{ "type": "bundle", "id": "bundle--59ccca18-b2fc-4249-8c20-49fd950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59ccca18-b2fc-4249-8c20-49fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "name": "M2M - Locky 2017-09-27 : Affid=3, offline, \".ykcol\" : \"Scanned image from MX-2600N\" - \"20170927_123456.7z\"", "published": "2017-09-29T13:07:45Z", "object_refs": [ "indicator--59ccca19-e7bc-41aa-9755-4c55950d210f", "indicator--59ccca19-27c0-4fc9-9f41-431c950d210f", "indicator--59ccca19-8a44-4121-add6-4253950d210f", "observed-data--59ccca1a-d7e4-49ed-acde-458f950d210f", "network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f", "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f", "indicator--59ccca1a-a4ec-425d-ba06-4df4950d210f", "indicator--59ccca1a-1acc-407f-9206-494e950d210f", "observed-data--59ccca1a-cebc-4657-8a62-4f08950d210f", "network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f", "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f", "indicator--59ccca1b-ea74-4440-948d-4571950d210f", "indicator--59ccca1b-3d50-48a7-9547-4883950d210f", "observed-data--59ccca1b-6730-41ef-8202-4ae9950d210f", "network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f", "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f", "indicator--59ccca1b-0e20-4e60-bcc8-4415950d210f", "indicator--59ccca1b-d1d4-4761-9bf5-4445950d210f", "observed-data--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "indicator--59ccca1c-0710-4e8f-b78c-4c92950d210f", "indicator--59ccca1c-97b8-4e9d-92da-4f34950d210f", "observed-data--59ccca1d-ea74-403f-b883-437f950d210f", "network-traffic--59ccca1d-ea74-403f-b883-437f950d210f", "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f", "indicator--59ccca1d-f3f8-4ee6-9cc2-4432950d210f", "indicator--59ccca1d-9b40-453c-9325-4e49950d210f", "observed-data--59ccca1e-223c-4e44-b453-4943950d210f", "network-traffic--59ccca1e-223c-4e44-b453-4943950d210f", "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f", "indicator--59ccca1e-c54c-4133-9680-45cf950d210f", "indicator--59ccca1e-4f58-45c4-9326-438d950d210f", "observed-data--59ccca1e-8be0-4430-86cb-4b8c950d210f", "network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f", "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f", "indicator--59ccca1e-ddd0-4582-a51b-4a5a950d210f", "indicator--59ccca1f-44d4-48eb-9d44-4324950d210f", "observed-data--59ccca1f-e198-4f18-87a8-4bd7950d210f", "network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f", "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f", "indicator--59ccca1f-45c8-44e2-8f41-47e5950d210f", "indicator--59ccca1f-4d24-4ef7-94c8-4335950d210f", "observed-data--59ccca20-77bc-416e-b2fd-4d97950d210f", "network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f", "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f", "indicator--59ccca20-212c-45c8-acb9-4700950d210f", "indicator--59ccca20-8980-4ca3-bce4-45ca950d210f", "observed-data--59ccca20-1994-481e-8e48-4aeb950d210f", "network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f", "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f", "indicator--59ccca21-2844-410b-8bf2-407b950d210f", "indicator--59ccca21-e85c-492e-82c4-43e4950d210f", "observed-data--59ccca21-cf98-48b4-8d2f-41e0950d210f", "network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f", "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f", "indicator--59ccca21-35c4-4dd1-a121-4e86950d210f", "indicator--59ccca22-9bcc-49b0-95df-47f2950d210f", "observed-data--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "indicator--59ccca22-c564-4462-b7f1-4373950d210f", "indicator--59ccca22-eb8c-43f9-a006-475b950d210f", "observed-data--59ccca23-21ac-4fc4-9b53-4120950d210f", "network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f", "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f", "indicator--59ccca23-a6e8-4ebb-b50b-44e5950d210f", "indicator--59ccca23-09f8-4cfc-85f2-4103950d210f", "indicator--59ccca41-3204-4881-8aaa-4fab950d210f", "indicator--59ccca41-c0a4-4f8f-acc8-4136950d210f", "observed-data--59ccca41-c174-40af-828b-4973950d210f", "network-traffic--59ccca41-c174-40af-828b-4973950d210f", "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f", "indicator--59ccca48-59a0-42a3-b65a-4c1d02de0b81", "indicator--59ccca48-578c-4e68-a971-4d7a02de0b81", "observed-data--59ccca48-de94-482b-9489-4baf02de0b81", "url--59ccca48-de94-482b-9489-4baf02de0b81", "observed-data--59ce45a1-3ff8-4e6a-a052-79d102de0b81", "url--59ce45a1-3ff8-4e6a-a052-79d102de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca19-e7bc-41aa-9755-4c55950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[file:hashes.MD5 = 'dd4d46b9612efc391469bba8553358b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca19-27c0-4fc9-9f41-431c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://aeaccting.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca19-8a44-4121-add6-4253950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'aeaccting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1a-d7e4-49ed-acde-458f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f", "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f", "dst_ref": "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f", "value": "208.67.23.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1a-a4ec-425d-ba06-4df4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://asecontrids.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1a-1acc-407f-9206-494e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'asecontrids.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1a-cebc-4657-8a62-4f08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f", "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f", "dst_ref": "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f", "value": "107.190.129.218" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1b-ea74-4440-948d-4571950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://ashapeforlife.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1b-3d50-48a7-9547-4883950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'ashapeforlife.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1b-6730-41ef-8202-4ae9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f", "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f", "dst_ref": "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f", "value": "198.46.85.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1b-0e20-4e60-bcc8-4415950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://ashtontan.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1b-d1d4-4761-9bf5-4445950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'ashtontan.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "dst_ref": "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f", "value": "103.6.198.208" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1c-0710-4e8f-b78c-4c92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://avsaroglubisiklet.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1c-97b8-4e9d-92da-4f34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'avsaroglubisiklet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1d-ea74-403f-b883-437f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1d-ea74-403f-b883-437f950d210f", "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1d-ea74-403f-b883-437f950d210f", "dst_ref": "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f", "value": "188.132.232.70" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1d-f3f8-4ee6-9cc2-4432950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://bhs-news.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1d-9b40-453c-9325-4e49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'bhs-news.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1e-223c-4e44-b453-4943950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1e-223c-4e44-b453-4943950d210f", "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1e-223c-4e44-b453-4943950d210f", "dst_ref": "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f", "value": "50.28.39.131" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1e-c54c-4133-9680-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://borcom.de/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1e-4f58-45c4-9326-438d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'borcom.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1e-8be0-4430-86cb-4b8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f", "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f", "dst_ref": "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f", "value": "83.220.144.30" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1e-ddd0-4582-a51b-4a5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[url:value = 'http://bosphorustekneleri.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1f-44d4-48eb-9d44-4324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "pattern": "[domain-name:value = 'bosphorustekneleri.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca1f-e198-4f18-87a8-4bd7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f", "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f", "dst_ref": "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f", "value": "209.140.18.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1f-45c8-44e2-8f41-47e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://consultingfranquean.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca1f-4d24-4ef7-94c8-4335950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'consultingfranquean.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca20-77bc-416e-b2fd-4d97950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f", "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f", "dst_ref": "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f", "value": "151.80.184.39" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca20-212c-45c8-acb9-4700950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://cortaestanciapolanco.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca20-8980-4ca3-bce4-45ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'cortaestanciapolanco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca20-1994-481e-8e48-4aeb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f", "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f", "dst_ref": "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f", "value": "63.247.141.99" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca21-2844-410b-8bf2-407b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://crna-macka.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca21-e85c-492e-82c4-43e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'crna-macka.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca21-cf98-48b4-8d2f-41e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f", "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f", "dst_ref": "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f", "value": "212.72.103.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca21-35c4-4dd1-a121-4e86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://dic-astra.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca22-9bcc-49b0-95df-47f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'dic-astra.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "dst_ref": "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f", "value": "138.201.161.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca22-c564-4462-b7f1-4373950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://gug-gummi.com/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca22-eb8c-43f9-a006-475b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'gug-gummi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca23-21ac-4fc4-9b53-4120950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f", "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f", "dst_ref": "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f", "value": "78.138.88.232" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca23-a6e8-4ebb-b50b-44e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://poemsan.info/p66/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca23-09f8-4cfc-85f2-4103950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'poemsan.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca41-3204-4881-8aaa-4fab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[url:value = 'http://www.fasching-hallbergmoos.de/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca41-c0a4-4f8f-acc8-4136950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "pattern": "[domain-name:value = 'www.fasching-hallbergmoos.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca41-c174-40af-828b-4973950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59ccca41-c174-40af-828b-4973950d210f", "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ccca41-c174-40af-828b-4973950d210f", "dst_ref": "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f", "value": "78.138.88.40" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca48-59a0-42a3-b65a-4c1d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "description": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6", "pattern": "[file:hashes.SHA256 = '3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ccca48-578c-4e68-a971-4d7a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "description": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6", "pattern": "[file:hashes.SHA1 = 'b83fa30809ca80e981546cf1bae8f3f9a9cca206']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T13:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ccca48-de94-482b-9489-4baf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:44.000Z", "modified": "2017-09-29T13:07:44.000Z", "first_observed": "2017-09-29T13:07:44Z", "last_observed": "2017-09-29T13:07:44Z", "number_observed": 1, "object_refs": [ "url--59ccca48-de94-482b-9489-4baf02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ccca48-de94-482b-9489-4baf02de0b81", "value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506591639/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ce45a1-3ff8-4e6a-a052-79d102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T13:07:45.000Z", "modified": "2017-09-29T13:07:45.000Z", "first_observed": "2017-09-29T13:07:45Z", "last_observed": "2017-09-29T13:07:45Z", "number_observed": 1, "object_refs": [ "url--59ce45a1-3ff8-4e6a-a052-79d102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ce45a1-3ff8-4e6a-a052-79d102de0b81", "value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506685598/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }