{ "type": "bundle", "id": "bundle--59d8f433-4934-4b7e-a2e3-43ea950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-09T11:32:01.000Z", "modified": "2017-10-09T11:32:01.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59d8f433-4934-4b7e-a2e3-43ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-09T11:32:01.000Z", "modified": "2017-10-09T11:32:01.000Z", "name": "M2M - Locky 2017-10-05 : Affid=3, offline, \".ykcol\" : \"Invoice INV000123\" - \"Invoice INV000123.7z\"", "published": "2017-10-09T11:33:30Z", "object_refs": [ "indicator--59d8f434-8714-4c1d-a8a9-4eae950d210f", "indicator--59d8f434-79d8-4c66-8572-4937950d210f", "observed-data--59d8f434-cc74-4702-af56-41f5950d210f", "network-traffic--59d8f434-cc74-4702-af56-41f5950d210f", "ipv4-addr--59d8f434-cc74-4702-af56-41f5950d210f", "indicator--59d8f435-bc98-4f53-9ffb-48d5950d210f", "indicator--59d8f435-9240-4e80-aec5-4923950d210f", "observed-data--59d8f436-a944-48f4-bcdc-481e950d210f", "network-traffic--59d8f436-a944-48f4-bcdc-481e950d210f", "ipv4-addr--59d8f436-a944-48f4-bcdc-481e950d210f", "indicator--59d8f436-bc9c-457b-9521-b391950d210f", "indicator--59d8f436-cd0c-447e-9c57-49b4950d210f", "observed-data--59d8f437-4e04-4ec7-8e94-4382950d210f", "network-traffic--59d8f437-4e04-4ec7-8e94-4382950d210f", "ipv4-addr--59d8f437-4e04-4ec7-8e94-4382950d210f", "indicator--59d8f438-2304-41ee-b34f-b324950d210f", "indicator--59d8f438-58dc-4ba9-8de1-4958950d210f", "observed-data--59d8f43a-fc04-4d8e-ab65-4277950d210f", "network-traffic--59d8f43a-fc04-4d8e-ab65-4277950d210f", "ipv4-addr--59d8f43a-fc04-4d8e-ab65-4277950d210f", "indicator--59d8f43b-9954-49f3-b8bb-451f950d210f", "indicator--59d8f43b-c068-498f-bdd6-45c2950d210f", "observed-data--59d8f43b-f7a4-4c7b-8246-b324950d210f", "network-traffic--59d8f43b-f7a4-4c7b-8246-b324950d210f", "ipv4-addr--59d8f43b-f7a4-4c7b-8246-b324950d210f", "indicator--59d8f43c-6308-41ac-8670-4a51950d210f", "indicator--59d8f43c-2a94-48d8-b795-45ca950d210f", "observed-data--59d8f43c-2bd0-4360-879d-41d3950d210f", "network-traffic--59d8f43c-2bd0-4360-879d-41d3950d210f", "ipv4-addr--59d8f43c-2bd0-4360-879d-41d3950d210f", "indicator--59d8f43d-4204-4218-a269-4154950d210f", "indicator--59d8f43d-340c-4d39-a585-4e27950d210f", "observed-data--59d8f43d-94e0-4df7-a2d9-410a950d210f", "network-traffic--59d8f43d-94e0-4df7-a2d9-410a950d210f", "ipv4-addr--59d8f43d-94e0-4df7-a2d9-410a950d210f", "indicator--59d8f43e-09f8-4b28-989d-b391950d210f", "indicator--59d8f43e-06fc-47f5-8b11-43bc950d210f", "observed-data--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "network-traffic--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "ipv4-addr--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "indicator--59d8f43f-e720-4b81-af17-4cb0950d210f", "indicator--59d8f43f-2ad4-4640-a0c6-4530950d210f", "observed-data--59d8f440-9d34-4ea9-a48d-4f35950d210f", "network-traffic--59d8f440-9d34-4ea9-a48d-4f35950d210f", "ipv4-addr--59d8f440-9d34-4ea9-a48d-4f35950d210f", "indicator--59d8f440-a9b0-4f47-85b3-489d950d210f", "indicator--59d8f441-5db8-47d3-9e16-4236950d210f", "observed-data--59d8f441-0850-4a71-9bc9-407f950d210f", "network-traffic--59d8f441-0850-4a71-9bc9-407f950d210f", "ipv4-addr--59d8f441-0850-4a71-9bc9-407f950d210f", "indicator--59d8f442-8654-4756-b881-430b950d210f", "indicator--59d8f442-1eb8-43a4-a66d-4f98950d210f", "indicator--59d8f443-0d0c-4188-8c63-4d09950d210f", "indicator--59d8f443-4b0c-46d3-a670-42c6950d210f", "indicator--59d8f443-996c-4d9e-a785-4bcd950d210f", "indicator--59d8f444-2318-4b33-a489-4458950d210f", "observed-data--59d8f444-5d10-470e-9426-4ded950d210f", "network-traffic--59d8f444-5d10-470e-9426-4ded950d210f", "ipv4-addr--59d8f444-5d10-470e-9426-4ded950d210f", "indicator--59d8f444-bd84-4bb8-b5ca-42f3950d210f", "indicator--59d8f444-ec60-4f3d-8c91-470c950d210f", "observed-data--59d8f445-5118-442d-8b34-4c34950d210f", "network-traffic--59d8f445-5118-442d-8b34-4c34950d210f", "ipv4-addr--59d8f445-5118-442d-8b34-4c34950d210f", "indicator--59d8f445-d830-47ed-831c-4e9c950d210f", "indicator--59d8f445-5ad4-4ec3-835c-4d30950d210f", "observed-data--59d8f446-b234-4957-93ea-4310950d210f", "network-traffic--59d8f446-b234-4957-93ea-4310950d210f", "ipv4-addr--59d8f446-b234-4957-93ea-4310950d210f", "indicator--59d8f446-06f8-469b-8f8b-4ff0950d210f", "indicator--59d8f447-e1e0-4a3b-8093-47a1950d210f", "observed-data--59d8f448-8c18-4592-a371-4743950d210f", "network-traffic--59d8f448-8c18-4592-a371-4743950d210f", "ipv4-addr--59d8f448-8c18-4592-a371-4743950d210f", "indicator--59d8f449-f0ac-485f-806d-4c85950d210f", "indicator--59d8f449-9338-4f85-be0a-4e76950d210f", "observed-data--59d8f449-6584-4bb8-a027-b324950d210f", "network-traffic--59d8f449-6584-4bb8-a027-b324950d210f", "ipv4-addr--59d8f449-6584-4bb8-a027-b324950d210f", "indicator--59d8f44a-b32c-448a-9bbc-413d950d210f", "indicator--59d8f44a-1edc-4e96-90b3-493c950d210f", "indicator--59d8f46d-9660-4870-ae7d-4699950d210f", "indicator--59d8f46d-c49c-4d65-8bfb-4d42950d210f", "observed-data--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "network-traffic--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "ipv4-addr--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "indicator--59d8f46e-cf68-4c7d-851a-4c0b950d210f", "indicator--59d8f46e-4590-4dbf-b1c5-4c52950d210f", "observed-data--59d8f46f-88e0-45a0-a237-4fbf950d210f", "network-traffic--59d8f46f-88e0-45a0-a237-4fbf950d210f", "ipv4-addr--59d8f46f-88e0-45a0-a237-4fbf950d210f", "indicator--59d8f46f-fa9c-487e-bedf-4114950d210f", "indicator--59d8f46f-4c90-4cc9-8574-b391950d210f", "indicator--59d8f496-c3e4-4d84-b79b-49e9950d210f", "indicator--59d8f496-36c0-4bb5-a19a-4ee4950d210f", "observed-data--59d8f497-0418-4c47-b01b-4b8e950d210f", "network-traffic--59d8f497-0418-4c47-b01b-4b8e950d210f", "ipv4-addr--59d8f497-0418-4c47-b01b-4b8e950d210f", "indicator--59d8f498-e480-4629-9b09-48c9950d210f", "indicator--59d8f498-2978-48e5-a021-467b950d210f", "observed-data--59d8f498-da14-40d7-bc48-42ec950d210f", "network-traffic--59d8f498-da14-40d7-bc48-42ec950d210f", "ipv4-addr--59d8f498-da14-40d7-bc48-42ec950d210f", "indicator--59d8f499-1f44-471f-8727-437a950d210f", "indicator--59d8f499-70d0-482f-b965-b391950d210f", "observed-data--59d8f499-d2d4-4f3c-9e67-4215950d210f", "network-traffic--59d8f499-d2d4-4f3c-9e67-4215950d210f", "ipv4-addr--59d8f499-d2d4-4f3c-9e67-4215950d210f", "indicator--59d8f49a-37c0-40b0-a2b6-4b39950d210f", "indicator--59d8f49a-8fb8-4036-8897-448a950d210f", "observed-data--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "network-traffic--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "ipv4-addr--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "indicator--59d8f49b-3950-4f54-8c00-4bf7950d210f", "indicator--59d8f49c-3cd0-4c21-ab94-4b4d950d210f", "observed-data--59d8f49c-9068-41eb-8e03-45c4950d210f", "network-traffic--59d8f49c-9068-41eb-8e03-45c4950d210f", "ipv4-addr--59d8f49c-9068-41eb-8e03-45c4950d210f", "indicator--59d8f49d-9e1c-4383-a5dd-b391950d210f", "indicator--59d8f49d-6360-41f7-ae0e-b324950d210f", "observed-data--59d8f49d-7624-4029-9394-43d6950d210f", "network-traffic--59d8f49d-7624-4029-9394-43d6950d210f", "ipv4-addr--59d8f49d-7624-4029-9394-43d6950d210f", "indicator--59d8f49e-b3ec-4771-8d19-49d9950d210f", "indicator--59d8f49e-4970-4cc3-b946-483b950d210f", "observed-data--59d8f49e-0cb8-4882-8817-4e4a950d210f", "network-traffic--59d8f49e-0cb8-4882-8817-4e4a950d210f", "ipv4-addr--59d8f49e-0cb8-4882-8817-4e4a950d210f", "indicator--59d8f49f-88b4-4442-8a01-4a77950d210f", "indicator--59d8f49f-da18-419a-b82b-418a950d210f", "observed-data--59d8f49f-c678-4bb2-bbda-47d5950d210f", "network-traffic--59d8f49f-c678-4bb2-bbda-47d5950d210f", "ipv4-addr--59d8f49f-c678-4bb2-bbda-47d5950d210f", "indicator--59d8f4a0-4330-4ecc-90da-45c9950d210f", "indicator--59d8f4a0-b328-4563-a46a-4dad950d210f", "observed-data--59d8f4a0-7610-4eb3-a92d-4053950d210f", "network-traffic--59d8f4a0-7610-4eb3-a92d-4053950d210f", "ipv4-addr--59d8f4a0-7610-4eb3-a92d-4053950d210f", "indicator--59d8f4a1-ee40-447b-be77-4c40950d210f", "indicator--59d8f4a1-a6a8-4ced-8b07-4c34950d210f", "observed-data--59d8f4a2-3678-4554-a38c-4083950d210f", "network-traffic--59d8f4a2-3678-4554-a38c-4083950d210f", "ipv4-addr--59d8f4a2-3678-4554-a38c-4083950d210f", "indicator--59d8f4a2-faf4-4cf5-a61e-414b950d210f", "indicator--59d8f4a2-4098-425f-941e-4a44950d210f", "observed-data--59d8f4a3-4ba8-448f-8a86-4106950d210f", "network-traffic--59d8f4a3-4ba8-448f-8a86-4106950d210f", "ipv4-addr--59d8f4a3-4ba8-448f-8a86-4106950d210f", "indicator--59d8f4a3-fdb4-4cc0-abb1-48ae950d210f", "indicator--59d8f4a4-4310-47df-98a0-41de950d210f", "observed-data--59d8f4a4-8138-4678-b4c7-4904950d210f", "network-traffic--59d8f4a4-8138-4678-b4c7-4904950d210f", "ipv4-addr--59d8f4a4-8138-4678-b4c7-4904950d210f", "indicator--59d8f4a4-3d4c-473c-82b8-478c950d210f", "indicator--59d8f4a5-3fd8-4afb-ac22-4641950d210f", "observed-data--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "network-traffic--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "ipv4-addr--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "indicator--59d8f4a5-3718-4c5a-aa64-b391950d210f", "indicator--59d8f4a6-6f0c-4759-afa9-4230950d210f", "observed-data--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "network-traffic--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "ipv4-addr--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "indicator--59d8f4a7-2a40-4bb0-bd91-4ad8950d210f", "indicator--59d8f4a7-6c4c-4c51-955f-41ec950d210f", "observed-data--59d8f4a7-d58c-4188-a270-4ef5950d210f", "network-traffic--59d8f4a7-d58c-4188-a270-4ef5950d210f", "ipv4-addr--59d8f4a7-d58c-4188-a270-4ef5950d210f", "indicator--59d8f4a8-5250-486d-a62e-433d950d210f", "indicator--59d8f4a8-b754-48e1-823b-450c950d210f", "observed-data--59d8f4a9-6950-47b5-a711-4dfa950d210f", "network-traffic--59d8f4a9-6950-47b5-a711-4dfa950d210f", "ipv4-addr--59d8f4a9-6950-47b5-a711-4dfa950d210f", "indicator--59d8f4aa-0620-47b7-9894-4dc2950d210f", "indicator--59d8f4aa-6f58-44e9-a995-4245950d210f", "observed-data--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "network-traffic--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "ipv4-addr--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "indicator--59d8f4ab-f324-42ae-87ba-480c950d210f", "indicator--59d8f4ab-bae0-4566-b4d4-437b950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f434-8714-4c1d-a8a9-4eae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:16.000Z", "modified": "2017-10-07T15:35:16.000Z", "pattern": "[url:value = 'http://abelfaria.pt/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f434-79d8-4c66-8572-4937950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:16.000Z", "modified": "2017-10-07T15:35:16.000Z", "pattern": "[domain-name:value = 'abelfaria.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f434-cc74-4702-af56-41f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:16.000Z", "modified": "2017-10-07T15:35:16.000Z", "first_observed": "2017-10-07T15:35:16Z", "last_observed": "2017-10-07T15:35:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f434-cc74-4702-af56-41f5950d210f", "ipv4-addr--59d8f434-cc74-4702-af56-41f5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f434-cc74-4702-af56-41f5950d210f", "dst_ref": "ipv4-addr--59d8f434-cc74-4702-af56-41f5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f434-cc74-4702-af56-41f5950d210f", "value": "109.71.42.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f435-bc98-4f53-9ffb-48d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:17.000Z", "modified": "2017-10-07T15:35:17.000Z", "pattern": "[url:value = 'http://balzantruck.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f435-9240-4e80-aec5-4923950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:17.000Z", "modified": "2017-10-07T15:35:17.000Z", "pattern": "[domain-name:value = 'balzantruck.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f436-a944-48f4-bcdc-481e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:18.000Z", "modified": "2017-10-07T15:35:18.000Z", "first_observed": "2017-10-07T15:35:18Z", "last_observed": "2017-10-07T15:35:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f436-a944-48f4-bcdc-481e950d210f", "ipv4-addr--59d8f436-a944-48f4-bcdc-481e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f436-a944-48f4-bcdc-481e950d210f", "dst_ref": "ipv4-addr--59d8f436-a944-48f4-bcdc-481e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f436-a944-48f4-bcdc-481e950d210f", "value": "69.156.240.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f436-bc9c-457b-9521-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:18.000Z", "modified": "2017-10-07T15:35:18.000Z", "pattern": "[url:value = 'http://bnphealthcare.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f436-cd0c-447e-9c57-49b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:18.000Z", "modified": "2017-10-07T15:35:18.000Z", "pattern": "[domain-name:value = 'bnphealthcare.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f437-4e04-4ec7-8e94-4382950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:19.000Z", "modified": "2017-10-07T15:35:19.000Z", "first_observed": "2017-10-07T15:35:19Z", "last_observed": "2017-10-07T15:35:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f437-4e04-4ec7-8e94-4382950d210f", "ipv4-addr--59d8f437-4e04-4ec7-8e94-4382950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f437-4e04-4ec7-8e94-4382950d210f", "dst_ref": "ipv4-addr--59d8f437-4e04-4ec7-8e94-4382950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f437-4e04-4ec7-8e94-4382950d210f", "value": "202.169.44.152" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f438-2304-41ee-b34f-b324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:20.000Z", "modified": "2017-10-07T15:35:20.000Z", "pattern": "[url:value = 'http://conxibit.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f438-58dc-4ba9-8de1-4958950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:20.000Z", "modified": "2017-10-07T15:35:20.000Z", "pattern": "[domain-name:value = 'conxibit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f43a-fc04-4d8e-ab65-4277950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:22.000Z", "modified": "2017-10-07T15:35:22.000Z", "first_observed": "2017-10-07T15:35:22Z", "last_observed": "2017-10-07T15:35:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f43a-fc04-4d8e-ab65-4277950d210f", "ipv4-addr--59d8f43a-fc04-4d8e-ab65-4277950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f43a-fc04-4d8e-ab65-4277950d210f", "dst_ref": "ipv4-addr--59d8f43a-fc04-4d8e-ab65-4277950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f43a-fc04-4d8e-ab65-4277950d210f", "value": "175.107.146.17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43b-9954-49f3-b8bb-451f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:23.000Z", "modified": "2017-10-07T15:35:23.000Z", "pattern": "[url:value = 'http://demopowerindo.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43b-c068-498f-bdd6-45c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:23.000Z", "modified": "2017-10-07T15:35:23.000Z", "pattern": "[domain-name:value = 'demopowerindo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f43b-f7a4-4c7b-8246-b324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:23.000Z", "modified": "2017-10-07T15:35:23.000Z", "first_observed": "2017-10-07T15:35:23Z", "last_observed": "2017-10-07T15:35:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f43b-f7a4-4c7b-8246-b324950d210f", "ipv4-addr--59d8f43b-f7a4-4c7b-8246-b324950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f43b-f7a4-4c7b-8246-b324950d210f", "dst_ref": "ipv4-addr--59d8f43b-f7a4-4c7b-8246-b324950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f43b-f7a4-4c7b-8246-b324950d210f", "value": "202.169.44.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43c-6308-41ac-8670-4a51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:24.000Z", "modified": "2017-10-07T15:35:24.000Z", "pattern": "[url:value = 'http://ecofloraholland.nl/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43c-2a94-48d8-b795-45ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:24.000Z", "modified": "2017-10-07T15:35:24.000Z", "pattern": "[domain-name:value = 'ecofloraholland.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f43c-2bd0-4360-879d-41d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:24.000Z", "modified": "2017-10-07T15:35:24.000Z", "first_observed": "2017-10-07T15:35:24Z", "last_observed": "2017-10-07T15:35:24Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f43c-2bd0-4360-879d-41d3950d210f", "ipv4-addr--59d8f43c-2bd0-4360-879d-41d3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f43c-2bd0-4360-879d-41d3950d210f", "dst_ref": "ipv4-addr--59d8f43c-2bd0-4360-879d-41d3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f43c-2bd0-4360-879d-41d3950d210f", "value": "195.160.216.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43d-4204-4218-a269-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:25.000Z", "modified": "2017-10-07T15:35:25.000Z", "pattern": "[url:value = 'http://emeryconsult.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43d-340c-4d39-a585-4e27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:25.000Z", "modified": "2017-10-07T15:35:25.000Z", "pattern": "[domain-name:value = 'emeryconsult.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f43d-94e0-4df7-a2d9-410a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:25.000Z", "modified": "2017-10-07T15:35:25.000Z", "first_observed": "2017-10-07T15:35:25Z", "last_observed": "2017-10-07T15:35:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f43d-94e0-4df7-a2d9-410a950d210f", "ipv4-addr--59d8f43d-94e0-4df7-a2d9-410a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f43d-94e0-4df7-a2d9-410a950d210f", "dst_ref": "ipv4-addr--59d8f43d-94e0-4df7-a2d9-410a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f43d-94e0-4df7-a2d9-410a950d210f", "value": "74.208.100.102" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43e-09f8-4b28-989d-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:26.000Z", "modified": "2017-10-07T15:35:26.000Z", "pattern": "[url:value = 'http://eurecas.org/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43e-06fc-47f5-8b11-43bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:26.000Z", "modified": "2017-10-07T15:35:26.000Z", "pattern": "[domain-name:value = 'eurecas.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:27.000Z", "modified": "2017-10-07T15:35:27.000Z", "first_observed": "2017-10-07T15:35:27Z", "last_observed": "2017-10-07T15:35:27Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "ipv4-addr--59d8f43f-919c-48a9-bc4c-4c6a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "dst_ref": "ipv4-addr--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f43f-919c-48a9-bc4c-4c6a950d210f", "value": "185.58.7.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43f-e720-4b81-af17-4cb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:27.000Z", "modified": "2017-10-07T15:35:27.000Z", "pattern": "[url:value = 'http://georginabringas.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f43f-2ad4-4640-a0c6-4530950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:27.000Z", "modified": "2017-10-07T15:35:27.000Z", "pattern": "[domain-name:value = 'georginabringas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f440-9d34-4ea9-a48d-4f35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:28.000Z", "modified": "2017-10-07T15:35:28.000Z", "first_observed": "2017-10-07T15:35:28Z", "last_observed": "2017-10-07T15:35:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f440-9d34-4ea9-a48d-4f35950d210f", "ipv4-addr--59d8f440-9d34-4ea9-a48d-4f35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f440-9d34-4ea9-a48d-4f35950d210f", "dst_ref": "ipv4-addr--59d8f440-9d34-4ea9-a48d-4f35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f440-9d34-4ea9-a48d-4f35950d210f", "value": "40.76.209.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f440-a9b0-4f47-85b3-489d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:28.000Z", "modified": "2017-10-07T15:35:28.000Z", "pattern": "[url:value = 'http://highpressurewelding.co.uk/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f441-5db8-47d3-9e16-4236950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:29.000Z", "modified": "2017-10-07T15:35:29.000Z", "pattern": "[domain-name:value = 'highpressurewelding.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f441-0850-4a71-9bc9-407f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:29.000Z", "modified": "2017-10-07T15:35:29.000Z", "first_observed": "2017-10-07T15:35:29Z", "last_observed": "2017-10-07T15:35:29Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f441-0850-4a71-9bc9-407f950d210f", "ipv4-addr--59d8f441-0850-4a71-9bc9-407f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f441-0850-4a71-9bc9-407f950d210f", "dst_ref": "ipv4-addr--59d8f441-0850-4a71-9bc9-407f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f441-0850-4a71-9bc9-407f950d210f", "value": "91.192.195.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f442-8654-4756-b881-430b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:30.000Z", "modified": "2017-10-07T15:35:30.000Z", "pattern": "[url:value = 'http://ilibarcelos.pt/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f442-1eb8-43a4-a66d-4f98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:30.000Z", "modified": "2017-10-07T15:35:30.000Z", "pattern": "[domain-name:value = 'ilibarcelos.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f443-0d0c-4188-8c63-4d09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:31.000Z", "modified": "2017-10-07T15:35:31.000Z", "pattern": "[url:value = 'http://lasdamas.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f443-4b0c-46d3-a670-42c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:31.000Z", "modified": "2017-10-07T15:35:31.000Z", "pattern": "[domain-name:value = 'lasdamas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f443-996c-4d9e-a785-4bcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:31.000Z", "modified": "2017-10-07T15:35:31.000Z", "pattern": "[url:value = 'http://logistics.nazwa.pl/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f444-2318-4b33-a489-4458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:32.000Z", "modified": "2017-10-07T15:35:32.000Z", "pattern": "[domain-name:value = 'logistics.nazwa.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f444-5d10-470e-9426-4ded950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:32.000Z", "modified": "2017-10-07T15:35:32.000Z", "first_observed": "2017-10-07T15:35:32Z", "last_observed": "2017-10-07T15:35:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f444-5d10-470e-9426-4ded950d210f", "ipv4-addr--59d8f444-5d10-470e-9426-4ded950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f444-5d10-470e-9426-4ded950d210f", "dst_ref": "ipv4-addr--59d8f444-5d10-470e-9426-4ded950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f444-5d10-470e-9426-4ded950d210f", "value": "85.128.227.19" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f444-bd84-4bb8-b5ca-42f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:32.000Z", "modified": "2017-10-07T15:35:32.000Z", "pattern": "[url:value = 'http://machala.freehost.pl/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f444-ec60-4f3d-8c91-470c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:32.000Z", "modified": "2017-10-07T15:35:32.000Z", "pattern": "[domain-name:value = 'machala.freehost.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f445-5118-442d-8b34-4c34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:33.000Z", "modified": "2017-10-07T15:35:33.000Z", "first_observed": "2017-10-07T15:35:33Z", "last_observed": "2017-10-07T15:35:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f445-5118-442d-8b34-4c34950d210f", "ipv4-addr--59d8f445-5118-442d-8b34-4c34950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f445-5118-442d-8b34-4c34950d210f", "dst_ref": "ipv4-addr--59d8f445-5118-442d-8b34-4c34950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f445-5118-442d-8b34-4c34950d210f", "value": "195.114.0.64" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f445-d830-47ed-831c-4e9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:33.000Z", "modified": "2017-10-07T15:35:33.000Z", "pattern": "[url:value = 'http://pnkparamount.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f445-5ad4-4ec3-835c-4d30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:33.000Z", "modified": "2017-10-07T15:35:33.000Z", "pattern": "[domain-name:value = 'pnkparamount.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f446-b234-4957-93ea-4310950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:34.000Z", "modified": "2017-10-07T15:35:34.000Z", "first_observed": "2017-10-07T15:35:34Z", "last_observed": "2017-10-07T15:35:34Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f446-b234-4957-93ea-4310950d210f", "ipv4-addr--59d8f446-b234-4957-93ea-4310950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f446-b234-4957-93ea-4310950d210f", "dst_ref": "ipv4-addr--59d8f446-b234-4957-93ea-4310950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f446-b234-4957-93ea-4310950d210f", "value": "66.135.55.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f446-06f8-469b-8f8b-4ff0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:34.000Z", "modified": "2017-10-07T15:35:34.000Z", "pattern": "[url:value = 'http://teracom.co.id/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f447-e1e0-4a3b-8093-47a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:35.000Z", "modified": "2017-10-07T15:35:35.000Z", "pattern": "[domain-name:value = 'teracom.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f448-8c18-4592-a371-4743950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:36.000Z", "modified": "2017-10-07T15:35:36.000Z", "first_observed": "2017-10-07T15:35:36Z", "last_observed": "2017-10-07T15:35:36Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f448-8c18-4592-a371-4743950d210f", "ipv4-addr--59d8f448-8c18-4592-a371-4743950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f448-8c18-4592-a371-4743950d210f", "dst_ref": "ipv4-addr--59d8f448-8c18-4592-a371-4743950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f448-8c18-4592-a371-4743950d210f", "value": "202.169.44.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f449-f0ac-485f-806d-4c85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:37.000Z", "modified": "2017-10-07T15:35:37.000Z", "pattern": "[url:value = 'http://troyriser.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f449-9338-4f85-be0a-4e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:37.000Z", "modified": "2017-10-07T15:35:37.000Z", "pattern": "[domain-name:value = 'troyriser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f449-6584-4bb8-a027-b324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:37.000Z", "modified": "2017-10-07T15:35:37.000Z", "first_observed": "2017-10-07T15:35:37Z", "last_observed": "2017-10-07T15:35:37Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f449-6584-4bb8-a027-b324950d210f", "ipv4-addr--59d8f449-6584-4bb8-a027-b324950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f449-6584-4bb8-a027-b324950d210f", "dst_ref": "ipv4-addr--59d8f449-6584-4bb8-a027-b324950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f449-6584-4bb8-a027-b324950d210f", "value": "98.124.251.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f44a-b32c-448a-9bbc-413d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:38.000Z", "modified": "2017-10-07T15:35:38.000Z", "pattern": "[url:value = 'http://unifiedfloor.com/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f44a-1edc-4e96-90b3-493c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:35:38.000Z", "modified": "2017-10-07T15:35:38.000Z", "pattern": "[domain-name:value = 'unifiedfloor.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46d-9660-4870-ae7d-4699950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:13.000Z", "modified": "2017-10-07T15:36:13.000Z", "pattern": "[url:value = 'http://www.100kisses.org/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46d-c49c-4d65-8bfb-4d42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:13.000Z", "modified": "2017-10-07T15:36:13.000Z", "pattern": "[domain-name:value = 'www.100kisses.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:13.000Z", "modified": "2017-10-07T15:36:13.000Z", "first_observed": "2017-10-07T15:36:13Z", "last_observed": "2017-10-07T15:36:13Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "ipv4-addr--59d8f46d-d0fc-4dfe-b875-4bae950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "dst_ref": "ipv4-addr--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f46d-d0fc-4dfe-b875-4bae950d210f", "value": "192.126.92.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46e-cf68-4c7d-851a-4c0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:14.000Z", "modified": "2017-10-07T15:36:14.000Z", "pattern": "[url:value = 'http://www.gtCartographic.co.uk/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46e-4590-4dbf-b1c5-4c52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:14.000Z", "modified": "2017-10-07T15:36:14.000Z", "pattern": "[domain-name:value = 'www.gtcartographic.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f46f-88e0-45a0-a237-4fbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:15.000Z", "modified": "2017-10-07T15:36:15.000Z", "first_observed": "2017-10-07T15:36:15Z", "last_observed": "2017-10-07T15:36:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f46f-88e0-45a0-a237-4fbf950d210f", "ipv4-addr--59d8f46f-88e0-45a0-a237-4fbf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f46f-88e0-45a0-a237-4fbf950d210f", "dst_ref": "ipv4-addr--59d8f46f-88e0-45a0-a237-4fbf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f46f-88e0-45a0-a237-4fbf950d210f", "value": "82.145.60.140" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46f-fa9c-487e-bedf-4114950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:15.000Z", "modified": "2017-10-07T15:36:15.000Z", "pattern": "[url:value = 'http://mrscrowe.net/p66/9hgfdfyr6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f46f-4c90-4cc9-8574-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:15.000Z", "modified": "2017-10-07T15:36:15.000Z", "pattern": "[domain-name:value = 'mrscrowe.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f496-c3e4-4d84-b79b-49e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:54.000Z", "modified": "2017-10-07T15:36:54.000Z", "pattern": "[url:value = 'http://2-wave.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f496-36c0-4bb5-a19a-4ee4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:54.000Z", "modified": "2017-10-07T15:36:54.000Z", "pattern": "[domain-name:value = '2-wave.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f497-0418-4c47-b01b-4b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:55.000Z", "modified": "2017-10-07T15:36:55.000Z", "first_observed": "2017-10-07T15:36:55Z", "last_observed": "2017-10-07T15:36:55Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f497-0418-4c47-b01b-4b8e950d210f", "ipv4-addr--59d8f497-0418-4c47-b01b-4b8e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f497-0418-4c47-b01b-4b8e950d210f", "dst_ref": "ipv4-addr--59d8f497-0418-4c47-b01b-4b8e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f497-0418-4c47-b01b-4b8e950d210f", "value": "209.54.62.81" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f498-e480-4629-9b09-48c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:56.000Z", "modified": "2017-10-07T15:36:56.000Z", "pattern": "[url:value = 'http://3e.com.pt/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f498-2978-48e5-a021-467b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:56.000Z", "modified": "2017-10-07T15:36:56.000Z", "pattern": "[domain-name:value = '3e.com.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f498-da14-40d7-bc48-42ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:56.000Z", "modified": "2017-10-07T15:36:56.000Z", "first_observed": "2017-10-07T15:36:56Z", "last_observed": "2017-10-07T15:36:56Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f498-da14-40d7-bc48-42ec950d210f", "ipv4-addr--59d8f498-da14-40d7-bc48-42ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f498-da14-40d7-bc48-42ec950d210f", "dst_ref": "ipv4-addr--59d8f498-da14-40d7-bc48-42ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f498-da14-40d7-bc48-42ec950d210f", "value": "174.141.224.179" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f499-1f44-471f-8727-437a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:57.000Z", "modified": "2017-10-07T15:36:57.000Z", "pattern": "[url:value = 'http://9ninewright.net/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f499-70d0-482f-b965-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:57.000Z", "modified": "2017-10-07T15:36:57.000Z", "pattern": "[domain-name:value = '9ninewright.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f499-d2d4-4f3c-9e67-4215950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:57.000Z", "modified": "2017-10-07T15:36:57.000Z", "first_observed": "2017-10-07T15:36:57Z", "last_observed": "2017-10-07T15:36:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f499-d2d4-4f3c-9e67-4215950d210f", "ipv4-addr--59d8f499-d2d4-4f3c-9e67-4215950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f499-d2d4-4f3c-9e67-4215950d210f", "dst_ref": "ipv4-addr--59d8f499-d2d4-4f3c-9e67-4215950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f499-d2d4-4f3c-9e67-4215950d210f", "value": "98.124.251.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49a-37c0-40b0-a2b6-4b39950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:58.000Z", "modified": "2017-10-07T15:36:58.000Z", "pattern": "[url:value = 'http://aerotransfer.cl/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49a-8fb8-4036-8897-448a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:58.000Z", "modified": "2017-10-07T15:36:58.000Z", "pattern": "[domain-name:value = 'aerotransfer.cl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:59.000Z", "modified": "2017-10-07T15:36:59.000Z", "first_observed": "2017-10-07T15:36:59Z", "last_observed": "2017-10-07T15:36:59Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "ipv4-addr--59d8f49b-f2ac-4405-b7c2-45c5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "dst_ref": "ipv4-addr--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f49b-f2ac-4405-b7c2-45c5950d210f", "value": "131.72.237.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49b-3950-4f54-8c00-4bf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:36:59.000Z", "modified": "2017-10-07T15:36:59.000Z", "pattern": "[url:value = 'http://agricom.it/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:36:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49c-3cd0-4c21-ab94-4b4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:00.000Z", "modified": "2017-10-07T15:37:00.000Z", "pattern": "[domain-name:value = 'agricom.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f49c-9068-41eb-8e03-45c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:00.000Z", "modified": "2017-10-07T15:37:00.000Z", "first_observed": "2017-10-07T15:37:00Z", "last_observed": "2017-10-07T15:37:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f49c-9068-41eb-8e03-45c4950d210f", "ipv4-addr--59d8f49c-9068-41eb-8e03-45c4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f49c-9068-41eb-8e03-45c4950d210f", "dst_ref": "ipv4-addr--59d8f49c-9068-41eb-8e03-45c4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f49c-9068-41eb-8e03-45c4950d210f", "value": "195.225.168.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49d-9e1c-4383-a5dd-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:01.000Z", "modified": "2017-10-07T15:37:01.000Z", "pattern": "[url:value = 'http://agriturismo-1001ulivo.it/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49d-6360-41f7-ae0e-b324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:01.000Z", "modified": "2017-10-07T15:37:01.000Z", "pattern": "[domain-name:value = 'agriturismo-1001ulivo.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f49d-7624-4029-9394-43d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:01.000Z", "modified": "2017-10-07T15:37:01.000Z", "first_observed": "2017-10-07T15:37:01Z", "last_observed": "2017-10-07T15:37:01Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f49d-7624-4029-9394-43d6950d210f", "ipv4-addr--59d8f49d-7624-4029-9394-43d6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f49d-7624-4029-9394-43d6950d210f", "dst_ref": "ipv4-addr--59d8f49d-7624-4029-9394-43d6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f49d-7624-4029-9394-43d6950d210f", "value": "85.235.131.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49e-b3ec-4771-8d19-49d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:02.000Z", "modified": "2017-10-07T15:37:02.000Z", "pattern": "[url:value = 'http://agriturismobellaria.net/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49e-4970-4cc3-b946-483b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:02.000Z", "modified": "2017-10-07T15:37:02.000Z", "pattern": "[domain-name:value = 'agriturismobellaria.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f49e-0cb8-4882-8817-4e4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:02.000Z", "modified": "2017-10-07T15:37:02.000Z", "first_observed": "2017-10-07T15:37:02Z", "last_observed": "2017-10-07T15:37:02Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f49e-0cb8-4882-8817-4e4a950d210f", "ipv4-addr--59d8f49e-0cb8-4882-8817-4e4a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f49e-0cb8-4882-8817-4e4a950d210f", "dst_ref": "ipv4-addr--59d8f49e-0cb8-4882-8817-4e4a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f49e-0cb8-4882-8817-4e4a950d210f", "value": "80.88.87.95" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49f-88b4-4442-8a01-4a77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:03.000Z", "modified": "2017-10-07T15:37:03.000Z", "pattern": "[url:value = 'http://a-host.co.uk/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f49f-da18-419a-b82b-418a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:03.000Z", "modified": "2017-10-07T15:37:03.000Z", "pattern": "[domain-name:value = 'a-host.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f49f-c678-4bb2-bbda-47d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:03.000Z", "modified": "2017-10-07T15:37:03.000Z", "first_observed": "2017-10-07T15:37:03Z", "last_observed": "2017-10-07T15:37:03Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f49f-c678-4bb2-bbda-47d5950d210f", "ipv4-addr--59d8f49f-c678-4bb2-bbda-47d5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f49f-c678-4bb2-bbda-47d5950d210f", "dst_ref": "ipv4-addr--59d8f49f-c678-4bb2-bbda-47d5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f49f-c678-4bb2-bbda-47d5950d210f", "value": "213.165.85.53" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a0-4330-4ecc-90da-45c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:04.000Z", "modified": "2017-10-07T15:37:04.000Z", "pattern": "[url:value = 'http://akolade.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a0-b328-4563-a46a-4dad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:04.000Z", "modified": "2017-10-07T15:37:04.000Z", "pattern": "[domain-name:value = 'akolade.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a0-7610-4eb3-a92d-4053950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:04.000Z", "modified": "2017-10-07T15:37:04.000Z", "first_observed": "2017-10-07T15:37:04Z", "last_observed": "2017-10-07T15:37:04Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a0-7610-4eb3-a92d-4053950d210f", "ipv4-addr--59d8f4a0-7610-4eb3-a92d-4053950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a0-7610-4eb3-a92d-4053950d210f", "dst_ref": "ipv4-addr--59d8f4a0-7610-4eb3-a92d-4053950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a0-7610-4eb3-a92d-4053950d210f", "value": "98.124.251.204" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a1-ee40-447b-be77-4c40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:05.000Z", "modified": "2017-10-07T15:37:05.000Z", "pattern": "[url:value = 'http://alexandre-azaria.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a1-a6a8-4ced-8b07-4c34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:05.000Z", "modified": "2017-10-07T15:37:05.000Z", "pattern": "[domain-name:value = 'alexandre-azaria.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a2-3678-4554-a38c-4083950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:06.000Z", "modified": "2017-10-07T15:37:06.000Z", "first_observed": "2017-10-07T15:37:06Z", "last_observed": "2017-10-07T15:37:06Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a2-3678-4554-a38c-4083950d210f", "ipv4-addr--59d8f4a2-3678-4554-a38c-4083950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a2-3678-4554-a38c-4083950d210f", "dst_ref": "ipv4-addr--59d8f4a2-3678-4554-a38c-4083950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a2-3678-4554-a38c-4083950d210f", "value": "195.154.231.6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a2-faf4-4cf5-a61e-414b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:06.000Z", "modified": "2017-10-07T15:37:06.000Z", "pattern": "[url:value = 'http://allesandradesigns.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a2-4098-425f-941e-4a44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:06.000Z", "modified": "2017-10-07T15:37:06.000Z", "pattern": "[domain-name:value = 'allesandradesigns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a3-4ba8-448f-8a86-4106950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:07.000Z", "modified": "2017-10-07T15:37:07.000Z", "first_observed": "2017-10-07T15:37:07Z", "last_observed": "2017-10-07T15:37:07Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a3-4ba8-448f-8a86-4106950d210f", "ipv4-addr--59d8f4a3-4ba8-448f-8a86-4106950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a3-4ba8-448f-8a86-4106950d210f", "dst_ref": "ipv4-addr--59d8f4a3-4ba8-448f-8a86-4106950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a3-4ba8-448f-8a86-4106950d210f", "value": "173.203.199.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a3-fdb4-4cc0-abb1-48ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:07.000Z", "modified": "2017-10-07T15:37:07.000Z", "pattern": "[url:value = 'http://andresarlemijn.nl/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a4-4310-47df-98a0-41de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:08.000Z", "modified": "2017-10-07T15:37:08.000Z", "pattern": "[domain-name:value = 'andresarlemijn.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a4-8138-4678-b4c7-4904950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:08.000Z", "modified": "2017-10-07T15:37:08.000Z", "first_observed": "2017-10-07T15:37:08Z", "last_observed": "2017-10-07T15:37:08Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a4-8138-4678-b4c7-4904950d210f", "ipv4-addr--59d8f4a4-8138-4678-b4c7-4904950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a4-8138-4678-b4c7-4904950d210f", "dst_ref": "ipv4-addr--59d8f4a4-8138-4678-b4c7-4904950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a4-8138-4678-b4c7-4904950d210f", "value": "195.60.215.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a4-3d4c-473c-82b8-478c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:08.000Z", "modified": "2017-10-07T15:37:08.000Z", "pattern": "[url:value = 'http://appartement-sailer.at/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a5-3fd8-4afb-ac22-4641950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:09.000Z", "modified": "2017-10-07T15:37:09.000Z", "pattern": "[domain-name:value = 'appartement-sailer.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:09.000Z", "modified": "2017-10-07T15:37:09.000Z", "first_observed": "2017-10-07T15:37:09Z", "last_observed": "2017-10-07T15:37:09Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "ipv4-addr--59d8f4a5-e8d8-4b77-b65d-43e0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "dst_ref": "ipv4-addr--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a5-e8d8-4b77-b65d-43e0950d210f", "value": "83.175.70.7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a5-3718-4c5a-aa64-b391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:09.000Z", "modified": "2017-10-07T15:37:09.000Z", "pattern": "[url:value = 'http://asheardontheradiogreens.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a6-6f0c-4759-afa9-4230950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:10.000Z", "modified": "2017-10-07T15:37:10.000Z", "pattern": "[domain-name:value = 'asheardontheradiogreens.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:10.000Z", "modified": "2017-10-07T15:37:10.000Z", "first_observed": "2017-10-07T15:37:10Z", "last_observed": "2017-10-07T15:37:10Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "ipv4-addr--59d8f4a6-8844-493d-bcd6-4ee2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "dst_ref": "ipv4-addr--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a6-8844-493d-bcd6-4ee2950d210f", "value": "199.30.241.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a7-2a40-4bb0-bd91-4ad8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:11.000Z", "modified": "2017-10-07T15:37:11.000Z", "pattern": "[url:value = 'http://felixsolis.mobi/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a7-6c4c-4c51-955f-41ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:11.000Z", "modified": "2017-10-07T15:37:11.000Z", "pattern": "[domain-name:value = 'felixsolis.mobi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a7-d58c-4188-a270-4ef5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:11.000Z", "modified": "2017-10-07T15:37:11.000Z", "first_observed": "2017-10-07T15:37:11Z", "last_observed": "2017-10-07T15:37:11Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a7-d58c-4188-a270-4ef5950d210f", "ipv4-addr--59d8f4a7-d58c-4188-a270-4ef5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a7-d58c-4188-a270-4ef5950d210f", "dst_ref": "ipv4-addr--59d8f4a7-d58c-4188-a270-4ef5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a7-d58c-4188-a270-4ef5950d210f", "value": "5.2.27.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a8-5250-486d-a62e-433d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:12.000Z", "modified": "2017-10-07T15:37:12.000Z", "pattern": "[url:value = 'http://moonmusic.com.au/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4a8-b754-48e1-823b-450c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:12.000Z", "modified": "2017-10-07T15:37:12.000Z", "pattern": "[domain-name:value = 'moonmusic.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4a9-6950-47b5-a711-4dfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:13.000Z", "modified": "2017-10-07T15:37:13.000Z", "first_observed": "2017-10-07T15:37:13Z", "last_observed": "2017-10-07T15:37:13Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4a9-6950-47b5-a711-4dfa950d210f", "ipv4-addr--59d8f4a9-6950-47b5-a711-4dfa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4a9-6950-47b5-a711-4dfa950d210f", "dst_ref": "ipv4-addr--59d8f4a9-6950-47b5-a711-4dfa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4a9-6950-47b5-a711-4dfa950d210f", "value": "117.55.235.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4aa-0620-47b7-9894-4dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:14.000Z", "modified": "2017-10-07T15:37:14.000Z", "pattern": "[url:value = 'http://PamelaSparrowChilds.com/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4aa-6f58-44e9-a995-4245950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:14.000Z", "modified": "2017-10-07T15:37:14.000Z", "pattern": "[domain-name:value = 'pamelasparrowchilds.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:14.000Z", "modified": "2017-10-07T15:37:14.000Z", "first_observed": "2017-10-07T15:37:14Z", "last_observed": "2017-10-07T15:37:14Z", "number_observed": 1, "object_refs": [ "network-traffic--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "ipv4-addr--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "dst_ref": "ipv4-addr--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59d8f4aa-dd28-4c6e-b3e1-40b0950d210f", "value": "23.229.153.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4ab-f324-42ae-87ba-480c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:15.000Z", "modified": "2017-10-07T15:37:15.000Z", "pattern": "[url:value = 'http://thedarkpvp.net/p66/uywtfgh36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59d8f4ab-bae0-4566-b4d4-437b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-07T15:37:15.000Z", "modified": "2017-10-07T15:37:15.000Z", "pattern": "[domain-name:value = 'thedarkpvp.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-07T15:37:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }