{ "type": "bundle", "id": "bundle--59c8f958-be58-46da-8a21-4c5f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:58:00.000Z", "modified": "2017-09-25T12:58:00.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59c8f958-be58-46da-8a21-4c5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:58:00.000Z", "modified": "2017-09-25T12:58:00.000Z", "name": "M2M - Locky 2017-09-25 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"", "published": "2017-09-25T12:58:05Z", "object_refs": [ "indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f", "indicator--59c8f959-481c-4f85-a01f-4dd9950d210f", "indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f", "indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f", "indicator--59c8f978-11f8-4997-8f83-4d7e950d210f", "observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f", "network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f", "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f", "indicator--59c8f978-e850-40fd-85eb-9dc2950d210f", "indicator--59c8f978-557c-42cb-8552-4dd6950d210f", "observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f", "network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f", "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f", "indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f", "indicator--59c8f979-e378-452d-9637-408a950d210f", "observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f", "network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f", "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f", "indicator--59c8f97a-7670-41df-976e-4c5f950d210f", "indicator--59c8f97a-7130-4898-874b-9dc2950d210f", "observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f", "indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f", "observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f", "network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f", "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f", "indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f", "indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f", "observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "indicator--59c8f97d-7e08-4283-a747-4bf6950d210f", "indicator--59c8f97e-e30c-41cd-926e-4678950d210f", "observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f", "network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f", "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f", "indicator--59c8f97e-e88c-4032-849d-4c5f950d210f", "indicator--59c8f97e-2678-46af-8143-9dc2950d210f", "observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f", "network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f", "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f", "indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f", "indicator--59c8f980-1a10-449c-8ff4-4db4950d210f", "observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f", "network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f", "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f", "indicator--59c8f980-130c-4261-ade3-454a950d210f", "indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f", "observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f", "network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f", "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f", "indicator--59c8f981-d878-4b0d-8f17-4075950d210f", "indicator--59c8f981-1400-44b1-b1ed-4df4950d210f", "observed-data--59c8f981-0550-4d85-b6e3-44da950d210f", "network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f", "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f", "indicator--59c8f982-981c-4dbb-a0e5-4797950d210f", "indicator--59c8f982-7b54-4776-921a-9dc2950d210f", "indicator--59c8f988-7a04-42bb-a64e-4241950d210f", "indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f", "observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "indicator--59c8fcfd-834c-42e6-862e-403d02de0b81", "indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81", "observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81", "url--59c8fcfd-6024-4980-ba2c-4fe102de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[file:hashes.MD5 = '8dbdd9122dadc54f21747cc4f0ab267c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f959-481c-4f85-a01f-4dd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://artplast.uz/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'artplast.uz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://asesoreszapico.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f978-11f8-4997-8f83-4d7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'asesoreszapico.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f", "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f", "dst_ref": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f", "value": "212.89.16.142" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f978-e850-40fd-85eb-9dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://asheardontheradiogreens.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f978-557c-42cb-8552-4dd6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'asheardontheradiogreens.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f", "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f", "dst_ref": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f", "value": "199.30.241.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://audio-pa-service.de/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f979-e378-452d-9637-408a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'audio-pa-service.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f", "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f", "dst_ref": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f", "value": "81.169.244.233" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97a-7670-41df-976e-4c5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://augsburger-maerchentheater.de/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97a-7130-4898-874b-9dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'augsburger-maerchentheater.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "dst_ref": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f", "value": "94.102.214.231" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://auto-ecole-prudence.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'auto-ecole-prudence.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f", "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f", "dst_ref": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f", "value": "193.227.248.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://automattenonline.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'automattenonline.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "dst_ref": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f", "value": "149.210.129.109" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97d-7e08-4283-a747-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://awoodshop.net/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97e-e30c-41cd-926e-4678950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'awoodshop.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f", "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f", "dst_ref": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f", "value": "72.32.177.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97e-e88c-4032-849d-4c5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://azimuth.com.pt/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f97e-2678-46af-8143-9dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'azimuth.com.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f", "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f", "dst_ref": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f", "value": "80.172.241.36" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://baburkuyumculuk.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f980-1a10-449c-8ff4-4db4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'baburkuyumculuk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f", "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f", "dst_ref": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f", "value": "213.142.143.191" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f980-130c-4261-ade3-454a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://bagnolipisa.it/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'bagnolipisa.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f", "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f", "dst_ref": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f", "value": "77.72.25.23" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f981-d878-4b0d-8f17-4075950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[url:value = 'http://barberomudanzas.com/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f981-1400-44b1-b1ed-4df4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'barberomudanzas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f981-0550-4d85-b6e3-44da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f", "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f", "dst_ref": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f", "value": "188.93.75.198" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f982-981c-4dbb-a0e5-4797950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:28.000Z", "modified": "2017-09-25T12:56:28.000Z", "pattern": "[url:value = 'http://bor.uz/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f982-7b54-4776-921a-9dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "pattern": "[domain-name:value = 'bor.uz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f988-7a04-42bb-a64e-4241950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:28.000Z", "modified": "2017-09-25T12:56:28.000Z", "pattern": "[url:value = 'http://tertrodefordown.info/af/YTkjdJH7w1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:28.000Z", "modified": "2017-09-25T12:56:28.000Z", "pattern": "[domain-name:value = 'tertrodefordown.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:28.000Z", "modified": "2017-09-25T12:56:28.000Z", "first_observed": "2017-09-25T12:56:28Z", "last_observed": "2017-09-25T12:56:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "dst_ref": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f", "value": "49.51.36.73" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8fcfd-834c-42e6-862e-403d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c", "pattern": "[file:hashes.SHA256 = 'b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c", "pattern": "[file:hashes.SHA1 = '7f07f3b5ba830d55822f75836f0bbbe0ef579256']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-25T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-25T12:56:29.000Z", "modified": "2017-09-25T12:56:29.000Z", "first_observed": "2017-09-25T12:56:29Z", "last_observed": "2017-09-25T12:56:29Z", "number_observed": 1, "object_refs": [ "url--59c8fcfd-6024-4980-ba2c-4fe102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59c8fcfd-6024-4980-ba2c-4fe102de0b81", "value": "https://www.virustotal.com/file/b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a/analysis/1506338916/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }