{ "type": "bundle", "id": "bundle--59df77e7-2420-4c6c-bc2c-44ce950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:26.000Z", "modified": "2017-10-12T17:23:26.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59df77e7-2420-4c6c-bc2c-44ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:26.000Z", "modified": "2017-10-12T17:23:26.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-11 : \"Emailing: 12345678\" - \"12345678.7z\"", "published": "2017-10-12T17:28:07Z", "object_refs": [ "indicator--59df77e8-fa24-4c7e-b260-4531950d210f", "indicator--59df77e8-9d74-46ad-b6bf-4d8c950d210f", "indicator--59df77e9-ad7c-4567-8cab-1fb0950d210f", "indicator--59df77e9-0fe4-4a2f-9df1-431b950d210f", "observed-data--59df77e9-b2ec-43f0-b641-4d8f950d210f", "network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f", "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f", "indicator--59df77ea-8e50-4c26-b2ca-1e76950d210f", "indicator--59df77ea-f8ec-41f0-a374-2139950d210f", "observed-data--59df77ea-d0b8-43d1-8524-4dec950d210f", "network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f", "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f", "indicator--59df77ea-7ec4-4ac7-b56a-4070950d210f", "indicator--59df77ea-8318-4622-9f3b-ad07950d210f", "observed-data--59df77eb-0370-4a60-9801-4216950d210f", "network-traffic--59df77eb-0370-4a60-9801-4216950d210f", "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f", "indicator--59df77eb-dbf0-44c0-a0d5-4780950d210f", "indicator--59df77ec-9118-4227-9e59-4fce950d210f", "observed-data--59df77ec-7650-4b0a-b07b-2139950d210f", "network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f", "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f", "indicator--59df77ec-a3c4-4b9a-8c3a-ac4d950d210f", "indicator--59df77ec-02b8-4d1e-8a57-1eb1950d210f", "observed-data--59df77ed-33e0-436d-aa7e-4b43950d210f", "network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f", "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f", "indicator--59df77ed-7c6c-4a3c-b791-4c7c950d210f", "indicator--59df77ed-1950-475b-9981-216a950d210f", "observed-data--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "indicator--59df77ee-2888-4d06-81f6-a108950d210f", "indicator--59df77ee-191c-4d23-84cb-2139950d210f", "observed-data--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "indicator--59df77ee-aa70-4c22-ad77-462e950d210f", "indicator--59df77ef-c000-4c00-8fb0-4b73950d210f", "observed-data--59df77ef-ba6c-4200-85b3-1f31950d210f", "network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f", "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f", "indicator--59df77ef-d728-4827-81ab-216a950d210f", "indicator--59df77ef-e000-4a19-9226-4387950d210f", "observed-data--59df77ef-06d0-4dc8-87b6-4762950d210f", "network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f", "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f", "indicator--59df77ef-78b8-4ca8-94d4-4090950d210f", "indicator--59df77f0-444c-439b-aa89-45a6950d210f", "observed-data--59df77f0-610c-4d35-95c6-a108950d210f", "network-traffic--59df77f0-610c-4d35-95c6-a108950d210f", "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f", "indicator--59df77f0-52dc-4dc0-9f5f-2139950d210f", "indicator--59df77f0-f66c-49e7-b2fe-4a23950d210f", "indicator--59df780f-af44-4a98-a683-1eb1950d210f", "indicator--59df780f-8d80-4d8e-bf51-ac4d950d210f", "indicator--59df780f-6994-4d5e-8346-216a950d210f", "indicator--59df780f-774c-4c28-8bb5-1f31950d210f", "observed-data--59df7810-71a8-4045-b24e-4394950d210f", "network-traffic--59df7810-71a8-4045-b24e-4394950d210f", "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f", "indicator--59df7810-f704-4e9b-81aa-4a72950d210f", "indicator--59df7810-c964-404d-99d4-47ec950d210f", "observed-data--59df7810-9eb0-4381-908c-a108950d210f", "network-traffic--59df7810-9eb0-4381-908c-a108950d210f", "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f", "indicator--59df7811-5c8c-4506-81f4-1e76950d210f", "indicator--59df7811-a690-4d5d-afa0-2139950d210f", "observed-data--59df7811-f3ec-4e70-b402-4414950d210f", "network-traffic--59df7811-f3ec-4e70-b402-4414950d210f", "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f", "indicator--59df7812-845c-40a5-8ac2-4954950d210f", "indicator--59df7812-b608-4d7d-b838-444f950d210f", "observed-data--59df7812-b09c-4fbd-84d4-4268950d210f", "network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f", "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f", "indicator--59df7812-4038-4502-988e-1eb1950d210f", "indicator--59df7813-9828-4849-9a4d-ac4d950d210f", "observed-data--59df7814-e504-437f-b91d-1f31950d210f", "network-traffic--59df7814-e504-437f-b91d-1f31950d210f", "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f", "indicator--59df7814-1aec-440e-bb27-4cea950d210f", "indicator--59df7814-44e8-4a7e-afa9-49b7950d210f", "observed-data--59df7814-bb74-4999-9200-4faa950d210f", "network-traffic--59df7814-bb74-4999-9200-4faa950d210f", "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f", "indicator--59df7814-7fdc-4250-9129-46c4950d210f", "indicator--59df7815-e408-4724-9246-1e76950d210f", "observed-data--59df7815-3844-441b-ab55-4655950d210f", "network-traffic--59df7815-3844-441b-ab55-4655950d210f", "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f", "indicator--59df7815-b850-4a02-8979-4226950d210f", "indicator--59df7815-7ba0-4deb-854f-4fbf950d210f", "observed-data--59df7816-5250-447b-bef8-1eb1950d210f", "network-traffic--59df7816-5250-447b-bef8-1eb1950d210f", "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f", "indicator--59df7816-0538-40f9-a9d3-ac4d950d210f", "indicator--59df7816-2644-4b21-b263-ad07950d210f", "observed-data--59df7817-2a40-4bd4-8267-1fb0950d210f", "network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f", "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f", "indicator--59df7817-1348-4560-89b7-4af0950d210f", "indicator--59df7817-61cc-408e-b25f-4608950d210f", "observed-data--59df7818-3e94-4be5-9ba9-4c91950d210f", "network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f", "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f", "indicator--59df7818-f858-4cc0-9357-1e76950d210f", "indicator--59df7818-1184-4e2a-8161-462e950d210f", "observed-data--59df7818-99bc-4f64-9f23-44c3950d210f", "network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f", "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f", "indicator--59df7819-011c-466d-99eb-443c950d210f", "indicator--59df7819-8cd0-4731-91df-1eb1950d210f", "observed-data--59df7819-114c-4f1c-bf99-ac4d950d210f", "network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f", "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f", "indicator--59df7819-2c08-4327-8db7-216a950d210f", "indicator--59df781a-1624-4494-abd8-1f31950d210f", "observed-data--59df781a-6f3c-4d18-9674-4e92950d210f", "network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f", "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f", "indicator--59df781a-c9e0-4522-a493-4b7f950d210f", "indicator--59df781b-aca8-4b3e-98eb-4ef8950d210f", "observed-data--59df781b-e178-4f87-8fd1-4ab7950d210f", "network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f", "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f", "indicator--59df781b-4c54-4ae1-b370-1e76950d210f", "indicator--59df781b-dbac-4fb2-9816-2139950d210f", "observed-data--59df781c-6ce4-40ce-b2a3-4696950d210f", "network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f", "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f", "indicator--59df781c-1544-4264-8874-4904950d210f", "observed-data--59df781c-ee94-4c90-94c9-4995950d210f", "network-traffic--59df781c-ee94-4c90-94c9-4995950d210f", "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f", "observed-data--59df781c-d420-429e-9c5c-ad07950d210f", "network-traffic--59df781c-d420-429e-9c5c-ad07950d210f", "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f", "observed-data--59df781d-e988-48c1-b617-216a950d210f", "network-traffic--59df781d-e988-48c1-b617-216a950d210f", "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f", "observed-data--59df781d-707c-4eaa-b6f3-1f31950d210f", "network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f", "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f", "observed-data--59df781d-70bc-4b81-b0d6-1fb0950d210f", "network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f", "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f", "observed-data--59df781e-092c-4edc-9ac9-4d35950d210f", "network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f", "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f", "observed-data--59df781e-ab84-4830-8acd-4663950d210f", "network-traffic--59df781e-ab84-4830-8acd-4663950d210f", "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f", "observed-data--59df781e-9004-420d-8b3d-4782950d210f", "network-traffic--59df781e-9004-420d-8b3d-4782950d210f", "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f", "observed-data--59df781f-7380-411f-9a4a-4ef1950d210f", "network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f", "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f", "observed-data--59df781f-7098-40a2-9e63-a108950d210f", "network-traffic--59df781f-7098-40a2-9e63-a108950d210f", "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f", "observed-data--59df781f-145c-46bb-9abe-1e76950d210f", "network-traffic--59df781f-145c-46bb-9abe-1e76950d210f", "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f", "observed-data--59df781f-019c-40c9-b8eb-2139950d210f", "network-traffic--59df781f-019c-40c9-b8eb-2139950d210f", "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f", "observed-data--59df7820-b20c-4893-82b0-4f62950d210f", "network-traffic--59df7820-b20c-4893-82b0-4f62950d210f", "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f", "observed-data--59df7820-3050-4da7-bd92-4032950d210f", "network-traffic--59df7820-3050-4da7-bd92-4032950d210f", "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f", "observed-data--59df7820-1550-4564-9499-4098950d210f", "network-traffic--59df7820-1550-4564-9499-4098950d210f", "ipv4-addr--59df7820-1550-4564-9499-4098950d210f", "observed-data--59df7821-4380-455d-a94f-1eb1950d210f", "network-traffic--59df7821-4380-455d-a94f-1eb1950d210f", "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f", "observed-data--59df7821-4768-4f40-8d57-45b1950d210f", "network-traffic--59df7821-4768-4f40-8d57-45b1950d210f", "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f", "observed-data--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "observed-data--59df7821-5aac-4054-be18-1f31950d210f", "network-traffic--59df7821-5aac-4054-be18-1f31950d210f", "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f", "observed-data--59df7822-8a38-41a6-899b-1fb0950d210f", "network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f", "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f", "observed-data--59df7822-8558-4795-ab34-4676950d210f", "network-traffic--59df7822-8558-4795-ab34-4676950d210f", "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f", "observed-data--59df7822-2228-4f88-830d-484b950d210f", "network-traffic--59df7822-2228-4f88-830d-484b950d210f", "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f", "observed-data--59df7823-8700-4033-aeb3-a108950d210f", "network-traffic--59df7823-8700-4033-aeb3-a108950d210f", "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f", "observed-data--59df7823-ca40-42c4-bc2d-2139950d210f", "network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f", "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f", "observed-data--59df7823-23cc-442b-a14e-4687950d210f", "network-traffic--59df7823-23cc-442b-a14e-4687950d210f", "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f", "observed-data--59df7824-9c48-4e73-85d6-4031950d210f", "network-traffic--59df7824-9c48-4e73-85d6-4031950d210f", "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f", "observed-data--59df7824-2670-4eef-a0f2-1eb1950d210f", "network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f", "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f", "observed-data--59df7824-8398-4e2a-82bb-4d1c950d210f", "network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f", "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f", "observed-data--59df7825-22a4-4cfa-af6f-ad07950d210f", "network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f", "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f", "observed-data--59df7825-08d4-4933-bbd2-216a950d210f", "network-traffic--59df7825-08d4-4933-bbd2-216a950d210f", "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f", "observed-data--59df7825-8850-4ed4-8782-4615950d210f", "network-traffic--59df7825-8850-4ed4-8782-4615950d210f", "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f", "observed-data--59df7825-c6cc-4cfd-94e9-4d94950d210f", "network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f", "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f", "indicator--59dfa509-5b30-4324-b78d-4bd702de0b81", "indicator--59dfa509-2280-4abc-83ff-454302de0b81", "observed-data--59dfa509-823c-45e5-8088-484a02de0b81", "url--59dfa509-823c-45e5-8088-484a02de0b81", "indicator--59dfa509-a5bc-4fab-bfaf-4df902de0b81", "indicator--59dfa509-daa4-4dcb-b5fd-447302de0b81", "observed-data--59dfa509-ef84-4b3a-9fa0-4d6502de0b81", "url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Trick Bot\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77e8-fa24-4c7e-b260-4531950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[file:hashes.MD5 = 'c77d1c0c0ecd0b2f81f2bcf89fb07279']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77e8-9d74-46ad-b6bf-4d8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[file:hashes.MD5 = 'e3d2e5e74874fd8b59ddef544f7e4851']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77e9-ad7c-4567-8cab-1fb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://agriturismoviridarium.it/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77e9-0fe4-4a2f-9df1-431b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'agriturismoviridarium.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77e9-b2ec-43f0-b641-4d8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f", "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f", "dst_ref": "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f", "value": "85.235.131.55" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ea-8e50-4c26-b2ca-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://enixgaming.de/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ea-f8ec-41f0-a374-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'enixgaming.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ea-d0b8-43d1-8524-4dec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f", "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f", "dst_ref": "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f", "value": "212.224.65.254" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ea-7ec4-4ac7-b56a-4070950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://enmee.net/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ea-8318-4622-9f3b-ad07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'enmee.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77eb-0370-4a60-9801-4216950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77eb-0370-4a60-9801-4216950d210f", "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77eb-0370-4a60-9801-4216950d210f", "dst_ref": "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f", "value": "209.54.62.90" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77eb-dbf0-44c0-a0d5-4780950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://fls-portal.co.uk/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ec-9118-4227-9e59-4fce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'fls-portal.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ec-7650-4b0a-b07b-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f", "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f", "dst_ref": "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f", "value": "109.108.149.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ec-a3c4-4b9a-8c3a-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://jeangurunlian.com/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ec-02b8-4d1e-8a57-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'jeangurunlian.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ed-33e0-436d-aa7e-4b43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f", "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f", "dst_ref": "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f", "value": "98.124.251.202" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ed-7c6c-4a3c-b791-4c7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://peopleiknow.org/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ed-1950-475b-9981-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'peopleiknow.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "dst_ref": "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f", "value": "67.210.102.240" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ee-2888-4d06-81f6-a108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://petrochemus.com/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ee-191c-4d23-84cb-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'petrochemus.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "dst_ref": "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f", "value": "98.124.251.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ee-aa70-4c22-ad77-462e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://sci-eye.com/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ef-c000-4c00-8fb0-4b73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'sci-eye.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ef-ba6c-4200-85b3-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f", "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f", "dst_ref": "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f", "value": "98.124.252.132" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ef-d728-4827-81ab-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://secundaria50.edu.mx/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ef-e000-4a19-9226-4387950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'secundaria50.edu.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77ef-06d0-4dc8-87b6-4762950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f", "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f", "dst_ref": "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f", "value": "98.124.251.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77ef-78b8-4ca8-94d4-4090950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://stemcellenhancementresearch.com/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77f0-444c-439b-aa89-45a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'stemcellenhancementresearch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df77f0-610c-4d35-95c6-a108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df77f0-610c-4d35-95c6-a108950d210f", "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df77f0-610c-4d35-95c6-a108950d210f", "dst_ref": "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f", "value": "199.30.241.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77f0-52dc-4dc0-9f5f-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://fetchstats.net/p66/6jbgcfwe3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df77f0-f66c-49e7-b2fe-4a23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'fetchstats.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df780f-af44-4a98-a683-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://alexandradickman.com/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df780f-8d80-4d8e-bf51-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'alexandradickman.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df780f-6994-4d5e-8346-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://arkberg-design.fi/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df780f-774c-4c28-8bb5-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'arkberg-design.fi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7810-71a8-4045-b24e-4394950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7810-71a8-4045-b24e-4394950d210f", "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7810-71a8-4045-b24e-4394950d210f", "dst_ref": "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f", "value": "84.234.64.216" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7810-f704-4e9b-81aa-4a72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://basedow-bilder.de/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7810-c964-404d-99d4-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[domain-name:value = 'basedow-bilder.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7810-9eb0-4381-908c-a108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "first_observed": "2017-10-12T17:23:19Z", "last_observed": "2017-10-12T17:23:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7810-9eb0-4381-908c-a108950d210f", "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7810-9eb0-4381-908c-a108950d210f", "dst_ref": "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f", "value": "194.116.187.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7811-5c8c-4506-81f4-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:19.000Z", "modified": "2017-10-12T17:23:19.000Z", "pattern": "[url:value = 'http://centralbaptistchurchnj.org/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7811-a690-4d5d-afa0-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'centralbaptistchurchnj.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7811-f3ec-4e70-b402-4414950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7811-f3ec-4e70-b402-4414950d210f", "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7811-f3ec-4e70-b402-4414950d210f", "dst_ref": "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f", "value": "68.171.62.42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7812-845c-40a5-8ac2-4954950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://download.justowin.it/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7812-b608-4d7d-b838-444f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'download.justowin.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7812-b09c-4fbd-84d4-4268950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f", "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f", "dst_ref": "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f", "value": "95.110.225.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7812-4038-4502-988e-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://hair-select.jp/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7813-9828-4849-9a4d-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'hair-select.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7814-e504-437f-b91d-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7814-e504-437f-b91d-1f31950d210f", "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7814-e504-437f-b91d-1f31950d210f", "dst_ref": "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f", "value": "180.222.185.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7814-1aec-440e-bb27-4cea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://itsmaterial.us/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7814-44e8-4a7e-afa9-49b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'itsmaterial.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7814-bb74-4999-9200-4faa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7814-bb74-4999-9200-4faa950d210f", "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7814-bb74-4999-9200-4faa950d210f", "dst_ref": "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f", "value": "98.124.252.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7814-7fdc-4250-9129-46c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://lacosturera.es/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7815-e408-4724-9246-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'lacosturera.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7815-3844-441b-ab55-4655950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7815-3844-441b-ab55-4655950d210f", "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7815-3844-441b-ab55-4655950d210f", "dst_ref": "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f", "value": "86.109.170.198" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7815-b850-4a02-8979-4226950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://missiegeslaagd.nl/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7815-7ba0-4deb-854f-4fbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'missiegeslaagd.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7816-5250-447b-bef8-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7816-5250-447b-bef8-1eb1950d210f", "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7816-5250-447b-bef8-1eb1950d210f", "dst_ref": "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f", "value": "46.235.44.98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7816-0538-40f9-a9d3-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://motifahsap.com/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7816-2644-4b21-b263-ad07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'motifahsap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7817-2a40-4bd4-8267-1fb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f", "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f", "dst_ref": "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f", "value": "188.132.180.113" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7817-1348-4560-89b7-4af0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://pacalik.net/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7817-61cc-408e-b25f-4608950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'pacalik.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7818-3e94-4be5-9ba9-4c91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f", "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f", "dst_ref": "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f", "value": "93.187.200.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7818-f858-4cc0-9357-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://ryanbaptistchurch.com/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7818-1184-4e2a-8161-462e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'ryanbaptistchurch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7818-99bc-4f64-9f23-44c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f", "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f", "dst_ref": "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f", "value": "66.36.173.246" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7819-011c-466d-99eb-443c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://sambad.com.np/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7819-8cd0-4731-91df-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'sambad.com.np']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7819-114c-4f1c-bf99-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f", "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f", "dst_ref": "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f", "value": "74.200.89.84" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df7819-2c08-4327-8db7-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://sgtenterprises.com/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781a-1624-4494-abd8-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'sgtenterprises.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781a-6f3c-4d18-9674-4e92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f", "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f", "dst_ref": "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f", "value": "66.36.163.197" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781a-c9e0-4522-a493-4b7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://shamanic-extracts.biz/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781b-aca8-4b3e-98eb-4ef8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'shamanic-extracts.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781b-e178-4f87-8fd1-4ab7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f", "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f", "dst_ref": "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f", "value": "62.212.154.98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781b-4c54-4ae1-b370-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://signlight.com.au/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781b-dbac-4fb2-9816-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[domain-name:value = 'signlight.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781c-6ce4-40ce-b2a3-4696950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f", "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f", "dst_ref": "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f", "value": "203.17.73.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59df781c-1544-4264-8874-4904950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "pattern": "[url:value = 'http://fetchstats.net/p66/cunrb78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781c-ee94-4c90-94c9-4995950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781c-ee94-4c90-94c9-4995950d210f", "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781c-ee94-4c90-94c9-4995950d210f", "dst_ref": "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f", "value": "91.83.88.51" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781c-d420-429e-9c5c-ad07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781c-d420-429e-9c5c-ad07950d210f", "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781c-d420-429e-9c5c-ad07950d210f", "dst_ref": "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f", "value": "46.237.117.193" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781d-e988-48c1-b617-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781d-e988-48c1-b617-216a950d210f", "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781d-e988-48c1-b617-216a950d210f", "dst_ref": "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781d-707c-4eaa-b6f3-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f", "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f", "dst_ref": "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f", "value": "41.57.103.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781d-70bc-4b81-b0d6-1fb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f", "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f", "dst_ref": "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781e-092c-4edc-9ac9-4d35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f", "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f", "dst_ref": "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781e-ab84-4830-8acd-4663950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781e-ab84-4830-8acd-4663950d210f", "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781e-ab84-4830-8acd-4663950d210f", "dst_ref": "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781e-9004-420d-8b3d-4782950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781e-9004-420d-8b3d-4782950d210f", "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781e-9004-420d-8b3d-4782950d210f", "dst_ref": "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781f-7380-411f-9a4a-4ef1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f", "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f", "dst_ref": "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f", "value": "194.87.103.184" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781f-7098-40a2-9e63-a108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781f-7098-40a2-9e63-a108950d210f", "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781f-7098-40a2-9e63-a108950d210f", "dst_ref": "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f", "value": "92.63.102.64" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781f-145c-46bb-9abe-1e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781f-145c-46bb-9abe-1e76950d210f", "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781f-145c-46bb-9abe-1e76950d210f", "dst_ref": "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f", "value": "194.87.238.53" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df781f-019c-40c9-b8eb-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:20.000Z", "modified": "2017-10-12T17:23:20.000Z", "first_observed": "2017-10-12T17:23:20Z", "last_observed": "2017-10-12T17:23:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59df781f-019c-40c9-b8eb-2139950d210f", "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df781f-019c-40c9-b8eb-2139950d210f", "dst_ref": "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f", "value": "92.63.102.159" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7820-b20c-4893-82b0-4f62950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7820-b20c-4893-82b0-4f62950d210f", "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7820-b20c-4893-82b0-4f62950d210f", "dst_ref": "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f", "value": "194.87.232.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7820-3050-4da7-bd92-4032950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7820-3050-4da7-bd92-4032950d210f", "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7820-3050-4da7-bd92-4032950d210f", "dst_ref": "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f", "value": "149.154.69.70" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7820-1550-4564-9499-4098950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7820-1550-4564-9499-4098950d210f", "ipv4-addr--59df7820-1550-4564-9499-4098950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7820-1550-4564-9499-4098950d210f", "dst_ref": "ipv4-addr--59df7820-1550-4564-9499-4098950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7820-1550-4564-9499-4098950d210f", "value": "78.24.223.153" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7821-4380-455d-a94f-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7821-4380-455d-a94f-1eb1950d210f", "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7821-4380-455d-a94f-1eb1950d210f", "dst_ref": "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f", "value": "194.87.92.207" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7821-4768-4f40-8d57-45b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7821-4768-4f40-8d57-45b1950d210f", "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7821-4768-4f40-8d57-45b1950d210f", "dst_ref": "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f", "value": "194.87.94.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "dst_ref": "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f", "value": "195.133.147.238" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7821-5aac-4054-be18-1f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7821-5aac-4054-be18-1f31950d210f", "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7821-5aac-4054-be18-1f31950d210f", "dst_ref": "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f", "value": "62.109.15.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7822-8a38-41a6-899b-1fb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f", "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f", "dst_ref": "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f", "value": "194.87.236.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7822-8558-4795-ab34-4676950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7822-8558-4795-ab34-4676950d210f", "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7822-8558-4795-ab34-4676950d210f", "dst_ref": "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f", "value": "62.109.6.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7822-2228-4f88-830d-484b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7822-2228-4f88-830d-484b950d210f", "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7822-2228-4f88-830d-484b950d210f", "dst_ref": "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f", "value": "149.154.69.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7823-8700-4033-aeb3-a108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7823-8700-4033-aeb3-a108950d210f", "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7823-8700-4033-aeb3-a108950d210f", "dst_ref": "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f", "value": "82.146.47.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7823-ca40-42c4-bc2d-2139950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f", "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f", "dst_ref": "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f", "value": "78.24.216.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7823-23cc-442b-a14e-4687950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7823-23cc-442b-a14e-4687950d210f", "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7823-23cc-442b-a14e-4687950d210f", "dst_ref": "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f", "value": "82.146.56.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7824-9c48-4e73-85d6-4031950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7824-9c48-4e73-85d6-4031950d210f", "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7824-9c48-4e73-85d6-4031950d210f", "dst_ref": "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f", "value": "185.159.131.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7824-2670-4eef-a0f2-1eb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f", "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f", "dst_ref": "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f", "value": "194.87.146.32" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7824-8398-4e2a-82bb-4d1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f", "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f", "dst_ref": "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f", "value": "5.133.179.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7825-22a4-4cfa-af6f-ad07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f", "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f", "dst_ref": "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f", "value": "94.242.224.214" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7825-08d4-4933-bbd2-216a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7825-08d4-4933-bbd2-216a950d210f", "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7825-08d4-4933-bbd2-216a950d210f", "dst_ref": "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f", "value": "194.87.92.242" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7825-8850-4ed4-8782-4615950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7825-8850-4ed4-8782-4615950d210f", "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7825-8850-4ed4-8782-4615950d210f", "dst_ref": "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f", "value": "195.133.146.236" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59df7825-c6cc-4cfd-94e9-4d94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f", "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f", "dst_ref": "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f", "value": "193.124.117.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa509-5b30-4324-b78d-4bd702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "description": "- Xchecked via VT: e3d2e5e74874fd8b59ddef544f7e4851", "pattern": "[file:hashes.SHA256 = '79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa509-2280-4abc-83ff-454302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "description": "- Xchecked via VT: e3d2e5e74874fd8b59ddef544f7e4851", "pattern": "[file:hashes.SHA1 = '494ecc9e139b49312c2ac5dec7b68d0e1bd996c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa509-823c-45e5-8088-484a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "url--59dfa509-823c-45e5-8088-484a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa509-823c-45e5-8088-484a02de0b81", "value": "https://www.virustotal.com/file/79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694/analysis/1507788202/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa509-a5bc-4fab-bfaf-4df902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "description": "- Xchecked via VT: c77d1c0c0ecd0b2f81f2bcf89fb07279", "pattern": "[file:hashes.SHA256 = '1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa509-daa4-4dcb-b5fd-447302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "description": "- Xchecked via VT: c77d1c0c0ecd0b2f81f2bcf89fb07279", "pattern": "[file:hashes.SHA1 = 'be7d13c25052903d150ed07e836e210e298b9995']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:23:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa509-ef84-4b3a-9fa0-4d6502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:23:21.000Z", "modified": "2017-10-12T17:23:21.000Z", "first_observed": "2017-10-12T17:23:21Z", "last_observed": "2017-10-12T17:23:21Z", "number_observed": 1, "object_refs": [ "url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81", "value": "https://www.virustotal.com/file/1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6/analysis/1507820317/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }