{ "type": "bundle", "id": "bundle--596f5959-4fd4-4d5c-9878-46e3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:52.000Z", "modified": "2017-07-19T13:20:52.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--596f5959-4fd4-4d5c-9878-46e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:52.000Z", "modified": "2017-07-19T13:20:52.000Z", "name": "M2M - Trickbot 2017-07-19 : mac1 : \"12345678 - True\n Telecom Invoice for June 2017\" - \"2017-06-Bill.PDF\"", "context": "suspicious-activity", "object_refs": [ "indicator--596f5959-5868-4caf-b7cc-4b21950d210f", "indicator--596f595a-9750-40b7-870c-4445950d210f", "indicator--596f595a-b2e0-4390-9955-4fb5950d210f", "indicator--596f595a-d1ac-4178-ae43-4f59950d210f", "observed-data--596f595b-3ad8-4f64-b362-4170950d210f", "network-traffic--596f595b-3ad8-4f64-b362-4170950d210f", "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f", "indicator--596f595b-dc3c-43c8-9214-178c950d210f", "indicator--596f595b-cbbc-41ed-9dfd-4cc5950d210f", "observed-data--596f595b-3680-41f5-8c88-4d3c950d210f", "network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f", "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f", "observed-data--596f595b-ce14-4638-80f9-19ef950d210f", "network-traffic--596f595b-ce14-4638-80f9-19ef950d210f", "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f", "indicator--596f595b-e4f8-40ee-a785-47e0950d210f", "indicator--596f595c-8394-4c57-9148-4190950d210f", "observed-data--596f595c-85e8-493d-b029-1864950d210f", "network-traffic--596f595c-85e8-493d-b029-1864950d210f", "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f", "indicator--596f595c-24a0-4abd-9083-447e950d210f", "indicator--596f595d-349c-491d-bdc7-1ab5950d210f", "observed-data--596f595d-9be4-4c27-b5e5-4821950d210f", "network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f", "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f", "indicator--596f595d-6b0c-4497-8139-1859950d210f", "indicator--596f595d-75ac-4540-8ff9-4556950d210f", "observed-data--596f595e-1bc0-4bd8-a52a-472d950d210f", "network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f", "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f", "indicator--596f595e-7828-44d4-a1e3-461c950d210f", "indicator--596f595e-166c-4a87-b7a7-4ef7950d210f", "observed-data--596f595e-ebb8-4e8b-9604-4516950d210f", "network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f", "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f", "indicator--596f595f-63ac-41a6-8551-4ec8950d210f", "indicator--596f595f-3c14-48d1-8935-178c950d210f", "observed-data--596f595f-1ee8-48bc-8a13-4acf950d210f", "network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f", "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f", "indicator--596f595f-5ce0-47a4-abe1-45fb950d210f", "indicator--596f595f-74d0-47f0-b044-47ec950d210f", "observed-data--596f5960-5c48-4639-bc5d-44af950d210f", "network-traffic--596f5960-5c48-4639-bc5d-44af950d210f", "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f", "indicator--596f5960-6ae4-4f2d-84b0-43d0950d210f", "indicator--596f5960-5a40-404e-85b7-1ab5950d210f", "observed-data--596f5960-2c88-40a8-b84c-48e3950d210f", "network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f", "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f", "indicator--596f5961-f850-41ef-8171-1859950d210f", "indicator--596f5961-6cb4-413f-b7f4-49d4950d210f", "observed-data--596f5961-cda0-4f62-9340-4f91950d210f", "network-traffic--596f5961-cda0-4f62-9340-4f91950d210f", "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f", "observed-data--596f5961-64b8-4c73-ab2c-4584950d210f", "network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f", "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f", "indicator--596f5962-6b28-4ac6-89f3-4368950d210f", "indicator--596f5962-0a6c-4216-bba3-4853950d210f", "observed-data--596f5963-47b0-4b55-a119-495c950d210f", "network-traffic--596f5963-47b0-4b55-a119-495c950d210f", "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f", "indicator--596f5963-5a3c-4baa-a563-178c950d210f", "indicator--596f5963-af3c-4b39-924b-435c950d210f", "observed-data--596f5964-3cb8-4781-a270-4eec950d210f", "network-traffic--596f5964-3cb8-4781-a270-4eec950d210f", "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f", "indicator--596f5964-2760-4661-a3ec-19ef950d210f", "indicator--596f5964-b6e0-40e6-a2ab-4f4e950d210f", "observed-data--596f5964-cf84-462d-9f0e-4686950d210f", "network-traffic--596f5964-cf84-462d-9f0e-4686950d210f", "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f", "indicator--596f5964-9ff4-4379-9d8b-4183950d210f", "indicator--596f5964-b7cc-40f5-9713-1ab5950d210f", "observed-data--596f5966-31a8-45b6-8ebd-4b6d950d210f", "network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f", "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f", "indicator--596f5966-32c8-4110-a18e-1859950d210f", "indicator--596f5966-5550-4a73-89a6-44e5950d210f", "observed-data--596f5967-d0ac-4c4b-a200-458c950d210f", "network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f", "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f", "indicator--596f5967-706c-4539-a3cb-43eb950d210f", "indicator--596f5967-4fb0-4068-9d62-4006950d210f", "observed-data--596f5967-a298-4c46-bb52-4723950d210f", "network-traffic--596f5967-a298-4c46-bb52-4723950d210f", "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f", "indicator--596f5967-089c-4a6d-9208-178c950d210f", "indicator--596f5968-ff38-48af-9b74-4286950d210f", "observed-data--596f5968-291c-468a-b300-1a21950d210f", "network-traffic--596f5968-291c-468a-b300-1a21950d210f", "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f", "indicator--596f5969-3f80-41a7-8272-4dd5950d210f", "indicator--596f5969-4990-48bc-aaff-19ef950d210f", "observed-data--596f5969-96d8-43a4-8c1b-4e34950d210f", "network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f", "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f", "indicator--596f5969-f580-4154-b53e-434a950d210f", "indicator--596f5969-7684-45ea-b543-47ab950d210f", "observed-data--596f596a-96dc-4338-8e9e-1ab5950d210f", "network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f", "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f", "indicator--596f596a-52dc-4e35-9e84-49a7950d210f", "indicator--596f596a-61d4-497d-af65-1859950d210f", "observed-data--596f596b-4ae4-403d-a4d0-4b5d950d210f", "network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f", "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f", "indicator--596f596c-a400-4a21-a2ee-4a40950d210f", "indicator--596f596c-4888-47f8-8c81-482d950d210f", "observed-data--596f596c-63c4-4e9c-bf95-419e950d210f", "network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f", "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f", "indicator--596f596c-3f30-4d54-a22d-4827950d210f", "indicator--596f596c-46c8-47d5-8187-178c950d210f", "observed-data--596f596c-c830-4ca4-80d8-4464950d210f", "network-traffic--596f596c-c830-4ca4-80d8-4464950d210f", "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f", "indicator--596f596d-c9a8-4b82-b8f9-1a21950d210f", "indicator--596f596d-484c-4ff0-8649-488f950d210f", "observed-data--596f596d-ea68-448a-9bc7-19ef950d210f", "network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f", "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f", "indicator--596f596d-eb1c-4e1b-9979-41ba950d210f", "indicator--596f596d-01c0-46b4-9ad1-4d40950d210f", "observed-data--596f596e-fa2c-4003-ab66-44b7950d210f", "network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f", "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f", "indicator--596f596e-99e4-4232-b19c-1ab5950d210f", "indicator--596f596e-ca2c-4fd9-a99e-4679950d210f", "observed-data--596f596f-4814-4764-9550-1859950d210f", "network-traffic--596f596f-4814-4764-9550-1859950d210f", "ipv4-addr--596f596f-4814-4764-9550-1859950d210f", "indicator--596f596f-cb50-4198-ab06-4699950d210f", "indicator--596f596f-0a08-4d60-82d6-453b950d210f", "observed-data--596f5970-d804-41c1-8be9-42ea950d210f", "network-traffic--596f5970-d804-41c1-8be9-42ea950d210f", "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f", "indicator--596f5970-4e1c-4493-ac0a-41d9950d210f", "indicator--596f5970-e8bc-49da-becc-4875950d210f", "observed-data--596f5970-c6a8-47ac-b332-178c950d210f", "network-traffic--596f5970-c6a8-47ac-b332-178c950d210f", "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f", "indicator--596f5971-10f4-4f94-af5a-4a72950d210f", "indicator--596f5971-7314-44e1-a767-1a21950d210f", "observed-data--596f5971-a4ac-41b9-84c4-417c950d210f", "network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f", "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f", "indicator--596f5971-42f0-49da-ab6c-19ef950d210f", "indicator--596f5971-64a0-44b9-95a7-4048950d210f", "observed-data--596f5974-05c8-46bd-9014-4d6a950d210f", "network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f", "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f", "indicator--596f5974-fea8-469d-8f97-4641950d210f", "indicator--596f5974-3f34-4c9c-bbef-1ab5950d210f", "observed-data--596f5976-c8d8-403d-b7f2-4a1f950d210f", "network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f", "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f", "indicator--596f5976-316c-42cc-bd53-48f0950d210f", "indicator--596f5976-5664-42c0-8fdb-1859950d210f", "observed-data--596f5977-ed44-4271-b987-453e950d210f", "network-traffic--596f5977-ed44-4271-b987-453e950d210f", "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f", "indicator--596f5977-4794-43cd-bdd6-4d02950d210f", "indicator--596f5977-33f4-4a98-ae71-4d77950d210f", "observed-data--596f5977-cf04-4a91-b095-491b950d210f", "network-traffic--596f5977-cf04-4a91-b095-491b950d210f", "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f", "indicator--596f5978-0c14-4c17-b6ed-4323950d210f", "indicator--596f5978-5504-4237-9701-178c950d210f", "observed-data--596f5978-d1bc-4992-a0b3-4ec8950d210f", "network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f", "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f", "indicator--596f5978-ac20-42cf-8815-1a21950d210f", "indicator--596f5978-7a8c-4f79-b36b-4092950d210f", "indicator--596f5979-60c8-4734-bba1-4a02950d210f", "indicator--596f5979-f7bc-4756-8d9f-4161950d210f", "observed-data--596f5979-dc74-4550-bffb-407a950d210f", "network-traffic--596f5979-dc74-4550-bffb-407a950d210f", "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f", "indicator--596f5979-18b4-49d8-a955-42c6950d210f", "indicator--596f5979-2b00-40e3-a588-1ab5950d210f", "observed-data--596f597a-1b80-415d-b14b-4ed2950d210f", "network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f", "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f", "indicator--596f597a-f9d0-4b26-9482-1859950d210f", "indicator--596f597a-6fec-484b-9b8a-44be950d210f", "observed-data--596f597b-c818-4075-a445-42d6950d210f", "network-traffic--596f597b-c818-4075-a445-42d6950d210f", "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f", "indicator--596f597b-c410-4ed8-8509-4293950d210f", "indicator--596f597b-1374-4e3f-94df-4fe0950d210f", "observed-data--596f597b-bae4-4892-bce0-178c950d210f", "network-traffic--596f597b-bae4-4892-bce0-178c950d210f", "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f", "observed-data--596f597b-0b44-4056-b97e-4bff950d210f", "network-traffic--596f597b-0b44-4056-b97e-4bff950d210f", "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f", "observed-data--596f597b-1028-40b1-aec7-1a21950d210f", "network-traffic--596f597b-1028-40b1-aec7-1a21950d210f", "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f", "observed-data--596f597c-a210-458a-aa84-402b950d210f", "network-traffic--596f597c-a210-458a-aa84-402b950d210f", "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f", "observed-data--596f597c-c630-4ca8-84bf-19ef950d210f", "network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f", "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f", "observed-data--596f597c-a794-4075-a768-4658950d210f", "network-traffic--596f597c-a794-4075-a768-4658950d210f", "ipv4-addr--596f597c-a794-4075-a768-4658950d210f", "observed-data--596f597c-27e0-4e79-8853-4668950d210f", "network-traffic--596f597c-27e0-4e79-8853-4668950d210f", "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f", "observed-data--596f597d-1930-44a9-a767-4a31950d210f", "network-traffic--596f597d-1930-44a9-a767-4a31950d210f", "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f", "observed-data--596f597d-b3a4-47b6-a332-49f6950d210f", "network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f", "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f", "observed-data--596f597d-ff7c-48ad-8829-1ab5950d210f", "network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f", "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f", "observed-data--596f597d-6b74-405f-9ca3-4931950d210f", "network-traffic--596f597d-6b74-405f-9ca3-4931950d210f", "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f", "observed-data--596f597e-7080-4cdf-9aee-4387950d210f", "network-traffic--596f597e-7080-4cdf-9aee-4387950d210f", "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f", "observed-data--596f597e-8ef0-43ef-a592-1859950d210f", "network-traffic--596f597e-8ef0-43ef-a592-1859950d210f", "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f", "observed-data--596f597e-ca90-4f9a-9c09-4a37950d210f", "network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f", "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f", "observed-data--596f597e-187c-4910-a4e9-4372950d210f", "network-traffic--596f597e-187c-4910-a4e9-4372950d210f", "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f", "observed-data--596f597f-7308-442a-8491-44fe950d210f", "network-traffic--596f597f-7308-442a-8491-44fe950d210f", "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f", "observed-data--596f597f-e590-4a9d-b7ef-4a75950d210f", "network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f", "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f", "observed-data--596f597f-0a60-475c-a891-178c950d210f", "network-traffic--596f597f-0a60-475c-a891-178c950d210f", "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f", "indicator--596f5cac-8374-4e01-bb15-186302de0b81", "indicator--596f5cac-9c14-4d0d-ba3a-186302de0b81", "observed-data--596f5cac-7ff8-4593-9c66-186302de0b81", "url--596f5cac-7ff8-4593-9c66-186302de0b81", "indicator--596f5cac-d6d8-48ac-bcfd-186302de0b81", "indicator--596f5cac-b6d4-4bbd-8796-186302de0b81", "observed-data--596f5cac-a2a4-4ffa-b041-186302de0b81", "url--596f5cac-a2a4-4ffa-b041-186302de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5959-5868-4caf-b7cc-4b21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[file:hashes.MD5 = '89eae47c0fe12a7409dc42304dbb737f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595a-9750-40b7-870c-4445950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[file:hashes.MD5 = 'f9650f8f6d8953dbfef206a4783cdd56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595a-b2e0-4390-9955-4fb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://aarontax.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595a-d1ac-4178-ae43-4f59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'aarontax.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595b-3ad8-4f64-b362-4170950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595b-3ad8-4f64-b362-4170950d210f", "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595b-3ad8-4f64-b362-4170950d210f", "dst_ref": "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f", "value": "107.180.2.55" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595b-dc3c-43c8-9214-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://aromozames.ru/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595b-cbbc-41ed-9dfd-4cc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'aromozames.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595b-3680-41f5-8c88-4d3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f", "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f", "dst_ref": "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f", "value": "193.124.183.74" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595b-ce14-4638-80f9-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595b-ce14-4638-80f9-19ef950d210f", "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595b-ce14-4638-80f9-19ef950d210f", "dst_ref": "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f", "value": "193.124.188.89" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595b-e4f8-40ee-a785-47e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://atlon-mebel.ru/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595c-8394-4c57-9148-4190950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'atlon-mebel.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595c-85e8-493d-b029-1864950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595c-85e8-493d-b029-1864950d210f", "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595c-85e8-493d-b029-1864950d210f", "dst_ref": "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f", "value": "178.159.252.126" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595c-24a0-4abd-9083-447e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://atsxpress.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595d-349c-491d-bdc7-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'atsxpress.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595d-9be4-4c27-b5e5-4821950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f", "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f", "dst_ref": "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f", "value": "23.252.3.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595d-6b0c-4497-8139-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://cabbonentertainments.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595d-75ac-4540-8ff9-4556950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'cabbonentertainments.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595e-1bc0-4bd8-a52a-472d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f", "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f", "dst_ref": "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f", "value": "208.91.198.102" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595e-7828-44d4-a1e3-461c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://cupcakery.in/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595e-166c-4a87-b7a7-4ef7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'cupcakery.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595e-ebb8-4e8b-9604-4516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f", "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f", "dst_ref": "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f", "value": "103.195.185.222" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595f-63ac-41a6-8551-4ec8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://dabar.name/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595f-3c14-48d1-8935-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'dabar.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f595f-1ee8-48bc-8a13-4acf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f", "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f", "dst_ref": "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f", "value": "217.73.227.85" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595f-5ce0-47a4-abe1-45fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://descuentosperu.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f595f-74d0-47f0-b044-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'descuentosperu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5960-5c48-4639-bc5d-44af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5960-5c48-4639-bc5d-44af950d210f", "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5960-5c48-4639-bc5d-44af950d210f", "dst_ref": "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f", "value": "192.232.249.178" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5960-6ae4-4f2d-84b0-43d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://dessde.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5960-5a40-404e-85b7-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'dessde.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5960-2c88-40a8-b84c-48e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f", "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f", "dst_ref": "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f", "value": "66.147.244.152" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5961-f850-41ef-8171-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://editorialmasterlibros.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5961-6cb4-413f-b7f4-49d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'editorialmasterlibros.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5961-cda0-4f62-9340-4f91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5961-cda0-4f62-9340-4f91950d210f", "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5961-cda0-4f62-9340-4f91950d210f", "dst_ref": "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f", "value": "107.154.155.2" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5961-64b8-4c73-ab2c-4584950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f", "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f", "dst_ref": "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f", "value": "192.185.21.150" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5962-6b28-4ac6-89f3-4368950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://e-snhv.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5962-0a6c-4216-bba3-4853950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'e-snhv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5963-47b0-4b55-a119-495c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5963-47b0-4b55-a119-495c950d210f", "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5963-47b0-4b55-a119-495c950d210f", "dst_ref": "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f", "value": "61.106.62.37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5963-5a3c-4baa-a563-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://faltico.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5963-af3c-4b39-924b-435c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'faltico.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5964-3cb8-4781-a270-4eec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5964-3cb8-4781-a270-4eec950d210f", "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5964-3cb8-4781-a270-4eec950d210f", "dst_ref": "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f", "value": "173.254.28.100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5964-2760-4661-a3ec-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://fibrotek.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5964-b6e0-40e6-a2ab-4f4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'fibrotek.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5964-cf84-462d-9f0e-4686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5964-cf84-462d-9f0e-4686950d210f", "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5964-cf84-462d-9f0e-4686950d210f", "dst_ref": "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f", "value": "192.252.132.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5964-9ff4-4379-9d8b-4183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://fondazioneprogenies.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5964-b7cc-40f5-9713-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'fondazioneprogenies.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5966-31a8-45b6-8ebd-4b6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f", "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f", "dst_ref": "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f", "value": "151.1.182.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5966-32c8-4110-a18e-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://gbaudiovisual.co.uk/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5966-5550-4a73-89a6-44e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'gbaudiovisual.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5967-d0ac-4c4b-a200-458c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f", "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f", "dst_ref": "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f", "value": "66.147.244.77" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5967-706c-4539-a3cb-43eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://in-city.info/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5967-4fb0-4068-9d62-4006950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'in-city.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5967-a298-4c46-bb52-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5967-a298-4c46-bb52-4723950d210f", "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5967-a298-4c46-bb52-4723950d210f", "dst_ref": "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f", "value": "111.118.215.254" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5967-089c-4a6d-9208-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://kms2017.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5968-ff38-48af-9b74-4286950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'kms2017.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5968-291c-468a-b300-1a21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5968-291c-468a-b300-1a21950d210f", "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5968-291c-468a-b300-1a21950d210f", "dst_ref": "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f", "value": "41.185.8.215" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5969-3f80-41a7-8272-4dd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://luxurious-ss.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5969-4990-48bc-aaff-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'luxurious-ss.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5969-96d8-43a4-8c1b-4e34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f", "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f", "dst_ref": "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f", "value": "107.180.4.132" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5969-f580-4154-b53e-434a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://mahovik-bg.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5969-7684-45ea-b543-47ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'mahovik-bg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596a-96dc-4338-8e9e-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f", "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f", "dst_ref": "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f", "value": "92.43.113.68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596a-52dc-4e35-9e84-49a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://nasusystems.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596a-61d4-497d-af65-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'nasusystems.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596b-4ae4-403d-a4d0-4b5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f", "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f", "dst_ref": "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f", "value": "162.251.80.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596c-a400-4a21-a2ee-4a40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://newlifetabernacle.org.uk/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596c-4888-47f8-8c81-482d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'newlifetabernacle.org.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596c-63c4-4e9c-bf95-419e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f", "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f", "dst_ref": "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f", "value": "109.75.170.170" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596c-3f30-4d54-a22d-4827950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://orinta.de/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596c-46c8-47d5-8187-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'orinta.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596c-c830-4ca4-80d8-4464950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596c-c830-4ca4-80d8-4464950d210f", "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596c-c830-4ca4-80d8-4464950d210f", "dst_ref": "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f", "value": "81.169.145.77" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596d-c9a8-4b82-b8f9-1a21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://pankaj.pro/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596d-484c-4ff0-8649-488f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'pankaj.pro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596d-ea68-448a-9bc7-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f", "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f", "dst_ref": "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f", "value": "199.79.63.142" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596d-eb1c-4e1b-9979-41ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://pearlgonzalez.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596d-01c0-46b4-9ad1-4d40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'pearlgonzalez.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596e-fa2c-4003-ab66-44b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f", "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f", "dst_ref": "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f", "value": "166.63.11.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596e-99e4-4232-b19c-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://pta-babel.net/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596e-ca2c-4fd9-a99e-4679950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'pta-babel.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f596f-4814-4764-9550-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f596f-4814-4764-9550-1859950d210f", "ipv4-addr--596f596f-4814-4764-9550-1859950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f596f-4814-4764-9550-1859950d210f", "dst_ref": "ipv4-addr--596f596f-4814-4764-9550-1859950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f596f-4814-4764-9550-1859950d210f", "value": "103.247.9.134" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596f-cb50-4198-ab06-4699950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://spaceonline.in/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f596f-0a08-4d60-82d6-453b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'spaceonline.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5970-d804-41c1-8be9-42ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5970-d804-41c1-8be9-42ea950d210f", "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5970-d804-41c1-8be9-42ea950d210f", "dst_ref": "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f", "value": "111.118.212.86" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5970-4e1c-4493-ac0a-41d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://studio80.biz/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5970-e8bc-49da-becc-4875950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'studio80.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5970-c6a8-47ac-b332-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5970-c6a8-47ac-b332-178c950d210f", "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5970-c6a8-47ac-b332-178c950d210f", "dst_ref": "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f", "value": "81.169.145.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5971-10f4-4f94-af5a-4a72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://sunnydaypublishing.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5971-7314-44e1-a767-1a21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'sunnydaypublishing.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5971-a4ac-41b9-84c4-417c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f", "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f", "dst_ref": "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f", "value": "192.185.52.210" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5971-42f0-49da-ab6c-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://sxmht.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5971-64a0-44b9-95a7-4048950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'sxmht.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5974-05c8-46bd-9014-4d6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f", "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f", "dst_ref": "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f", "value": "1.82.161.53" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5974-fea8-469d-8f97-4641950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://taobba.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5974-3f34-4c9c-bbef-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'taobba.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5976-c8d8-403d-b7f2-4a1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f", "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f", "dst_ref": "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f", "value": "211.159.182.101" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5976-316c-42cc-bd53-48f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://tax-accounting.net/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5976-5664-42c0-8fdb-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'tax-accounting.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5977-ed44-4271-b987-453e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5977-ed44-4271-b987-453e950d210f", "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5977-ed44-4271-b987-453e950d210f", "dst_ref": "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f", "value": "147.185.115.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5977-4794-43cd-bdd6-4d02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://tayangfood.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5977-33f4-4a98-ae71-4d77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'tayangfood.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5977-cf04-4a91-b095-491b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5977-cf04-4a91-b095-491b950d210f", "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5977-cf04-4a91-b095-491b950d210f", "dst_ref": "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f", "value": "103.7.226.18" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5978-0c14-4c17-b6ed-4323950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://teoxan.ru/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5978-5504-4237-9701-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'teoxan.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5978-d1bc-4992-a0b3-4ec8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f", "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f", "dst_ref": "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f", "value": "37.143.9.146" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5978-ac20-42cf-8815-1a21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://test.atlon-mebel.ru/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5978-7a8c-4f79-b36b-4092950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'test.atlon-mebel.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5979-60c8-4734-bba1-4a02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://thegardiners.ca/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5979-f7bc-4756-8d9f-4161950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'thegardiners.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5979-dc74-4550-bffb-407a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f5979-dc74-4550-bffb-407a950d210f", "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f5979-dc74-4550-bffb-407a950d210f", "dst_ref": "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f", "value": "69.90.160.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5979-18b4-49d8-a955-42c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://urban-dna.pt/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5979-2b00-40e3-a588-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'urban-dna.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597a-1b80-415d-b14b-4ed2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f", "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f", "dst_ref": "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f", "value": "173.237.190.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f597a-f9d0-4b26-9482-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://westsussexcentre.org.uk/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f597a-6fec-484b-9b8a-44be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'westsussexcentre.org.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597b-c818-4075-a445-42d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597b-c818-4075-a445-42d6950d210f", "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597b-c818-4075-a445-42d6950d210f", "dst_ref": "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f", "value": "92.48.97.5" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f597b-c410-4ed8-8509-4293950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[url:value = 'http://wizbam.com/83b7bf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f597b-1374-4e3f-94df-4fe0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "pattern": "[domain-name:value = 'wizbam.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597b-bae4-4892-bce0-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597b-bae4-4892-bce0-178c950d210f", "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597b-bae4-4892-bce0-178c950d210f", "dst_ref": "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f", "value": "107.180.48.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597b-0b44-4056-b97e-4bff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597b-0b44-4056-b97e-4bff950d210f", "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597b-0b44-4056-b97e-4bff950d210f", "dst_ref": "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f", "value": "194.87.95.60" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597b-1028-40b1-aec7-1a21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597b-1028-40b1-aec7-1a21950d210f", "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597b-1028-40b1-aec7-1a21950d210f", "dst_ref": "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f", "value": "190.228.169.106" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597c-a210-458a-aa84-402b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597c-a210-458a-aa84-402b950d210f", "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597c-a210-458a-aa84-402b950d210f", "dst_ref": "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f", "value": "94.42.91.27" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597c-c630-4ca8-84bf-19ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f", "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f", "dst_ref": "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f", "value": "118.91.178.114" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597c-a794-4075-a768-4658950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597c-a794-4075-a768-4658950d210f", "ipv4-addr--596f597c-a794-4075-a768-4658950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597c-a794-4075-a768-4658950d210f", "dst_ref": "ipv4-addr--596f597c-a794-4075-a768-4658950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597c-a794-4075-a768-4658950d210f", "value": "186.103.161.204" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597c-27e0-4e79-8853-4668950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597c-27e0-4e79-8853-4668950d210f", "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597c-27e0-4e79-8853-4668950d210f", "dst_ref": "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f", "value": "163.53.206.187" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597d-1930-44a9-a767-4a31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597d-1930-44a9-a767-4a31950d210f", "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597d-1930-44a9-a767-4a31950d210f", "dst_ref": "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f", "value": "46.160.165.16" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597d-b3a4-47b6-a332-49f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f", "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f", "dst_ref": "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f", "value": "191.7.30.30" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597d-ff7c-48ad-8829-1ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f", "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f", "dst_ref": "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f", "value": "46.160.165.31" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597d-6b74-405f-9ca3-4931950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597d-6b74-405f-9ca3-4931950d210f", "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597d-6b74-405f-9ca3-4931950d210f", "dst_ref": "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f", "value": "197.248.210.150" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597e-7080-4cdf-9aee-4387950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597e-7080-4cdf-9aee-4387950d210f", "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597e-7080-4cdf-9aee-4387950d210f", "dst_ref": "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f", "value": "195.133.201.149" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597e-8ef0-43ef-a592-1859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597e-8ef0-43ef-a592-1859950d210f", "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597e-8ef0-43ef-a592-1859950d210f", "dst_ref": "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f", "value": "94.140.121.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597e-ca90-4f9a-9c09-4a37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f", "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f", "dst_ref": "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f", "value": "83.234.136.55" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597e-187c-4910-a4e9-4372950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597e-187c-4910-a4e9-4372950d210f", "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597e-187c-4910-a4e9-4372950d210f", "dst_ref": "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f", "value": "93.99.68.140" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597f-7308-442a-8491-44fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597f-7308-442a-8491-44fe950d210f", "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597f-7308-442a-8491-44fe950d210f", "dst_ref": "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f", "value": "118.91.178.145" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597f-e590-4a9d-b7ef-4a75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f", "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f", "dst_ref": "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f", "value": "168.194.82.174" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f597f-0a60-475c-a891-178c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:42.000Z", "modified": "2017-07-19T13:20:42.000Z", "first_observed": "2017-07-19T13:20:42Z", "last_observed": "2017-07-19T13:20:42Z", "number_observed": 1, "object_refs": [ "network-traffic--596f597f-0a60-475c-a891-178c950d210f", "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--596f597f-0a60-475c-a891-178c950d210f", "dst_ref": "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f", "value": "190.34.158.250" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5cac-8374-4e01-bb15-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "description": "- Xchecked via VT: f9650f8f6d8953dbfef206a4783cdd56", "pattern": "[file:hashes.SHA256 = 'bbf078b84fe939f8b3a3d297c72b9240749bcd59fb0a31e6098e822f1a83fd60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5cac-9c14-4d0d-ba3a-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "description": "- Xchecked via VT: f9650f8f6d8953dbfef206a4783cdd56", "pattern": "[file:hashes.SHA1 = '5b7459a63b58c8ff2f24f67bd87df793d2774884']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5cac-7ff8-4593-9c66-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "first_observed": "2017-07-19T13:20:44Z", "last_observed": "2017-07-19T13:20:44Z", "number_observed": 1, "object_refs": [ "url--596f5cac-7ff8-4593-9c66-186302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--596f5cac-7ff8-4593-9c66-186302de0b81", "value": "https://www.virustotal.com/file/bbf078b84fe939f8b3a3d297c72b9240749bcd59fb0a31e6098e822f1a83fd60/analysis/1500469176/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5cac-d6d8-48ac-bcfd-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "description": "- Xchecked via VT: 89eae47c0fe12a7409dc42304dbb737f", "pattern": "[file:hashes.SHA256 = 'a11fd973ea8bfd69772c26fde686f6529e671058799301f2aea3915b1a928f51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--596f5cac-b6d4-4bbd-8796-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "description": "- Xchecked via VT: 89eae47c0fe12a7409dc42304dbb737f", "pattern": "[file:hashes.SHA1 = 'c8a1a89dc47905d1945beaba31a1b8256060d83b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-07-19T13:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--596f5cac-a2a4-4ffa-b041-186302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-07-19T13:20:44.000Z", "modified": "2017-07-19T13:20:44.000Z", "first_observed": "2017-07-19T13:20:44Z", "last_observed": "2017-07-19T13:20:44Z", "number_observed": 1, "object_refs": [ "url--596f5cac-a2a4-4ffa-b041-186302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--596f5cac-a2a4-4ffa-b041-186302de0b81", "value": "https://www.virustotal.com/file/a11fd973ea8bfd69772c26fde686f6529e671058799301f2aea3915b1a928f51/analysis/1500466841/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }