{ "type": "bundle", "id": "bundle--594252f6-6d34-496a-9746-413f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T12:37:38.000Z", "modified": "2017-06-16T12:37:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--594252f6-6d34-496a-9746-413f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T12:37:38.000Z", "modified": "2017-06-16T12:37:38.000Z", "name": "M2M - Jaff 2017-06-14 : \"Emailing: 123456789\" - \"123456789.ZIP\"", "published": "2017-06-16T12:37:48Z", "object_refs": [ "indicator--594252f6-0d08-4c8b-a1f6-443f950d210f", "indicator--594252f7-e574-4b89-b7f2-486b950d210f", "indicator--594252f8-1b64-4690-9e64-42e7950d210f", "indicator--594252f8-1c88-4a22-9a0b-4b1a950d210f", "observed-data--594252fd-7488-4084-9e0f-41a4950d210f", "network-traffic--594252fd-7488-4084-9e0f-41a4950d210f", "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f", "indicator--594252fe-e8d0-49c1-a8c5-4fdb950d210f", "indicator--594252ff-0060-4d30-bd81-477f950d210f", "observed-data--59425303-9b40-4920-9960-4c36950d210f", "network-traffic--59425303-9b40-4920-9960-4c36950d210f", "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f", "indicator--59425304-4110-43c0-b26b-4752950d210f", "indicator--59425304-0d50-403e-a134-4560950d210f", "observed-data--59425305-1f4c-4ab9-bf60-40ec950d210f", "network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f", "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f", "indicator--59425305-fba8-4eef-8a91-408b950d210f", "indicator--59425306-f0bc-4cd5-ad90-414d950d210f", "observed-data--59425307-ea44-4ed0-9dc6-45b5950d210f", "network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f", "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f", "indicator--59425307-4c58-4f84-a07a-4de0950d210f", "indicator--59425308-eb3c-49f3-a57b-4ca8950d210f", "indicator--59425309-6564-4eb1-9df8-4ca7950d210f", "indicator--59425309-7f70-4331-9b06-46f1950d210f", "observed-data--5942530a-ea24-49ce-b9f7-44a2950d210f", "network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f", "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f", "indicator--5942530a-79e4-4f4c-b162-47ca950d210f", "indicator--5942530b-f230-4055-b228-4bea950d210f", "observed-data--5942530c-edfc-47c4-9189-4232950d210f", "network-traffic--5942530c-edfc-47c4-9189-4232950d210f", "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f", "indicator--5942530c-1668-456d-9076-4e8e950d210f", "indicator--5942530d-f08c-40bd-b86b-4689950d210f", "observed-data--5942530d-bb54-4abf-bd3c-4e1e950d210f", "network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f", "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f", "indicator--5942530e-1594-4d17-9c86-49cc950d210f", "indicator--5942530e-7280-46a7-801f-42ac950d210f", "observed-data--5942530f-e7e8-4dfc-b234-4217950d210f", "network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f", "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f", "indicator--59425310-9a34-4841-a20f-410b950d210f", "indicator--59425310-8f70-48d5-b774-4f09950d210f", "observed-data--59425311-dda0-4947-8156-49e5950d210f", "network-traffic--59425311-dda0-4947-8156-49e5950d210f", "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f", "indicator--59425311-ef08-4799-9cd3-4d4d950d210f", "indicator--59425312-3040-4859-b904-4d72950d210f", "observed-data--59425312-dc14-4836-9b1b-4d28950d210f", "network-traffic--59425312-dc14-4836-9b1b-4d28950d210f", "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f", "indicator--59425313-5d50-4746-84a8-4f77950d210f", "indicator--59425314-3cfc-4261-a2ab-4f7d950d210f", "observed-data--59425314-9328-40d0-bca1-4d1e950d210f", "network-traffic--59425314-9328-40d0-bca1-4d1e950d210f", "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f", "observed-data--59425315-1430-4a62-b426-4fa4950d210f", "network-traffic--59425315-1430-4a62-b426-4fa4950d210f", "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f", "indicator--59425315-c2d8-4d23-8e8c-41ad950d210f", "indicator--59425316-ea30-4c52-8483-4ba9950d210f", "observed-data--59425317-b518-4ccd-8e33-4be4950d210f", "network-traffic--59425317-b518-4ccd-8e33-4be4950d210f", "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f", "indicator--59425317-d9c4-4fca-a990-46ff950d210f", "indicator--59425318-611c-4e77-a8b1-4acd950d210f", "indicator--59425319-5a30-47ff-b414-4129950d210f", "indicator--59425319-70a8-49de-8b70-4fb3950d210f", "observed-data--5942531b-d848-43c1-9fbe-441e950d210f", "network-traffic--5942531b-d848-43c1-9fbe-441e950d210f", "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f", "indicator--5942531c-3068-4604-9a43-4856950d210f", "indicator--5942531c-3298-4248-b721-4632950d210f", "observed-data--5942531d-f6e4-42b3-809c-48fc950d210f", "network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f", "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f", "indicator--5942531d-f5a4-4628-a4a4-4398950d210f", "indicator--5942531e-64cc-405f-a20f-410e950d210f", "observed-data--5942531e-2a24-427a-b873-406f950d210f", "network-traffic--5942531e-2a24-427a-b873-406f950d210f", "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f", "indicator--5942531f-137c-42a0-8495-46b8950d210f", "indicator--5942531f-5440-4fd1-9525-415a950d210f", "observed-data--59425321-c584-4ce3-9de7-4ecd950d210f", "network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f", "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f", "indicator--59425322-f118-4850-b50d-4047950d210f", "indicator--59425322-2798-4ff1-b8f5-4cbe950d210f", "observed-data--59425323-45f4-4008-8147-4dbe950d210f", "network-traffic--59425323-45f4-4008-8147-4dbe950d210f", "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f", "indicator--59425324-d040-4556-9608-4653950d210f", "indicator--59425325-008c-458d-a957-4e45950d210f", "observed-data--59425326-ae7c-4e26-9838-453d950d210f", "network-traffic--59425326-ae7c-4e26-9838-453d950d210f", "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f", "indicator--59425327-f080-4851-b6fc-423f950d210f", "indicator--59425327-b210-4a85-850c-425a950d210f", "observed-data--59425328-30ac-4f9d-819c-4285950d210f", "network-traffic--59425328-30ac-4f9d-819c-4285950d210f", "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f", "indicator--59425328-f588-45b2-85f1-4886950d210f", "indicator--59425329-9074-494a-83a8-4fe6950d210f", "observed-data--5942532b-963c-45d1-a969-499a950d210f", "network-traffic--5942532b-963c-45d1-a969-499a950d210f", "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f", "indicator--5943bb60-c634-4bbb-a898-440102de0b81", "indicator--5943bb60-9488-4159-85b4-401802de0b81", "observed-data--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81", "url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81", "indicator--5943bb61-a8c8-4d76-9063-4fa202de0b81", "indicator--5943bb62-2d04-41ad-baff-499f02de0b81", "observed-data--5943bb62-e370-4a6a-978d-487e02de0b81", "url--5943bb62-e370-4a6a-978d-487e02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252f6-0d08-4c8b-a1f6-443f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '184a66091326a882fc4425cb9b40194c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252f7-e574-4b89-b7f2-486b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[file:hashes.MD5 = 'dea5cd9dcf444d6107b14cabefbb1774']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252f8-1b64-4690-9e64-42e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://16892.net/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252f8-1c88-4a22-9a0b-4b1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = '16892.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--594252fd-7488-4084-9e0f-41a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--594252fd-7488-4084-9e0f-41a4950d210f", "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--594252fd-7488-4084-9e0f-41a4950d210f", "dst_ref": "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f", "value": "199.79.63.100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252fe-e8d0-49c1-a8c5-4fdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--594252ff-0060-4d30-bd81-477f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425303-9b40-4920-9960-4c36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425303-9b40-4920-9960-4c36950d210f", "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425303-9b40-4920-9960-4c36950d210f", "dst_ref": "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f", "value": "119.28.85.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425304-4110-43c0-b26b-4752950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://aarontax.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425304-0d50-403e-a134-4560950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'aarontax.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425305-1f4c-4ab9-bf60-40ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f", "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f", "dst_ref": "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f", "value": "107.180.2.55" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425305-fba8-4eef-8a91-408b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://aristei.com.ar/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425306-f0bc-4cd5-ad90-414d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'aristei.com.ar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425307-ea44-4ed0-9dc6-45b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f", "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f", "dst_ref": "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f", "value": "190.105.227.224" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425307-4c58-4f84-a07a-4de0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://cigarconexion.in/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425308-eb3c-49f3-a57b-4ca8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'cigarconexion.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425309-6564-4eb1-9df8-4ca7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://cinema-strasbourg.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425309-7f70-4331-9b06-46f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'cinema-strasbourg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942530a-ea24-49ce-b9f7-44a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f", "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f", "dst_ref": "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f", "value": "5.196.28.243" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530a-79e4-4f4c-b162-47ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://comfortdiscovered.com.au/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530b-f230-4055-b228-4bea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'comfortdiscovered.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942530c-edfc-47c4-9189-4232950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942530c-edfc-47c4-9189-4232950d210f", "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942530c-edfc-47c4-9189-4232950d210f", "dst_ref": "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f", "value": "101.0.75.118" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530c-1668-456d-9076-4e8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://cupcakery.in/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530d-f08c-40bd-b86b-4689950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'cupcakery.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942530d-bb54-4abf-bd3c-4e1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f", "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f", "dst_ref": "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f", "value": "103.195.185.222" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530e-1594-4d17-9c86-49cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://makkahhaj.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942530e-7280-46a7-801f-42ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'makkahhaj.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942530f-e7e8-4dfc-b234-4217950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f", "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f", "dst_ref": "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f", "value": "162.215.252.26" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425310-9a34-4841-a20f-410b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://mediawax.be/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425310-8f70-48d5-b774-4f09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'mediawax.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425311-dda0-4947-8156-49e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425311-dda0-4947-8156-49e5950d210f", "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425311-dda0-4947-8156-49e5950d210f", "dst_ref": "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f", "value": "5.61.252.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425311-ef08-4799-9cd3-4d4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://mokinukai.lt/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425312-3040-4859-b904-4d72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'mokinukai.lt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425312-dc14-4836-9b1b-4d28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425312-dc14-4836-9b1b-4d28950d210f", "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425312-dc14-4836-9b1b-4d28950d210f", "dst_ref": "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f", "value": "217.17.85.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425313-5d50-4746-84a8-4f77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://mseconsultant.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425314-3cfc-4261-a2ab-4f7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'mseconsultant.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425314-9328-40d0-bca1-4d1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425314-9328-40d0-bca1-4d1e950d210f", "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425314-9328-40d0-bca1-4d1e950d210f", "dst_ref": "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f", "value": "107.154.163.119" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425315-1430-4a62-b426-4fa4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425315-1430-4a62-b426-4fa4950d210f", "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425315-1430-4a62-b426-4fa4950d210f", "dst_ref": "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f", "value": "107.154.220.119" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425315-c2d8-4d23-8e8c-41ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://qiyuner.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425316-ea30-4c52-8483-4ba9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'qiyuner.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425317-b518-4ccd-8e33-4be4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425317-b518-4ccd-8e33-4be4950d210f", "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425317-b518-4ccd-8e33-4be4950d210f", "dst_ref": "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f", "value": "115.28.21.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425317-d9c4-4fca-a990-46ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://randomessstioprottoy.net/af/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425318-611c-4e77-a8b1-4acd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'randomessstioprottoy.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425319-5a30-47ff-b414-4129950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://scjjh.cn/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425319-70a8-49de-8b70-4fb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'scjjh.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942531b-d848-43c1-9fbe-441e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942531b-d848-43c1-9fbe-441e950d210f", "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942531b-d848-43c1-9fbe-441e950d210f", "dst_ref": "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f", "value": "211.149.226.210" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531c-3068-4604-9a43-4856950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://sellityourway.nl/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531c-3298-4248-b721-4632950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'sellityourway.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942531d-f6e4-42b3-809c-48fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f", "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f", "dst_ref": "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f", "value": "81.169.145.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531d-f5a4-4628-a4a4-4398950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://serajeadine.ir/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531e-64cc-405f-a20f-410e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'serajeadine.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942531e-2a24-427a-b873-406f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942531e-2a24-427a-b873-406f950d210f", "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942531e-2a24-427a-b873-406f950d210f", "dst_ref": "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f", "value": "176.9.121.246" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531f-137c-42a0-8495-46b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://songtinmungtinhyeu.org/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942531f-5440-4fd1-9525-415a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'songtinmungtinhyeu.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425321-c584-4ce3-9de7-4ecd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f", "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f", "dst_ref": "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f", "value": "45.117.80.214" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425322-f118-4850-b50d-4047950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://speedgrow.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425322-2798-4ff1-b8f5-4cbe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'speedgrow.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425323-45f4-4008-8147-4dbe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425323-45f4-4008-8147-4dbe950d210f", "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425323-45f4-4008-8147-4dbe950d210f", "dst_ref": "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f", "value": "116.12.48.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425324-d040-4556-9608-4653950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://yuanhefruits.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425325-008c-458d-a957-4e45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'yuanhefruits.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425326-ae7c-4e26-9838-453d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425326-ae7c-4e26-9838-453d950d210f", "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425326-ae7c-4e26-9838-453d950d210f", "dst_ref": "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f", "value": "45.32.216.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425327-f080-4851-b6fc-423f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://zebtex.com/734fhrfrre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425327-b210-4a85-850c-425a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'zebtex.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59425328-30ac-4f9d-819c-4285950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59425328-30ac-4f9d-819c-4285950d210f", "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59425328-30ac-4f9d-819c-4285950d210f", "dst_ref": "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f", "value": "208.91.198.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425328-f588-45b2-85f1-4886950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[url:value = 'http://toronadrouuyrt5wwf.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59425329-9074-494a-83a8-4fe6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "pattern": "[domain-name:value = 'toronadrouuyrt5wwf.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5942532b-963c-45d1-a969-499a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:04:37.000Z", "modified": "2017-06-16T11:04:37.000Z", "first_observed": "2017-06-16T11:04:37Z", "last_observed": "2017-06-16T11:04:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5942532b-963c-45d1-a969-499a950d210f", "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5942532b-963c-45d1-a969-499a950d210f", "dst_ref": "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f", "value": "119.28.98.205" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943bb60-c634-4bbb-a898-440102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:04.000Z", "modified": "2017-06-16T11:05:04.000Z", "description": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c", "pattern": "[file:hashes.SHA256 = '135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943bb60-9488-4159-85b4-401802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:04.000Z", "modified": "2017-06-16T11:05:04.000Z", "description": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c", "pattern": "[file:hashes.SHA1 = '4de7016ab381f9caa77c74525be30b2067024bf0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:05.000Z", "modified": "2017-06-16T11:05:05.000Z", "first_observed": "2017-06-16T11:05:05Z", "last_observed": "2017-06-16T11:05:05Z", "number_observed": 1, "object_refs": [ "url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81", "value": "https://www.virustotal.com/file/135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9/analysis/1497510333/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943bb61-a8c8-4d76-9063-4fa202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:05.000Z", "modified": "2017-06-16T11:05:05.000Z", "description": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774", "pattern": "[file:hashes.SHA256 = 'dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943bb62-2d04-41ad-baff-499f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:06.000Z", "modified": "2017-06-16T11:05:06.000Z", "description": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774", "pattern": "[file:hashes.SHA1 = '69d5094172cc962acec44fcee4db19204a556009']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:05:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943bb62-e370-4a6a-978d-487e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:05:06.000Z", "modified": "2017-06-16T11:05:06.000Z", "first_observed": "2017-06-16T11:05:06Z", "last_observed": "2017-06-16T11:05:06Z", "number_observed": 1, "object_refs": [ "url--5943bb62-e370-4a6a-978d-487e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5943bb62-e370-4a6a-978d-487e02de0b81", "value": "https://www.virustotal.com/file/dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2/analysis/1497608873/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }