{ "type": "bundle", "id": "bundle--59c56158-c3e8-47e0-bc9f-4d02950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T11:40:06.000Z", "modified": "2017-09-25T11:40:06.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59c56158-c3e8-47e0-bc9f-4d02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T11:40:06.000Z", "modified": "2017-09-25T11:40:06.000Z", "name": "M2M - Locky 2017-09-18 : Affid=3, offline, \".ykcol\" : \"Message from KM_C224e\" - \"20171809_12345678901.7z\"", "published": "2017-09-25T11:41:45Z", "object_refs": [ "indicator--59c56159-7764-449b-9963-419b950d210f", "indicator--59c56159-e064-4321-9401-1330950d210f", "indicator--59c56159-0230-4b93-a251-440e950d210f", "observed-data--59c5615a-f138-4100-89f9-d2d7950d210f", "network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f", "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f", "indicator--59c5615a-ff1c-4324-9856-7461950d210f", "indicator--59c5615a-0114-4376-900a-44e6950d210f", "observed-data--59c5615a-8050-4fce-bc9e-df79950d210f", "network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f", "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f", "indicator--59c5615b-575c-4bc4-8472-e0c7950d210f", "indicator--59c5615b-5d40-48aa-a006-455d950d210f", "indicator--59c5615b-1880-4a70-9d98-45a3950d210f", "indicator--59c5615b-7b4c-43d1-9716-1330950d210f", "observed-data--59c5615c-b3a0-4b01-b03f-495a950d210f", "network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f", "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f", "indicator--59c5615c-38a4-4bb4-a783-d2d7950d210f", "indicator--59c5615c-9e78-4b9e-8ca9-7461950d210f", "observed-data--59c5615d-86cc-4907-b85f-4a34950d210f", "network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f", "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f", "indicator--59c5615d-b0d8-4505-80fe-4d78950d210f", "indicator--59c5615e-f678-4569-93bc-496e950d210f", "observed-data--59c5615e-1688-4fa3-b6e8-4f25950d210f", "network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f", "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f", "indicator--59c5615e-bc50-41f7-9c8d-4990950d210f", "indicator--59c5615e-7fa0-4974-b587-416d950d210f", "observed-data--59c5615e-cfd8-4c51-a8be-7461950d210f", "network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f", "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f", "indicator--59c5615f-a198-419f-b56e-4111950d210f", "indicator--59c5615f-a198-469c-a78c-e0d9950d210f", "observed-data--59c5615f-34d0-4864-a2e8-e0c7950d210f", "network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f", "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f", "indicator--59c56160-c528-4170-b3f3-4b92950d210f", "indicator--59c56160-99b8-479e-8020-49e9950d210f", "observed-data--59c56160-559c-4f87-af7e-4d54950d210f", "network-traffic--59c56160-559c-4f87-af7e-4d54950d210f", "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f", "indicator--59c56160-e978-45d5-ba60-4752950d210f", "indicator--59c56160-61d4-455d-b81c-4f57950d210f", "observed-data--59c56161-1228-494e-933f-7461950d210f", "network-traffic--59c56161-1228-494e-933f-7461950d210f", "ipv4-addr--59c56161-1228-494e-933f-7461950d210f", "indicator--59c56161-e414-4b5b-8960-4a7c950d210f", "indicator--59c56161-90f0-4aea-be44-e0d9950d210f", "observed-data--59c56162-8480-405b-ab9f-4361950d210f", "network-traffic--59c56162-8480-405b-ab9f-4361950d210f", "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f", "indicator--59c56162-da70-4b24-81f0-45d5950d210f", "indicator--59c56162-963c-47bd-ab91-4a08950d210f", "observed-data--59c56162-74f4-45c1-b217-1330950d210f", "network-traffic--59c56162-74f4-45c1-b217-1330950d210f", "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f", "indicator--59c56162-df34-4776-b12f-4dcf950d210f", "indicator--59c56163-4dbc-4b86-b05b-40a5950d210f", "indicator--59c56163-ac18-4167-9528-4483950d210f", "indicator--59c56163-a0e4-4b86-b247-494b950d210f", "observed-data--59c56164-ce44-4404-9bfc-4b07950d210f", "network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f", "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f", "indicator--59c56164-2958-4f7f-83f3-4a4e950d210f", "indicator--59c56164-3868-4e53-89b2-4c13950d210f", "observed-data--59c56165-ae98-4d0c-ac0b-45e1950d210f", "network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f", "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f", "indicator--59c56165-4694-45b3-be9a-4d7f950d210f", "indicator--59c56165-f4f4-4658-8dd1-d2d7950d210f", "observed-data--59c56165-775c-46f2-9568-4dca950d210f", "network-traffic--59c56165-775c-46f2-9568-4dca950d210f", "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f", "indicator--59c56165-babc-4ade-b117-4537950d210f", "indicator--59c56166-985c-45d7-b2ac-e0d9950d210f", "observed-data--59c56166-1998-43a0-a378-e0c7950d210f", "network-traffic--59c56166-1998-43a0-a378-e0c7950d210f", "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f", "indicator--59c56166-1b10-4b84-a294-4843950d210f", "indicator--59c56166-b718-49da-a066-48be950d210f", "indicator--59c56167-6550-4e7f-954c-1330950d210f", "indicator--59c56167-c3f4-48fa-91b2-4e61950d210f", "observed-data--59c56167-6c0c-4802-845a-49af950d210f", "network-traffic--59c56167-6c0c-4802-845a-49af950d210f", "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f", "indicator--59c56168-3130-4a31-bc46-436b950d210f", "indicator--59c56168-5ec4-4f35-93bb-4e6b950d210f", "indicator--59c56168-22dc-478f-83d6-43d7950d210f", "indicator--59c56168-f32c-455b-a308-4c81950d210f", "indicator--59c56169-0a70-45ee-afbd-4abb950d210f", "indicator--59c56169-8078-459b-99cf-1330950d210f", "indicator--59c56169-f930-4c95-92bc-4172950d210f", "indicator--59c56169-4e58-45f9-afc1-d2d7950d210f", "indicator--59c56169-6290-4822-9e2f-44bf950d210f", "indicator--59c5616a-2d00-49f7-bec9-4ce1950d210f", "indicator--59c5616a-0b5c-427e-a3d6-df79950d210f", "indicator--59c5616a-aa2c-4f28-8f25-e0c7950d210f", "indicator--59c5616b-5414-4c42-8a79-4b11950d210f", "indicator--59c5616b-babc-44eb-a875-489d950d210f", "indicator--59c5616b-1758-4e87-aaa3-4c3e950d210f", "indicator--59c5616b-4fa8-4a9f-b55c-4be9950d210f", "indicator--59c5616b-af80-4350-93fb-d2d7950d210f", "indicator--59c5616c-00d0-4301-b7ac-7461950d210f", "indicator--59c5616c-e944-4b11-a3bf-4be1950d210f", "indicator--59c5616c-d59c-4be4-ba10-4945950d210f", "indicator--59c56273-5d74-4c34-8c0e-4bb902de0b81", "indicator--59c56273-06dc-4df9-a984-42d002de0b81", "observed-data--59c56273-50b4-4811-9106-42e102de0b81", "url--59c56273-50b4-4811-9106-42e102de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56159-7764-449b-9963-419b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[file:hashes.MD5 = 'c6475a9b90dccea03d93dedf00eac5ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56159-e064-4321-9401-1330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://accountingservices.apec.org/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56159-0230-4b93-a251-440e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'accountingservices.apec.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615a-f138-4100-89f9-d2d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f", "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f", "dst_ref": "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f", "value": "123.100.239.53" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615a-ff1c-4324-9856-7461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://autoecoleeurope.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615a-0114-4376-900a-44e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'autoecoleeurope.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615a-8050-4fce-bc9e-df79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f", "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f", "dst_ref": "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f", "value": "193.227.248.241" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615b-575c-4bc4-8472-e0c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://autoecolekim95.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615b-5d40-48aa-a006-455d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'autoecolekim95.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615b-1880-4a70-9d98-45a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://cornyproposals.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615b-7b4c-43d1-9716-1330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'cornyproposals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615c-b3a0-4b01-b03f-495a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f", "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f", "dst_ref": "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f", "value": "184.168.111.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615c-38a4-4bb4-a783-d2d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://demopowerindo.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615c-9e78-4b9e-8ca9-7461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'demopowerindo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615d-86cc-4907-b85f-4a34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f", "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f", "dst_ref": "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f", "value": "202.169.44.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615d-b0d8-4505-80fe-4d78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://dmlex.adlino.be/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615e-f678-4569-93bc-496e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'dmlex.adlino.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615e-1688-4fa3-b6e8-4f25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f", "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f", "dst_ref": "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f", "value": "91.121.110.23" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615e-bc50-41f7-9c8d-4990950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://eurecas.org/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615e-7fa0-4974-b587-416d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'eurecas.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615e-cfd8-4c51-a8be-7461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f", "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f", "dst_ref": "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f", "value": "185.58.7.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615f-a198-419f-b56e-4111950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://georginabringas.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5615f-a198-469c-a78c-e0d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'georginabringas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c5615f-34d0-4864-a2e8-e0c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f", "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f", "dst_ref": "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f", "value": "40.76.209.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56160-c528-4170-b3f3-4b92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://lasdamas.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56160-99b8-479e-8020-49e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'lasdamas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56160-559c-4f87-af7e-4d54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56160-559c-4f87-af7e-4d54950d210f", "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56160-559c-4f87-af7e-4d54950d210f", "dst_ref": "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f", "value": "66.84.21.227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56160-e978-45d5-ba60-4752950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://montecortelhas.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56160-61d4-455d-b81c-4f57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'montecortelhas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56161-1228-494e-933f-7461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56161-1228-494e-933f-7461950d210f", "ipv4-addr--59c56161-1228-494e-933f-7461950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56161-1228-494e-933f-7461950d210f", "dst_ref": "ipv4-addr--59c56161-1228-494e-933f-7461950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56161-1228-494e-933f-7461950d210f", "value": "80.172.241.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56161-e414-4b5b-8960-4a7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://petromarket.ir/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56161-90f0-4aea-be44-e0d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'petromarket.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56162-8480-405b-ab9f-4361950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56162-8480-405b-ab9f-4361950d210f", "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56162-8480-405b-ab9f-4361950d210f", "dst_ref": "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f", "value": "198.50.119.188" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56162-da70-4b24-81f0-45d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://pnkparamount.com/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56162-963c-47bd-ab91-4a08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'pnkparamount.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56162-74f4-45c1-b217-1330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56162-74f4-45c1-b217-1330950d210f", "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56162-74f4-45c1-b217-1330950d210f", "dst_ref": "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f", "value": "66.135.55.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56162-df34-4776-b12f-4dcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://targeter.su/p66/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56163-4dbc-4b86-b05b-40a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'targeter.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56163-ac18-4167-9528-4483950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://v-chords.de/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56163-a0e4-4b86-b247-494b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'v-chords.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56164-ce44-4404-9bfc-4b07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f", "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f", "dst_ref": "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f", "value": "85.214.62.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56164-2958-4f7f-83f3-4a4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://walkama.net/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56164-3868-4e53-89b2-4c13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[domain-name:value = 'walkama.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56165-ae98-4d0c-ac0b-45e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "first_observed": "2017-09-22T19:20:18Z", "last_observed": "2017-09-22T19:20:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f", "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f", "dst_ref": "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f", "value": "91.192.194.102" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56165-4694-45b3-be9a-4d7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "pattern": "[url:value = 'http://wenger-werkzeugbau.de/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56165-f4f4-4658-8dd1-d2d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'wenger-werkzeugbau.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56165-775c-46f2-9568-4dca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "first_observed": "2017-09-22T19:20:18Z", "last_observed": "2017-09-22T19:20:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56165-775c-46f2-9568-4dca950d210f", "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56165-775c-46f2-9568-4dca950d210f", "dst_ref": "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f", "value": "87.230.17.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56165-babc-4ade-b117-4537950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://wiskundebijles.nu/DKndhFG72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56166-985c-45d7-b2ac-e0d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'wiskundebijles.nu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56166-1998-43a0-a378-e0c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "first_observed": "2017-09-22T19:20:18Z", "last_observed": "2017-09-22T19:20:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56166-1998-43a0-a378-e0c7950d210f", "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56166-1998-43a0-a378-e0c7950d210f", "dst_ref": "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f", "value": "37.48.73.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56166-1b10-4b84-a294-4843950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://plbdykyhfysuemla.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56166-b718-49da-a066-48be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'plbdykyhfysuemla.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56167-6550-4e7f-954c-1330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://binkdxdjmnimvu.xyz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56167-c3f4-48fa-91b2-4e61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'binkdxdjmnimvu.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56167-6c0c-4802-845a-49af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "first_observed": "2017-09-22T19:20:18Z", "last_observed": "2017-09-22T19:20:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59c56167-6c0c-4802-845a-49af950d210f", "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c56167-6c0c-4802-845a-49af950d210f", "dst_ref": "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f", "value": "192.42.116.41" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56168-3130-4a31-bc46-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://jkvjaco.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56168-5ec4-4f35-93bb-4e6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'jkvjaco.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56168-22dc-478f-83d6-43d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://butylctatr.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56168-f32c-455b-a308-4c81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'butylctatr.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56169-0a70-45ee-afbd-4abb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://dsmlskae.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56169-8078-459b-99cf-1330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'dsmlskae.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56169-f930-4c95-92bc-4172950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://ybxjwcxwdkdfii.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56169-4e58-45f9-afc1-d2d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'ybxjwcxwdkdfii.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56169-6290-4822-9e2f-44bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://lpnwxhtui.click/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616a-2d00-49f7-bec9-4ce1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'lpnwxhtui.click']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616a-0b5c-427e-a3d6-df79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://ibwudico.su/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616a-aa2c-4f28-8f25-e0c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'ibwudico.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616b-5414-4c42-8a79-4b11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://gnxvwwpwjadctwm.click/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616b-babc-44eb-a875-489d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'gnxvwwpwjadctwm.click']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616b-1758-4e87-aaa3-4c3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://symfensvoh.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616b-4fa8-4a9f-b55c-4be9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'symfensvoh.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616b-af80-4350-93fb-d2d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://sckodbf.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616c-00d0-4301-b7ac-7461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'sckodbf.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616c-e944-4b11-a3bf-4be1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[url:value = 'http://yjqfggabiym.pl/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c5616c-d59c-4be4-ba10-4945950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:18.000Z", "modified": "2017-09-22T19:20:18.000Z", "pattern": "[domain-name:value = 'yjqfggabiym.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56273-5d74-4c34-8c0e-4bb902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "description": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee", "pattern": "[file:hashes.SHA256 = '8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c56273-06dc-4df9-a984-42d002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "description": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee", "pattern": "[file:hashes.SHA1 = 'b7afbe3c25fa4a147b32fa37b71c95ff089489e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-22T19:20:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c56273-50b4-4811-9106-42e102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-22T19:20:19.000Z", "modified": "2017-09-22T19:20:19.000Z", "first_observed": "2017-09-22T19:20:19Z", "last_observed": "2017-09-22T19:20:19Z", "number_observed": 1, "object_refs": [ "url--59c56273-50b4-4811-9106-42e102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59c56273-50b4-4811-9106-42e102de0b81", "value": "https://www.virustotal.com/file/8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142/analysis/1506055266/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }