-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:36.000Z", "modified": "2017-06-09T06:36:36.000Z", "pattern": "[domain-name:value = 'mitservices.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41f4-99c0-4818-b93b-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:36.000Z", "modified": "2017-06-09T06:36:36.000Z", "first_observed": "2017-06-09T06:36:36Z", "last_observed": "2017-06-09T06:36:36Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41f4-99c0-4818-b93b-46e6950d210f", "ipv4-addr--593a41f4-99c0-4818-b93b-46e6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41f4-99c0-4818-b93b-46e6950d210f", "dst_ref": "ipv4-addr--593a41f4-99c0-4818-b93b-46e6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41f4-99c0-4818-b93b-46e6950d210f", "value": "208.91.198.19" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f5-88b8-4206-94b7-4cb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:37.000Z", "modified": "2017-06-09T06:36:37.000Z", "pattern": "[url:value = 'http://myinti.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f5-e5d4-4411-bdf2-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:37.000Z", "modified": "2017-06-09T06:36:37.000Z", "pattern": "[domain-name:value = 'myinti.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41f6-2b74-449f-b5cb-46f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:38.000Z", "modified": "2017-06-09T06:36:38.000Z", "first_observed": "2017-06-09T06:36:38Z", "last_observed": "2017-06-09T06:36:38Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41f6-2b74-449f-b5cb-46f4950d210f", "ipv4-addr--593a41f6-2b74-449f-b5cb-46f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41f6-2b74-449f-b5cb-46f4950d210f", "dst_ref": "ipv4-addr--593a41f6-2b74-449f-b5cb-46f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41f6-2b74-449f-b5cb-46f4950d210f", "value": "103.26.99.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f7-cca8-465b-b501-45d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:39.000Z", "modified": "2017-06-09T06:36:39.000Z", "pattern": "[url:value = 'http://mymobimarketing.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f7-03cc-49f3-9803-49b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:39.000Z", "modified": "2017-06-09T06:36:39.000Z", "pattern": "[domain-name:value = 'mymobimarketing.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41f8-91fc-41ff-b179-4c50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:40.000Z", "modified": "2017-06-09T06:36:40.000Z", "first_observed": "2017-06-09T06:36:40Z", "last_observed": "2017-06-09T06:36:40Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41f8-91fc-41ff-b179-4c50950d210f", "ipv4-addr--593a41f8-91fc-41ff-b179-4c50950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41f8-91fc-41ff-b179-4c50950d210f", "dst_ref": "ipv4-addr--593a41f8-91fc-41ff-b179-4c50950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41f8-91fc-41ff-b179-4c50950d210f", "value": "184.154.159.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f8-1f4c-4dc2-8cfa-45b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:40.000Z", "modified": "2017-06-09T06:36:40.000Z", "pattern": "[url:value = 'http://oneby1.jp/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41f9-44c4-4867-9586-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:41.000Z", "modified": "2017-06-09T06:36:41.000Z", "pattern": "[domain-name:value = 'oneby1.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41fd-a310-48f6-ad1e-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:45.000Z", "modified": "2017-06-09T06:36:45.000Z", "pattern": "[url:value = 'http://rhiannonwrites.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41fe-32fc-4dd0-89c3-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:46.000Z", "modified": "2017-06-09T06:36:46.000Z", "pattern": "[domain-name:value = 'rhiannonwrites.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a41fe-82e4-4500-a84d-4b3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:46.000Z", "modified": "2017-06-09T06:36:46.000Z", "first_observed": "2017-06-09T06:36:46Z", "last_observed": "2017-06-09T06:36:46Z", "number_observed": 1, "object_refs": [ "network-traffic--593a41fe-82e4-4500-a84d-4b3b950d210f", "ipv4-addr--593a41fe-82e4-4500-a84d-4b3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a41fe-82e4-4500-a84d-4b3b950d210f", "dst_ref": "ipv4-addr--593a41fe-82e4-4500-a84d-4b3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a41fe-82e4-4500-a84d-4b3b950d210f", "value": "192.124.249.5" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a41ff-e3ac-460e-a28d-40c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:47.000Z", "modified": "2017-06-09T06:36:47.000Z", "pattern": "[url:value = 'http://sdmqgg.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4200-03f4-4f0c-80e9-40f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:48.000Z", "modified": "2017-06-09T06:36:48.000Z", "pattern": "[domain-name:value = 'sdmqgg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4201-af84-4092-9bdb-4d80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:49.000Z", "modified": "2017-06-09T06:36:49.000Z", "first_observed": "2017-06-09T06:36:49Z", "last_observed": "2017-06-09T06:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4201-af84-4092-9bdb-4d80950d210f", "ipv4-addr--593a4201-af84-4092-9bdb-4d80950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4201-af84-4092-9bdb-4d80950d210f", "dst_ref": "ipv4-addr--593a4201-af84-4092-9bdb-4d80950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4201-af84-4092-9bdb-4d80950d210f", "value": "120.76.113.75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4201-c300-4406-a2af-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:49.000Z", "modified": "2017-06-09T06:36:49.000Z", "pattern": "[url:value = 'http://sextoygay.be/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4202-1d84-4de9-8ccc-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:50.000Z", "modified": "2017-06-09T06:36:50.000Z", "pattern": "[domain-name:value = 'sextoygay.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4202-6a18-4cfb-b20f-46f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:50.000Z", "modified": "2017-06-09T06:36:50.000Z", "first_observed": "2017-06-09T06:36:50Z", "last_observed": "2017-06-09T06:36:50Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4202-6a18-4cfb-b20f-46f4950d210f", "ipv4-addr--593a4202-6a18-4cfb-b20f-46f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4202-6a18-4cfb-b20f-46f4950d210f", "dst_ref": "ipv4-addr--593a4202-6a18-4cfb-b20f-46f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4202-6a18-4cfb-b20f-46f4950d210f", "value": "178.237.37.39" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4203-81bc-4008-b72c-4e80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:51.000Z", "modified": "2017-06-09T06:36:51.000Z", "pattern": "[url:value = 'http://siddhashrampatrika.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4203-9ad4-4b5a-8f60-42f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:51.000Z", "modified": "2017-06-09T06:36:51.000Z", "pattern": "[domain-name:value = 'siddhashrampatrika.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4204-5334-48e9-a9ff-422a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:52.000Z", "modified": "2017-06-09T06:36:52.000Z", "first_observed": "2017-06-09T06:36:52Z", "last_observed": "2017-06-09T06:36:52Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4204-5334-48e9-a9ff-422a950d210f", "ipv4-addr--593a4204-5334-48e9-a9ff-422a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4204-5334-48e9-a9ff-422a950d210f", "dst_ref": "ipv4-addr--593a4204-5334-48e9-a9ff-422a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4204-5334-48e9-a9ff-422a950d210f", "value": "103.53.43.45" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4204-0918-4fcd-a404-4f24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:52.000Z", "modified": "2017-06-09T06:36:52.000Z", "pattern": "[url:value = 'http://stlawyers.ca/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4205-ef04-433f-9cc8-42c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:53.000Z", "modified": "2017-06-09T06:36:53.000Z", "pattern": "[domain-name:value = 'stlawyers.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4206-8cac-4b75-b731-4f3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:54.000Z", "modified": "2017-06-09T06:36:54.000Z", "first_observed": "2017-06-09T06:36:54Z", "last_observed": "2017-06-09T06:36:54Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4206-8cac-4b75-b731-4f3e950d210f", "ipv4-addr--593a4206-8cac-4b75-b731-4f3e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4206-8cac-4b75-b731-4f3e950d210f", "dst_ref": "ipv4-addr--593a4206-8cac-4b75-b731-4f3e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4206-8cac-4b75-b731-4f3e950d210f", "value": "107.154.105.172" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4206-b69c-4f87-99df-418e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:54.000Z", "modified": "2017-06-09T06:36:54.000Z", "first_observed": "2017-06-09T06:36:54Z", "last_observed": "2017-06-09T06:36:54Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4206-b69c-4f87-99df-418e950d210f", "ipv4-addr--593a4206-b69c-4f87-99df-418e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4206-b69c-4f87-99df-418e950d210f", "dst_ref": "ipv4-addr--593a4206-b69c-4f87-99df-418e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4206-b69c-4f87-99df-418e950d210f", "value": "107.154.106.172" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4206-88e8-47ba-8457-4218950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:54.000Z", "modified": "2017-06-09T06:36:54.000Z", "pattern": "[url:value = 'http://studyonazar.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4207-fa80-4507-bfc3-4007950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:55.000Z", "modified": "2017-06-09T06:36:55.000Z", "pattern": "[domain-name:value = 'studyonazar.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4207-efdc-4da7-898a-46f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:55.000Z", "modified": "2017-06-09T06:36:55.000Z", "first_observed": "2017-06-09T06:36:55Z", "last_observed": "2017-06-09T06:36:55Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4207-efdc-4da7-898a-46f4950d210f", "ipv4-addr--593a4207-efdc-4da7-898a-46f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4207-efdc-4da7-898a-46f4950d210f", "dst_ref": "ipv4-addr--593a4207-efdc-4da7-898a-46f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4207-efdc-4da7-898a-46f4950d210f", "value": "94.102.7.15" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4208-2e20-4c1a-972e-4d9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:56.000Z", "modified": "2017-06-09T06:36:56.000Z", "pattern": "[url:value = 'http://supplementsandfitness.com/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4208-db38-4951-a9cf-47b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:56.000Z", "modified": "2017-06-09T06:36:56.000Z", "pattern": "[domain-name:value = 'supplementsandfitness.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4209-3180-4269-bc68-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:57.000Z", "modified": "2017-06-09T06:36:57.000Z", "first_observed": "2017-06-09T06:36:57Z", "last_observed": "2017-06-09T06:36:57Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4209-3180-4269-bc68-8bcc950d210f", "ipv4-addr--593a4209-3180-4269-bc68-8bcc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4209-3180-4269-bc68-8bcc950d210f", "dst_ref": "ipv4-addr--593a4209-3180-4269-bc68-8bcc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4209-3180-4269-bc68-8bcc950d210f", "value": "103.211.216.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a420a-d21c-42ca-b992-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:58.000Z", "modified": "2017-06-09T06:36:58.000Z", "pattern": "[url:value = 'http://zechsal.pl/jt7677g6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a420a-e9a0-4cb6-bf22-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:58.000Z", "modified": "2017-06-09T06:36:58.000Z", "pattern": "[domain-name:value = 'zechsal.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a420b-7c7c-46a4-834d-4a3a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:59.000Z", "modified": "2017-06-09T06:36:59.000Z", "first_observed": "2017-06-09T06:36:59Z", "last_observed": "2017-06-09T06:36:59Z", "number_observed": 1, "object_refs": [ "network-traffic--593a420b-7c7c-46a4-834d-4a3a950d210f", "ipv4-addr--593a420b-7c7c-46a4-834d-4a3a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a420b-7c7c-46a4-834d-4a3a950d210f", "dst_ref": "ipv4-addr--593a420b-7c7c-46a4-834d-4a3a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a420b-7c7c-46a4-834d-4a3a950d210f", "value": "193.70.95.56" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a420b-b8ac-49a0-88cb-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:36:59.000Z", "modified": "2017-06-09T06:36:59.000Z", "pattern": "[url:value = 'http://whoisfoxxrobiouy.net/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:36:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a420c-72a0-44d7-8112-48f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:37:00.000Z", "modified": "2017-06-09T06:37:00.000Z", "pattern": "[domain-name:value = 'whoisfoxxrobiouy.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:37:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }