{ "type": "bundle", "id": "bundle--59bfc43f-c1ac-4a3b-b271-4420950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:47.000Z", "modified": "2017-10-23T15:39:47.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59bfc43f-c1ac-4a3b-b271-4420950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:47.000Z", "modified": "2017-10-23T15:39:47.000Z", "name": "M2M - ***SPAM*** Locky: \"Status of invoice\" with .7z\n\tattachment", "context": "suspicious-activity", "object_refs": [ "indicator--59bfc440-11c0-40ba-97c7-1914950d210f", "indicator--59bfc441-8e8c-49eb-88e5-190a950d210f", "indicator--59bfc441-450c-4bee-92af-167b950d210f", "indicator--59bfc441-f604-4ec5-b075-1916950d210f", "indicator--59bfc442-b6c4-4fce-972c-167b950d210f", "indicator--59bfc442-ff64-4234-9246-413f950d210f", "observed-data--59bfc443-1550-4cfe-ac10-1916950d210f", "network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f", "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f", "indicator--59bfc443-90b0-41f4-8882-1677950d210f", "indicator--59bfc443-6ef4-4a1e-a822-425c950d210f", "observed-data--59bfc444-79f4-49af-a9f2-91d9950d210f", "network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f", "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f", "indicator--59bfc445-4c4c-4d5d-88d4-496b950d210f", "indicator--59bfc445-3a30-440b-a11d-18ff950d210f", "observed-data--59bfc445-d310-4d3c-b58c-4096950d210f", "network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f", "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f", "indicator--59bfc446-c580-4458-8786-190b950d210f", "indicator--59bfc446-d474-4c06-8dfc-17ec950d210f", "observed-data--59bfc446-7494-420a-9ef5-18ff950d210f", "network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f", "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f", "indicator--59bfc447-ea2c-4604-914d-4d38950d210f", "indicator--59bfc447-6474-4827-875b-1916950d210f", "indicator--59bfc458-f004-42b0-9a34-474b950d210f", "indicator--59bfc459-42e8-4d7d-8d52-91d9950d210f", "observed-data--59bfc459-5bc0-498d-a557-1677950d210f", "network-traffic--59bfc459-5bc0-498d-a557-1677950d210f", "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f", "indicator--59bfc45a-dbdc-4b1d-9b4f-190b950d210f", "indicator--59bfc45a-9294-4551-9d33-4321950d210f", "observed-data--59bfc45a-4748-44a6-9563-4074950d210f", "network-traffic--59bfc45a-4748-44a6-9563-4074950d210f", "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f", "indicator--59bfc45b-9c70-4502-9fe5-17a8950d210f", "indicator--59bfc45b-6e40-41ff-916c-1914950d210f", "observed-data--59bfc45c-342c-4c06-8052-4434950d210f", "network-traffic--59bfc45c-342c-4c06-8052-4434950d210f", "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f", "indicator--59bfc45c-04b0-4421-815e-190a950d210f", "indicator--59bfc45c-c868-45a3-909a-17a8950d210f", "observed-data--59bfc45d-3588-46e5-8ace-18ff950d210f", "network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f", "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f", "indicator--59bfc45d-eae4-4ffd-8972-1677950d210f", "indicator--59bfc45e-eaa8-4142-9166-4f62950d210f", "observed-data--59bfc45e-1084-4003-af95-1914950d210f", "network-traffic--59bfc45e-1084-4003-af95-1914950d210f", "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f", "indicator--59bfc45f-5d58-4869-8bd7-439d950d210f", "indicator--59bfc45f-6c44-4e25-844a-4163950d210f", "observed-data--59bfc460-f37c-4087-97c0-1677950d210f", "network-traffic--59bfc460-f37c-4087-97c0-1677950d210f", "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f", "indicator--59bfc460-0058-4fd4-8dda-17a8950d210f", "indicator--59bfc461-3030-4575-9426-167b950d210f", "observed-data--59bfc461-bd54-497e-b2fc-4fa8950d210f", "network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f", "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f", "indicator--59bfc461-6fe0-4042-a5eb-400a950d210f", "indicator--59bfc462-88a4-48cc-9d44-1913950d210f", "observed-data--59bfc462-98dc-4a3f-99fe-1914950d210f", "network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f", "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f", "indicator--59bfc463-749c-44ef-9816-17ec950d210f", "indicator--59bfc463-34f0-422a-96c3-4bf6950d210f", "observed-data--59bfc463-9a38-4ed4-9718-1913950d210f", "network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f", "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f", "observed-data--59bfc464-5184-4279-85e6-49d8950d210f", "url--59bfc464-5184-4279-85e6-49d8950d210f", "observed-data--59bfc464-8bcc-4ba4-9932-17ec950d210f", "network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f", "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f", "observed-data--59bfc465-6c64-4521-9d3e-1913950d210f", "url--59bfc465-6c64-4521-9d3e-1913950d210f", "observed-data--59bfc465-d424-4bc1-afc1-1914950d210f", "network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f", "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f", "indicator--59bfc465-0638-4343-b376-4f21950d210f", "indicator--59bfc466-a4c8-4ec0-96d8-1913950d210f", "indicator--59bfc466-8e78-4052-a0c3-4293950d210f", "indicator--59bfc466-b8d4-4fc0-8c2c-167b950d210f", "observed-data--59bfc467-428c-47a3-bc24-1565950d210f", "network-traffic--59bfc467-428c-47a3-bc24-1565950d210f", "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f", "indicator--59bfc467-34e8-4870-99ea-1914950d210f", "indicator--59bfc467-6f94-4eb3-89bd-4eed950d210f", "indicator--59bfc468-83ac-48a8-9879-4cae950d210f", "indicator--59bfc468-0174-498b-bb0c-91d9950d210f", "indicator--59bfc469-ec2c-4f65-972d-1914950d210f", "indicator--59bfc469-8490-4e49-b2d9-17a8950d210f", "indicator--59bfc46a-91a8-4cee-8b37-1677950d210f", "indicator--59bfc46a-b388-4a62-b545-167b950d210f", "indicator--59bfc46b-36b8-4bad-826a-190b950d210f", "indicator--59bfc46b-5578-4581-8ded-17a8950d210f", "indicator--59bfc46b-6350-4590-ba89-167b950d210f", "indicator--59bfc46c-d8e0-42f8-85de-91d9950d210f", "indicator--59bfc46c-3780-41d8-9982-17a8950d210f", "indicator--59bfc46c-b334-428d-8dc8-190a950d210f", "indicator--59bfc46d-e1c0-4672-b206-18ff950d210f", "indicator--59bfc46d-f75c-4db6-bd1e-44d4950d210f", "indicator--59bfc46e-ccfc-428f-8d38-190a950d210f", "indicator--59bfc46e-5c3c-45ec-855d-17ec950d210f", "indicator--59bfc46e-12e4-4e0a-acd1-167b950d210f", "indicator--59bfc46f-9c6c-41a9-be72-18ff950d210f", "indicator--59bfc46f-cce0-4ef3-95fb-190a950d210f", "indicator--59bfc46f-241c-4caa-81dd-17ec950d210f", "observed-data--59bfc470-fdd4-48fe-99ec-1565950d210f", "network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f", "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f", "indicator--59bfc470-6b84-487e-882a-4415950d210f", "indicator--59bfc470-7704-46a8-8d52-17ec950d210f", "observed-data--59bfc470-c438-4128-b6cc-17a8950d210f", "network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f", "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f", "indicator--59bfc471-de08-4e89-9c80-1916950d210f", "indicator--59bfc471-6e3c-4eac-8d00-190b950d210f", "observed-data--59bfc471-bae8-45ab-af99-444b950d210f", "network-traffic--59bfc471-bae8-45ab-af99-444b950d210f", "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f", "observed-data--59bfc472-73c0-400a-bb0d-190a950d210f", "network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f", "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f", "indicator--59bfc472-d664-4713-a13f-18ff950d210f", "observed-data--59bfc473-dc44-4c12-b586-18ff950d210f", "url--59bfc473-dc44-4c12-b586-18ff950d210f", "observed-data--59bfc474-4af0-4cff-9450-91d9950d210f", "url--59bfc474-4af0-4cff-9450-91d9950d210f", "observed-data--59bfc474-023c-49d2-ac0f-4686950d210f", "url--59bfc474-023c-49d2-ac0f-4686950d210f", "observed-data--59bfc474-37ac-4804-bd89-4a1b950d210f", "url--59bfc474-37ac-4804-bd89-4a1b950d210f", "observed-data--59bfc4b3-6384-4425-a920-40c3950d210f", "url--59bfc4b3-6384-4425-a920-40c3950d210f", "observed-data--59bfc4b3-a7ac-4875-8f1d-1916950d210f", "url--59bfc4b3-a7ac-4875-8f1d-1916950d210f", "indicator--59ee0d35-83fc-4fa1-8932-436602de0b81", "observed-data--59ee0d35-a704-4611-8279-476202de0b81", "url--59ee0d35-a704-4611-8279-476202de0b81", "indicator--59ee0d35-7250-461e-acbf-471702de0b81", "indicator--59ee0d35-4f70-4bd1-90d2-421b02de0b81", "observed-data--59ee0d35-8cd0-4a2a-a26e-417102de0b81", "url--59ee0d35-8cd0-4a2a-a26e-417102de0b81", "indicator--59ee0d35-ec94-47ea-823f-477a02de0b81", "indicator--59ee0d35-f84c-4a9e-b9b3-46ec02de0b81", "observed-data--59ee0d35-a670-4120-b5d3-43a502de0b81", "url--59ee0d35-a670-4120-b5d3-43a502de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc440-11c0-40ba-97c7-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[file:hashes.MD5 = '20f2ca720cb4dcca9195113f258ca4ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc441-8e8c-49eb-88e5-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[file:hashes.SHA256 = '24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc441-450c-4bee-92af-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[file:hashes.SHA256 = '0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc441-f604-4ec5-b075-1916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[file:hashes.SHA256 = 'c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc442-b6c4-4fce-972c-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[url:value = 'http://abelfaria.pt/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc442-ff64-4234-9246-413f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[domain-name:value = 'abelfaria.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc443-1550-4cfe-ac10-1916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "first_observed": "2017-10-23T15:39:31Z", "last_observed": "2017-10-23T15:39:31Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f", "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f", "dst_ref": "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f", "value": "109.71.42.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc443-90b0-41f4-8882-1677950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[url:value = 'http://cedipsa.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc443-6ef4-4a1e-a822-425c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[domain-name:value = 'cedipsa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc444-79f4-49af-a9f2-91d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "first_observed": "2017-10-23T15:39:31Z", "last_observed": "2017-10-23T15:39:31Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f", "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f", "dst_ref": "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f", "value": "93.189.91.20" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc445-4c4c-4d5d-88d4-496b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[url:value = 'http://grovecreative.co.uk/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc445-3a30-440b-a11d-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[domain-name:value = 'grovecreative.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc445-d310-4d3c-b58c-4096950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "first_observed": "2017-10-23T15:39:31Z", "last_observed": "2017-10-23T15:39:31Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f", "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f", "dst_ref": "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f", "value": "188.165.73.151" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc446-c580-4458-8786-190b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[url:value = 'http://lanzensberger.de/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc446-d474-4c06-8dfc-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[domain-name:value = 'lanzensberger.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc446-7494-420a-9ef5-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "first_observed": "2017-10-23T15:39:31Z", "last_observed": "2017-10-23T15:39:31Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f", "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f", "dst_ref": "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f", "value": "94.142.217.110" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc447-ea2c-4604-914d-4d38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[url:value = 'http://miliaraic.ru/p66/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc447-6474-4827-875b-1916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:31.000Z", "modified": "2017-10-23T15:39:31.000Z", "pattern": "[domain-name:value = 'miliaraic.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc458-f004-42b0-9a34-474b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://pielen.de/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc459-42e8-4d7d-8d52-91d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'pielen.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc459-5bc0-498d-a557-1677950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc459-5bc0-498d-a557-1677950d210f", "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc459-5bc0-498d-a557-1677950d210f", "dst_ref": "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f", "value": "62.154.185.60" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45a-dbdc-4b1d-9b4f-190b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://qstom.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45a-9294-4551-9d33-4321950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'qstom.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc45a-4748-44a6-9563-4074950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc45a-4748-44a6-9563-4074950d210f", "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc45a-4748-44a6-9563-4074950d210f", "dst_ref": "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f", "value": "173.201.253.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45b-9c70-4502-9fe5-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://saitis.eu/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45b-6e40-41ff-916c-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'saitis.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc45c-342c-4c06-8052-4434950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc45c-342c-4c06-8052-4434950d210f", "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc45c-342c-4c06-8052-4434950d210f", "dst_ref": "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f", "value": "149.56.223.252" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45c-04b0-4421-815e-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://troyriser.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45c-c868-45a3-909a-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'troyriser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc45d-3588-46e5-8ace-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f", "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f", "dst_ref": "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f", "value": "98.124.251.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45d-eae4-4ffd-8972-1677950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://unifiedfloor.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45e-eaa8-4142-9166-4f62950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'unifiedfloor.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc45e-1084-4003-af95-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc45e-1084-4003-af95-1914950d210f", "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc45e-1084-4003-af95-1914950d210f", "dst_ref": "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f", "value": "209.15.0.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45f-5d58-4869-8bd7-439d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://w4fot.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc45f-6c44-4e25-844a-4163950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'w4fot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc460-f37c-4087-97c0-1677950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc460-f37c-4087-97c0-1677950d210f", "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc460-f37c-4087-97c0-1677950d210f", "dst_ref": "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f", "value": "64.6.239.98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc460-0058-4fd4-8dda-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://web-ch-team.ch/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc461-3030-4575-9426-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'web-ch-team.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc461-bd54-497e-b2fc-4fa8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f", "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f", "dst_ref": "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f", "value": "194.150.248.56" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc461-6fe0-4042-a5eb-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://www.elitecommunications.co.uk/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc462-88a4-48cc-9d44-1913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'www.elitecommunications.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc462-98dc-4a3f-99fe-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f", "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f", "dst_ref": "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f", "value": "217.118.128.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc463-749c-44ef-9816-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://yildizmakina74.com/87thiuh3gfDGS']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc463-34f0-422a-96c3-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'yildizmakina74.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc463-9a38-4ed4-9718-1913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f", "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f", "dst_ref": "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f", "value": "85.95.237.29" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc464-5184-4279-85e6-49d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "url--59bfc464-5184-4279-85e6-49d8950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc464-5184-4279-85e6-49d8950d210f", "value": "http://91.191.184.158/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc464-8bcc-4ba4-9932-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f", "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f", "dst_ref": "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f", "value": "91.191.184.158" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc465-6c64-4521-9d3e-1913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "url--59bfc465-6c64-4521-9d3e-1913950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc465-6c64-4521-9d3e-1913950d210f", "value": "http://195.123.218.226/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc465-d424-4bc1-afc1-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f", "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f", "dst_ref": "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f", "value": "195.123.218.226" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc465-0638-4343-b376-4f21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://plbdykyhfysuemla.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc466-a4c8-4ec0-96d8-1913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'plbdykyhfysuemla.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc466-8e78-4052-a0c3-4293950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://binkdxdjmnimvu.xyz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc466-b8d4-4fc0-8c2c-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'binkdxdjmnimvu.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc467-428c-47a3-bc24-1565950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "first_observed": "2017-10-23T15:39:32Z", "last_observed": "2017-10-23T15:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc467-428c-47a3-bc24-1565950d210f", "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc467-428c-47a3-bc24-1565950d210f", "dst_ref": "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f", "value": "192.42.116.41" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc467-34e8-4870-99ea-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://jkvjaco.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc467-6f94-4eb3-89bd-4eed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'jkvjaco.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc468-83ac-48a8-9879-4cae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://butylctatr.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc468-0174-498b-bb0c-91d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'butylctatr.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc469-ec2c-4f65-972d-1914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://dsmlskae.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc469-8490-4e49-b2d9-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'dsmlskae.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46a-91a8-4cee-8b37-1677950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://ybxjwcxwdkdfii.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46a-b388-4a62-b545-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'ybxjwcxwdkdfii.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46b-36b8-4bad-826a-190b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://lpnwxhtui.click/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46b-5578-4581-8ded-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'lpnwxhtui.click']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46b-6350-4590-ba89-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://ibwudico.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46c-d8e0-42f8-85de-91d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'ibwudico.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46c-3780-41d8-9982-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://gnxvwwpwjadctwm.click/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46c-b334-428d-8dc8-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'gnxvwwpwjadctwm.click']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46d-e1c0-4672-b206-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://symfensvoh.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46d-f75c-4db6-bd1e-44d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[domain-name:value = 'symfensvoh.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46e-ccfc-428f-8d38-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:32.000Z", "modified": "2017-10-23T15:39:32.000Z", "pattern": "[url:value = 'http://sckodbf.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46e-5c3c-45ec-855d-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[domain-name:value = 'sckodbf.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46e-12e4-4e0a-acd1-167b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[url:value = 'http://yjqfggabiym.pl/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46f-9c6c-41a9-be72-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[domain-name:value = 'yjqfggabiym.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46f-cce0-4ef3-95fb-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[url:value = 'http://blog.dynamoo.com/2017/09/malware-spam-status-of-invoice-with-7z.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc46f-241c-4caa-81dd-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[domain-name:value = 'blog.dynamoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc470-fdd4-48fe-99ec-1565950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f", "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f", "dst_ref": "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f", "value": "216.58.207.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc470-6b84-487e-882a-4415950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[url:value = 'https://1.bp.blogspot.com/-Ny5VWOYmFzY/VFfHZVb3KFI/AAAAAAAAF54/esl8RS0lLMEigFZYWAf1edgsKtriXTWdwCPcBGAYYCw/s1600/invoice.png']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc470-7704-46a8-8d52-17ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[domain-name:value = '1.bp.blogspot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc470-c438-4128-b6cc-17a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f", "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f", "dst_ref": "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f", "value": "216.58.207.33" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc471-de08-4e89-9c80-1916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[url:value = 'https://pastebin.com/rDFzUZXw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc471-6e3c-4eac-8d00-190b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[domain-name:value = 'pastebin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc471-bae8-45ab-af99-444b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc471-bae8-45ab-af99-444b950d210f", "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc471-bae8-45ab-af99-444b950d210f", "dst_ref": "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f", "value": "104.20.209.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc472-73c0-400a-bb0d-190a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f", "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f", "dst_ref": "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f", "value": "104.20.208.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bfc472-d664-4713-a13f-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "pattern": "[url:value = 'https://pastebin.com/fyDWa7h0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc473-dc44-4c12-b586-18ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc473-dc44-4c12-b586-18ff950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc473-dc44-4c12-b586-18ff950d210f", "value": "https://www.hybrid-analysis.com/sample/24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de?environmentId=100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc474-4af0-4cff-9450-91d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc474-4af0-4cff-9450-91d9950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc474-4af0-4cff-9450-91d9950d210f", "value": "https://www.hybrid-analysis.com/sample/0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8?environmentId=100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc474-023c-49d2-ac0f-4686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc474-023c-49d2-ac0f-4686950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc474-023c-49d2-ac0f-4686950d210f", "value": "https://malwr.com/analysis/Y2IxOTMwMjY3OGUyNGVjYmI4ODNiNzZjNjJjMmViYzQ/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc474-37ac-4804-bd89-4a1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc474-37ac-4804-bd89-4a1b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc474-37ac-4804-bd89-4a1b950d210f", "value": "https://malwr.com/analysis/MGY4YzRmOWE2YTIxNDY3ZWE4NjZjYWE5NGJjZDA1ZmM/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc4b3-6384-4425-a920-40c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc4b3-6384-4425-a920-40c3950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc4b3-6384-4425-a920-40c3950d210f", "value": "https://www.virustotal.com/#/file/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7/detection" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59bfc4b3-a7ac-4875-8f1d-1916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59bfc4b3-a7ac-4875-8f1d-1916950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59bfc4b3-a7ac-4875-8f1d-1916950d210f", "value": "https://www.hybrid-analysis.com/sample/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7?environmentId=100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ee0d35-83fc-4fa1-8932-436602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "description": "- Xchecked via VT: c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7", "pattern": "[file:hashes.SHA1 = '2f5e2914af69f91c5e84e7ea0fc58dad4b6b741e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ee0d35-a704-4611-8279-476202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59ee0d35-a704-4611-8279-476202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ee0d35-a704-4611-8279-476202de0b81", "value": "https://www.virustotal.com/file/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7/analysis/1508636490/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ee0d35-7250-461e-acbf-471702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "description": "- Xchecked via VT: 0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8", "pattern": "[file:hashes.SHA1 = 'df0b16d25694e9828539ef503fefea837eeea46d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ee0d35-4f70-4bd1-90d2-421b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "description": "- Xchecked via VT: 0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8", "pattern": "[file:hashes.MD5 = 'd720e786de4e79c5e6f6172b80da45fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ee0d35-8cd0-4a2a-a26e-417102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59ee0d35-8cd0-4a2a-a26e-417102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ee0d35-8cd0-4a2a-a26e-417102de0b81", "value": "https://www.virustotal.com/file/0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8/analysis/1506595289/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ee0d35-ec94-47ea-823f-477a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "description": "- Xchecked via VT: 24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de", "pattern": "[file:hashes.SHA1 = '81f7dede7c47c71f3c59671f2557823ad4e4dea2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ee0d35-f84c-4a9e-b9b3-46ec02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "description": "- Xchecked via VT: 24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de", "pattern": "[file:hashes.MD5 = '8d4dfc3be8231ff95790fcf4de0ab54e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-23T15:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ee0d35-a670-4120-b5d3-43a502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-23T15:39:33.000Z", "modified": "2017-10-23T15:39:33.000Z", "first_observed": "2017-10-23T15:39:33Z", "last_observed": "2017-10-23T15:39:33Z", "number_observed": 1, "object_refs": [ "url--59ee0d35-a670-4120-b5d3-43a502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ee0d35-a670-4120-b5d3-43a502de0b81", "value": "https://www.virustotal.com/file/24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de/analysis/1506596589/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }