{ "type": "bundle", "id": "bundle--59ddbb11-bf70-497d-8f9f-096f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:22.000Z", "modified": "2017-10-12T17:31:22.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59ddbb11-bf70-497d-8f9f-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:22.000Z", "modified": "2017-10-12T17:31:22.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-05 : \"Invoice INV0000123\" - \"Invoice INV0000123.7z\"", "published": "2017-10-12T17:36:44Z", "object_refs": [ "indicator--59ddbb12-8b68-43b7-8cdc-472e950d210f", "indicator--59ddbb12-20d8-4046-ac94-4ea7950d210f", "indicator--59ddbb12-31e4-45cb-a1c4-42da950d210f", "indicator--59ddbb12-7eac-42e7-b370-4a2a950d210f", "observed-data--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "indicator--59ddbb13-e6c4-4dda-8d3e-61c1950d210f", "indicator--59ddbb13-d094-4618-8168-4301950d210f", "observed-data--59ddbb13-691c-44db-a6c2-4b94950d210f", "network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f", "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f", "indicator--59ddbb13-28c4-44f1-a8ea-4373950d210f", "indicator--59ddbb14-ba14-44fe-a5ef-48ba950d210f", "observed-data--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "indicator--59ddbb14-ff5c-480c-af73-46fb950d210f", "indicator--59ddbb14-bfb0-4d4c-923f-6211950d210f", "observed-data--59ddbb15-2384-49c8-bcd2-096f950d210f", "network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f", "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f", "indicator--59ddbb15-e084-4e3d-90d7-46c2950d210f", "indicator--59ddbb15-20cc-45f4-bb74-43e7950d210f", "indicator--59ddbb30-f250-4d32-896f-31f8950d210f", "indicator--59ddbb30-847c-49ec-8898-6211950d210f", "observed-data--59ddbb30-5f64-464c-a30c-435e950d210f", "network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f", "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f", "indicator--59ddbb30-d9f4-4f7a-b6c5-40ac950d210f", "indicator--59ddbb31-c598-49a2-9ad3-4e98950d210f", "observed-data--59ddbb31-4ee4-42b4-b346-4714950d210f", "network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f", "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f", "indicator--59ddbb31-64ac-4d16-a751-4f67950d210f", "indicator--59ddbb31-ee84-4191-b599-4308950d210f", "observed-data--59ddbb31-e680-4866-8875-b4e9950d210f", "network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f", "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f", "indicator--59ddbb31-0ec8-4e97-bfa5-4d2e950d210f", "indicator--59ddbb32-4020-45b5-a717-4907950d210f", "observed-data--59ddbb32-b724-43ec-940f-31f8950d210f", "network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f", "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f", "indicator--59ddbb32-d9e0-4369-9c2b-445c950d210f", "indicator--59ddbb32-630c-440c-9ed8-4655950d210f", "observed-data--59ddbb32-27d8-4819-ad13-4857950d210f", "network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f", "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f", "indicator--59ddbb32-cef8-4fef-b63d-43a7950d210f", "indicator--59ddbb33-2b24-4b89-9efe-096f950d210f", "observed-data--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "indicator--59ddbb33-eee0-4c96-9bed-41fc950d210f", "indicator--59ddbb33-984c-47dc-aa36-61c1950d210f", "observed-data--59ddbb33-1200-4306-ae88-4997950d210f", "network-traffic--59ddbb33-1200-4306-ae88-4997950d210f", "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f", "indicator--59ddbb34-03b4-4f20-8951-4318950d210f", "indicator--59ddbb34-935c-4aec-8a26-439c950d210f", "observed-data--59ddbb34-6a60-449b-b066-31f8950d210f", "network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f", "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f", "indicator--59ddbb34-11b0-4129-82e5-6211950d210f", "indicator--59ddbb34-62f8-4224-9f5a-49cf950d210f", "observed-data--59ddbb34-7bac-4a31-a219-4ef3950d210f", "network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f", "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f", "indicator--59ddbb35-3b08-4f34-b609-096f950d210f", "indicator--59ddbb35-12e0-4d65-96ad-47b2950d210f", "observed-data--59ddbb35-ab34-49be-96b1-43c2950d210f", "network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f", "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f", "indicator--59ddbb35-3678-4467-91ee-4ee2950d210f", "indicator--59ddbb35-a03c-4569-94b1-b4e9950d210f", "observed-data--59ddbb36-104c-4041-b60c-4d65950d210f", "network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f", "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f", "indicator--59ddbb36-88a0-45b8-be57-4289950d210f", "indicator--59ddbb36-564c-4c81-8841-4c72950d210f", "observed-data--59ddbb36-7828-4c75-a1c0-41d8950d210f", "network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f", "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f", "indicator--59ddbb36-1ee4-45c7-b7d3-4361950d210f", "indicator--59ddbb36-1690-4679-ac0e-446a950d210f", "observed-data--59ddbb37-2898-424d-8b96-096f950d210f", "network-traffic--59ddbb37-2898-424d-8b96-096f950d210f", "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f", "indicator--59ddbb37-106c-4437-beef-4b6d950d210f", "observed-data--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "observed-data--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "observed-data--59ddbb56-f3ec-479e-8483-4c73950d210f", "network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f", "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f", "observed-data--59ddbb56-ab94-40a8-a610-4a71950d210f", "network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f", "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f", "observed-data--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "observed-data--59ddbb57-e908-4aac-a66d-4637950d210f", "network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f", "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f", "observed-data--59ddbb57-e29c-42df-8614-4df9950d210f", "network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f", "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f", "observed-data--59ddbb57-1c00-484b-b662-31f8950d210f", "network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f", "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f", "observed-data--59ddbb57-319c-4c1b-a66c-6211950d210f", "network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f", "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f", "observed-data--59ddbb58-daec-4909-8b04-4757950d210f", "network-traffic--59ddbb58-daec-4909-8b04-4757950d210f", "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f", "observed-data--59ddbb58-4d20-4652-912a-4c51950d210f", "network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f", "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f", "observed-data--59ddbb58-0ac0-4156-90d1-47ee950d210f", "network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f", "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f", "observed-data--59ddbb58-9090-445e-9ab2-4388950d210f", "network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f", "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f", "observed-data--59ddbb59-20e0-497a-bff7-46d5950d210f", "network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f", "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f", "observed-data--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "observed-data--59ddbb59-7d70-4f63-b210-474e950d210f", "network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f", "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f", "observed-data--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "observed-data--59ddbb5a-cf38-4a69-974a-31f8950d210f", "network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f", "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f", "observed-data--59ddbb5a-0350-4b6f-b415-4723950d210f", "network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f", "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f", "observed-data--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "observed-data--59ddbb5b-ef38-4633-ba93-447f950d210f", "network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f", "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f", "observed-data--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "observed-data--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "observed-data--59ddbb5b-e7f8-412f-a141-4917950d210f", "network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f", "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f", "observed-data--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "observed-data--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "observed-data--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "observed-data--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "observed-data--59ddbb5c-7964-4600-9a11-4ebb950d210f", "network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f", "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f", "observed-data--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "observed-data--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "observed-data--59ddbb5e-ea60-4971-84f3-4540950d210f", "network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f", "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f", "indicator--59dfa6e9-262c-4e99-bfb7-419002de0b81", "indicator--59dfa6e9-b6f8-4b70-9c45-49a902de0b81", "observed-data--59dfa6e9-d474-4987-8303-464302de0b81", "url--59dfa6e9-d474-4987-8303-464302de0b81", "indicator--59dfa6e9-d890-4742-bfce-43d602de0b81", "indicator--59dfa6ea-2968-4e50-8b98-419702de0b81", "observed-data--59dfa6ea-7018-45bd-9ee4-419f02de0b81", "url--59dfa6ea-7018-45bd-9ee4-419f02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb12-8b68-43b7-8cdc-472e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[file:hashes.MD5 = '1934bc240ae9e8e101490a9dab13c079']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb12-20d8-4046-ac94-4ea7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[file:hashes.MD5 = '5216bf5213f2f94e756ce464d34c740c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb12-31e4-45cb-a1c4-42da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://mtblanc-let.co.uk/nui76tg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb12-7eac-42e7-b370-4a2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'mtblanc-let.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "dst_ref": "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f", "value": "217.199.175.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb13-e6c4-4dda-8d3e-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://qxr33qxr.com/nui76tg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb13-d094-4618-8168-4301950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'qxr33qxr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb13-691c-44db-a6c2-4b94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f", "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f", "dst_ref": "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f", "value": "67.210.102.240" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb13-28c4-44f1-a8ea-4373950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://smi-wi.com/nui76tg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb14-ba14-44fe-a5ef-48ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'smi-wi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "dst_ref": "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f", "value": "72.52.195.204" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb14-ff5c-480c-af73-46fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://yamanashi-jyujin.jp/nui76tg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb14-bfb0-4d4c-923f-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'yamanashi-jyujin.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb15-2384-49c8-bcd2-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f", "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f", "dst_ref": "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f", "value": "180.222.185.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb15-e084-4e3d-90d7-46c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://nsaflow.info/p66/nui76tg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb15-20cc-45f4-bb74-43e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'nsaflow.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb30-f250-4d32-896f-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://alucmuhendislik.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb30-847c-49ec-8898-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'alucmuhendislik.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb30-5f64-464c-a30c-435e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f", "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f", "dst_ref": "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f", "value": "185.85.205.9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb30-d9f4-4f7a-b6c5-40ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://bit-chasers.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb31-c598-49a2-9ad3-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'bit-chasers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb31-4ee4-42b4-b346-4714950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f", "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f", "dst_ref": "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f", "value": "98.124.251.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb31-64ac-4d16-a751-4f67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://bjp.co.id/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb31-ee84-4191-b599-4308950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'bjp.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb31-e680-4866-8875-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f", "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f", "dst_ref": "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f", "value": "202.169.44.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb31-0ec8-4e97-bfa5-4d2e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://centurythis.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb32-4020-45b5-a717-4907950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'centurythis.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb32-b724-43ec-940f-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f", "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f", "dst_ref": "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f", "value": "98.124.252.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb32-d9e0-4369-9c2b-445c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://estudiperceptiva.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb32-630c-440c-9ed8-4655950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'estudiperceptiva.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb32-27d8-4819-ad13-4857950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f", "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f", "dst_ref": "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f", "value": "86.109.170.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb32-cef8-4fef-b63d-43a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://handhi.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb33-2b24-4b89-9efe-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'handhi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "dst_ref": "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f", "value": "162.213.255.19" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb33-eee0-4c96-9bed-41fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[url:value = 'http://hexacam.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb33-984c-47dc-aa36-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "pattern": "[domain-name:value = 'hexacam.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb33-1200-4306-ae88-4997950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:20.000Z", "modified": "2017-10-12T17:31:20.000Z", "first_observed": "2017-10-12T17:31:20Z", "last_observed": "2017-10-12T17:31:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb33-1200-4306-ae88-4997950d210f", "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb33-1200-4306-ae88-4997950d210f", "dst_ref": "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f", "value": "98.124.251.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb34-03b4-4f20-8951-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://logica-info.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb34-935c-4aec-8a26-439c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'logica-info.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb34-6a60-449b-b066-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f", "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f", "dst_ref": "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f", "value": "202.169.44.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb34-11b0-4129-82e5-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://mh-service.ru/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb34-62f8-4224-9f5a-49cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'mh-service.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb34-7bac-4a31-a219-4ef3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f", "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f", "dst_ref": "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f", "value": "89.253.235.118" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb35-3b08-4f34-b609-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://monstermx.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb35-12e0-4d65-96ad-47b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'monstermx.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb35-ab34-49be-96b1-43c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f", "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f", "dst_ref": "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f", "value": "107.152.98.20" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb35-3678-4467-91ee-4ee2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://m-tensou.net/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb35-a03c-4569-94b1-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'm-tensou.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb36-104c-4041-b60c-4d65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f", "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f", "dst_ref": "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f", "value": "202.218.252.73" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb36-88a0-45b8-be57-4289950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://paulcruse.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb36-564c-4c81-8841-4c72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'paulcruse.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb36-7828-4c75-a1c0-41d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f", "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f", "dst_ref": "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f", "value": "91.215.186.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb36-1ee4-45c7-b7d3-4361950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://suncoastot.com/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb36-1690-4679-ac0e-446a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[domain-name:value = 'suncoastot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb37-2898-424d-8b96-096f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb37-2898-424d-8b96-096f950d210f", "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb37-2898-424d-8b96-096f950d210f", "dst_ref": "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f", "value": "98.124.252.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ddbb37-106c-4437-beef-4b6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "pattern": "[url:value = 'http://nsaflow.info/p66/09yhb7r5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "dst_ref": "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f", "value": "91.83.88.51" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "dst_ref": "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f", "value": "46.237.117.193" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb56-f3ec-479e-8483-4c73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f", "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f", "dst_ref": "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb56-ab94-40a8-a610-4a71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f", "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f", "dst_ref": "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f", "value": "41.57.103.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "dst_ref": "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb57-e908-4aac-a66d-4637950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f", "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f", "dst_ref": "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb57-e29c-42df-8614-4df9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f", "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f", "dst_ref": "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb57-1c00-484b-b662-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f", "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f", "dst_ref": "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb57-319c-4c1b-a66c-6211950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f", "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f", "dst_ref": "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f", "value": "194.87.103.184" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb58-daec-4909-8b04-4757950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb58-daec-4909-8b04-4757950d210f", "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb58-daec-4909-8b04-4757950d210f", "dst_ref": "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f", "value": "92.63.102.64" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb58-4d20-4652-912a-4c51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f", "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f", "dst_ref": "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f", "value": "194.87.238.53" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb58-0ac0-4156-90d1-47ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f", "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f", "dst_ref": "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f", "value": "92.63.102.159" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb58-9090-445e-9ab2-4388950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f", "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f", "dst_ref": "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f", "value": "194.87.232.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb59-20e0-497a-bff7-46d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f", "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f", "dst_ref": "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f", "value": "149.154.69.70" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "dst_ref": "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f", "value": "78.24.223.153" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb59-7d70-4f63-b210-474e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f", "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f", "dst_ref": "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f", "value": "194.87.92.207" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "dst_ref": "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f", "value": "194.87.94.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5a-cf38-4a69-974a-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f", "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f", "dst_ref": "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f", "value": "195.133.147.238" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5a-0350-4b6f-b415-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f", "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f", "dst_ref": "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f", "value": "62.109.15.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "dst_ref": "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f", "value": "194.87.236.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5b-ef38-4633-ba93-447f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f", "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f", "dst_ref": "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f", "value": "62.109.6.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "dst_ref": "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f", "value": "149.154.69.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "dst_ref": "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f", "value": "82.146.47.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5b-e7f8-412f-a141-4917950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f", "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f", "dst_ref": "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f", "value": "78.24.216.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "dst_ref": "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f", "value": "82.146.56.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "dst_ref": "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f", "value": "185.159.131.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "dst_ref": "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f", "value": "194.87.146.32" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "dst_ref": "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f", "value": "5.133.179.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5c-7964-4600-9a11-4ebb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f", "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f", "dst_ref": "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f", "value": "94.242.224.214" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "dst_ref": "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f", "value": "194.87.92.242" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "dst_ref": "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f", "value": "195.133.146.236" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ddbb5e-ea60-4971-84f3-4540950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f", "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f", "dst_ref": "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f", "value": "193.124.117.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa6e9-262c-4e99-bfb7-419002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "description": "- Xchecked via VT: 5216bf5213f2f94e756ce464d34c740c", "pattern": "[file:hashes.SHA256 = '24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa6e9-b6f8-4b70-9c45-49a902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "description": "- Xchecked via VT: 5216bf5213f2f94e756ce464d34c740c", "pattern": "[file:hashes.SHA1 = 'dd3ad086b2973e67e41aa21680448badb989f9c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa6e9-d474-4987-8303-464302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "first_observed": "2017-10-12T17:31:21Z", "last_observed": "2017-10-12T17:31:21Z", "number_observed": 1, "object_refs": [ "url--59dfa6e9-d474-4987-8303-464302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa6e9-d474-4987-8303-464302de0b81", "value": "https://www.virustotal.com/file/24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2/analysis/1507764485/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa6e9-d890-4742-bfce-43d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "description": "- Xchecked via VT: 1934bc240ae9e8e101490a9dab13c079", "pattern": "[file:hashes.SHA256 = 'c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa6ea-2968-4e50-8b98-419702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:21.000Z", "modified": "2017-10-12T17:31:21.000Z", "description": "- Xchecked via VT: 1934bc240ae9e8e101490a9dab13c079", "pattern": "[file:hashes.SHA1 = 'a0218048aaca34259d0651d911b81f9f12a30326']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa6ea-7018-45bd-9ee4-419f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:31:22.000Z", "modified": "2017-10-12T17:31:22.000Z", "first_observed": "2017-10-12T17:31:22Z", "last_observed": "2017-10-12T17:31:22Z", "number_observed": 1, "object_refs": [ "url--59dfa6ea-7018-45bd-9ee4-419f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa6ea-7018-45bd-9ee4-419f02de0b81", "value": "https://www.virustotal.com/file/c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3/analysis/1507806911/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }