{ "type": "bundle", "id": "bundle--5a044fae-c0b0-45d4-8f7e-75a9950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:37.000Z", "modified": "2017-11-09T20:30:37.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a044fae-c0b0-45d4-8f7e-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:37.000Z", "modified": "2017-11-09T20:30:37.000Z", "name": "M2M - Locky Affid=3, \".asasin\" 2017-11-01 : \"Emailing: AZ123 - 01.11.2017\" - \"AZ123 - 01.11.2017.doc\"", "published": "2017-11-09T20:56:07Z", "object_refs": [ "indicator--5a044faf-1740-49d9-81ba-cdab950d210f", "indicator--5a044faf-54f4-4491-b99f-4123950d210f", "indicator--5a044fb0-a288-45d1-9725-991b950d210f", "indicator--5a044fb0-a498-4bd8-ab13-425d950d210f", "observed-data--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "indicator--5a044fb1-d70c-44bb-9573-4169950d210f", "indicator--5a044fb1-09f4-4c61-a3a5-4d5e950d210f", "observed-data--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "indicator--5a044fb1-2d68-4677-ac89-cda3950d210f", "indicator--5a044fb1-4278-4910-a2ee-cd7d950d210f", "observed-data--5a044fb2-8a28-4317-8b1e-cd35950d210f", "network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f", "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f", "indicator--5a044fb2-9178-468b-a6f4-717b950d210f", "indicator--5a044fb2-6970-4667-be0d-4a7f950d210f", "observed-data--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "indicator--5a044fb3-c344-4a32-aff8-cd7d950d210f", "indicator--5a044fb3-5620-4538-9949-cdab950d210f", "observed-data--5a044fb3-11f0-49a0-a962-4886950d210f", "network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f", "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f", "indicator--5a044fb3-4aac-4822-bfe8-49a1950d210f", "indicator--5a044fb4-924c-4f29-93e8-991b950d210f", "observed-data--5a044fb4-3848-41bf-96bd-474a950d210f", "network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f", "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f", "indicator--5a044fb4-9cf8-4fdd-8f52-cd7d950d210f", "indicator--5a044fb4-34a0-41e8-af8b-43c0950d210f", "observed-data--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "indicator--5a044fb5-fd40-4d1c-8fd5-991b950d210f", "indicator--5a044fb5-9624-413b-a55f-41ad950d210f", "observed-data--5a044fb5-442c-4309-8df0-cdb1950d210f", "network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f", "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f", "indicator--5a044fb5-80fc-4cd0-acfc-43f5950d210f", "indicator--5a044fb6-de14-4a74-9cf2-4f68950d210f", "observed-data--5a044fb6-6590-4067-98e9-4ddc950d210f", "network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f", "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f", "indicator--5a044fb6-66cc-4a89-91a8-cda3950d210f", "indicator--5a044fb6-a04c-46df-a166-4317950d210f", "observed-data--5a044fb7-64e4-4314-acfc-4ef0950d210f", "network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f", "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f", "indicator--5a044fb7-d03c-44af-a1b3-4316950d210f", "indicator--5a044fb7-6770-46e6-9bcb-4b36950d210f", "observed-data--5a044fb7-2d3c-446d-b59a-cda3950d210f", "network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f", "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f", "indicator--5a044fb7-090c-4132-a448-cd7d950d210f", "indicator--5a044fb8-e9d8-4d64-87a0-cdab950d210f", "observed-data--5a044fb8-ab5c-4761-956c-75a9950d210f", "network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f", "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f", "indicator--5a044fb8-21b4-4f97-9b23-cc6f950d210f", "indicator--5a044fb8-1790-4307-81a4-4e67950d210f", "indicator--5a044fd7-53f0-4220-b8fe-cdb4950d210f", "indicator--5a04bae8-5cd8-4824-810c-4ab102de0b81", "indicator--5a04bae8-1fb0-4d87-a54a-4b0e02de0b81", "observed-data--5a04bae8-a9f8-4bc1-88b2-409d02de0b81", "url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81", "indicator--5a04bae9-e030-4c7e-a163-447602de0b81", "indicator--5a04bae9-48e8-4cb5-8358-4b6902de0b81", "observed-data--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81", "url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044faf-1740-49d9-81ba-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:31.000Z", "modified": "2017-11-09T20:30:31.000Z", "pattern": "[file:hashes.MD5 = '9280a952e5ff85d8f67bf71f590d00ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044faf-54f4-4491-b99f-4123950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:31.000Z", "modified": "2017-11-09T20:30:31.000Z", "pattern": "[file:hashes.MD5 = '081940b655e22f06ba067fd09467b215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb0-a288-45d1-9725-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:31.000Z", "modified": "2017-11-09T20:30:31.000Z", "pattern": "[url:value = 'http://apply.pam-innovation.com/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb0-a498-4bd8-ab13-425d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:31.000Z", "modified": "2017-11-09T20:30:31.000Z", "pattern": "[domain-name:value = 'apply.pam-innovation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:31.000Z", "modified": "2017-11-09T20:30:31.000Z", "first_observed": "2017-11-09T20:30:31Z", "last_observed": "2017-11-09T20:30:31Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "dst_ref": "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f", "value": "202.129.207.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb1-d70c-44bb-9573-4169950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://ist-profy.ru/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb1-09f4-4c61-a3a5-4d5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'ist-profy.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "dst_ref": "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f", "value": "90.156.144.159" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb1-2d68-4677-ac89-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://localesynavesalquiler.com/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb1-4278-4910-a2ee-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'localesynavesalquiler.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb2-8a28-4317-8b1e-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f", "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f", "dst_ref": "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f", "value": "91.142.213.150" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb2-9178-468b-a6f4-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://lopezfranco.com/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb2-6970-4667-be0d-4a7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'lopezfranco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "dst_ref": "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f", "value": "89.140.72.153" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb3-c344-4a32-aff8-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://spooner-motorsport.com/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb3-5620-4538-9949-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'spooner-motorsport.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb3-11f0-49a0-a962-4886950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f", "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f", "dst_ref": "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f", "value": "77.72.150.42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb3-4aac-4822-bfe8-49a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://zahntechnik-imlau.de/djhvg3674f343']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb4-924c-4f29-93e8-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'zahntechnik-imlau.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb4-3848-41bf-96bd-474a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f", "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f", "dst_ref": "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f", "value": "185.138.24.185" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb4-9cf8-4fdd-8f52-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://dvprojekt.hr/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb4-34a0-41e8-af8b-43c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'dvprojekt.hr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "dst_ref": "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f", "value": "213.202.100.90" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb5-fd40-4d1c-8fd5-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://fuettern24.de/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb5-9624-413b-a55f-41ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'fuettern24.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb5-442c-4309-8df0-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f", "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f", "dst_ref": "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f", "value": "176.28.9.111" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb5-80fc-4cd0-acfc-43f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://pciholog.ru/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb6-de14-4a74-9cf2-4f68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'pciholog.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb6-6590-4067-98e9-4ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f", "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f", "dst_ref": "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f", "value": "89.253.235.118" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb6-66cc-4a89-91a8-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://3overpar.com/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb6-a04c-46df-a166-4317950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = '3overpar.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb7-64e4-4314-acfc-4ef0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f", "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f", "dst_ref": "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f", "value": "98.124.251.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb7-d03c-44af-a1b3-4316950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://first-paris-properties.com/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb7-6770-46e6-9bcb-4b36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'first-paris-properties.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb7-2d3c-446d-b59a-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f", "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f", "dst_ref": "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f", "value": "151.80.157.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb7-090c-4132-a448-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://mercurysound.es/Omnnd64335']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb8-e9d8-4d64-87a0-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'mercurysound.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fb8-ab5c-4761-956c-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f", "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f", "dst_ref": "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f", "value": "149.62.173.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb8-21b4-4f97-9b23-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://heckhegrijus.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fb8-1790-4307-81a4-4e67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[domain-name:value = 'heckhegrijus.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fd7-53f0-4220-b8fe-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "pattern": "[url:value = 'http://kvonline']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04bae8-5cd8-4824-810c-4ab102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "description": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215", "pattern": "[file:hashes.SHA256 = '1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04bae8-1fb0-4d87-a54a-4b0e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "description": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215", "pattern": "[file:hashes.SHA1 = '69df47a405d55b935cc0d53ccd54c0a8f9067f36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04bae8-a9f8-4bc1-88b2-409d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:32.000Z", "modified": "2017-11-09T20:30:32.000Z", "first_observed": "2017-11-09T20:30:32Z", "last_observed": "2017-11-09T20:30:32Z", "number_observed": 1, "object_refs": [ "url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81", "value": "https://www.virustotal.com/file/1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24/analysis/1509675596/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04bae9-e030-4c7e-a163-447602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:33.000Z", "modified": "2017-11-09T20:30:33.000Z", "description": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac", "pattern": "[file:hashes.SHA256 = '411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04bae9-48e8-4cb5-8358-4b6902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:33.000Z", "modified": "2017-11-09T20:30:33.000Z", "description": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac", "pattern": "[file:hashes.SHA1 = 'b9b508e6defc4f25d48b75d076311e15b81cb8b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:30:33.000Z", "modified": "2017-11-09T20:30:33.000Z", "first_observed": "2017-11-09T20:30:33Z", "last_observed": "2017-11-09T20:30:33Z", "number_observed": 1, "object_refs": [ "url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81", "value": "https://www.virustotal.com/file/411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1/analysis/1510167318/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }