{ "type": "bundle", "id": "bundle--59ea09e0-64fc-4b61-b894-4d56950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:32.000Z", "modified": "2017-10-21T11:34:32.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59ea09e0-64fc-4b61-b894-4d56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:32.000Z", "modified": "2017-10-21T11:34:32.000Z", "name": "M2M - Malspam 2017-10-29 \"Scanned image from MX-2600N\"", "context": "suspicious-activity", "object_refs": [ "indicator--59ea09e1-e9b4-498f-9e05-425b950d210f", "indicator--59ea09e1-8a64-425b-999f-48c5950d210f", "indicator--59ea09e1-6ed4-4916-b02f-4b2b950d210f", "indicator--59ea09e1-4038-483e-8ce6-4284950d210f", "indicator--59ea09e2-4978-41f2-bb59-428c950d210f", "indicator--59ea09e2-84ac-4a79-95f9-4a66950d210f", "indicator--59ea09e2-d57c-41bd-a1b8-4f9c950d210f", "indicator--59ea09e2-7924-4778-bfb9-4bae950d210f", "indicator--59ea09e2-18f8-4f62-80b1-4fef950d210f", "indicator--59ea09e2-a414-4ba8-8deb-4ef3950d210f", "indicator--59ea09e3-1ff4-4568-8f02-4551950d210f", "indicator--59ea09e3-2690-4d5c-974b-4483950d210f", "indicator--59ea09e3-fbcc-4e78-a2c7-4701950d210f", "indicator--59ea09e3-7ac8-4cb8-b9ed-4fca950d210f", "indicator--59ea09e3-7758-4d97-925b-4d64950d210f", "indicator--59ea09e3-4688-4d52-a204-4d41950d210f", "indicator--59ea09e4-0398-4f5f-be46-47cb950d210f", "indicator--59ea09e4-b4e8-48b4-92d6-45d8950d210f", "indicator--59ea09e4-a5e0-4228-8009-40ad950d210f", "indicator--59ea09e4-9e64-4446-b9c9-4835950d210f", "indicator--59ea09e4-5c24-41ae-b65e-4926950d210f", "indicator--59ea09e5-fd34-4d47-b6e7-4f32950d210f", "indicator--59ea09e5-3df0-4a34-9286-40bc950d210f", "observed-data--59ea09e6-3668-474b-a623-4596950d210f", "network-traffic--59ea09e6-3668-474b-a623-4596950d210f", "ipv4-addr--59ea09e6-3668-474b-a623-4596950d210f", "indicator--59ea09e6-87d0-4924-ae93-45b4950d210f", "indicator--59ea09e6-761c-4049-a29f-43ea950d210f", "observed-data--59ea09e6-49fc-4457-9cdd-48fd950d210f", "network-traffic--59ea09e6-49fc-4457-9cdd-48fd950d210f", "ipv4-addr--59ea09e6-49fc-4457-9cdd-48fd950d210f", "indicator--59ea09e6-f894-488f-b73a-47ca950d210f", "indicator--59ea09e6-9b90-4c05-b989-4f71950d210f", "observed-data--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "network-traffic--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "ipv4-addr--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "indicator--59ea09e7-a2d0-46e4-a4cc-4a64950d210f", "indicator--59ea09e7-88cc-4edc-afe8-4a02950d210f", "observed-data--59ea09e8-8324-4df7-90e1-4506950d210f", "network-traffic--59ea09e8-8324-4df7-90e1-4506950d210f", "ipv4-addr--59ea09e8-8324-4df7-90e1-4506950d210f", "indicator--59ea09e8-5f84-4eb8-bd3d-4c2c950d210f", "indicator--59ea09e8-1c7c-4678-80d6-4f51950d210f", "observed-data--59ea09e8-0848-466d-b561-46d5950d210f", "network-traffic--59ea09e8-0848-466d-b561-46d5950d210f", "ipv4-addr--59ea09e8-0848-466d-b561-46d5950d210f", "indicator--59ea09e8-6fe0-415e-92be-4e9b950d210f", "indicator--59ea09e8-fb20-4297-993c-44f4950d210f", "observed-data--59ea09e9-62ec-4206-965d-4670950d210f", "network-traffic--59ea09e9-62ec-4206-965d-4670950d210f", "ipv4-addr--59ea09e9-62ec-4206-965d-4670950d210f", "indicator--59ea09e9-735c-49ad-b5df-4ebc950d210f", "indicator--59ea09e9-f314-406d-b25d-4075950d210f", "observed-data--59ea09e9-bd78-4588-874e-4106950d210f", "network-traffic--59ea09e9-bd78-4588-874e-4106950d210f", "ipv4-addr--59ea09e9-bd78-4588-874e-4106950d210f", "indicator--59ea09ea-b610-47b3-bebf-4558950d210f", "indicator--59ea09ea-b308-412b-b3cb-47ec950d210f", "observed-data--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "network-traffic--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "ipv4-addr--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "indicator--59ea09ea-3420-4c2b-91df-4c0e950d210f", "indicator--59ea09ea-1ffc-47fa-a555-4702950d210f", "indicator--59ea0a09-7110-46dc-9c39-4e6f950d210f", "indicator--59ea0a09-d110-4308-899e-4c92950d210f", "observed-data--59ea0a09-817c-4fe7-9efc-4724950d210f", "network-traffic--59ea0a09-817c-4fe7-9efc-4724950d210f", "ipv4-addr--59ea0a09-817c-4fe7-9efc-4724950d210f", "indicator--59ea0a09-6014-47a6-ae8d-4ba6950d210f", "indicator--59ea0a09-e7ec-497a-85fc-470d950d210f", "observed-data--59ea0a0a-2038-4905-bc02-4c41950d210f", "network-traffic--59ea0a0a-2038-4905-bc02-4c41950d210f", "ipv4-addr--59ea0a0a-2038-4905-bc02-4c41950d210f", "indicator--59ea0a0a-37e0-4816-8f7e-40af950d210f", "indicator--59ea0a0a-60f8-44dc-a836-4555950d210f", "observed-data--59ea0a0a-ab64-4571-ab3e-4556950d210f", "network-traffic--59ea0a0a-ab64-4571-ab3e-4556950d210f", "ipv4-addr--59ea0a0a-ab64-4571-ab3e-4556950d210f", "indicator--59ea0a0a-3f24-4b59-ae22-4dde950d210f", "indicator--59ea0a0b-09c0-4a5d-9904-4861950d210f", "observed-data--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "network-traffic--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "ipv4-addr--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "indicator--59ea0a0c-a454-4d13-a553-4102950d210f", "indicator--59ea0a0c-3270-43de-8a01-63a3950d210f", "indicator--59ea0a0c-b830-4087-ab13-4425950d210f", "indicator--59ea0a0c-cde8-4256-b45e-463d950d210f", "indicator--59ea0a0d-f050-48d4-9dfa-4c7b950d210f", "indicator--59ea0a0d-0f84-41e4-a618-4c8c950d210f", "indicator--59ea0a0d-ae38-4449-a683-475e950d210f", "indicator--59ea0a0d-ffa4-4444-970f-409d950d210f", "indicator--59ea0a0e-5774-4075-a796-4246950d210f", "observed-data--59ea0a0e-e2a8-4238-b867-4f25950d210f", "network-traffic--59ea0a0e-e2a8-4238-b867-4f25950d210f", "ipv4-addr--59ea0a0e-e2a8-4238-b867-4f25950d210f", "observed-data--59ea0a0e-f668-4256-82e1-4fa3950d210f", "network-traffic--59ea0a0e-f668-4256-82e1-4fa3950d210f", "ipv4-addr--59ea0a0e-f668-4256-82e1-4fa3950d210f", "observed-data--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "network-traffic--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "ipv4-addr--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "observed-data--59ea0a0f-4b40-441c-85be-457e950d210f", "network-traffic--59ea0a0f-4b40-441c-85be-457e950d210f", "ipv4-addr--59ea0a0f-4b40-441c-85be-457e950d210f", "observed-data--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "network-traffic--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "ipv4-addr--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "observed-data--59ea0a0f-1744-4313-9b16-4919950d210f", "network-traffic--59ea0a0f-1744-4313-9b16-4919950d210f", "ipv4-addr--59ea0a0f-1744-4313-9b16-4919950d210f", "observed-data--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "network-traffic--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "ipv4-addr--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "observed-data--59ea0a10-e7c4-423a-8586-4884950d210f", "network-traffic--59ea0a10-e7c4-423a-8586-4884950d210f", "ipv4-addr--59ea0a10-e7c4-423a-8586-4884950d210f", "observed-data--59ea0a10-1c30-4b46-9b26-43ad950d210f", "network-traffic--59ea0a10-1c30-4b46-9b26-43ad950d210f", "ipv4-addr--59ea0a10-1c30-4b46-9b26-43ad950d210f", "observed-data--59ea0a10-1570-4502-9945-423b950d210f", "network-traffic--59ea0a10-1570-4502-9945-423b950d210f", "ipv4-addr--59ea0a10-1570-4502-9945-423b950d210f", "observed-data--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "network-traffic--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "ipv4-addr--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "observed-data--59ea0a11-fb1c-4317-839d-63a3950d210f", "network-traffic--59ea0a11-fb1c-4317-839d-63a3950d210f", "ipv4-addr--59ea0a11-fb1c-4317-839d-63a3950d210f", "observed-data--59ea0a11-f64c-4e60-93ad-4d71950d210f", "network-traffic--59ea0a11-f64c-4e60-93ad-4d71950d210f", "ipv4-addr--59ea0a11-f64c-4e60-93ad-4d71950d210f", "observed-data--59ea0a11-cab8-418c-a070-4ffa950d210f", "network-traffic--59ea0a11-cab8-418c-a070-4ffa950d210f", "ipv4-addr--59ea0a11-cab8-418c-a070-4ffa950d210f", "observed-data--59ea0a12-c924-44e4-89ce-4445950d210f", "network-traffic--59ea0a12-c924-44e4-89ce-4445950d210f", "ipv4-addr--59ea0a12-c924-44e4-89ce-4445950d210f", "observed-data--59ea0a12-e554-4f29-84a8-45b5950d210f", "network-traffic--59ea0a12-e554-4f29-84a8-45b5950d210f", "ipv4-addr--59ea0a12-e554-4f29-84a8-45b5950d210f", "observed-data--59ea0a12-5dcc-4781-95c0-400a950d210f", "network-traffic--59ea0a12-5dcc-4781-95c0-400a950d210f", "ipv4-addr--59ea0a12-5dcc-4781-95c0-400a950d210f", "observed-data--59ea0a12-9508-4ed9-9b5b-481b950d210f", "network-traffic--59ea0a12-9508-4ed9-9b5b-481b950d210f", "ipv4-addr--59ea0a12-9508-4ed9-9b5b-481b950d210f", "observed-data--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "network-traffic--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "ipv4-addr--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "observed-data--59ea0a13-bb68-4744-89f4-4f84950d210f", "network-traffic--59ea0a13-bb68-4744-89f4-4f84950d210f", "ipv4-addr--59ea0a13-bb68-4744-89f4-4f84950d210f", "observed-data--59ea0a13-102c-46de-9723-4cc5950d210f", "network-traffic--59ea0a13-102c-46de-9723-4cc5950d210f", "ipv4-addr--59ea0a13-102c-46de-9723-4cc5950d210f", "observed-data--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "network-traffic--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "ipv4-addr--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "observed-data--59ea0a14-fb34-4c57-b612-4372950d210f", "network-traffic--59ea0a14-fb34-4c57-b612-4372950d210f", "ipv4-addr--59ea0a14-fb34-4c57-b612-4372950d210f", "observed-data--59ea0a14-6698-4942-9567-63a3950d210f", "network-traffic--59ea0a14-6698-4942-9567-63a3950d210f", "ipv4-addr--59ea0a14-6698-4942-9567-63a3950d210f", "observed-data--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "network-traffic--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "ipv4-addr--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "observed-data--59ea0a15-d30c-43cc-99f2-43b2950d210f", "network-traffic--59ea0a15-d30c-43cc-99f2-43b2950d210f", "ipv4-addr--59ea0a15-d30c-43cc-99f2-43b2950d210f", "observed-data--59ea0a15-9734-4517-b5df-4b94950d210f", "network-traffic--59ea0a15-9734-4517-b5df-4b94950d210f", "ipv4-addr--59ea0a15-9734-4517-b5df-4b94950d210f", "observed-data--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "network-traffic--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "ipv4-addr--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "observed-data--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "network-traffic--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "ipv4-addr--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "observed-data--59ea0a16-62d4-4620-86d9-42a2950d210f", "network-traffic--59ea0a16-62d4-4620-86d9-42a2950d210f", "ipv4-addr--59ea0a16-62d4-4620-86d9-42a2950d210f", "observed-data--59ea0a16-e20c-42ad-827f-408b950d210f", "network-traffic--59ea0a16-e20c-42ad-827f-408b950d210f", "ipv4-addr--59ea0a16-e20c-42ad-827f-408b950d210f", "observed-data--59ea0a16-f97c-4223-8413-44bc950d210f", "network-traffic--59ea0a16-f97c-4223-8413-44bc950d210f", "ipv4-addr--59ea0a16-f97c-4223-8413-44bc950d210f", "observed-data--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "network-traffic--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "ipv4-addr--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "observed-data--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "network-traffic--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "ipv4-addr--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "observed-data--59ea0a17-5780-4212-8a26-4995950d210f", "network-traffic--59ea0a17-5780-4212-8a26-4995950d210f", "ipv4-addr--59ea0a17-5780-4212-8a26-4995950d210f", "observed-data--59ea0a17-d700-4c1b-aec1-485a950d210f", "network-traffic--59ea0a17-d700-4c1b-aec1-485a950d210f", "ipv4-addr--59ea0a17-d700-4c1b-aec1-485a950d210f", "observed-data--59ea0a17-5f40-49eb-b97e-48a5950d210f", "network-traffic--59ea0a17-5f40-49eb-b97e-48a5950d210f", "ipv4-addr--59ea0a17-5f40-49eb-b97e-48a5950d210f", "observed-data--59eb30b9-d770-4715-a934-455802de0b81", "url--59eb30b9-d770-4715-a934-455802de0b81", "observed-data--59eb30b9-e928-4ee1-b618-4e3a02de0b81", "url--59eb30b9-e928-4ee1-b618-4e3a02de0b81", "observed-data--59eb30b9-4ba8-4c9c-b267-411f02de0b81", "url--59eb30b9-4ba8-4c9c-b267-411f02de0b81", "observed-data--59eb30b9-d570-4934-b92f-438702de0b81", "url--59eb30b9-d570-4934-b92f-438702de0b81", "observed-data--59eb30b9-55fc-4465-a9cc-4d4902de0b81", "url--59eb30b9-55fc-4465-a9cc-4d4902de0b81", "observed-data--59eb30b9-6db0-40fe-a901-43eb02de0b81", "url--59eb30b9-6db0-40fe-a901-43eb02de0b81", "indicator--59eb30b9-a600-4e52-b301-41be02de0b81", "indicator--59eb30b9-4aac-4d01-8649-458c02de0b81", "observed-data--59eb30b9-5b2c-40d9-b0d3-4d0d02de0b81", "url--59eb30b9-5b2c-40d9-b0d3-4d0d02de0b81", "indicator--59eb30b9-2044-4ad7-86f6-4c2402de0b81", "indicator--59eb30b9-c884-471b-910f-474b02de0b81", "observed-data--59eb30b9-2f88-480c-a78b-45c402de0b81", "url--59eb30b9-2f88-480c-a78b-45c402de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e1-e9b4-498f-9e05-425b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:14.000Z", "modified": "2017-10-21T11:34:14.000Z", "pattern": "[file:hashes.MD5 = 'a7cc2d883dd2eba6dde1f526856449ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e1-8a64-425b-999f-48c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:14.000Z", "modified": "2017-10-21T11:34:14.000Z", "pattern": "[file:hashes.MD5 = 'd328f779528bd13cba8e7a39743efb82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e1-6ed4-4916-b02f-4b2b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = '8b5ab8c3251098f03a75b43fbf337b0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e1-4038-483e-8ce6-4284950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = '0727ff95d43cd793fa776c890aaeb6ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-4978-41f2-bb59-428c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = 'b5fca7066a107891b340d5c42745ae3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-84ac-4a79-95f9-4a66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = 'a6c6ce5515f5d3dea377a80d93725ed4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-d57c-41bd-a1b8-4f9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = '39a2da32fe2f60eece0d603b769babca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-7924-4778-bfb9-4bae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = '824749589c10f639307ce901eaeabe32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-18f8-4f62-80b1-4fef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.MD5 = '34c909767313eadd88b2915eee749564']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e2-a414-4ba8-8deb-4ef3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = '34079607f3cb15afd04cfc35f719df38f1996f9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-1ff4-4568-8f02-4551950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = '62d402c95c4d54c4cb7d394cf601ca31efcd9dd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-2690-4d5c-974b-4483950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = 'a6c75c53a6fe56deb88bc7ae503da6fe97fef237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-fbcc-4e78-a2c7-4701950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = 'e5f426e53f0bd5cc303162a34188a381144386d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-7ac8-4cb8-b9ed-4fca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = '6496909d8b86c5a969701983a64bf46a009ccbed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-7758-4d97-925b-4d64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA1 = 'c3e258a8cfaeb273796f8c17324a8aae41658872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e3-4688-4d52-a204-4d41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = '5623b81db50cf778713612e599b7efe8173dd50246182ec63f02de0fbabdbd3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e4-0398-4f5f-be46-47cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = '5d97db906fd9d67258665d16fe8d2ca91551d1067383b34bf9fd203b07bda824']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e4-b4e8-48b4-92d6-45d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = '8c17c8c6f8f7c9da5c3c59d9a26d5180875e1868da3abf50f9e41829beb44a1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e4-a5e0-4228-8009-40ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = '8dd0a60c9269f760a20bbcac9fb25f2e7081efb3673f04d22671986a51fa611b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e4-9e64-4446-b9c9-4835950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = '78c52d357b5859bb38920548da34454ae34f140750a54a7b2d52bf0c2e9fe437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e4-5c24-41ae-b65e-4926950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[file:hashes.SHA256 = 'fe25eec3aa7465b78c38c9a0e62efc1764a3eb6619f34344a214222b86e86b50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e5-fd34-4d47-b6e7-4f32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://sene-gal.de/cijweh78fDFA']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e5-3df0-4a34-9286-40bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'sene-gal.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e6-3668-474b-a623-4596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e6-3668-474b-a623-4596950d210f", "ipv4-addr--59ea09e6-3668-474b-a623-4596950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e6-3668-474b-a623-4596950d210f", "dst_ref": "ipv4-addr--59ea09e6-3668-474b-a623-4596950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e6-3668-474b-a623-4596950d210f", "value": "87.106.208.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e6-87d0-4924-ae93-45b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://servnet24.de/cijweh78fDFA']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e6-761c-4049-a29f-43ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'servnet24.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e6-49fc-4457-9cdd-48fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e6-49fc-4457-9cdd-48fd950d210f", "ipv4-addr--59ea09e6-49fc-4457-9cdd-48fd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e6-49fc-4457-9cdd-48fd950d210f", "dst_ref": "ipv4-addr--59ea09e6-49fc-4457-9cdd-48fd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e6-49fc-4457-9cdd-48fd950d210f", "value": "193.24.208.164" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e6-f894-488f-b73a-47ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://sieglind-kraemer.de/cijweh78fDFA']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e6-9b90-4c05-b989-4f71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'sieglind-kraemer.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "ipv4-addr--59ea09e7-11ec-4b2a-b3e0-4144950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "dst_ref": "ipv4-addr--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e7-11ec-4b2a-b3e0-4144950d210f", "value": "144.76.163.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e7-a2d0-46e4-a4cc-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://silverseaeyecentre.com/cijweh78fDFA']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e7-88cc-4edc-afe8-4a02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'silverseaeyecentre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e8-8324-4df7-90e1-4506950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e8-8324-4df7-90e1-4506950d210f", "ipv4-addr--59ea09e8-8324-4df7-90e1-4506950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e8-8324-4df7-90e1-4506950d210f", "dst_ref": "ipv4-addr--59ea09e8-8324-4df7-90e1-4506950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e8-8324-4df7-90e1-4506950d210f", "value": "175.45.22.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e8-5f84-4eb8-bd3d-4c2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://scheerstudio.be/hjfdstf672']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e8-1c7c-4678-80d6-4f51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'scheerstudio.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e8-0848-466d-b561-46d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e8-0848-466d-b561-46d5950d210f", "ipv4-addr--59ea09e8-0848-466d-b561-46d5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e8-0848-466d-b561-46d5950d210f", "dst_ref": "ipv4-addr--59ea09e8-0848-466d-b561-46d5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e8-0848-466d-b561-46d5950d210f", "value": "188.93.153.181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e8-6fe0-415e-92be-4e9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://rosiautosuli.hu/hjfdstf672']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e8-fb20-4297-993c-44f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'rosiautosuli.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e9-62ec-4206-965d-4670950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e9-62ec-4206-965d-4670950d210f", "ipv4-addr--59ea09e9-62ec-4206-965d-4670950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e9-62ec-4206-965d-4670950d210f", "dst_ref": "ipv4-addr--59ea09e9-62ec-4206-965d-4670950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e9-62ec-4206-965d-4670950d210f", "value": "87.229.45.38" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e9-735c-49ad-b5df-4ebc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://rakkertje.org/hjfdstf672']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09e9-f314-406d-b25d-4075950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'rakkertje.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09e9-bd78-4588-874e-4106950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09e9-bd78-4588-874e-4106950d210f", "ipv4-addr--59ea09e9-bd78-4588-874e-4106950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09e9-bd78-4588-874e-4106950d210f", "dst_ref": "ipv4-addr--59ea09e9-bd78-4588-874e-4106950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09e9-bd78-4588-874e-4106950d210f", "value": "144.76.149.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09ea-b610-47b3-bebf-4558950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://rlamsa.com/hjfdstf672']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09ea-b308-412b-b3cb-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'rlamsa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "ipv4-addr--59ea09ea-2978-4a5b-bbf6-4f27950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "dst_ref": "ipv4-addr--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea09ea-2978-4a5b-bbf6-4f27950d210f", "value": "212.94.80.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09ea-3420-4c2b-91df-4c0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://gdiscoun.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea09ea-1ffc-47fa-a555-4702950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'gdiscoun.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a09-7110-46dc-9c39-4e6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://sowaferber.de/udihc64GDS.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a09-d110-4308-899e-4c92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'sowaferber.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a09-817c-4fe7-9efc-4724950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "first_observed": "2017-10-21T11:34:15Z", "last_observed": "2017-10-21T11:34:15Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a09-817c-4fe7-9efc-4724950d210f", "ipv4-addr--59ea0a09-817c-4fe7-9efc-4724950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a09-817c-4fe7-9efc-4724950d210f", "dst_ref": "ipv4-addr--59ea0a09-817c-4fe7-9efc-4724950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a09-817c-4fe7-9efc-4724950d210f", "value": "85.214.142.197" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a09-6014-47a6-ae8d-4ba6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[url:value = 'http://talleresroberto.com/p.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a09-e7ec-497a-85fc-470d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:15.000Z", "modified": "2017-10-21T11:34:15.000Z", "pattern": "[domain-name:value = 'talleresroberto.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0a-2038-4905-bc02-4c41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0a-2038-4905-bc02-4c41950d210f", "ipv4-addr--59ea0a0a-2038-4905-bc02-4c41950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0a-2038-4905-bc02-4c41950d210f", "dst_ref": "ipv4-addr--59ea0a0a-2038-4905-bc02-4c41950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0a-2038-4905-bc02-4c41950d210f", "value": "5.57.224.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0a-37e0-4816-8f7e-40af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://www3.vlaanderen.be/AF3dHd3.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0a-60f8-44dc-a836-4555950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[domain-name:value = 'www3.vlaanderen.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0a-ab64-4571-ab3e-4556950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0a-ab64-4571-ab3e-4556950d210f", "ipv4-addr--59ea0a0a-ab64-4571-ab3e-4556950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0a-ab64-4571-ab3e-4556950d210f", "dst_ref": "ipv4-addr--59ea0a0a-ab64-4571-ab3e-4556950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0a-ab64-4571-ab3e-4556950d210f", "value": "195.130.154.112" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0a-3f24-4b59-ae22-4dde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://rennehecone.info/u399466524/Yug764.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0b-09c0-4a5d-9904-4861950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[domain-name:value = 'rennehecone.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "ipv4-addr--59ea0a0c-13c0-482b-8cd0-4f2b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "dst_ref": "ipv4-addr--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0c-13c0-482b-8cd0-4f2b950d210f", "value": "163.172.153.154" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0c-a454-4d13-a553-4102950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://sieglind-kraemer']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0c-3270-43de-8a01-63a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://servnet24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0c-b830-4087-ab13-4425950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://silverseaeyecentre']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0c-cde8-4256-b45e-463d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://sene-gal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0d-f050-48d4-9dfa-4c7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://scheerstudio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0d-0f84-41e4-a618-4c8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://rosiautosuli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0d-ae38-4449-a683-475e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://rakkertje']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0d-ffa4-4444-970f-409d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://rlamsa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ea0a0e-5774-4075-a796-4246950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "pattern": "[url:value = 'http://schlaefereit']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0e-e2a8-4238-b867-4f25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0e-e2a8-4238-b867-4f25950d210f", "ipv4-addr--59ea0a0e-e2a8-4238-b867-4f25950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0e-e2a8-4238-b867-4f25950d210f", "dst_ref": "ipv4-addr--59ea0a0e-e2a8-4238-b867-4f25950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0e-e2a8-4238-b867-4f25950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0e-f668-4256-82e1-4fa3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0e-f668-4256-82e1-4fa3950d210f", "ipv4-addr--59ea0a0e-f668-4256-82e1-4fa3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0e-f668-4256-82e1-4fa3950d210f", "dst_ref": "ipv4-addr--59ea0a0e-f668-4256-82e1-4fa3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0e-f668-4256-82e1-4fa3950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "ipv4-addr--59ea0a0e-af30-4fda-bc5b-43a8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "dst_ref": "ipv4-addr--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0e-af30-4fda-bc5b-43a8950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0f-4b40-441c-85be-457e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0f-4b40-441c-85be-457e950d210f", "ipv4-addr--59ea0a0f-4b40-441c-85be-457e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0f-4b40-441c-85be-457e950d210f", "dst_ref": "ipv4-addr--59ea0a0f-4b40-441c-85be-457e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0f-4b40-441c-85be-457e950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "ipv4-addr--59ea0a0f-5fe4-48e4-a546-4f58950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "dst_ref": "ipv4-addr--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0f-5fe4-48e4-a546-4f58950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a0f-1744-4313-9b16-4919950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a0f-1744-4313-9b16-4919950d210f", "ipv4-addr--59ea0a0f-1744-4313-9b16-4919950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a0f-1744-4313-9b16-4919950d210f", "dst_ref": "ipv4-addr--59ea0a0f-1744-4313-9b16-4919950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a0f-1744-4313-9b16-4919950d210f", "value": "156.17.92.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "ipv4-addr--59ea0a10-dbf4-4e22-a449-4fe2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "dst_ref": "ipv4-addr--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a10-dbf4-4e22-a449-4fe2950d210f", "value": "86.80.209.49" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a10-e7c4-423a-8586-4884950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a10-e7c4-423a-8586-4884950d210f", "ipv4-addr--59ea0a10-e7c4-423a-8586-4884950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a10-e7c4-423a-8586-4884950d210f", "dst_ref": "ipv4-addr--59ea0a10-e7c4-423a-8586-4884950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a10-e7c4-423a-8586-4884950d210f", "value": "46.20.56.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a10-1c30-4b46-9b26-43ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a10-1c30-4b46-9b26-43ad950d210f", "ipv4-addr--59ea0a10-1c30-4b46-9b26-43ad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a10-1c30-4b46-9b26-43ad950d210f", "dst_ref": "ipv4-addr--59ea0a10-1c30-4b46-9b26-43ad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a10-1c30-4b46-9b26-43ad950d210f", "value": "62.87.151.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a10-1570-4502-9945-423b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a10-1570-4502-9945-423b950d210f", "ipv4-addr--59ea0a10-1570-4502-9945-423b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a10-1570-4502-9945-423b950d210f", "dst_ref": "ipv4-addr--59ea0a10-1570-4502-9945-423b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a10-1570-4502-9945-423b950d210f", "value": "188.137.86.7" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "ipv4-addr--59ea0a11-56d4-4df9-8f6e-4b09950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "dst_ref": "ipv4-addr--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a11-56d4-4df9-8f6e-4b09950d210f", "value": "178.254.183.34" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a11-fb1c-4317-839d-63a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a11-fb1c-4317-839d-63a3950d210f", "ipv4-addr--59ea0a11-fb1c-4317-839d-63a3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a11-fb1c-4317-839d-63a3950d210f", "dst_ref": "ipv4-addr--59ea0a11-fb1c-4317-839d-63a3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a11-fb1c-4317-839d-63a3950d210f", "value": "178.254.183.13" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a11-f64c-4e60-93ad-4d71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a11-f64c-4e60-93ad-4d71950d210f", "ipv4-addr--59ea0a11-f64c-4e60-93ad-4d71950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a11-f64c-4e60-93ad-4d71950d210f", "dst_ref": "ipv4-addr--59ea0a11-f64c-4e60-93ad-4d71950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a11-f64c-4e60-93ad-4d71950d210f", "value": "176.111.24.4" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a11-cab8-418c-a070-4ffa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a11-cab8-418c-a070-4ffa950d210f", "ipv4-addr--59ea0a11-cab8-418c-a070-4ffa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a11-cab8-418c-a070-4ffa950d210f", "dst_ref": "ipv4-addr--59ea0a11-cab8-418c-a070-4ffa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a11-cab8-418c-a070-4ffa950d210f", "value": "178.217.117.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a12-c924-44e4-89ce-4445950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a12-c924-44e4-89ce-4445950d210f", "ipv4-addr--59ea0a12-c924-44e4-89ce-4445950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a12-c924-44e4-89ce-4445950d210f", "dst_ref": "ipv4-addr--59ea0a12-c924-44e4-89ce-4445950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a12-c924-44e4-89ce-4445950d210f", "value": "178.217.119.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a12-e554-4f29-84a8-45b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a12-e554-4f29-84a8-45b5950d210f", "ipv4-addr--59ea0a12-e554-4f29-84a8-45b5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a12-e554-4f29-84a8-45b5950d210f", "dst_ref": "ipv4-addr--59ea0a12-e554-4f29-84a8-45b5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a12-e554-4f29-84a8-45b5950d210f", "value": "78.24.219.105" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a12-5dcc-4781-95c0-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a12-5dcc-4781-95c0-400a950d210f", "ipv4-addr--59ea0a12-5dcc-4781-95c0-400a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a12-5dcc-4781-95c0-400a950d210f", "dst_ref": "ipv4-addr--59ea0a12-5dcc-4781-95c0-400a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a12-5dcc-4781-95c0-400a950d210f", "value": "92.63.105.129" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a12-9508-4ed9-9b5b-481b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a12-9508-4ed9-9b5b-481b950d210f", "ipv4-addr--59ea0a12-9508-4ed9-9b5b-481b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a12-9508-4ed9-9b5b-481b950d210f", "dst_ref": "ipv4-addr--59ea0a12-9508-4ed9-9b5b-481b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a12-9508-4ed9-9b5b-481b950d210f", "value": "62.109.30.9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "ipv4-addr--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "dst_ref": "ipv4-addr--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a13-e8e4-4d3d-a2b1-45c9950d210f", "value": "82.146.44.189" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a13-bb68-4744-89f4-4f84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a13-bb68-4744-89f4-4f84950d210f", "ipv4-addr--59ea0a13-bb68-4744-89f4-4f84950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a13-bb68-4744-89f4-4f84950d210f", "dst_ref": "ipv4-addr--59ea0a13-bb68-4744-89f4-4f84950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a13-bb68-4744-89f4-4f84950d210f", "value": "82.146.60.211" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a13-102c-46de-9723-4cc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a13-102c-46de-9723-4cc5950d210f", "ipv4-addr--59ea0a13-102c-46de-9723-4cc5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a13-102c-46de-9723-4cc5950d210f", "dst_ref": "ipv4-addr--59ea0a13-102c-46de-9723-4cc5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a13-102c-46de-9723-4cc5950d210f", "value": "194.87.238.205" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "ipv4-addr--59ea0a13-4e2c-4462-8ec8-48bb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "dst_ref": "ipv4-addr--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a13-4e2c-4462-8ec8-48bb950d210f", "value": "195.133.49.20" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a14-fb34-4c57-b612-4372950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a14-fb34-4c57-b612-4372950d210f", "ipv4-addr--59ea0a14-fb34-4c57-b612-4372950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a14-fb34-4c57-b612-4372950d210f", "dst_ref": "ipv4-addr--59ea0a14-fb34-4c57-b612-4372950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a14-fb34-4c57-b612-4372950d210f", "value": "46.17.40.97" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a14-6698-4942-9567-63a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a14-6698-4942-9567-63a3950d210f", "ipv4-addr--59ea0a14-6698-4942-9567-63a3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a14-6698-4942-9567-63a3950d210f", "dst_ref": "ipv4-addr--59ea0a14-6698-4942-9567-63a3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a14-6698-4942-9567-63a3950d210f", "value": "141.255.167.112" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "ipv4-addr--59ea0a14-cfd4-4148-ba5d-4daf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "dst_ref": "ipv4-addr--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a14-cfd4-4148-ba5d-4daf950d210f", "value": "194.87.92.6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a15-d30c-43cc-99f2-43b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a15-d30c-43cc-99f2-43b2950d210f", "ipv4-addr--59ea0a15-d30c-43cc-99f2-43b2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a15-d30c-43cc-99f2-43b2950d210f", "dst_ref": "ipv4-addr--59ea0a15-d30c-43cc-99f2-43b2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a15-d30c-43cc-99f2-43b2950d210f", "value": "62.109.30.96" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a15-9734-4517-b5df-4b94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:16.000Z", "modified": "2017-10-21T11:34:16.000Z", "first_observed": "2017-10-21T11:34:16Z", "last_observed": "2017-10-21T11:34:16Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a15-9734-4517-b5df-4b94950d210f", "ipv4-addr--59ea0a15-9734-4517-b5df-4b94950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a15-9734-4517-b5df-4b94950d210f", "dst_ref": "ipv4-addr--59ea0a15-9734-4517-b5df-4b94950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a15-9734-4517-b5df-4b94950d210f", "value": "194.87.146.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "ipv4-addr--59ea0a15-b9a0-4dbd-ab11-464b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "dst_ref": "ipv4-addr--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a15-b9a0-4dbd-ab11-464b950d210f", "value": "62.109.4.137" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "ipv4-addr--59ea0a15-3018-4f8d-b29b-4aa7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "dst_ref": "ipv4-addr--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a15-3018-4f8d-b29b-4aa7950d210f", "value": "194.87.239.60" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a16-62d4-4620-86d9-42a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a16-62d4-4620-86d9-42a2950d210f", "ipv4-addr--59ea0a16-62d4-4620-86d9-42a2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a16-62d4-4620-86d9-42a2950d210f", "dst_ref": "ipv4-addr--59ea0a16-62d4-4620-86d9-42a2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a16-62d4-4620-86d9-42a2950d210f", "value": "185.125.46.88" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a16-e20c-42ad-827f-408b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a16-e20c-42ad-827f-408b950d210f", "ipv4-addr--59ea0a16-e20c-42ad-827f-408b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a16-e20c-42ad-827f-408b950d210f", "dst_ref": "ipv4-addr--59ea0a16-e20c-42ad-827f-408b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a16-e20c-42ad-827f-408b950d210f", "value": "5.101.78.97" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a16-f97c-4223-8413-44bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a16-f97c-4223-8413-44bc950d210f", "ipv4-addr--59ea0a16-f97c-4223-8413-44bc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a16-f97c-4223-8413-44bc950d210f", "dst_ref": "ipv4-addr--59ea0a16-f97c-4223-8413-44bc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a16-f97c-4223-8413-44bc950d210f", "value": "185.12.94.101" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "ipv4-addr--59ea0a16-a8d8-4aae-9ef1-452c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "dst_ref": "ipv4-addr--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a16-a8d8-4aae-9ef1-452c950d210f", "value": "193.19.119.190" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "ipv4-addr--59ea0a17-c1bc-4021-b1ba-63a3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "dst_ref": "ipv4-addr--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a17-c1bc-4021-b1ba-63a3950d210f", "value": "179.43.147.232" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a17-5780-4212-8a26-4995950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a17-5780-4212-8a26-4995950d210f", "ipv4-addr--59ea0a17-5780-4212-8a26-4995950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a17-5780-4212-8a26-4995950d210f", "dst_ref": "ipv4-addr--59ea0a17-5780-4212-8a26-4995950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a17-5780-4212-8a26-4995950d210f", "value": "195.133.197.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a17-d700-4c1b-aec1-485a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a17-d700-4c1b-aec1-485a950d210f", "ipv4-addr--59ea0a17-d700-4c1b-aec1-485a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a17-d700-4c1b-aec1-485a950d210f", "dst_ref": "ipv4-addr--59ea0a17-d700-4c1b-aec1-485a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a17-d700-4c1b-aec1-485a950d210f", "value": "188.227.17.104" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ea0a17-5f40-49eb-b97e-48a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59ea0a17-5f40-49eb-b97e-48a5950d210f", "ipv4-addr--59ea0a17-5f40-49eb-b97e-48a5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ea0a17-5f40-49eb-b97e-48a5950d210f", "dst_ref": "ipv4-addr--59ea0a17-5f40-49eb-b97e-48a5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ea0a17-5f40-49eb-b97e-48a5950d210f", "value": "194.87.111.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-d770-4715-a934-455802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-d770-4715-a934-455802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-d770-4715-a934-455802de0b81", "value": "https://www.virustotal.com/file/fe25eec3aa7465b78c38c9a0e62efc1764a3eb6619f34344a214222b86e86b50/analysis/1508561530/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-e928-4ee1-b618-4e3a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-e928-4ee1-b618-4e3a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-e928-4ee1-b618-4e3a02de0b81", "value": "https://www.virustotal.com/file/78c52d357b5859bb38920548da34454ae34f140750a54a7b2d52bf0c2e9fe437/analysis/1508561701/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-4ba8-4c9c-b267-411f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-4ba8-4c9c-b267-411f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-4ba8-4c9c-b267-411f02de0b81", "value": "https://www.virustotal.com/file/8dd0a60c9269f760a20bbcac9fb25f2e7081efb3673f04d22671986a51fa611b/analysis/1508571466/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-d570-4934-b92f-438702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-d570-4934-b92f-438702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-d570-4934-b92f-438702de0b81", "value": "https://www.virustotal.com/file/8c17c8c6f8f7c9da5c3c59d9a26d5180875e1868da3abf50f9e41829beb44a1b/analysis/1508514921/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-55fc-4465-a9cc-4d4902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-55fc-4465-a9cc-4d4902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-55fc-4465-a9cc-4d4902de0b81", "value": "https://www.virustotal.com/file/5d97db906fd9d67258665d16fe8d2ca91551d1067383b34bf9fd203b07bda824/analysis/1508564997/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-6db0-40fe-a901-43eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-6db0-40fe-a901-43eb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-6db0-40fe-a901-43eb02de0b81", "value": "https://www.virustotal.com/file/5623b81db50cf778713612e599b7efe8173dd50246182ec63f02de0fbabdbd3d/analysis/1508528198/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59eb30b9-a600-4e52-b301-41be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "description": "- Xchecked via VT: d328f779528bd13cba8e7a39743efb82", "pattern": "[file:hashes.SHA256 = 'a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59eb30b9-4aac-4d01-8649-458c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "description": "- Xchecked via VT: d328f779528bd13cba8e7a39743efb82", "pattern": "[file:hashes.SHA1 = '19aa3805d48935e8f03ba0862dab676230fdffe1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-5b2c-40d9-b0d3-4d0d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-5b2c-40d9-b0d3-4d0d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-5b2c-40d9-b0d3-4d0d02de0b81", "value": "https://www.virustotal.com/file/a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb/analysis/1508522819/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59eb30b9-2044-4ad7-86f6-4c2402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "description": "- Xchecked via VT: a7cc2d883dd2eba6dde1f526856449ba", "pattern": "[file:hashes.SHA256 = '8e618e71697a748934c4b7df2c90741a3653bddd93cb9dd418c138f7efefc6b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59eb30b9-c884-471b-910f-474b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "description": "- Xchecked via VT: a7cc2d883dd2eba6dde1f526856449ba", "pattern": "[file:hashes.SHA1 = '593dfd7826eb609666524bd3877be83a65520e30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-21T11:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59eb30b9-2f88-480c-a78b-45c402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-21T11:34:17.000Z", "modified": "2017-10-21T11:34:17.000Z", "first_observed": "2017-10-21T11:34:17Z", "last_observed": "2017-10-21T11:34:17Z", "number_observed": 1, "object_refs": [ "url--59eb30b9-2f88-480c-a78b-45c402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59eb30b9-2f88-480c-a78b-45c402de0b81", "value": "https://www.virustotal.com/file/8e618e71697a748934c4b7df2c90741a3653bddd93cb9dd418c138f7efefc6b7/analysis/1508515140/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }