{ "type": "bundle", "id": "bundle--59b7cd9e-57e4-42c6-b1ce-440d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T14:15:22.000Z", "modified": "2017-09-12T14:15:22.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59b7cd9e-57e4-42c6-b1ce-440d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T14:15:22.000Z", "modified": "2017-09-12T14:15:22.000Z", "name": "M2M - Locky 2017-09-11/11 : Affid=3, \".lukitus\" : \"Bankwest - You have a new eStatement\" - /statement.html links", "published": "2017-09-12T14:15:31Z", "object_refs": [ "indicator--59b7cd9f-981c-4c2c-8b53-46fb950d210f", "indicator--59b7cd9f-56d4-428f-b365-4303950d210f", "indicator--59b7cda0-1474-48af-ae04-02b8950d210f", "indicator--59b7cda0-8008-44f0-8882-02fa950d210f", "observed-data--59b7cda0-bc48-42cb-bc1d-4079950d210f", "network-traffic--59b7cda0-bc48-42cb-bc1d-4079950d210f", "ipv4-addr--59b7cda0-bc48-42cb-bc1d-4079950d210f", "indicator--59b7cda0-62b8-4017-857d-4ff8950d210f", "indicator--59b7cda1-f198-4ba3-81e6-02fc950d210f", "observed-data--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "network-traffic--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "ipv4-addr--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "indicator--59b7cda1-19d8-42bc-a278-469d950d210f", "indicator--59b7cda1-95c4-41f2-90c3-49bd950d210f", "observed-data--59b7cda2-d150-464f-9460-02b8950d210f", "network-traffic--59b7cda2-d150-464f-9460-02b8950d210f", "ipv4-addr--59b7cda2-d150-464f-9460-02b8950d210f", "indicator--59b7cda2-595c-482d-9250-02fa950d210f", "indicator--59b7cda2-8c30-4fc1-81db-4ea4950d210f", "observed-data--59b7cda2-f090-4d88-a586-02fc950d210f", "network-traffic--59b7cda2-f090-4d88-a586-02fc950d210f", "ipv4-addr--59b7cda2-f090-4d88-a586-02fc950d210f", "indicator--59b7cda3-83e0-413e-99b6-432c950d210f", "indicator--59b7cda3-8f64-4c01-9fcf-48f8950d210f", "observed-data--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "network-traffic--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "ipv4-addr--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "indicator--59b7cda3-ac68-4ef5-b5b8-40bb950d210f", "indicator--59b7cda3-af98-4fce-98a9-4edf950d210f", "observed-data--59b7cda4-5e40-42b8-af4d-4b76950d210f", "network-traffic--59b7cda4-5e40-42b8-af4d-4b76950d210f", "ipv4-addr--59b7cda4-5e40-42b8-af4d-4b76950d210f", "indicator--59b7cda4-31ac-4cfa-9241-02fa950d210f", "indicator--59b7cda4-8620-407e-9298-473e950d210f", "observed-data--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "network-traffic--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "ipv4-addr--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "indicator--59b7cda4-68e8-4642-9a56-468a950d210f", "indicator--59b7cda5-a968-4378-8a21-02fc950d210f", "observed-data--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "network-traffic--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "ipv4-addr--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "indicator--59b7cda5-ead0-4524-9537-4314950d210f", "indicator--59b7cda5-be2c-457f-a257-4318950d210f", "observed-data--59b7cda6-2984-4acd-810d-4061950d210f", "network-traffic--59b7cda6-2984-4acd-810d-4061950d210f", "ipv4-addr--59b7cda6-2984-4acd-810d-4061950d210f", "indicator--59b7cda6-01ac-454c-83e0-4128950d210f", "indicator--59b7cda6-9f18-45c5-9e43-02b8950d210f", "observed-data--59b7cda8-493c-4a66-a40b-49bd950d210f", "network-traffic--59b7cda8-493c-4a66-a40b-49bd950d210f", "ipv4-addr--59b7cda8-493c-4a66-a40b-49bd950d210f", "indicator--59b7cda8-3424-4dbb-99e4-4830950d210f", "indicator--59b7cda8-896c-4b97-b43e-02fc950d210f", "observed-data--59b7cda8-81f4-4734-a4a0-4d14950d210f", "network-traffic--59b7cda8-81f4-4734-a4a0-4d14950d210f", "ipv4-addr--59b7cda8-81f4-4734-a4a0-4d14950d210f", "indicator--59b7cda8-d684-4889-b398-4b14950d210f", "indicator--59b7cda8-f124-4c1e-89ff-4345950d210f", "observed-data--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "network-traffic--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "ipv4-addr--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "indicator--59b7cda9-a1a0-4d49-a5ea-4ffe950d210f", "indicator--59b7cda9-1d68-4a52-a8b7-4592950d210f", "observed-data--59b7cda9-9ee0-4456-9aba-45e1950d210f", "network-traffic--59b7cda9-9ee0-4456-9aba-45e1950d210f", "ipv4-addr--59b7cda9-9ee0-4456-9aba-45e1950d210f", "indicator--59b7cdaa-47c4-405a-b804-02b8950d210f", "indicator--59b7cdaa-fec8-43b9-aeb2-4783950d210f", "observed-data--59b7cdaa-13c0-46cf-a002-412e950d210f", "network-traffic--59b7cdaa-13c0-46cf-a002-412e950d210f", "ipv4-addr--59b7cdaa-13c0-46cf-a002-412e950d210f", "indicator--59b7cdaa-1f04-4bf7-9ddc-42c2950d210f", "indicator--59b7cdaa-1ee0-4c8a-a900-4c1d950d210f", "observed-data--59b7cdab-5804-4f89-845b-4697950d210f", "network-traffic--59b7cdab-5804-4f89-845b-4697950d210f", "ipv4-addr--59b7cdab-5804-4f89-845b-4697950d210f", "indicator--59b7cdab-4ab4-42e7-8030-4511950d210f", "indicator--59b7cdab-e008-42d9-835d-489b950d210f", "observed-data--59b7cdac-90fc-4582-afc9-4bac950d210f", "network-traffic--59b7cdac-90fc-4582-afc9-4bac950d210f", "ipv4-addr--59b7cdac-90fc-4582-afc9-4bac950d210f", "indicator--59b7cdac-25e8-4fb6-9377-460c950d210f", "indicator--59b7cdac-de70-4073-b19e-441b950d210f", "observed-data--59b7cdac-382c-455f-8b9e-49b7950d210f", "network-traffic--59b7cdac-382c-455f-8b9e-49b7950d210f", "ipv4-addr--59b7cdac-382c-455f-8b9e-49b7950d210f", "indicator--59b7cdad-28ac-4ffb-92a5-4eff950d210f", "indicator--59b7cdad-8968-4c43-8902-45cf950d210f", "observed-data--59b7cdad-ef1c-45d4-b95e-4052950d210f", "network-traffic--59b7cdad-ef1c-45d4-b95e-4052950d210f", "ipv4-addr--59b7cdad-ef1c-45d4-b95e-4052950d210f", "indicator--59b7cdad-6dd4-4803-a972-42de950d210f", "indicator--59b7cdad-63a0-4bcd-800c-43c6950d210f", "indicator--59b7cdae-f464-43d0-9dd2-4a5a950d210f", "indicator--59b7cdae-5730-46a6-a1ea-4bc6950d210f", "indicator--59b7cdb5-e28c-4770-bf33-02b8950d210f", "indicator--59b7cdb5-936c-4d3a-a702-4acc950d210f", "observed-data--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "network-traffic--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "ipv4-addr--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "indicator--59b7cdb5-dc48-429f-a4e1-46db950d210f", "indicator--59b7cdb5-31c4-43ea-8cea-42ef950d210f", "observed-data--59b7cdb6-0a30-410c-8d58-4740950d210f", "network-traffic--59b7cdb6-0a30-410c-8d58-4740950d210f", "ipv4-addr--59b7cdb6-0a30-410c-8d58-4740950d210f", "indicator--59b7cdb6-1338-4b45-932e-49d0950d210f", "indicator--59b7cdb6-21a4-4911-9130-4b59950d210f", "observed-data--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "network-traffic--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "ipv4-addr--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "indicator--59b7cdb7-0ff8-4303-b6ea-4913950d210f", "indicator--59b7cdb7-c188-4caa-8bf7-459f950d210f", "observed-data--59b7cdb7-1ccc-4919-babc-40cd950d210f", "network-traffic--59b7cdb7-1ccc-4919-babc-40cd950d210f", "ipv4-addr--59b7cdb7-1ccc-4919-babc-40cd950d210f", "indicator--59b7cdb8-cbb4-4459-8bc0-47ad950d210f", "indicator--59b7cdb8-29f0-43f1-85be-43bd950d210f", "observed-data--59b7cdb8-2870-467a-86ce-41a7950d210f", "network-traffic--59b7cdb8-2870-467a-86ce-41a7950d210f", "ipv4-addr--59b7cdb8-2870-467a-86ce-41a7950d210f", "indicator--59b7cdb8-5368-45f8-b85e-4058950d210f", "indicator--59b7cdb9-3724-4010-a5de-41af950d210f", "observed-data--59b7cdbb-44f8-4ee4-930f-4181950d210f", "network-traffic--59b7cdbb-44f8-4ee4-930f-4181950d210f", "ipv4-addr--59b7cdbb-44f8-4ee4-930f-4181950d210f", "indicator--59b7cdbb-a3b4-41d9-ad06-4eb2950d210f", "indicator--59b7cdbb-a990-4038-bc74-46a1950d210f", "observed-data--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "network-traffic--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "ipv4-addr--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "indicator--59b7cdbc-56ec-42ab-9e28-445f950d210f", "indicator--59b7cdbc-ae8c-4f9d-bb57-48b5950d210f", "observed-data--59b7cdbc-1ad4-454d-97df-4be2950d210f", "network-traffic--59b7cdbc-1ad4-454d-97df-4be2950d210f", "ipv4-addr--59b7cdbc-1ad4-454d-97df-4be2950d210f", "indicator--59b7cdbc-14f4-44ed-8cdf-466d950d210f", "indicator--59b7cdbd-6354-4e39-b860-4387950d210f", "observed-data--59b7cdbd-d370-4bd1-af60-02fc950d210f", "network-traffic--59b7cdbd-d370-4bd1-af60-02fc950d210f", "ipv4-addr--59b7cdbd-d370-4bd1-af60-02fc950d210f", "indicator--59b7cdbd-d058-4521-8d85-4138950d210f", "indicator--59b7cdbd-5180-414c-9f01-43f0950d210f", "observed-data--59b7cdbe-6594-4d20-869c-4765950d210f", "network-traffic--59b7cdbe-6594-4d20-869c-4765950d210f", "ipv4-addr--59b7cdbe-6594-4d20-869c-4765950d210f", "indicator--59b7cdbe-f288-44bd-b7f3-4c33950d210f", "indicator--59b7cdbe-797c-4984-9e7c-02b8950d210f", "observed-data--59b7cdbe-80dc-487d-8372-45ca950d210f", "network-traffic--59b7cdbe-80dc-487d-8372-45ca950d210f", "ipv4-addr--59b7cdbe-80dc-487d-8372-45ca950d210f", "indicator--59b7cdbe-d740-447b-a1b2-4589950d210f", "indicator--59b7cdbe-d2a0-416f-aff1-4ca2950d210f", "observed-data--59b7cdbf-9888-4cbb-be4e-406c950d210f", "network-traffic--59b7cdbf-9888-4cbb-be4e-406c950d210f", "ipv4-addr--59b7cdbf-9888-4cbb-be4e-406c950d210f", "indicator--59b7cdbf-6598-40da-a160-430d950d210f", "indicator--59b7cdbf-b038-4577-8d44-4f77950d210f", "observed-data--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "network-traffic--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "ipv4-addr--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "indicator--59b7cdc0-4f24-4203-b59b-41bc950d210f", "indicator--59b7cdc0-7ed4-4db0-abba-4798950d210f", "indicator--59b7cdc0-f6a4-404b-84bc-4325950d210f", "indicator--59b7cdc1-cfcc-45ac-856a-40a1950d210f", "observed-data--59b7cdc1-51dc-4114-9d31-02b8950d210f", "network-traffic--59b7cdc1-51dc-4114-9d31-02b8950d210f", "ipv4-addr--59b7cdc1-51dc-4114-9d31-02b8950d210f", "indicator--59b7cdc1-baf8-497d-b726-481f950d210f", "indicator--59b7cdc1-671c-40c8-adae-42b1950d210f", "observed-data--59b7cdc2-28bc-4155-901a-4e79950d210f", "network-traffic--59b7cdc2-28bc-4155-901a-4e79950d210f", "ipv4-addr--59b7cdc2-28bc-4155-901a-4e79950d210f", "indicator--59b7cdc2-ffbc-414b-b8ee-422d950d210f", "indicator--59b7cdc2-3520-4dc3-87d3-4156950d210f", "observed-data--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "network-traffic--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "ipv4-addr--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "indicator--59b7cdc2-1fb4-4151-b933-4ef7950d210f", "indicator--59b7cdc3-3f54-4b94-bc28-4812950d210f", "observed-data--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "network-traffic--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "ipv4-addr--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "indicator--59b7cdc3-0ec0-4b34-ac1f-02fc950d210f", "indicator--59b7cdc3-ef4c-49d8-81c3-4ed7950d210f", "observed-data--59b7cdc4-2f94-479a-9f10-44ce950d210f", "network-traffic--59b7cdc4-2f94-479a-9f10-44ce950d210f", "ipv4-addr--59b7cdc4-2f94-479a-9f10-44ce950d210f", "indicator--59b7cdc4-7d10-40bc-bb4e-4e81950d210f", "indicator--59b7cdc4-a390-4ee0-a951-46a6950d210f", "indicator--59b7cdc4-9ff0-4ef8-b5bc-4d16950d210f", "indicator--59b7cdc4-3758-4b3b-9597-4b29950d210f", "observed-data--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "network-traffic--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "ipv4-addr--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "indicator--59b7cdc5-d3ac-4cf8-9de6-46b8950d210f", "indicator--59b7cdc5-d03c-4bb8-a1e2-4a56950d210f", "observed-data--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "network-traffic--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "ipv4-addr--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "indicator--59b7cdc5-f778-45f3-8fb2-49c5950d210f", "indicator--59b7cdc5-b634-4ab2-87c6-02fc950d210f", "observed-data--59b7cdc6-5ac4-4134-995f-4892950d210f", "network-traffic--59b7cdc6-5ac4-4134-995f-4892950d210f", "ipv4-addr--59b7cdc6-5ac4-4134-995f-4892950d210f", "indicator--59b7cdc6-a1f0-4362-a494-481b950d210f", "indicator--59b7cdc6-9db0-4daa-80d1-4d82950d210f", "observed-data--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "network-traffic--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "ipv4-addr--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "indicator--59b7cdc6-9a3c-470b-92c2-4b95950d210f", "indicator--59b7cdc7-6654-4796-9669-4093950d210f", "observed-data--59b7cdc7-2db8-43ca-b58f-405a950d210f", "network-traffic--59b7cdc7-2db8-43ca-b58f-405a950d210f", "ipv4-addr--59b7cdc7-2db8-43ca-b58f-405a950d210f", "indicator--59b7cdc7-bc4c-4b49-a1a3-4f85950d210f", "indicator--59b7cdc7-2f20-426e-9284-4ef2950d210f", "indicator--59b7cdc8-d21c-4fda-ad4d-481f950d210f", "indicator--59b7cdc8-3564-4773-9305-02fc950d210f", "observed-data--59b7cdc8-4b6c-421a-823a-412a950d210f", "network-traffic--59b7cdc8-4b6c-421a-823a-412a950d210f", "ipv4-addr--59b7cdc8-4b6c-421a-823a-412a950d210f", "indicator--59b7cdc8-8014-4d09-9daa-452a950d210f", "indicator--59b7cdc9-f64c-4538-b966-4fda950d210f", "observed-data--59b7cdc9-d6c4-4854-91fe-4857950d210f", "network-traffic--59b7cdc9-d6c4-4854-91fe-4857950d210f", "ipv4-addr--59b7cdc9-d6c4-4854-91fe-4857950d210f", "indicator--59b7cdc9-74d0-4c3d-be40-40ca950d210f", "indicator--59b7cdc9-fb98-45ea-b9af-41a5950d210f", "observed-data--59b7cdca-068c-40c5-8efb-41fe950d210f", "network-traffic--59b7cdca-068c-40c5-8efb-41fe950d210f", "ipv4-addr--59b7cdca-068c-40c5-8efb-41fe950d210f", "indicator--59b7cdca-bd48-4e99-9ce4-424d950d210f", "indicator--59b7cdcb-8390-4f84-952a-4c92950d210f", "observed-data--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "network-traffic--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "ipv4-addr--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "indicator--59b7cdcb-dd1c-45f5-b945-438d950d210f", "indicator--59b7cdcb-5288-4b24-9a1b-407c950d210f", "observed-data--59b7cdcf-2978-4f33-ad86-4afe950d210f", "network-traffic--59b7cdcf-2978-4f33-ad86-4afe950d210f", "ipv4-addr--59b7cdcf-2978-4f33-ad86-4afe950d210f", "indicator--59b7cdcf-70c8-44e6-ab24-4ab4950d210f", "indicator--59b7cdcf-cc20-4490-b08b-4d4c950d210f", "indicator--59b7cdcf-3558-4a72-b8d6-48a7950d210f", "indicator--59b7cdcf-42c0-4397-abc4-4c1a950d210f", "indicator--59b7cdd0-b51c-4cf3-a8a4-47f5950d210f", "indicator--59b7cdd0-93e8-4f02-b0ac-40b8950d210f", "observed-data--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "network-traffic--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "ipv4-addr--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "observed-data--59b7cdd1-0d30-4b2b-93fd-473c950d210f", "url--59b7cdd1-0d30-4b2b-93fd-473c950d210f", "observed-data--59b7cdd1-8e08-44b4-9901-47b7950d210f", "network-traffic--59b7cdd1-8e08-44b4-9901-47b7950d210f", "ipv4-addr--59b7cdd1-8e08-44b4-9901-47b7950d210f", "observed-data--59b7cdd1-4710-4396-a9f8-4640950d210f", "url--59b7cdd1-4710-4396-a9f8-4640950d210f", "observed-data--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "network-traffic--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "ipv4-addr--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "indicator--59b7cdd2-0c70-4e13-b411-4827950d210f", "indicator--59b7cdd2-c7c0-4759-99ab-02b8950d210f", "indicator--59b7cdd2-5740-4a39-b4a3-4510950d210f", "indicator--59b7cdd2-b684-4131-b644-4f27950d210f", "indicator--59b7cdd2-3674-4aca-b0ee-496c950d210f", "indicator--59b7cdd3-3f70-467f-a10a-46f8950d210f", "indicator--59b7cdd3-fc6c-438b-b2a3-4e4b950d210f", "indicator--59b7cdd3-4734-4a8d-b36c-02b8950d210f", "indicator--59b7cdd3-e358-403a-b14f-4d4e950d210f", "indicator--59b7cdd3-0184-462f-94f9-4038950d210f", "indicator--59b7cdd4-a1d0-4d08-982c-4f37950d210f", "indicator--59b7cdd4-2508-45bf-9db1-4bfe950d210f", "indicator--59b7cdd4-e0e8-4cea-9bfc-4f33950d210f", "indicator--59b7cdd4-3bd0-40e9-9c85-4b76950d210f", "indicator--59b7cdd4-9a94-4326-9774-4efa950d210f", "indicator--59b7cdd5-88f4-4857-841e-4ae6950d210f", "indicator--59b7cdd5-6288-407d-97fa-4c65950d210f", "indicator--59b7cdd5-f264-42de-8b18-42d6950d210f", "indicator--59b7cdd5-ed54-4f4d-87ad-02fc950d210f", "indicator--59b7cdd5-1b78-41c7-a1df-44c4950d210f", "indicator--59b7cdd5-26ac-4de8-94e5-4cdc950d210f", "indicator--59b7cdd6-3674-4fbb-badf-4336950d210f", "indicator--59b7cdd6-6758-4ca5-9837-47fb950d210f", "indicator--59b7cdd6-adcc-4b9e-96d9-4633950d210f", "indicator--59b7e43f-5b98-4145-aa0c-453502de0b81", "indicator--59b7e43f-f7f8-42ac-bc85-4ec302de0b81", "observed-data--59b7e43f-fb38-4b54-a271-4e5702de0b81", "url--59b7e43f-fb38-4b54-a271-4e5702de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cd9f-981c-4c2c-8b53-46fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[file:hashes.MD5 = '2518037ef7d7524a631c4bf9086428f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cd9f-56d4-428f-b365-4303950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[file:hashes.MD5 = '230606dd8b0d62e2a8a04ef61b2d8707']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda0-1474-48af-ae04-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://420ent.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda0-8008-44f0-8882-02fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = '420ent.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda0-bc48-42cb-bc1d-4079950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda0-bc48-42cb-bc1d-4079950d210f", "ipv4-addr--59b7cda0-bc48-42cb-bc1d-4079950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda0-bc48-42cb-bc1d-4079950d210f", "dst_ref": "ipv4-addr--59b7cda0-bc48-42cb-bc1d-4079950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda0-bc48-42cb-bc1d-4079950d210f", "value": "98.124.251.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda0-62b8-4017-857d-4ff8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://afilhadaemmocambique.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda1-f198-4ba3-81e6-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'afilhadaemmocambique.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "ipv4-addr--59b7cda1-9414-48a4-8dd1-4ad4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "dst_ref": "ipv4-addr--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda1-9414-48a4-8dd1-4ad4950d210f", "value": "80.172.241.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda1-19d8-42bc-a278-469d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://beepop.info/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda1-95c4-41f2-90c3-49bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'beepop.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda2-d150-464f-9460-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda2-d150-464f-9460-02b8950d210f", "ipv4-addr--59b7cda2-d150-464f-9460-02b8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda2-d150-464f-9460-02b8950d210f", "dst_ref": "ipv4-addr--59b7cda2-d150-464f-9460-02b8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda2-d150-464f-9460-02b8950d210f", "value": "217.160.239.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda2-595c-482d-9250-02fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://bellevuecommunityband.org/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda2-8c30-4fc1-81db-4ea4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'bellevuecommunityband.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda2-f090-4d88-a586-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda2-f090-4d88-a586-02fc950d210f", "ipv4-addr--59b7cda2-f090-4d88-a586-02fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda2-f090-4d88-a586-02fc950d210f", "dst_ref": "ipv4-addr--59b7cda2-f090-4d88-a586-02fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda2-f090-4d88-a586-02fc950d210f", "value": "64.6.227.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda3-83e0-413e-99b6-432c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://bingleybuilder.co.uk/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda3-8f64-4c01-9fcf-48f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'bingleybuilder.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "ipv4-addr--59b7cda3-6f8c-43c4-a6d6-41ae950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "dst_ref": "ipv4-addr--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda3-6f8c-43c4-a6d6-41ae950d210f", "value": "77.68.14.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda3-ac68-4ef5-b5b8-40bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://cedricanimation.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda3-af98-4fce-98a9-4edf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'cedricanimation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda4-5e40-42b8-af4d-4b76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda4-5e40-42b8-af4d-4b76950d210f", "ipv4-addr--59b7cda4-5e40-42b8-af4d-4b76950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda4-5e40-42b8-af4d-4b76950d210f", "dst_ref": "ipv4-addr--59b7cda4-5e40-42b8-af4d-4b76950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda4-5e40-42b8-af4d-4b76950d210f", "value": "92.48.103.161" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda4-31ac-4cfa-9241-02fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://chimachinenow.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda4-8620-407e-9298-473e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'chimachinenow.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "ipv4-addr--59b7cda4-a7fc-4aa4-ba12-4d13950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "dst_ref": "ipv4-addr--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda4-a7fc-4aa4-ba12-4d13950d210f", "value": "199.30.241.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda4-68e8-4642-9a56-468a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://comtechadsl.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda5-a968-4378-8a21-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'comtechadsl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "ipv4-addr--59b7cda5-3a70-4eee-87ef-4bc3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "dst_ref": "ipv4-addr--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda5-3a70-4eee-87ef-4bc3950d210f", "value": "77.92.1.3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda5-ead0-4524-9537-4314950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://conectivaconsultores.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda5-be2c-457f-a257-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'conectivaconsultores.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda6-2984-4acd-810d-4061950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda6-2984-4acd-810d-4061950d210f", "ipv4-addr--59b7cda6-2984-4acd-810d-4061950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda6-2984-4acd-810d-4061950d210f", "dst_ref": "ipv4-addr--59b7cda6-2984-4acd-810d-4061950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda6-2984-4acd-810d-4061950d210f", "value": "84.232.4.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda6-01ac-454c-83e0-4128950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://crystalballcruise.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda6-9f18-45c5-9e43-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'crystalballcruise.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda8-493c-4a66-a40b-49bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda8-493c-4a66-a40b-49bd950d210f", "ipv4-addr--59b7cda8-493c-4a66-a40b-49bd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda8-493c-4a66-a40b-49bd950d210f", "dst_ref": "ipv4-addr--59b7cda8-493c-4a66-a40b-49bd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda8-493c-4a66-a40b-49bd950d210f", "value": "173.193.126.154" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda8-3424-4dbb-99e4-4830950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://cutwell.ca/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda8-896c-4b97-b43e-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'cutwell.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda8-81f4-4734-a4a0-4d14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda8-81f4-4734-a4a0-4d14950d210f", "ipv4-addr--59b7cda8-81f4-4734-a4a0-4d14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda8-81f4-4734-a4a0-4d14950d210f", "dst_ref": "ipv4-addr--59b7cda8-81f4-4734-a4a0-4d14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda8-81f4-4734-a4a0-4d14950d210f", "value": "98.124.251.68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda8-d684-4889-b398-4b14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://dbatee.gr/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda8-f124-4c1e-89ff-4345950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'dbatee.gr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "ipv4-addr--59b7cda9-f2d4-45ee-90d9-4a70950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "dst_ref": "ipv4-addr--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda9-f2d4-45ee-90d9-4a70950d210f", "value": "62.103.152.100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda9-a1a0-4d49-a5ea-4ffe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://duaneandirisblue.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cda9-1d68-4a52-a8b7-4592950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'duaneandirisblue.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cda9-9ee0-4456-9aba-45e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cda9-9ee0-4456-9aba-45e1950d210f", "ipv4-addr--59b7cda9-9ee0-4456-9aba-45e1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cda9-9ee0-4456-9aba-45e1950d210f", "dst_ref": "ipv4-addr--59b7cda9-9ee0-4456-9aba-45e1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cda9-9ee0-4456-9aba-45e1950d210f", "value": "68.171.35.126" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdaa-47c4-405a-b804-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://e-chards.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdaa-fec8-43b9-aeb2-4783950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'e-chards.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdaa-13c0-46cf-a002-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdaa-13c0-46cf-a002-412e950d210f", "ipv4-addr--59b7cdaa-13c0-46cf-a002-412e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdaa-13c0-46cf-a002-412e950d210f", "dst_ref": "ipv4-addr--59b7cdaa-13c0-46cf-a002-412e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdaa-13c0-46cf-a002-412e950d210f", "value": "64.6.253.223" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdaa-1f04-4bf7-9ddc-42c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://envi-herzog.de/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdaa-1ee0-4c8a-a900-4c1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'envi-herzog.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdab-5804-4f89-845b-4697950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdab-5804-4f89-845b-4697950d210f", "ipv4-addr--59b7cdab-5804-4f89-845b-4697950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdab-5804-4f89-845b-4697950d210f", "dst_ref": "ipv4-addr--59b7cdab-5804-4f89-845b-4697950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdab-5804-4f89-845b-4697950d210f", "value": "194.116.187.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdab-4ab4-42e7-8030-4511950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://ericweb.co.za/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdab-e008-42d9-835d-489b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'ericweb.co.za']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdac-90fc-4582-afc9-4bac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdac-90fc-4582-afc9-4bac950d210f", "ipv4-addr--59b7cdac-90fc-4582-afc9-4bac950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdac-90fc-4582-afc9-4bac950d210f", "dst_ref": "ipv4-addr--59b7cdac-90fc-4582-afc9-4bac950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdac-90fc-4582-afc9-4bac950d210f", "value": "196.25.211.127" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdac-25e8-4fb6-9377-460c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://eternallyclassicjewelry.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdac-de70-4073-b19e-441b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'eternallyclassicjewelry.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdac-382c-455f-8b9e-49b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdac-382c-455f-8b9e-49b7950d210f", "ipv4-addr--59b7cdac-382c-455f-8b9e-49b7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdac-382c-455f-8b9e-49b7950d210f", "dst_ref": "ipv4-addr--59b7cdac-382c-455f-8b9e-49b7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdac-382c-455f-8b9e-49b7950d210f", "value": "98.124.251.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdad-28ac-4ffb-92a5-4eff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://excel-conduite.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdad-8968-4c43-8902-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'excel-conduite.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdad-ef1c-45d4-b95e-4052950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdad-ef1c-45d4-b95e-4052950d210f", "ipv4-addr--59b7cdad-ef1c-45d4-b95e-4052950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdad-ef1c-45d4-b95e-4052950d210f", "dst_ref": "ipv4-addr--59b7cdad-ef1c-45d4-b95e-4052950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdad-ef1c-45d4-b95e-4052950d210f", "value": "193.227.248.241" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdad-6dd4-4803-a972-42de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://expresspermis.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdad-63a0-4bcd-800c-43c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'expresspermis.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdae-f464-43d0-9dd2-4a5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://fexx.co.uk/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdae-5730-46a6-a1ea-4bc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'fexx.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb5-e28c-4770-bf33-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://fiore-web.it/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb5-936c-4d3a-a702-4acc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'fiore-web.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "ipv4-addr--59b7cdb5-4fc8-4726-84c3-4b54950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "dst_ref": "ipv4-addr--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdb5-4fc8-4726-84c3-4b54950d210f", "value": "89.96.90.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb5-dc48-429f-a4e1-46db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://hostprodirect.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb5-31c4-43ea-8cea-42ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'hostprodirect.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdb6-0a30-410c-8d58-4740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdb6-0a30-410c-8d58-4740950d210f", "ipv4-addr--59b7cdb6-0a30-410c-8d58-4740950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdb6-0a30-410c-8d58-4740950d210f", "dst_ref": "ipv4-addr--59b7cdb6-0a30-410c-8d58-4740950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdb6-0a30-410c-8d58-4740950d210f", "value": "209.213.100.202" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb6-1338-4b45-932e-49d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://irmak.web.tr/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb6-21a4-4911-9130-4b59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'irmak.web.tr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "ipv4-addr--59b7cdb7-9288-4d32-9ed5-4cbb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "dst_ref": "ipv4-addr--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdb7-9288-4d32-9ed5-4cbb950d210f", "value": "82.151.132.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb7-0ff8-4303-b6ea-4913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://jenyeong.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb7-c188-4caa-8bf7-459f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'jenyeong.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdb7-1ccc-4919-babc-40cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdb7-1ccc-4919-babc-40cd950d210f", "ipv4-addr--59b7cdb7-1ccc-4919-babc-40cd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdb7-1ccc-4919-babc-40cd950d210f", "dst_ref": "ipv4-addr--59b7cdb7-1ccc-4919-babc-40cd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdb7-1ccc-4919-babc-40cd950d210f", "value": "203.74.203.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb8-cbb4-4459-8bc0-47ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://lakeroadlavender.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb8-29f0-43f1-85be-43bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'lakeroadlavender.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdb8-2870-467a-86ce-41a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdb8-2870-467a-86ce-41a7950d210f", "ipv4-addr--59b7cdb8-2870-467a-86ce-41a7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdb8-2870-467a-86ce-41a7950d210f", "dst_ref": "ipv4-addr--59b7cdb8-2870-467a-86ce-41a7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdb8-2870-467a-86ce-41a7950d210f", "value": "66.199.174.108" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb8-5368-45f8-b85e-4058950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://linksoft.co.nz/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdb9-3724-4010-a5de-41af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'linksoft.co.nz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbb-44f8-4ee4-930f-4181950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbb-44f8-4ee4-930f-4181950d210f", "ipv4-addr--59b7cdbb-44f8-4ee4-930f-4181950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbb-44f8-4ee4-930f-4181950d210f", "dst_ref": "ipv4-addr--59b7cdbb-44f8-4ee4-930f-4181950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbb-44f8-4ee4-930f-4181950d210f", "value": "49.50.240.107" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbb-a3b4-41d9-ad06-4eb2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://matern-eger.de/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbb-a990-4038-bc74-46a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'matern-eger.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "ipv4-addr--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "dst_ref": "ipv4-addr--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbb-dbb8-46b1-a5b1-42a6950d210f", "value": "87.106.222.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbc-56ec-42ab-9e28-445f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://mysushi.it/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbc-ae8c-4f9d-bb57-48b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'mysushi.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbc-1ad4-454d-97df-4be2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbc-1ad4-454d-97df-4be2950d210f", "ipv4-addr--59b7cdbc-1ad4-454d-97df-4be2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbc-1ad4-454d-97df-4be2950d210f", "dst_ref": "ipv4-addr--59b7cdbc-1ad4-454d-97df-4be2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbc-1ad4-454d-97df-4be2950d210f", "value": "93.174.71.137" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbc-14f4-44ed-8cdf-466d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://pciholog.ru/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbd-6354-4e39-b860-4387950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'pciholog.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbd-d370-4bd1-af60-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbd-d370-4bd1-af60-02fc950d210f", "ipv4-addr--59b7cdbd-d370-4bd1-af60-02fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbd-d370-4bd1-af60-02fc950d210f", "dst_ref": "ipv4-addr--59b7cdbd-d370-4bd1-af60-02fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbd-d370-4bd1-af60-02fc950d210f", "value": "89.253.235.118" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbd-d058-4521-8d85-4138950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://phmetreci.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbd-5180-414c-9f01-43f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'phmetreci.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbe-6594-4d20-869c-4765950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbe-6594-4d20-869c-4765950d210f", "ipv4-addr--59b7cdbe-6594-4d20-869c-4765950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbe-6594-4d20-869c-4765950d210f", "dst_ref": "ipv4-addr--59b7cdbe-6594-4d20-869c-4765950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbe-6594-4d20-869c-4765950d210f", "value": "185.150.128.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbe-f288-44bd-b7f3-4c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://placecomp.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbe-797c-4984-9e7c-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'placecomp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbe-80dc-487d-8372-45ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbe-80dc-487d-8372-45ca950d210f", "ipv4-addr--59b7cdbe-80dc-487d-8372-45ca950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbe-80dc-487d-8372-45ca950d210f", "dst_ref": "ipv4-addr--59b7cdbe-80dc-487d-8372-45ca950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbe-80dc-487d-8372-45ca950d210f", "value": "74.208.88.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbe-d740-447b-a1b2-4589950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://primitivoconstruction.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbe-d2a0-416f-aff1-4ca2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'primitivoconstruction.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbf-9888-4cbb-be4e-406c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbf-9888-4cbb-be4e-406c950d210f", "ipv4-addr--59b7cdbf-9888-4cbb-be4e-406c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbf-9888-4cbb-be4e-406c950d210f", "dst_ref": "ipv4-addr--59b7cdbf-9888-4cbb-be4e-406c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbf-9888-4cbb-be4e-406c950d210f", "value": "216.222.197.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbf-6598-40da-a160-430d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://quadratus.nl/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdbf-b038-4577-8d44-4f77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'quadratus.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "ipv4-addr--59b7cdbf-5b9c-44e2-845b-02fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "dst_ref": "ipv4-addr--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdbf-5b9c-44e2-845b-02fc950d210f", "value": "94.126.70.17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc0-4f24-4203-b59b-41bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://rb.si/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc0-7ed4-4db0-abba-4798950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'rb.si']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc0-f6a4-404b-84bc-4325950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://redboxcontracting.co.uk/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc1-cfcc-45ac-856a-40a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'redboxcontracting.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc1-51dc-4114-9d31-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc1-51dc-4114-9d31-02b8950d210f", "ipv4-addr--59b7cdc1-51dc-4114-9d31-02b8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc1-51dc-4114-9d31-02b8950d210f", "dst_ref": "ipv4-addr--59b7cdc1-51dc-4114-9d31-02b8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc1-51dc-4114-9d31-02b8950d210f", "value": "77.240.1.138" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc1-baf8-497d-b726-481f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://reels.apa-agency.com/~apalibrary/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc1-671c-40c8-adae-42b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'reels.apa-agency.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc2-28bc-4155-901a-4e79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc2-28bc-4155-901a-4e79950d210f", "ipv4-addr--59b7cdc2-28bc-4155-901a-4e79950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc2-28bc-4155-901a-4e79950d210f", "dst_ref": "ipv4-addr--59b7cdc2-28bc-4155-901a-4e79950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc2-28bc-4155-901a-4e79950d210f", "value": "97.74.6.140" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc2-ffbc-414b-b8ee-422d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://sabines-marmeladen.de/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc2-3520-4dc3-87d3-4156950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'sabines-marmeladen.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "ipv4-addr--59b7cdc2-e6c4-400c-aa04-4e9b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "dst_ref": "ipv4-addr--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc2-e6c4-400c-aa04-4e9b950d210f", "value": "178.77.75.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc2-1fb4-4151-b933-4ef7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://schoensigns.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc3-3f54-4b94-bc28-4812950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'schoensigns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "ipv4-addr--59b7cdc3-e2a0-4249-aab0-4d9f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "dst_ref": "ipv4-addr--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc3-e2a0-4249-aab0-4d9f950d210f", "value": "184.168.126.30" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc3-0ec0-4b34-ac1f-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://scouting-bvb.nl/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc3-ef4c-49d8-81c3-4ed7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'scouting-bvb.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc4-2f94-479a-9f10-44ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc4-2f94-479a-9f10-44ce950d210f", "ipv4-addr--59b7cdc4-2f94-479a-9f10-44ce950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc4-2f94-479a-9f10-44ce950d210f", "dst_ref": "ipv4-addr--59b7cdc4-2f94-479a-9f10-44ce950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc4-2f94-479a-9f10-44ce950d210f", "value": "46.235.44.76" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc4-7d10-40bc-bb4e-4e81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://securmailbox.it/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc4-a390-4ee0-a951-46a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'securmailbox.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc4-9ff0-4ef8-b5bc-4d16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://shanta.de/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc4-3758-4b3b-9597-4b29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'shanta.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "ipv4-addr--59b7cdc5-fb10-40f3-b6e1-4baf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "dst_ref": "ipv4-addr--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc5-fb10-40f3-b6e1-4baf950d210f", "value": "83.169.1.28" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc5-d3ac-4cf8-9de6-46b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://share.be/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc5-d03c-4bb8-a1e2-4a56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'share.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "ipv4-addr--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "dst_ref": "ipv4-addr--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc5-4a0c-4da7-a37b-4ef9950d210f", "value": "91.183.189.151" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc5-f778-45f3-8fb2-49c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://shopsshops.de/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc5-b634-4ab2-87c6-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'shopsshops.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc6-5ac4-4134-995f-4892950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc6-5ac4-4134-995f-4892950d210f", "ipv4-addr--59b7cdc6-5ac4-4134-995f-4892950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc6-5ac4-4134-995f-4892950d210f", "dst_ref": "ipv4-addr--59b7cdc6-5ac4-4134-995f-4892950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc6-5ac4-4134-995f-4892950d210f", "value": "62.75.132.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc6-a1f0-4362-a494-481b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://studiofashion.it/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc6-9db0-4daa-80d1-4d82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'studiofashion.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "ipv4-addr--59b7cdc6-3bb8-4910-ac1d-02b8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "dst_ref": "ipv4-addr--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc6-3bb8-4910-ac1d-02b8950d210f", "value": "185.58.7.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc6-9a3c-470b-92c2-4b95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://studioslefteris.gr/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc7-6654-4796-9669-4093950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'studioslefteris.gr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc7-2db8-43ca-b58f-405a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc7-2db8-43ca-b58f-405a950d210f", "ipv4-addr--59b7cdc7-2db8-43ca-b58f-405a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc7-2db8-43ca-b58f-405a950d210f", "dst_ref": "ipv4-addr--59b7cdc7-2db8-43ca-b58f-405a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc7-2db8-43ca-b58f-405a950d210f", "value": "158.69.151.250" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc7-bc4c-4b49-a1a3-4f85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://tecnigrafite.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc7-2f20-426e-9284-4ef2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'tecnigrafite.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc8-d21c-4fda-ad4d-481f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://ukraine-consulting.com/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc8-3564-4773-9305-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'ukraine-consulting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc8-4b6c-421a-823a-412a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc8-4b6c-421a-823a-412a950d210f", "ipv4-addr--59b7cdc8-4b6c-421a-823a-412a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc8-4b6c-421a-823a-412a950d210f", "dst_ref": "ipv4-addr--59b7cdc8-4b6c-421a-823a-412a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc8-4b6c-421a-823a-412a950d210f", "value": "216.55.139.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc8-8014-4d09-9daa-452a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://veigadecompostela.es/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc9-f64c-4538-b966-4fda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'veigadecompostela.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdc9-d6c4-4854-91fe-4857950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdc9-d6c4-4854-91fe-4857950d210f", "ipv4-addr--59b7cdc9-d6c4-4854-91fe-4857950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdc9-d6c4-4854-91fe-4857950d210f", "dst_ref": "ipv4-addr--59b7cdc9-d6c4-4854-91fe-4857950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdc9-d6c4-4854-91fe-4857950d210f", "value": "185.18.197.109" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc9-74d0-4c3d-be40-40ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://villa-effe.jp/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdc9-fb98-45ea-b9af-41a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'villa-effe.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdca-068c-40c5-8efb-41fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdca-068c-40c5-8efb-41fe950d210f", "ipv4-addr--59b7cdca-068c-40c5-8efb-41fe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdca-068c-40c5-8efb-41fe950d210f", "dst_ref": "ipv4-addr--59b7cdca-068c-40c5-8efb-41fe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdca-068c-40c5-8efb-41fe950d210f", "value": "121.119.174.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdca-bd48-4e99-9ce4-424d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://yeserimmatbaa.com.tr/statement.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcb-8390-4f84-952a-4c92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'yeserimmatbaa.com.tr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "ipv4-addr--59b7cdcb-e470-4d29-a3d8-02fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "dst_ref": "ipv4-addr--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdcb-e470-4d29-a3d8-02fc950d210f", "value": "85.95.237.7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcb-dd1c-45f5-b945-438d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://wittinhohemmo.net/statement.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcb-5288-4b24-9a1b-407c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'wittinhohemmo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdcf-2978-4f33-ad86-4afe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdcf-2978-4f33-ad86-4afe950d210f", "ipv4-addr--59b7cdcf-2978-4f33-ad86-4afe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdcf-2978-4f33-ad86-4afe950d210f", "dst_ref": "ipv4-addr--59b7cdcf-2978-4f33-ad86-4afe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdcf-2978-4f33-ad86-4afe950d210f", "value": "47.88.55.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcf-70c8-44e6-ab24-4ab4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://mh-service.ru/canbtcc.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcf-cc20-4490-b08b-4d4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'mh-service.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcf-3558-4a72-b8d6-48a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://alexkreeger.com/golgers.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdcf-42c0-4397-abc4-4c1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'alexkreeger.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd0-b51c-4cf3-a8a4-47f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://mobius-group.com/ueunyli.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd0-93e8-4f02-b0ac-40b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'mobius-group.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "ipv4-addr--59b7cdd0-f608-4a4f-8d9b-48e7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "dst_ref": "ipv4-addr--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdd0-f608-4a4f-8d9b-48e7950d210f", "value": "176.56.62.143" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdd1-0d30-4b2b-93fd-473c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "url--59b7cdd1-0d30-4b2b-93fd-473c950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b7cdd1-0d30-4b2b-93fd-473c950d210f", "value": "http://185.67.2.156/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdd1-8e08-44b4-9901-47b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdd1-8e08-44b4-9901-47b7950d210f", "ipv4-addr--59b7cdd1-8e08-44b4-9901-47b7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdd1-8e08-44b4-9901-47b7950d210f", "dst_ref": "ipv4-addr--59b7cdd1-8e08-44b4-9901-47b7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdd1-8e08-44b4-9901-47b7950d210f", "value": "185.67.2.156" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdd1-4710-4396-a9f8-4640950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "url--59b7cdd1-4710-4396-a9f8-4640950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b7cdd1-4710-4396-a9f8-4640950d210f", "value": "http://217.106.238.89/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "first_observed": "2017-09-12T13:42:21Z", "last_observed": "2017-09-12T13:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "ipv4-addr--59b7cdd1-c658-4f5b-829d-4f4a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "dst_ref": "ipv4-addr--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b7cdd1-c658-4f5b-829d-4f4a950d210f", "value": "217.106.238.89" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd2-0c70-4e13-b411-4827950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://euqfwticrd.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd2-c7c0-4759-99ab-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'euqfwticrd.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd2-5740-4a39-b4a3-4510950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://qljsukddh.ru/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd2-b684-4131-b644-4f27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'qljsukddh.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd2-3674-4aca-b0ee-496c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://vbquoegxdqmhbs.work/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd3-3f70-467f-a10a-46f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'vbquoegxdqmhbs.work']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd3-fc6c-438b-b2a3-4e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://xpjsvwvxsbnv.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd3-4734-4a8d-b36c-02b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'xpjsvwvxsbnv.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd3-e358-403a-b14f-4d4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://uoivdwisd.pl/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd3-0184-462f-94f9-4038950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'uoivdwisd.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd4-a1d0-4d08-982c-4f37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://dkbclsxl.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd4-2508-45bf-9db1-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'dkbclsxl.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd4-e0e8-4cea-9bfc-4f33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://xsmoouv.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd4-3bd0-40e9-9c85-4b76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'xsmoouv.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd4-9a94-4326-9774-4efa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://lkqmqgbpdle.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-88f4-4857-841e-4ae6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'lkqmqgbpdle.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-6288-407d-97fa-4c65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://opwpsjnhkshl.xyz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-f264-42de-8b18-42d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'opwpsjnhkshl.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-ed54-4f4d-87ad-02fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://bhetakwouno.info/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-1b78-41c7-a1df-44c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'bhetakwouno.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd5-26ac-4de8-94e5-4cdc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://wnobheuejtidtiip.info/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd6-3674-4fbb-badf-4336950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'wnobheuejtidtiip.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd6-6758-4ca5-9837-47fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[url:value = 'http://ixgolywnbwvwmtu.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7cdd6-adcc-4b9e-96d9-4633950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:21.000Z", "modified": "2017-09-12T13:42:21.000Z", "pattern": "[domain-name:value = 'ixgolywnbwvwmtu.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7e43f-5b98-4145-aa0c-453502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:23.000Z", "modified": "2017-09-12T13:42:23.000Z", "description": "- Xchecked via VT: 230606dd8b0d62e2a8a04ef61b2d8707", "pattern": "[file:hashes.SHA256 = '5bf84469051c85bd684e03eb46f774cb1e913884c95acf7b210a8a4469da8d9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b7e43f-f7f8-42ac-bc85-4ec302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:23.000Z", "modified": "2017-09-12T13:42:23.000Z", "description": "- Xchecked via VT: 230606dd8b0d62e2a8a04ef61b2d8707", "pattern": "[file:hashes.SHA1 = '5c50cdad090de913d0c87edeb392c8df1af9f5c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-12T13:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b7e43f-fb38-4b54-a271-4e5702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-12T13:42:23.000Z", "modified": "2017-09-12T13:42:23.000Z", "first_observed": "2017-09-12T13:42:23Z", "last_observed": "2017-09-12T13:42:23Z", "number_observed": 1, "object_refs": [ "url--59b7e43f-fb38-4b54-a271-4e5702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b7e43f-fb38-4b54-a271-4e5702de0b81", "value": "https://www.virustotal.com/file/5bf84469051c85bd684e03eb46f774cb1e913884c95acf7b210a8a4469da8d9f/analysis/1505217371/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }