{ "type": "bundle", "id": "bundle--59d480ba-a7cc-4041-8470-4647950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:09.000Z", "modified": "2017-10-04T08:34:09.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59d480ba-a7cc-4041-8470-4647950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:09.000Z", "modified": "2017-10-04T08:34:09.000Z", "name": "M2M - Locky 2017-10-03 : Affid=3, offline, \".ykcol\" : \"Emailing - DOC123\" - \"DOC123.7z\"", "context": "suspicious-activity", "object_refs": [ "indicator--59d480bb-aba8-45fd-b40a-46bd950d210f", "indicator--59d480bb-e56c-4642-8e7c-dd82950d210f", "indicator--59d480bb-616c-478c-9cb6-4fb8950d210f", "observed-data--59d480bc-ab8c-41ce-a602-6a98950d210f", "network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f", "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f", "indicator--59d480bd-827c-4805-addc-4fcd950d210f", "indicator--59d480bd-11ec-4a1e-a167-dd7d950d210f", "observed-data--59d480bd-add8-4985-b92f-40c8950d210f", "network-traffic--59d480bd-add8-4985-b92f-40c8950d210f", "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f", "indicator--59d480bd-bd08-4a33-af0e-dbc4950d210f", "indicator--59d480be-5fd0-42af-9334-4890950d210f", "indicator--59d480dc-287c-49e2-ab55-4224950d210f", "indicator--59d480dc-4c14-4b62-891e-dd7d950d210f", "observed-data--59d480de-5b54-4988-a5e9-430f950d210f", "network-traffic--59d480de-5b54-4988-a5e9-430f950d210f", "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f", "indicator--59d480de-a008-4552-8903-4ed9950d210f", "indicator--59d480de-55b0-476b-93dc-43c2950d210f", "observed-data--59d480de-f6fc-40c4-9d6d-4846950d210f", "network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f", "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f", "indicator--59d480df-8790-4ce6-b7e5-4c7f950d210f", "indicator--59d480df-ee64-4037-8419-45f4950d210f", "observed-data--59d480df-8ee4-4188-8230-dd7d950d210f", "network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f", "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f", "indicator--59d480df-e884-47af-9bd9-dd82950d210f", "indicator--59d480e0-9504-4447-93f8-4611950d210f", "observed-data--59d480e0-ec34-44be-84d7-4025950d210f", "network-traffic--59d480e0-ec34-44be-84d7-4025950d210f", "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f", "indicator--59d480e0-f6a0-42e9-9f24-6d43950d210f", "indicator--59d480e0-63b0-49ac-9ea7-4483950d210f", "observed-data--59d480e1-b9d0-41f9-b481-4fb9950d210f", "network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f", "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f", "indicator--59d480e1-3ebc-4f76-ae00-6a98950d210f", "indicator--59d480e1-88fc-4375-a668-6e37950d210f", "observed-data--59d480e1-e5d4-432c-94a6-4fe4950d210f", "network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f", "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f", "indicator--59d480e2-7678-4cc6-946e-4d6b950d210f", "indicator--59d480e2-12b8-42a9-820b-dd7d950d210f", "observed-data--59d480e2-9068-4c31-bd5b-44cf950d210f", "network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f", "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f", "indicator--59d480e3-bd54-4aa7-8736-46b1950d210f", "indicator--59d480e3-0e60-4264-b2e9-6d43950d210f", "observed-data--59d480e3-c45c-4a33-a796-49fe950d210f", "network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f", "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f", "indicator--59d480e3-c54c-4e59-81d3-4123950d210f", "indicator--59d480e3-c010-4d94-b48a-6a98950d210f", "observed-data--59d480e4-bf14-4285-b832-6e37950d210f", "network-traffic--59d480e4-bf14-4285-b832-6e37950d210f", "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f", "indicator--59d480e4-5860-489d-a690-4717950d210f", "indicator--59d480e4-e8e0-4b4e-b2f6-4609950d210f", "observed-data--59d480e5-8fc4-4596-8240-dd7d950d210f", "network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f", "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f", "indicator--59d480e5-9f50-4861-be8e-1b2c950d210f", "indicator--59d480e5-0ea8-4b22-bf54-4b56950d210f", "observed-data--59d480e6-65b4-4c38-af3f-dbc4950d210f", "network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f", "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f", "indicator--59d480e7-9df4-4a57-842e-6a98950d210f", "indicator--59d480e7-acc0-4436-8c9a-6e37950d210f", "observed-data--59d480e7-89a0-4116-b3d0-42ee950d210f", "network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f", "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f", "indicator--59d480e7-83a0-409e-81f1-4b79950d210f", "indicator--59d480e8-3c14-4a35-85d5-43a1950d210f", "observed-data--59d480e8-62f0-4c10-85de-1b2c950d210f", "network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f", "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f", "indicator--59d480e8-1668-413b-8bf3-47a3950d210f", "indicator--59d480e9-56f0-46b8-a7ac-4a24950d210f", "observed-data--59d480e9-9e9c-444b-8e88-4620950d210f", "network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f", "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f", "indicator--59d480e9-a7c8-43d7-937e-dbc4950d210f", "indicator--59d480e9-32c0-4061-aebe-4d57950d210f", "observed-data--59d480ea-06fc-4040-a126-6e37950d210f", "network-traffic--59d480ea-06fc-4040-a126-6e37950d210f", "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f", "indicator--59d480ea-61c8-463f-9eb8-4d80950d210f", "indicator--59d480ea-3db0-4c77-b852-4d0e950d210f", "observed-data--59d480eb-ad34-4677-99f5-dd7d950d210f", "network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f", "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f", "observed-data--59d49cfa-28e8-4633-bb40-458f02de0b81", "url--59d49cfa-28e8-4633-bb40-458f02de0b81", "observed-data--59d486ba-ee54-49db-82ad-475902de0b81", "url--59d486ba-ee54-49db-82ad-475902de0b81", "indicator--59d486ba-e218-4d68-b028-46cb02de0b81", "indicator--59d486ba-5a48-4bb5-a2c5-492902de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bb-aba8-45fd-b40a-46bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[file:hashes.MD5 = 'b75bd60dc3686fe62eb4a4a8372be966']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bb-e56c-4642-8e7c-dd82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://420ent.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bb-616c-478c-9cb6-4fb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = '420ent.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480bc-ab8c-41ce-a602-6a98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f", "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f", "dst_ref": "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f", "value": "98.124.251.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bd-827c-4805-addc-4fcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://acaciainvestigations.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bd-11ec-4a1e-a167-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'acaciainvestigations.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480bd-add8-4985-b92f-40c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480bd-add8-4985-b92f-40c8950d210f", "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480bd-add8-4985-b92f-40c8950d210f", "dst_ref": "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f", "value": "208.79.200.25" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480bd-bd08-4a33-af0e-dbc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://aimonino.info/p66/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480be-5fd0-42af-9334-4890950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'aimonino.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480dc-287c-49e2-ab55-4224950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://atez.vn/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480dc-4c14-4b62-891e-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'atez.vn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480de-5b54-4988-a5e9-430f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480de-5b54-4988-a5e9-430f950d210f", "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480de-5b54-4988-a5e9-430f950d210f", "dst_ref": "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f", "value": "203.162.31.116" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480de-a008-4552-8903-4ed9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://chimachinenow.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480de-55b0-476b-93dc-43c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'chimachinenow.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480de-f6fc-40c4-9d6d-4846950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f", "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f", "dst_ref": "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f", "value": "199.30.241.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480df-8790-4ce6-b7e5-4c7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://dbatee.gr/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480df-ee64-4037-8419-45f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'dbatee.gr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480df-8ee4-4188-8230-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f", "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f", "dst_ref": "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f", "value": "62.103.152.100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480df-e884-47af-9bd9-dd82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://envi-herzog.de/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e0-9504-4447-93f8-4611950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'envi-herzog.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e0-ec34-44be-84d7-4025950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e0-ec34-44be-84d7-4025950d210f", "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e0-ec34-44be-84d7-4025950d210f", "dst_ref": "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f", "value": "194.116.187.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e0-f6a0-42e9-9f24-6d43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://eternallyclassicjewelry.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e0-63b0-49ac-9ea7-4483950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'eternallyclassicjewelry.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e1-b9d0-41f9-b481-4fb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f", "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f", "dst_ref": "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f", "value": "98.124.251.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e1-3ebc-4f76-ae00-6a98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://matern-eger.de/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e1-88fc-4375-a668-6e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'matern-eger.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e1-e5d4-432c-94a6-4fe4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f", "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f", "dst_ref": "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f", "value": "87.106.222.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e2-7678-4cc6-946e-4d6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://mysushi.it/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e2-12b8-42a9-820b-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'mysushi.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e2-9068-4c31-bd5b-44cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f", "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f", "dst_ref": "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f", "value": "93.174.71.137" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e3-bd54-4aa7-8736-46b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://phmetreci.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e3-0e60-4264-b2e9-6d43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'phmetreci.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e3-c45c-4a33-a796-49fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f", "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f", "dst_ref": "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f", "value": "185.150.128.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e3-c54c-4e59-81d3-4123950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[url:value = 'http://placecomp.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e3-c010-4d94-b48a-6a98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "pattern": "[domain-name:value = 'placecomp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e4-bf14-4285-b832-6e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:01.000Z", "modified": "2017-10-04T08:34:01.000Z", "first_observed": "2017-10-04T08:34:01Z", "last_observed": "2017-10-04T08:34:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e4-bf14-4285-b832-6e37950d210f", "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e4-bf14-4285-b832-6e37950d210f", "dst_ref": "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f", "value": "74.208.88.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e4-5860-489d-a690-4717950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://restaurantelburladero.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e4-e8e0-4b4e-b2f6-4609950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'restaurantelburladero.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e5-8fc4-4596-8240-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f", "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f", "dst_ref": "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f", "value": "5.2.88.79" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e5-9f50-4861-be8e-1b2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://runkel.com.mx/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e5-0ea8-4b22-bf54-4b56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'runkel.com.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e6-65b4-4c38-af3f-dbc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f", "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f", "dst_ref": "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f", "value": "173.201.253.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e7-9df4-4a57-842e-6a98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://sabines-marmeladen.de/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e7-acc0-4436-8c9a-6e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'sabines-marmeladen.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e7-89a0-4116-b3d0-42ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f", "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f", "dst_ref": "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f", "value": "178.77.75.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e7-83a0-409e-81f1-4b79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://sancorbr.com.br/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e8-3c14-4a35-85d5-43a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'sancorbr.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e8-62f0-4c10-85de-1b2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f", "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f", "dst_ref": "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f", "value": "69.64.57.170" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e8-1668-413b-8bf3-47a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://shanta.de/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e9-56f0-46b8-a7ac-4a24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'shanta.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480e9-9e9c-444b-8e88-4620950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f", "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f", "dst_ref": "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f", "value": "83.169.1.28" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e9-a7c8-43d7-937e-dbc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://studioslefteris.gr/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480e9-32c0-4061-aebe-4d57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'studioslefteris.gr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480ea-06fc-4040-a126-6e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480ea-06fc-4040-a126-6e37950d210f", "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480ea-06fc-4040-a126-6e37950d210f", "dst_ref": "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f", "value": "158.69.151.250" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480ea-61c8-463f-9eb8-4d80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[url:value = 'http://yoma888.com/uyitfu65uy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d480ea-3db0-4c77-b852-4d0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "pattern": "[domain-name:value = 'yoma888.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d480eb-ad34-4677-99f5-dd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f", "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f", "dst_ref": "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f", "value": "60.199.166.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d49cfa-28e8-4633-bb40-458f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "url--59d49cfa-28e8-4633-bb40-458f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59d49cfa-28e8-4633-bb40-458f02de0b81", "value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507105280/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d486ba-ee54-49db-82ad-475902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "first_observed": "2017-10-04T08:34:02Z", "last_observed": "2017-10-04T08:34:02Z", "number_observed": 1, "object_refs": [ "url--59d486ba-ee54-49db-82ad-475902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59d486ba-ee54-49db-82ad-475902de0b81", "value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507059034/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d486ba-e218-4d68-b028-46cb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "description": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966", "pattern": "[file:hashes.SHA1 = '68fc9c06dec69b161e940c385dd1b229f4f972b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d486ba-5a48-4bb5-a2c5-492902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-04T08:34:02.000Z", "modified": "2017-10-04T08:34:02.000Z", "description": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966", "pattern": "[file:hashes.SHA256 = 'd57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-04T08:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }