{ "type": "bundle", "id": "bundle--59d5e1fe-30f4-48ee-8b75-dabd950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:53.000Z", "modified": "2017-10-05T20:02:53.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59d5e1fe-30f4-48ee-8b75-dabd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:53.000Z", "modified": "2017-10-05T20:02:53.000Z", "name": "M2M - Locky 2017-10-04 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"", "published": "2017-10-05T20:04:36Z", "object_refs": [ "indicator--59d5e1ff-14ec-4c2e-af15-fde6950d210f", "indicator--59d5e1ff-35b8-452e-8a59-dabc950d210f", "indicator--59d5e200-72bc-4be4-845b-dac1950d210f", "observed-data--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "indicator--59d5e200-c904-4d26-a14a-fbfd950d210f", "indicator--59d5e201-7554-4f1a-87b3-fef5950d210f", "observed-data--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "indicator--59d5e201-138c-4b6c-bfc2-ff71950d210f", "indicator--59d5e201-9f04-4736-b547-dac2950d210f", "observed-data--59d5e202-8a4c-40ac-9090-fe89950d210f", "network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f", "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f", "indicator--59d5e202-7334-43d4-a597-fbfd950d210f", "indicator--59d5e203-c0b4-474b-a9dc-fef5950d210f", "observed-data--59d5e203-e81c-436c-bc98-fde6950d210f", "network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f", "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f", "indicator--59d5e203-c938-4918-b8a2-fdf1950d210f", "indicator--59d5e203-431c-43d4-a5e4-dac2950d210f", "observed-data--59d5e204-69dc-4cd1-99a9-dac1950d210f", "network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f", "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f", "indicator--59d5e204-9c84-438a-9323-fe89950d210f", "indicator--59d5e204-9d9c-4154-8275-dac0950d210f", "observed-data--59d5e204-23b8-4130-a4e2-fef5950d210f", "network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f", "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f", "indicator--59d5e205-f9f8-409b-8413-dac5950d210f", "indicator--59d5e205-089c-4e5b-94f4-fdf1950d210f", "observed-data--59d5e205-9b08-4efc-b807-dac2950d210f", "network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f", "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f", "indicator--59d5e205-d2f4-4f9e-bbf8-dabc950d210f", "indicator--59d5e206-e3cc-4bc9-97b6-ffb8950d210f", "observed-data--59d5e206-d85c-4564-be18-fe89950d210f", "network-traffic--59d5e206-d85c-4564-be18-fe89950d210f", "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f", "indicator--59d5e206-cd48-4474-b418-fbfd950d210f", "indicator--59d5e206-6a78-47f8-9548-fe8c950d210f", "observed-data--59d5e207-387c-412b-bcb6-fde6950d210f", "network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f", "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f", "indicator--59d5e207-06cc-4fb5-af8f-dac2950d210f", "indicator--59d5e207-8e0c-4b9f-80d6-dabe950d210f", "observed-data--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "indicator--59d5e208-d24c-4ecf-b899-fe89950d210f", "indicator--59d5e208-68e8-4bb5-bf1c-dac0950d210f", "observed-data--59d5e208-190c-42b4-8fe0-fef5950d210f", "network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f", "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f", "indicator--59d5e208-b7d8-41b7-9484-dac5950d210f", "indicator--59d5e209-c8ec-4057-95fb-fde6950d210f", "observed-data--59d5e209-1eec-49b2-a2b3-fe67950d210f", "network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f", "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f", "indicator--59d5e209-05b8-49c0-a801-ff71950d210f", "indicator--59d5e20a-7988-4f1a-8c3b-ffb8950d210f", "observed-data--59d5e20a-a958-4b3c-90dc-dac1950d210f", "network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f", "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f", "indicator--59d5e20a-b0e8-453d-a487-dac0950d210f", "indicator--59d5e20a-7474-4bed-846a-fef5950d210f", "observed-data--59d5e20b-62e8-4915-b14c-dac5950d210f", "network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f", "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f", "indicator--59d5e20b-620c-41e7-a3f5-fbfd950d210f", "indicator--59d5e20b-f750-4d5f-a622-dac2950d210f", "observed-data--59d5e20b-98cc-44a0-8193-ffb8950d210f", "network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f", "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f", "indicator--59d5e20c-c918-4c99-aa62-fe89950d210f", "indicator--59d5e20c-1e10-42d7-9f10-dac0950d210f", "observed-data--59d5e20d-bf74-48a3-81ad-dac5950d210f", "network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f", "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f", "indicator--59d5e20d-5e60-4e7a-9491-fbfd950d210f", "indicator--59d5e20d-b428-4c1b-98c1-fe67950d210f", "observed-data--59d5e20d-d198-4e95-b652-ffb8950d210f", "network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f", "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f", "indicator--59d5e20e-33a4-4c61-86dd-dac3950d210f", "indicator--59d5e20e-dea0-4ffe-ad8f-dac0950d210f", "observed-data--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "indicator--59d5e20e-894c-4e6e-90f0-fbfd950d210f", "indicator--59d5e20f-10ac-46ee-87c1-fe67950d210f", "indicator--59d68fe4-18e0-4ff7-b97d-4df402de0b81", "indicator--59d68fe4-0a98-4d25-8e28-4af602de0b81", "observed-data--59d68fe4-462c-4725-92b5-47fd02de0b81", "url--59d68fe4-462c-4725-92b5-47fd02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e1ff-14ec-4c2e-af15-fde6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[file:hashes.MD5 = '90f130611bdd7fe3c45cdf418f3ec006']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e1ff-35b8-452e-8a59-dabc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://artsidestudio.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e200-72bc-4be4-845b-dac1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'artsidestudio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "dst_ref": "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "value": "75.126.139.114" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e200-c904-4d26-a14a-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://baysanal.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e201-7554-4f1a-87b3-fef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'baysanal.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "dst_ref": "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f", "value": "185.19.95.61" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e201-138c-4b6c-bfc2-ff71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://computerserviceheerhugowaard.nl/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e201-9f04-4736-b547-dac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'computerserviceheerhugowaard.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e202-8a4c-40ac-9090-fe89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f", "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f", "dst_ref": "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f", "value": "94.75.202.60" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e202-7334-43d4-a597-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://foxcabinets.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e203-c0b4-474b-a9dc-fef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'foxcabinets.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e203-e81c-436c-bc98-fde6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f", "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f", "dst_ref": "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f", "value": "98.124.251.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e203-c938-4918-b8a2-fdf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://lacadosmurcia.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e203-431c-43d4-a5e4-dac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'lacadosmurcia.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e204-69dc-4cd1-99a9-dac1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f", "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f", "dst_ref": "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f", "value": "212.63.108.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e204-9c84-438a-9323-fe89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://laveentrading.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e204-9d9c-4154-8275-dac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'laveentrading.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e204-23b8-4130-a4e2-fef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f", "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f", "dst_ref": "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f", "value": "98.124.251.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e205-f9f8-409b-8413-dac5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://littleblessingscotons.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e205-089c-4e5b-94f4-fdf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'littleblessingscotons.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e205-9b08-4efc-b807-dac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f", "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f", "dst_ref": "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f", "value": "98.124.251.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e205-d2f4-4f9e-bbf8-dabc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://mautau.it/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e206-e3cc-4bc9-97b6-ffb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'mautau.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e206-d85c-4564-be18-fe89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e206-d85c-4564-be18-fe89950d210f", "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e206-d85c-4564-be18-fe89950d210f", "dst_ref": "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f", "value": "89.96.90.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e206-cd48-4474-b418-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://mis4.zenfinancial.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e206-6a78-47f8-9548-fe8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'mis4.zenfinancial.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e207-387c-412b-bcb6-fde6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f", "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f", "dst_ref": "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f", "value": "66.135.55.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e207-06cc-4fb5-af8f-dac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://photobookexpress.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e207-8e0c-4b9f-80d6-dabe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'photobookexpress.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "dst_ref": "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f", "value": "98.124.252.132" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e208-d24c-4ecf-b899-fe89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://poslovnekomunikacije.si/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e208-68e8-4bb5-bf1c-dac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'poslovnekomunikacije.si']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e208-190c-42b4-8fe0-fef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "first_observed": "2017-10-05T20:02:43Z", "last_observed": "2017-10-05T20:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f", "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f", "dst_ref": "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f", "value": "91.185.200.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e208-b7d8-41b7-9484-dac5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[url:value = 'http://pspcny.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e209-c8ec-4057-95fb-fde6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:43.000Z", "modified": "2017-10-05T20:02:43.000Z", "pattern": "[domain-name:value = 'pspcny.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e209-1eec-49b2-a2b3-fe67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f", "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f", "dst_ref": "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f", "value": "162.212.87.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e209-05b8-49c0-a801-ff71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://ragazzemessenger.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20a-7988-4f1a-8c3b-ffb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'ragazzemessenger.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20a-a958-4b3c-90dc-dac1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f", "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f", "dst_ref": "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f", "value": "98.124.251.168" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20a-b0e8-453d-a487-dac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://timmah.users.whitehat.dk/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20a-7474-4bed-846a-fef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'timmah.users.whitehat.dk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20b-62e8-4915-b14c-dac5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f", "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f", "dst_ref": "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f", "value": "91.221.196.222" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20b-620c-41e7-a3f5-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://trapiantivarese.org/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20b-f750-4d5f-a622-dac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'trapiantivarese.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20b-98cc-44a0-8193-ffb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f", "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f", "dst_ref": "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f", "value": "151.1.129.127" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20c-c918-4c99-aa62-fe89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://www.pizzelli.eu/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20c-1e10-42d7-9f10-dac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'www.pizzelli.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20d-bf74-48a3-81ad-dac5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f", "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f", "dst_ref": "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f", "value": "62.149.140.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20d-5e60-4e7a-9491-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://www.rafaelgalindo.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20d-b428-4c1b-98c1-fe67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'www.rafaelgalindo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20d-d198-4e95-b652-ffb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f", "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f", "dst_ref": "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f", "value": "94.23.224.229" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20e-33a4-4c61-86dd-dac3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://www.traders-forum.com/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20e-dea0-4ffe-ad8f-dac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'www.traders-forum.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "dst_ref": "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f", "value": "62.149.140.55" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20e-894c-4e6e-90f0-fbfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[url:value = 'http://derainlay.info/p66/tfhytdrf56u']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d5e20f-10ac-46ee-87c1-fe67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "pattern": "[domain-name:value = 'derainlay.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d68fe4-18e0-4ff7-b97d-4df402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "description": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006", "pattern": "[file:hashes.SHA256 = '8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d68fe4-0a98-4d25-8e28-4af602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "description": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006", "pattern": "[file:hashes.SHA1 = '77e09f12c5385555203421ceb5bad44c6745ba12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-05T20:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d68fe4-462c-4725-92b5-47fd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-05T20:02:44.000Z", "modified": "2017-10-05T20:02:44.000Z", "first_observed": "2017-10-05T20:02:44Z", "last_observed": "2017-10-05T20:02:44Z", "number_observed": 1, "object_refs": [ "url--59d68fe4-462c-4725-92b5-47fd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59d68fe4-462c-4725-92b5-47fd02de0b81", "value": "https://www.virustotal.com/file/8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199/analysis/1507190569/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }