{ "type": "bundle", "id": "bundle--593e830b-a7e0-481c-b1a1-4390950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T13:07:09.000Z", "modified": "2017-06-12T13:07:09.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--593e830b-a7e0-481c-b1a1-4390950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T13:07:09.000Z", "modified": "2017-06-12T13:07:09.000Z", "name": "M2M - Trickbot 2017-06-12 : mac1 : Facture N 1234 du 12/06/2017 - \"FACTURE_1234.zip\"", "published": "2017-06-12T13:09:13Z", "object_refs": [ "indicator--593e830c-0140-4e3b-94b4-49a4950d210f", "indicator--593e830c-f05c-4cf3-83b7-441b950d210f", "indicator--593e830d-f804-4c3f-9d24-4fdf950d210f", "indicator--593e830d-9734-49e5-a767-48e1950d210f", "observed-data--593e830e-f474-48b6-8db4-4069950d210f", "network-traffic--593e830e-f474-48b6-8db4-4069950d210f", "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f", "indicator--593e830e-f1bc-4b39-a3d1-411d950d210f", "indicator--593e830f-9ad8-44dc-93a5-459f950d210f", "observed-data--593e8314-a65c-4ac9-a9e4-426b950d210f", "network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f", "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f", "indicator--593e8314-095c-4451-bb76-47ae950d210f", "indicator--593e8315-aac0-4fa2-9321-4f0b950d210f", "observed-data--593e8315-4c74-4b39-b32b-4e17950d210f", "network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f", "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f", "indicator--593e8316-7b40-4e13-ab97-4103950d210f", "indicator--593e8316-826c-42f7-abaa-4902950d210f", "observed-data--593e8317-dcf4-4dc3-b749-416d950d210f", "network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f", "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f", "indicator--593e8317-9470-468e-93a9-450e950d210f", "indicator--593e8318-5c2c-4445-af0d-435e950d210f", "observed-data--593e8318-6d78-4350-9c33-49a2950d210f", "network-traffic--593e8318-6d78-4350-9c33-49a2950d210f", "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f", "indicator--593e8319-3078-4fa4-8ae2-44d4950d210f", "indicator--593e8319-06e0-492e-9c42-4945950d210f", "observed-data--593e831a-8dfc-4c3e-8778-4034950d210f", "network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f", "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f", "indicator--593e831a-b944-47f8-aa94-496e950d210f", "indicator--593e831b-ecd4-4b92-8fcc-4b50950d210f", "indicator--593e831c-9514-496b-ae82-4b57950d210f", "indicator--593e831d-b838-487b-8106-462a950d210f", "observed-data--593e831d-e078-43a7-a93c-498b950d210f", "network-traffic--593e831d-e078-43a7-a93c-498b950d210f", "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f", "indicator--593e831e-a8d0-4237-a9ec-448f950d210f", "indicator--593e831e-19f4-4ea1-a51c-45bc950d210f", "observed-data--593e831f-52cc-474c-8f01-45b8950d210f", "network-traffic--593e831f-52cc-474c-8f01-45b8950d210f", "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f", "indicator--593e831f-215c-42b2-89c5-4acf950d210f", "indicator--593e8320-f290-4230-8df9-41a6950d210f", "observed-data--593e8320-cbe8-4902-b02f-4eb6950d210f", "network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f", "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f", "indicator--593e8321-fcc8-4427-9ccc-4765950d210f", "indicator--593e8321-be7c-4926-9a47-4c63950d210f", "observed-data--593e8322-24e8-49d1-bc57-439a950d210f", "network-traffic--593e8322-24e8-49d1-bc57-439a950d210f", "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f", "indicator--593e8322-daf4-4175-97bf-49e4950d210f", "indicator--593e8323-c26c-4b9d-a0eb-45f1950d210f", "observed-data--593e8323-4350-49eb-b71f-4416950d210f", "network-traffic--593e8323-4350-49eb-b71f-4416950d210f", "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f", "indicator--593e8324-5d48-4309-acb8-4634950d210f", "indicator--593e8324-1bc0-4a6d-abd5-4970950d210f", "observed-data--593e8325-b838-4c2a-99f5-42d2950d210f", "network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f", "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f", "indicator--593e8325-c4ac-4a5c-bc71-4ac5950d210f", "indicator--593e8326-2bdc-4409-bf04-477f950d210f", "observed-data--593e8326-ecc4-4527-93ec-4557950d210f", "network-traffic--593e8326-ecc4-4527-93ec-4557950d210f", "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f", "indicator--593e8327-7840-4ae2-83f5-4ccd950d210f", "indicator--593e8327-1260-404f-a874-4f5d950d210f", "observed-data--593e8328-faf4-410c-9a48-4916950d210f", "network-traffic--593e8328-faf4-410c-9a48-4916950d210f", "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f", "indicator--593e8328-4648-4dde-8bc0-4b0e950d210f", "indicator--593e8329-287c-44e1-95ce-4d03950d210f", "observed-data--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "indicator--593e832a-a528-4813-8d48-4783950d210f", "indicator--593e832a-7dd0-4fa0-94da-4478950d210f", "observed-data--593e832b-5028-4db3-9962-41da950d210f", "network-traffic--593e832b-5028-4db3-9962-41da950d210f", "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f", "indicator--593e832b-8c6c-4f09-8dea-464f950d210f", "indicator--593e832c-662c-4bb0-a62d-4738950d210f", "observed-data--593e832c-dd90-4efd-bb37-42f4950d210f", "network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f", "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f", "indicator--593e832d-8444-41dc-b8cb-44c2950d210f", "indicator--593e832d-43cc-4445-a5b7-47c6950d210f", "observed-data--593e832e-e768-42f1-b16b-43da950d210f", "network-traffic--593e832e-e768-42f1-b16b-43da950d210f", "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f", "indicator--593e832e-2fdc-4a26-9eb8-4d20950d210f", "indicator--593e832f-db48-47b7-9975-4c8e950d210f", "observed-data--593e832f-2594-4f93-9a9d-4d88950d210f", "network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f", "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f", "indicator--593e8330-2a64-4c8d-96bf-4456950d210f", "indicator--593e8330-712c-4e4e-a21a-44bb950d210f", "observed-data--593e8331-034c-4ebe-93be-4db3950d210f", "network-traffic--593e8331-034c-4ebe-93be-4db3950d210f", "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f", "indicator--593e8331-d728-41b4-b921-4984950d210f", "indicator--593e8332-6fd8-4e89-975b-4c90950d210f", "observed-data--593e8332-f930-4469-816b-44b9950d210f", "network-traffic--593e8332-f930-4469-816b-44b9950d210f", "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f", "indicator--593e8333-1280-44e3-a809-4703950d210f", "indicator--593e8333-7350-49ab-b1c9-4f22950d210f", "observed-data--593e8334-f6f4-487e-b271-4d45950d210f", "network-traffic--593e8334-f6f4-487e-b271-4d45950d210f", "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f", "indicator--593e8334-40b4-45d2-a173-4bff950d210f", "indicator--593e8335-9bd4-4ad4-9c7d-4153950d210f", "observed-data--593e833a-def8-4469-9df3-4d84950d210f", "network-traffic--593e833a-def8-4469-9df3-4d84950d210f", "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f", "indicator--593e833b-9040-42c7-89aa-4ac6950d210f", "indicator--593e833b-5b90-4c0e-b8f9-caa4950d210f", "observed-data--593e833f-66a8-4342-a4b5-4d6c950d210f", "network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f", "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f", "observed-data--593e8346-e050-4ef0-89bb-caa4950d210f", "url--593e8346-e050-4ef0-89bb-caa4950d210f", "observed-data--593e8347-dfb4-4122-8804-4b4e950d210f", "network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f", "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f", "observed-data--593e8347-7054-41bf-bbbe-418e950d210f", "url--593e8347-7054-41bf-bbbe-418e950d210f", "observed-data--593e8348-fca0-463a-be40-4e19950d210f", "network-traffic--593e8348-fca0-463a-be40-4e19950d210f", "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f", "observed-data--593e8348-ce30-4784-8b21-44da950d210f", "url--593e8348-ce30-4784-8b21-44da950d210f", "observed-data--593e8349-c5f8-4cf7-97f5-4e20950d210f", "network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f", "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f", "observed-data--593e8349-4034-41b5-8403-4afe950d210f", "url--593e8349-4034-41b5-8403-4afe950d210f", "observed-data--593e8349-457c-4c27-9868-485c950d210f", "network-traffic--593e8349-457c-4c27-9868-485c950d210f", "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f", "observed-data--593e834a-fc4c-4e93-a04a-4e1d950d210f", "url--593e834a-fc4c-4e93-a04a-4e1d950d210f", "observed-data--593e834a-2c78-4c28-a47c-48a2950d210f", "network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f", "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f", "observed-data--593e834b-2278-4999-9719-43e5950d210f", "url--593e834b-2278-4999-9719-43e5950d210f", "observed-data--593e834b-2e6c-4ceb-80dc-4c82950d210f", "network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f", "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f", "observed-data--593e834c-7158-4e60-9731-4ddd950d210f", "url--593e834c-7158-4e60-9731-4ddd950d210f", "observed-data--593e834c-d150-48e9-8a4f-4e91950d210f", "network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f", "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830c-0140-4e3b-94b4-49a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:24.000Z", "modified": "2017-06-12T12:03:24.000Z", "pattern": "[file:hashes.MD5 = 'b1826d53ae551f2969a347dd1804c76d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830c-f05c-4cf3-83b7-441b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:24.000Z", "modified": "2017-06-12T12:03:24.000Z", "pattern": "[file:hashes.MD5 = '20f52f4da77210883918021880d5068c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830d-f804-4c3f-9d24-4fdf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:25.000Z", "modified": "2017-06-12T12:03:25.000Z", "pattern": "[url:value = 'http://1000i.co/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830d-9734-49e5-a767-48e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:25.000Z", "modified": "2017-06-12T12:03:25.000Z", "pattern": "[domain-name:value = '1000i.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e830e-f474-48b6-8db4-4069950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:26.000Z", "modified": "2017-06-12T12:03:26.000Z", "first_observed": "2017-06-12T12:03:26Z", "last_observed": "2017-06-12T12:03:26Z", "number_observed": 1, "object_refs": [ "network-traffic--593e830e-f474-48b6-8db4-4069950d210f", "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e830e-f474-48b6-8db4-4069950d210f", "dst_ref": "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f", "value": "144.76.27.232" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830e-f1bc-4b39-a3d1-411d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:26.000Z", "modified": "2017-06-12T12:03:26.000Z", "pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e830f-9ad8-44dc-93a5-459f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:27.000Z", "modified": "2017-06-12T12:03:27.000Z", "pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8314-a65c-4ac9-a9e4-426b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:32.000Z", "modified": "2017-06-12T12:03:32.000Z", "first_observed": "2017-06-12T12:03:32Z", "last_observed": "2017-06-12T12:03:32Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f", "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f", "dst_ref": "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f", "value": "119.28.85.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8314-095c-4451-bb76-47ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:32.000Z", "modified": "2017-06-12T12:03:32.000Z", "pattern": "[url:value = 'http://aacom.pl/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8315-aac0-4fa2-9321-4f0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:33.000Z", "modified": "2017-06-12T12:03:33.000Z", "pattern": "[domain-name:value = 'aacom.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8315-4c74-4b39-b32b-4e17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:33.000Z", "modified": "2017-06-12T12:03:33.000Z", "first_observed": "2017-06-12T12:03:33Z", "last_observed": "2017-06-12T12:03:33Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f", "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f", "dst_ref": "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f", "value": "193.239.206.248" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8316-7b40-4e13-ab97-4103950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:34.000Z", "modified": "2017-06-12T12:03:34.000Z", "pattern": "[url:value = 'http://ceil.hk/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8316-826c-42f7-abaa-4902950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:34.000Z", "modified": "2017-06-12T12:03:34.000Z", "pattern": "[domain-name:value = 'ceil.hk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8317-dcf4-4dc3-b749-416d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:35.000Z", "modified": "2017-06-12T12:03:35.000Z", "first_observed": "2017-06-12T12:03:35Z", "last_observed": "2017-06-12T12:03:35Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f", "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f", "dst_ref": "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f", "value": "202.181.246.240" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8317-9470-468e-93a9-450e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:35.000Z", "modified": "2017-06-12T12:03:35.000Z", "pattern": "[url:value = 'http://cnbofa.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8318-5c2c-4445-af0d-435e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:36.000Z", "modified": "2017-06-12T12:03:36.000Z", "pattern": "[domain-name:value = 'cnbofa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8318-6d78-4350-9c33-49a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:36.000Z", "modified": "2017-06-12T12:03:36.000Z", "first_observed": "2017-06-12T12:03:36Z", "last_observed": "2017-06-12T12:03:36Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8318-6d78-4350-9c33-49a2950d210f", "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8318-6d78-4350-9c33-49a2950d210f", "dst_ref": "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f", "value": "162.215.255.3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8319-3078-4fa4-8ae2-44d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:37.000Z", "modified": "2017-06-12T12:03:37.000Z", "pattern": "[url:value = 'http://crowdvn.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8319-06e0-492e-9c42-4945950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:37.000Z", "modified": "2017-06-12T12:03:37.000Z", "pattern": "[domain-name:value = 'crowdvn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e831a-8dfc-4c3e-8778-4034950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:38.000Z", "modified": "2017-06-12T12:03:38.000Z", "first_observed": "2017-06-12T12:03:38Z", "last_observed": "2017-06-12T12:03:38Z", "number_observed": 1, "object_refs": [ "network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f", "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f", "dst_ref": "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f", "value": "133.242.52.84" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831a-b944-47f8-aa94-496e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:38.000Z", "modified": "2017-06-12T12:03:38.000Z", "pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831b-ecd4-4b92-8fcc-4b50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:39.000Z", "modified": "2017-06-12T12:03:39.000Z", "pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831c-9514-496b-ae82-4b57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:40.000Z", "modified": "2017-06-12T12:03:40.000Z", "pattern": "[url:value = 'http://lamartechnical.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831d-b838-487b-8106-462a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:41.000Z", "modified": "2017-06-12T12:03:41.000Z", "pattern": "[domain-name:value = 'lamartechnical.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e831d-e078-43a7-a93c-498b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:41.000Z", "modified": "2017-06-12T12:03:41.000Z", "first_observed": "2017-06-12T12:03:41Z", "last_observed": "2017-06-12T12:03:41Z", "number_observed": 1, "object_refs": [ "network-traffic--593e831d-e078-43a7-a93c-498b950d210f", "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e831d-e078-43a7-a93c-498b950d210f", "dst_ref": "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f", "value": "216.97.233.44" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831e-a8d0-4237-a9ec-448f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:42.000Z", "modified": "2017-06-12T12:03:42.000Z", "pattern": "[url:value = 'http://lockehouse.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831e-19f4-4ea1-a51c-45bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:42.000Z", "modified": "2017-06-12T12:03:42.000Z", "pattern": "[domain-name:value = 'lockehouse.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e831f-52cc-474c-8f01-45b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:43.000Z", "modified": "2017-06-12T12:03:43.000Z", "first_observed": "2017-06-12T12:03:43Z", "last_observed": "2017-06-12T12:03:43Z", "number_observed": 1, "object_refs": [ "network-traffic--593e831f-52cc-474c-8f01-45b8950d210f", "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e831f-52cc-474c-8f01-45b8950d210f", "dst_ref": "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f", "value": "107.180.48.91" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e831f-215c-42b2-89c5-4acf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:43.000Z", "modified": "2017-06-12T12:03:43.000Z", "pattern": "[url:value = 'http://mangetsudo.net/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8320-f290-4230-8df9-41a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:44.000Z", "modified": "2017-06-12T12:03:44.000Z", "pattern": "[domain-name:value = 'mangetsudo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8320-cbe8-4902-b02f-4eb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:44.000Z", "modified": "2017-06-12T12:03:44.000Z", "first_observed": "2017-06-12T12:03:44Z", "last_observed": "2017-06-12T12:03:44Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f", "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f", "dst_ref": "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f", "value": "219.118.71.133" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8321-fcc8-4427-9ccc-4765950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:45.000Z", "modified": "2017-06-12T12:03:45.000Z", "pattern": "[url:value = 'http://martinsturm.de/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8321-be7c-4926-9a47-4c63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:45.000Z", "modified": "2017-06-12T12:03:45.000Z", "pattern": "[domain-name:value = 'martinsturm.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8322-24e8-49d1-bc57-439a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:46.000Z", "modified": "2017-06-12T12:03:46.000Z", "first_observed": "2017-06-12T12:03:46Z", "last_observed": "2017-06-12T12:03:46Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8322-24e8-49d1-bc57-439a950d210f", "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8322-24e8-49d1-bc57-439a950d210f", "dst_ref": "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f", "value": "81.169.145.68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8322-daf4-4175-97bf-49e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:46.000Z", "modified": "2017-06-12T12:03:46.000Z", "pattern": "[url:value = 'http://marylanddevelopers.in/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8323-c26c-4b9d-a0eb-45f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:47.000Z", "modified": "2017-06-12T12:03:47.000Z", "pattern": "[domain-name:value = 'marylanddevelopers.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8323-4350-49eb-b71f-4416950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:47.000Z", "modified": "2017-06-12T12:03:47.000Z", "first_observed": "2017-06-12T12:03:47Z", "last_observed": "2017-06-12T12:03:47Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8323-4350-49eb-b71f-4416950d210f", "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8323-4350-49eb-b71f-4416950d210f", "dst_ref": "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f", "value": "103.50.160.62" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8324-5d48-4309-acb8-4634950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:48.000Z", "modified": "2017-06-12T12:03:48.000Z", "pattern": "[url:value = 'http://quente.nl/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8324-1bc0-4a6d-abd5-4970950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:48.000Z", "modified": "2017-06-12T12:03:48.000Z", "pattern": "[domain-name:value = 'quente.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8325-b838-4c2a-99f5-42d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:49.000Z", "modified": "2017-06-12T12:03:49.000Z", "first_observed": "2017-06-12T12:03:49Z", "last_observed": "2017-06-12T12:03:49Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f", "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f", "dst_ref": "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f", "value": "81.169.145.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8325-c4ac-4a5c-bc71-4ac5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:49.000Z", "modified": "2017-06-12T12:03:49.000Z", "pattern": "[url:value = 'http://sacrecoeur.bravepages.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8326-2bdc-4409-bf04-477f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:50.000Z", "modified": "2017-06-12T12:03:50.000Z", "pattern": "[domain-name:value = 'sacrecoeur.bravepages.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8326-ecc4-4527-93ec-4557950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:50.000Z", "modified": "2017-06-12T12:03:50.000Z", "first_observed": "2017-06-12T12:03:50Z", "last_observed": "2017-06-12T12:03:50Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8326-ecc4-4527-93ec-4557950d210f", "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8326-ecc4-4527-93ec-4557950d210f", "dst_ref": "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f", "value": "66.219.202.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8327-7840-4ae2-83f5-4ccd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:51.000Z", "modified": "2017-06-12T12:03:51.000Z", "pattern": "[url:value = 'http://sheekchilly.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8327-1260-404f-a874-4f5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:51.000Z", "modified": "2017-06-12T12:03:51.000Z", "pattern": "[domain-name:value = 'sheekchilly.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8328-faf4-410c-9a48-4916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:52.000Z", "modified": "2017-06-12T12:03:52.000Z", "first_observed": "2017-06-12T12:03:52Z", "last_observed": "2017-06-12T12:03:52Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8328-faf4-410c-9a48-4916950d210f", "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8328-faf4-410c-9a48-4916950d210f", "dst_ref": "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f", "value": "103.21.59.174" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8328-4648-4dde-8bc0-4b0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:52.000Z", "modified": "2017-06-12T12:03:52.000Z", "pattern": "[url:value = 'http://smartzaa.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8329-287c-44e1-95ce-4d03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:53.000Z", "modified": "2017-06-12T12:03:53.000Z", "pattern": "[domain-name:value = 'smartzaa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:53.000Z", "modified": "2017-06-12T12:03:53.000Z", "first_observed": "2017-06-12T12:03:53Z", "last_observed": "2017-06-12T12:03:53Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "dst_ref": "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f", "value": "103.21.58.252" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832a-a528-4813-8d48-4783950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:54.000Z", "modified": "2017-06-12T12:03:54.000Z", "pattern": "[url:value = 'http://sportsfoliorewards.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832a-7dd0-4fa0-94da-4478950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:54.000Z", "modified": "2017-06-12T12:03:54.000Z", "pattern": "[domain-name:value = 'sportsfoliorewards.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e832b-5028-4db3-9962-41da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:55.000Z", "modified": "2017-06-12T12:03:55.000Z", "first_observed": "2017-06-12T12:03:55Z", "last_observed": "2017-06-12T12:03:55Z", "number_observed": 1, "object_refs": [ "network-traffic--593e832b-5028-4db3-9962-41da950d210f", "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e832b-5028-4db3-9962-41da950d210f", "dst_ref": "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f", "value": "160.153.53.103" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832b-8c6c-4f09-8dea-464f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:55.000Z", "modified": "2017-06-12T12:03:55.000Z", "pattern": "[url:value = 'http://susewind.ch/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832c-662c-4bb0-a62d-4738950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:56.000Z", "modified": "2017-06-12T12:03:56.000Z", "pattern": "[domain-name:value = 'susewind.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e832c-dd90-4efd-bb37-42f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:56.000Z", "modified": "2017-06-12T12:03:56.000Z", "first_observed": "2017-06-12T12:03:56Z", "last_observed": "2017-06-12T12:03:56Z", "number_observed": 1, "object_refs": [ "network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f", "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f", "dst_ref": "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f", "value": "212.40.5.43" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832d-8444-41dc-b8cb-44c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:57.000Z", "modified": "2017-06-12T12:03:57.000Z", "pattern": "[url:value = 'http://svadba-tamada.de/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832d-43cc-4445-a5b7-47c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:57.000Z", "modified": "2017-06-12T12:03:57.000Z", "pattern": "[domain-name:value = 'svadba-tamada.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e832e-e768-42f1-b16b-43da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:58.000Z", "modified": "2017-06-12T12:03:58.000Z", "first_observed": "2017-06-12T12:03:58Z", "last_observed": "2017-06-12T12:03:58Z", "number_observed": 1, "object_refs": [ "network-traffic--593e832e-e768-42f1-b16b-43da950d210f", "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e832e-e768-42f1-b16b-43da950d210f", "dst_ref": "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f", "value": "81.169.145.148" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832e-2fdc-4a26-9eb8-4d20950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:58.000Z", "modified": "2017-06-12T12:03:58.000Z", "pattern": "[url:value = 'http://svi1869.de/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e832f-db48-47b7-9975-4c8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:59.000Z", "modified": "2017-06-12T12:03:59.000Z", "pattern": "[domain-name:value = 'svi1869.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:03:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e832f-2594-4f93-9a9d-4d88950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:03:59.000Z", "modified": "2017-06-12T12:03:59.000Z", "first_observed": "2017-06-12T12:03:59Z", "last_observed": "2017-06-12T12:03:59Z", "number_observed": 1, "object_refs": [ "network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f", "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f", "dst_ref": "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f", "value": "81.169.145.93" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8330-2a64-4c8d-96bf-4456950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:00.000Z", "modified": "2017-06-12T12:04:00.000Z", "pattern": "[url:value = 'http://syrianchristiancentre.org/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8330-712c-4e4e-a21a-44bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:00.000Z", "modified": "2017-06-12T12:04:00.000Z", "pattern": "[domain-name:value = 'syrianchristiancentre.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8331-034c-4ebe-93be-4db3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:01.000Z", "modified": "2017-06-12T12:04:01.000Z", "first_observed": "2017-06-12T12:04:01Z", "last_observed": "2017-06-12T12:04:01Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8331-034c-4ebe-93be-4db3950d210f", "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8331-034c-4ebe-93be-4db3950d210f", "dst_ref": "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f", "value": "103.21.58.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8331-d728-41b4-b921-4984950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:01.000Z", "modified": "2017-06-12T12:04:01.000Z", "pattern": "[url:value = 'http://ulyanky.ru/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8332-6fd8-4e89-975b-4c90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:02.000Z", "modified": "2017-06-12T12:04:02.000Z", "pattern": "[domain-name:value = 'ulyanky.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8332-f930-4469-816b-44b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:02.000Z", "modified": "2017-06-12T12:04:02.000Z", "first_observed": "2017-06-12T12:04:02Z", "last_observed": "2017-06-12T12:04:02Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8332-f930-4469-816b-44b9950d210f", "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8332-f930-4469-816b-44b9950d210f", "dst_ref": "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f", "value": "91.201.42.45" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8333-1280-44e3-a809-4703950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:03.000Z", "modified": "2017-06-12T12:04:03.000Z", "pattern": "[url:value = 'http://xinjingji.net/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8333-7350-49ab-b1c9-4f22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:03.000Z", "modified": "2017-06-12T12:04:03.000Z", "pattern": "[domain-name:value = 'xinjingji.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8334-f6f4-487e-b271-4d45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:04.000Z", "modified": "2017-06-12T12:04:04.000Z", "first_observed": "2017-06-12T12:04:04Z", "last_observed": "2017-06-12T12:04:04Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8334-f6f4-487e-b271-4d45950d210f", "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8334-f6f4-487e-b271-4d45950d210f", "dst_ref": "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f", "value": "120.25.70.148" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8334-40b4-45d2-a173-4bff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:04.000Z", "modified": "2017-06-12T12:04:04.000Z", "pattern": "[url:value = 'http://yensaophuongdong.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e8335-9bd4-4ad4-9c7d-4153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:05.000Z", "modified": "2017-06-12T12:04:05.000Z", "pattern": "[domain-name:value = 'yensaophuongdong.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e833a-def8-4469-9df3-4d84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:10.000Z", "modified": "2017-06-12T12:04:10.000Z", "first_observed": "2017-06-12T12:04:10Z", "last_observed": "2017-06-12T12:04:10Z", "number_observed": 1, "object_refs": [ "network-traffic--593e833a-def8-4469-9df3-4d84950d210f", "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e833a-def8-4469-9df3-4d84950d210f", "dst_ref": "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f", "value": "209.99.16.221" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e833b-9040-42c7-89aa-4ac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:11.000Z", "modified": "2017-06-12T12:04:11.000Z", "pattern": "[url:value = 'http://ythongye.com/8yhf2ui']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593e833b-5b90-4c0e-b8f9-caa4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:11.000Z", "modified": "2017-06-12T12:04:11.000Z", "pattern": "[domain-name:value = 'ythongye.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-12T12:04:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e833f-66a8-4342-a4b5-4d6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:15.000Z", "modified": "2017-06-12T12:04:15.000Z", "first_observed": "2017-06-12T12:04:15Z", "last_observed": "2017-06-12T12:04:15Z", "number_observed": 1, "object_refs": [ "network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f", "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f", "dst_ref": "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f", "value": "103.249.108.128" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8346-e050-4ef0-89bb-caa4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:22.000Z", "modified": "2017-06-12T12:04:22.000Z", "first_observed": "2017-06-12T12:04:22Z", "last_observed": "2017-06-12T12:04:22Z", "number_observed": 1, "object_refs": [ "url--593e8346-e050-4ef0-89bb-caa4950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e8346-e050-4ef0-89bb-caa4950d210f", "value": "193.0.140.177" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8347-dfb4-4122-8804-4b4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:23.000Z", "modified": "2017-06-12T12:04:23.000Z", "first_observed": "2017-06-12T12:04:23Z", "last_observed": "2017-06-12T12:04:23Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f", "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f", "dst_ref": "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f", "value": "193.0.140.177" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8347-7054-41bf-bbbe-418e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:23.000Z", "modified": "2017-06-12T12:04:23.000Z", "first_observed": "2017-06-12T12:04:23Z", "last_observed": "2017-06-12T12:04:23Z", "number_observed": 1, "object_refs": [ "url--593e8347-7054-41bf-bbbe-418e950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e8347-7054-41bf-bbbe-418e950d210f", "value": "89.231.13.18" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8348-fca0-463a-be40-4e19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:24.000Z", "modified": "2017-06-12T12:04:24.000Z", "first_observed": "2017-06-12T12:04:24Z", "last_observed": "2017-06-12T12:04:24Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8348-fca0-463a-be40-4e19950d210f", "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8348-fca0-463a-be40-4e19950d210f", "dst_ref": "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f", "value": "89.231.13.18" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8348-ce30-4784-8b21-44da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:24.000Z", "modified": "2017-06-12T12:04:24.000Z", "first_observed": "2017-06-12T12:04:24Z", "last_observed": "2017-06-12T12:04:24Z", "number_observed": 1, "object_refs": [ "url--593e8348-ce30-4784-8b21-44da950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e8348-ce30-4784-8b21-44da950d210f", "value": "89.231.13.27" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8349-c5f8-4cf7-97f5-4e20950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:25.000Z", "modified": "2017-06-12T12:04:25.000Z", "first_observed": "2017-06-12T12:04:25Z", "last_observed": "2017-06-12T12:04:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f", "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f", "dst_ref": "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f", "value": "89.231.13.27" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8349-4034-41b5-8403-4afe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:25.000Z", "modified": "2017-06-12T12:04:25.000Z", "first_observed": "2017-06-12T12:04:25Z", "last_observed": "2017-06-12T12:04:25Z", "number_observed": 1, "object_refs": [ "url--593e8349-4034-41b5-8403-4afe950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e8349-4034-41b5-8403-4afe950d210f", "value": "89.231.13.33" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e8349-457c-4c27-9868-485c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:25.000Z", "modified": "2017-06-12T12:04:25.000Z", "first_observed": "2017-06-12T12:04:25Z", "last_observed": "2017-06-12T12:04:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593e8349-457c-4c27-9868-485c950d210f", "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e8349-457c-4c27-9868-485c950d210f", "dst_ref": "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f", "value": "89.231.13.33" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834a-fc4c-4e93-a04a-4e1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:26.000Z", "modified": "2017-06-12T12:04:26.000Z", "first_observed": "2017-06-12T12:04:26Z", "last_observed": "2017-06-12T12:04:26Z", "number_observed": 1, "object_refs": [ "url--593e834a-fc4c-4e93-a04a-4e1d950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e834a-fc4c-4e93-a04a-4e1d950d210f", "value": "185.203.243.111" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834a-2c78-4c28-a47c-48a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:26.000Z", "modified": "2017-06-12T12:04:26.000Z", "first_observed": "2017-06-12T12:04:26Z", "last_observed": "2017-06-12T12:04:26Z", "number_observed": 1, "object_refs": [ "network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f", "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f", "dst_ref": "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f", "value": "185.203.243.111" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834b-2278-4999-9719-43e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:27.000Z", "modified": "2017-06-12T12:04:27.000Z", "first_observed": "2017-06-12T12:04:27Z", "last_observed": "2017-06-12T12:04:27Z", "number_observed": 1, "object_refs": [ "url--593e834b-2278-4999-9719-43e5950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e834b-2278-4999-9719-43e5950d210f", "value": "185.203.243.112" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834b-2e6c-4ceb-80dc-4c82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:27.000Z", "modified": "2017-06-12T12:04:27.000Z", "first_observed": "2017-06-12T12:04:27Z", "last_observed": "2017-06-12T12:04:27Z", "number_observed": 1, "object_refs": [ "network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f", "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f", "dst_ref": "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f", "value": "185.203.243.112" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834c-7158-4e60-9731-4ddd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:28.000Z", "modified": "2017-06-12T12:04:28.000Z", "first_observed": "2017-06-12T12:04:28Z", "last_observed": "2017-06-12T12:04:28Z", "number_observed": 1, "object_refs": [ "url--593e834c-7158-4e60-9731-4ddd950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593e834c-7158-4e60-9731-4ddd950d210f", "value": "185.203.243.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593e834c-d150-48e9-8a4f-4e91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-12T12:04:28.000Z", "modified": "2017-06-12T12:04:28.000Z", "first_observed": "2017-06-12T12:04:28Z", "last_observed": "2017-06-12T12:04:28Z", "number_observed": 1, "object_refs": [ "network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f", "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f", "dst_ref": "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f", "value": "185.203.243.113" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }