{ "type": "bundle", "id": "bundle--59ddbaf9-3874-405c-b2e7-4770950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:56.000Z", "modified": "2017-10-12T17:36:56.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59ddbaf9-3874-405c-b2e7-4770950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:56.000Z", "modified": "2017-10-12T17:36:56.000Z", "name": "M2M - Locky 2017-10-10 : Affid=3, offline, \".asasin\" : \"Voicemail From 845-551-1234\" - \"VMSG12345678_20171010.7z\"", "published": "2017-10-12T17:40:39Z", "object_refs": [ "indicator--59ddbafa-ae58-4bdd-93e5-4f83950d210f", "indicator--59ddbafa-9554-4127-b998-4b20950d210f", "indicator--59ddbafa-290c-436b-be26-4b6e950d210f", "observed-data--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "indicator--59ddbafb-d924-4a3d-9ebc-4d02950d210f", "indicator--59ddbafb-2450-4fa7-916d-4a83950d210f", "observed-data--59ddbafb-ee64-40a0-a18f-31f8950d210f", "network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f", "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f", "indicator--59ddbafb-df8c-47e5-9dd2-4fe9950d210f", "indicator--59ddbafc-a27c-483c-a0c4-4de7950d210f", "observed-data--59ddbafc-cf64-49fa-ba16-403d950d210f", "network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f", "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f", "indicator--59ddbafc-dc84-4cb1-aac0-6211950d210f", "indicator--59ddbafc-2528-4a3f-ad70-096f950d210f", "observed-data--59ddbaff-0390-4b26-aae3-b4e9950d210f", "network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f", "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f", "indicator--59ddbb00-ba20-48ab-91e6-4fc3950d210f", "indicator--59ddbb00-bec0-4b82-9c45-4ee1950d210f", "observed-data--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "indicator--59ddbb00-6228-4348-b57c-4590950d210f", "indicator--59ddbb00-d0c4-45a0-b06a-4e64950d210f", "observed-data--59ddbb01-a6c4-4ddd-9292-4183950d210f", "network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f", "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f", "indicator--59ddbb01-4d24-44e2-9e27-61c1950d210f", "indicator--59ddbb01-7354-4c61-b480-41f3950d210f", "observed-data--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "indicator--59ddbb02-1800-4a39-8303-4e09950d210f", "indicator--59ddbb02-b064-432a-a5a5-4374950d210f", "observed-data--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "indicator--59ddbb03-7bf4-46fa-ac8f-479c950d210f", "indicator--59ddbb03-3ecc-4b7a-9a0c-6211950d210f", "observed-data--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "indicator--59ddbb03-9840-4d34-88cc-61c1950d210f", "indicator--59ddbb04-ec1c-42b5-a97c-4fd8950d210f", "observed-data--59ddbb04-5554-4d42-9027-b4e9950d210f", "network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f", "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f", "indicator--59ddbb04-c104-4f21-b82a-31f8950d210f", "indicator--59ddbb04-72a8-4622-b662-4dc4950d210f", "observed-data--59ddbb05-bd8c-498b-b4f6-470c950d210f", "network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f", "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f", "indicator--59ddbb05-b74c-4048-ae7d-4e7a950d210f", "indicator--59ddbb05-55f0-439b-8cfc-6211950d210f", "indicator--59ddbb06-f4ac-4d03-b7ca-61c1950d210f", "indicator--59ddbb06-a7f4-408e-b861-4260950d210f", "observed-data--59ddbb06-4a78-4e45-8a70-409a950d210f", "network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f", "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f", "indicator--59ddbb07-d698-450c-bf30-b4e9950d210f", "indicator--59ddbb07-5648-44f3-bcf3-4b45950d210f", "observed-data--59ddbb07-5b34-4f88-ae66-4248950d210f", "network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f", "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f", "indicator--59ddbb07-58d0-49b9-adca-4687950d210f", "indicator--59ddbb08-7f8c-48c5-850b-6211950d210f", "observed-data--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "indicator--59ddbb08-6f84-49b4-a0be-096f950d210f", "indicator--59ddbb08-3724-4f77-b69f-494f950d210f", "observed-data--59ddbb09-be44-43f1-a668-4ac6950d210f", "network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f", "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f", "indicator--59ddbb09-b674-4272-bef6-4391950d210f", "indicator--59ddbb09-78dc-41cf-85c9-31f8950d210f", "indicator--59dfa831-9e70-435a-816f-431802de0b81", "indicator--59dfa831-eff4-475c-bd04-48e202de0b81", "observed-data--59dfa831-efd4-4add-a72b-414502de0b81", "url--59dfa831-efd4-4add-a72b-414502de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafa-ae58-4bdd-93e5-4f83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:48.000Z", "modified": "2017-10-12T17:36:48.000Z", "pattern": "[file:hashes.MD5 = '37c106c0d8e97fbe9ec10a037858ea23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafa-9554-4127-b998-4b20950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://alucmuhendislik.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafa-290c-436b-be26-4b6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'alucmuhendislik.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "dst_ref": "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "value": "185.85.205.9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafb-d924-4a3d-9ebc-4d02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://atlantarecyclingcenters.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafb-2450-4fa7-916d-4a83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'atlantarecyclingcenters.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbafb-ee64-40a0-a18f-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f", "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f", "dst_ref": "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f", "value": "98.124.251.75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafb-df8c-47e5-9dd2-4fe9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://bit-chasers.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafc-a27c-483c-a0c4-4de7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'bit-chasers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbafc-cf64-49fa-ba16-403d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f", "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f", "dst_ref": "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f", "value": "98.124.251.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafc-dc84-4cb1-aac0-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://bjp.co.id/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbafc-2528-4a3f-ad70-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'bjp.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbaff-0390-4b26-aae3-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f", "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f", "dst_ref": "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f", "value": "202.169.44.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb00-ba20-48ab-91e6-4fc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://centurythis.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb00-bec0-4b82-9c45-4ee1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'centurythis.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "dst_ref": "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f", "value": "98.124.252.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb00-6228-4348-b57c-4590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://estudiperceptiva.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb00-d0c4-45a0-b06a-4e64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'estudiperceptiva.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb01-a6c4-4ddd-9292-4183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f", "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f", "dst_ref": "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f", "value": "86.109.170.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb01-4d24-44e2-9e27-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://handhi.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb01-7354-4c61-b480-41f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'handhi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "dst_ref": "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f", "value": "162.213.255.19" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb02-1800-4a39-8303-4e09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://hellonwheelsthemovie.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb02-b064-432a-a5a5-4374950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'hellonwheelsthemovie.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "dst_ref": "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "value": "66.36.165.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb03-7bf4-46fa-ac8f-479c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://hexacam.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb03-3ecc-4b7a-9a0c-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'hexacam.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "dst_ref": "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f", "value": "98.124.251.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb03-9840-4d34-88cc-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://logica-info.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb04-ec1c-42b5-a97c-4fd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'logica-info.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb04-5554-4d42-9027-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f", "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f", "dst_ref": "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f", "value": "202.169.44.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb04-c104-4f21-b82a-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://mh-service.ru/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb04-72a8-4622-b662-4dc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'mh-service.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb05-bd8c-498b-b4f6-470c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f", "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f", "dst_ref": "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f", "value": "89.253.235.118" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb05-b74c-4048-ae7d-4e7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://miamirecyclecenters.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb05-55f0-439b-8cfc-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'miamirecyclecenters.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb06-f4ac-4d03-b7ca-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://monstermx.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb06-a7f4-408e-b861-4260950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'monstermx.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb06-4a78-4e45-8a70-409a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f", "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f", "dst_ref": "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f", "value": "107.152.98.20" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb07-d698-450c-bf30-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://m-tensou.net/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb07-5648-44f3-bcf3-4b45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'm-tensou.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb07-5b34-4f88-ae66-4248950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f", "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f", "dst_ref": "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f", "value": "202.218.252.73" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb07-58d0-49b9-adca-4687950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://paulcruse.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb08-7f8c-48c5-850b-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'paulcruse.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "dst_ref": "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f", "value": "91.215.186.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb08-6f84-49b4-a0be-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://suncoastot.com/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb08-3724-4f77-b69f-494f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'suncoastot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb09-be44-43f1-a668-4ac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f", "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f", "dst_ref": "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f", "value": "98.124.252.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb09-b674-4272-bef6-4391950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[url:value = 'http://nsaflow.info/p66/njhgftrf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb09-78dc-41cf-85c9-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "pattern": "[domain-name:value = 'nsaflow.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa831-9e70-435a-816f-431802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "description": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23", "pattern": "[file:hashes.SHA256 = 'a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa831-eff4-475c-bd04-48e202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "description": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23", "pattern": "[file:hashes.SHA1 = '27d90243d7289de58022850f98c5a0333e8da235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa831-efd4-4add-a72b-414502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:36:49.000Z", "modified": "2017-10-12T17:36:49.000Z", "first_observed": "2017-10-12T17:36:49Z", "last_observed": "2017-10-12T17:36:49Z", "number_observed": 1, "object_refs": [ "url--59dfa831-efd4-4add-a72b-414502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa831-efd4-4add-a72b-414502de0b81", "value": "https://www.virustotal.com/file/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7/analysis/1507743716/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }