{ "type": "bundle", "id": "bundle--5a281dc1-16c4-4fb7-a779-4c8d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T08:00:32.000Z", "modified": "2017-12-07T08:00:32.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a281dc1-16c4-4fb7-a779-4c8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T08:00:32.000Z", "modified": "2017-12-07T08:00:32.000Z", "name": "M2M - GlobeImposter \"..doc\" 2017-12-06 : \"Scanned image\"\n - \"20171206123456.7z\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a281dc2-ede0-41e7-ab88-4816950d210f", "indicator--5a281dc2-db74-4db0-940e-4262950d210f", "indicator--5a281dc2-5d84-4295-ab88-427e950d210f", "observed-data--5a281dc2-e740-4db4-ade5-4058950d210f", "network-traffic--5a281dc2-e740-4db4-ade5-4058950d210f", "ipv4-addr--5a281dc2-e740-4db4-ade5-4058950d210f", "indicator--5a281dc3-0b1c-417b-a2f8-4ac7950d210f", "indicator--5a281dc3-7cac-4bcf-8846-a867950d210f", "observed-data--5a281dc4-6298-4054-b296-4251950d210f", "network-traffic--5a281dc4-6298-4054-b296-4251950d210f", "ipv4-addr--5a281dc4-6298-4054-b296-4251950d210f", "indicator--5a281dc4-0f68-422f-a5c4-4551950d210f", "indicator--5a281dc4-ee28-4e75-936a-a93f950d210f", "observed-data--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "network-traffic--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "ipv4-addr--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "indicator--5a281dc5-5bd8-450e-9ae9-4200950d210f", "indicator--5a281dc5-3e00-46e2-8e14-ab72950d210f", "observed-data--5a281dc5-4af0-41f0-8500-a95b950d210f", "network-traffic--5a281dc5-4af0-41f0-8500-a95b950d210f", "ipv4-addr--5a281dc5-4af0-41f0-8500-a95b950d210f", "indicator--5a281dc5-fc48-44ff-ab5a-43cb950d210f", "indicator--5a281dc6-7ab8-44d5-b874-a93f950d210f", "observed-data--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "network-traffic--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "ipv4-addr--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "indicator--5a281dc6-641c-45a5-9a04-4f70950d210f", "indicator--5a281dc6-c5cc-4144-bd1c-a8d0950d210f", "observed-data--5a281dc7-4270-455f-bfee-4262950d210f", "network-traffic--5a281dc7-4270-455f-bfee-4262950d210f", "ipv4-addr--5a281dc7-4270-455f-bfee-4262950d210f", "indicator--5a281dc7-57b8-4962-a37a-4873950d210f", "indicator--5a281dc7-bbac-47f1-9b10-a93f950d210f", "observed-data--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "network-traffic--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "ipv4-addr--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "indicator--5a281dc8-61c0-40f6-94e1-4227950d210f", "indicator--5a281dc8-2d3c-4e43-8345-ab72950d210f", "observed-data--5a281dc8-bc84-4f5f-8748-a867950d210f", "network-traffic--5a281dc8-bc84-4f5f-8748-a867950d210f", "ipv4-addr--5a281dc8-bc84-4f5f-8748-a867950d210f", "indicator--5a28f4d1-9a10-4e2c-a40b-a30602de0b81", "indicator--5a28f4d1-c604-419e-829e-a30602de0b81", "observed-data--5a28f4d1-d5d4-4283-85b0-a30602de0b81", "url--5a28f4d1-d5d4-4283-85b0-a30602de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc2-ede0-41e7-ab88-4816950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[file:hashes.MD5 = '8f59ad7e91a0a875e8389931f8086196']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc2-db74-4db0-940e-4262950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[url:value = 'http://accessyouraudience.com/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc2-5d84-4295-ab88-427e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[domain-name:value = 'accessyouraudience.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc2-e740-4db4-ade5-4058950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "first_observed": "2017-12-07T07:59:12Z", "last_observed": "2017-12-07T07:59:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc2-e740-4db4-ade5-4058950d210f", "ipv4-addr--5a281dc2-e740-4db4-ade5-4058950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc2-e740-4db4-ade5-4058950d210f", "dst_ref": "ipv4-addr--5a281dc2-e740-4db4-ade5-4058950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc2-e740-4db4-ade5-4058950d210f", "value": "98.124.251.75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc3-0b1c-417b-a2f8-4ac7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[url:value = 'http://alucmuhendislik.com/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc3-7cac-4bcf-8846-a867950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[domain-name:value = 'alucmuhendislik.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc4-6298-4054-b296-4251950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "first_observed": "2017-12-07T07:59:12Z", "last_observed": "2017-12-07T07:59:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc4-6298-4054-b296-4251950d210f", "ipv4-addr--5a281dc4-6298-4054-b296-4251950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc4-6298-4054-b296-4251950d210f", "dst_ref": "ipv4-addr--5a281dc4-6298-4054-b296-4251950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc4-6298-4054-b296-4251950d210f", "value": "185.85.205.9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc4-0f68-422f-a5c4-4551950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[url:value = 'http://bit-chasers.com/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc4-ee28-4e75-936a-a93f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[domain-name:value = 'bit-chasers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "first_observed": "2017-12-07T07:59:12Z", "last_observed": "2017-12-07T07:59:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "ipv4-addr--5a281dc4-ca6c-4254-b6d8-eca7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "dst_ref": "ipv4-addr--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc4-ca6c-4254-b6d8-eca7950d210f", "value": "98.124.251.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc5-5bd8-450e-9ae9-4200950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[url:value = 'http://pragmaticinquiry.org/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc5-3e00-46e2-8e14-ab72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[domain-name:value = 'pragmaticinquiry.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc5-4af0-41f0-8500-a95b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "first_observed": "2017-12-07T07:59:12Z", "last_observed": "2017-12-07T07:59:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc5-4af0-41f0-8500-a95b950d210f", "ipv4-addr--5a281dc5-4af0-41f0-8500-a95b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc5-4af0-41f0-8500-a95b950d210f", "dst_ref": "ipv4-addr--5a281dc5-4af0-41f0-8500-a95b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc5-4af0-41f0-8500-a95b950d210f", "value": "98.124.252.145" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc5-fc48-44ff-ab5a-43cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[url:value = 'http://team-bobcat.org/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc6-7ab8-44d5-b874-a93f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "pattern": "[domain-name:value = 'team-bobcat.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:12.000Z", "modified": "2017-12-07T07:59:12.000Z", "first_observed": "2017-12-07T07:59:12Z", "last_observed": "2017-12-07T07:59:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "ipv4-addr--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "dst_ref": "ipv4-addr--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc6-56d0-4e1f-8e0f-bbcb950d210f", "value": "212.224.65.254" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc6-641c-45a5-9a04-4f70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[url:value = 'http://troyriser.com/DBee556ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc6-c5cc-4144-bd1c-a8d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[domain-name:value = 'troyriser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc7-4270-455f-bfee-4262950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "first_observed": "2017-12-07T07:59:13Z", "last_observed": "2017-12-07T07:59:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc7-4270-455f-bfee-4262950d210f", "ipv4-addr--5a281dc7-4270-455f-bfee-4262950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc7-4270-455f-bfee-4262950d210f", "dst_ref": "ipv4-addr--5a281dc7-4270-455f-bfee-4262950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc7-4270-455f-bfee-4262950d210f", "value": "98.124.251.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc7-57b8-4962-a37a-4873950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[url:value = 'https://ugf57wl6uexcj7fu.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc7-bbac-47f1-9b10-a93f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[domain-name:value = 'ugf57wl6uexcj7fu.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "first_observed": "2017-12-07T07:59:13Z", "last_observed": "2017-12-07T07:59:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "ipv4-addr--5a281dc7-b7e8-4f2f-837e-eca7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "dst_ref": "ipv4-addr--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc7-b7e8-4f2f-837e-eca7950d210f", "value": "103.198.0.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc8-61c0-40f6-94e1-4227950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[url:value = 'http://summi.space/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a281dc8-2d3c-4e43-8345-ab72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "pattern": "[domain-name:value = 'summi.space']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a281dc8-bc84-4f5f-8748-a867950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "first_observed": "2017-12-07T07:59:13Z", "last_observed": "2017-12-07T07:59:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5a281dc8-bc84-4f5f-8748-a867950d210f", "ipv4-addr--5a281dc8-bc84-4f5f-8748-a867950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a281dc8-bc84-4f5f-8748-a867950d210f", "dst_ref": "ipv4-addr--5a281dc8-bc84-4f5f-8748-a867950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a281dc8-bc84-4f5f-8748-a867950d210f", "value": "198.23.241.227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a28f4d1-9a10-4e2c-a40b-a30602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "description": "- Xchecked via VT: 8f59ad7e91a0a875e8389931f8086196", "pattern": "[file:hashes.SHA256 = '18ef9d0649ea655ab0b8fea5e57ffb8a8493a0ac695863fb0290afe13d3bb01a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a28f4d1-c604-419e-829e-a30602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "description": "- Xchecked via VT: 8f59ad7e91a0a875e8389931f8086196", "pattern": "[file:hashes.SHA1 = 'd644611bf6edec70568993896f6e95c6f1a577dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T07:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a28f4d1-d5d4-4283-85b0-a30602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T07:59:13.000Z", "modified": "2017-12-07T07:59:13.000Z", "first_observed": "2017-12-07T07:59:13Z", "last_observed": "2017-12-07T07:59:13Z", "number_observed": 1, "object_refs": [ "url--5a28f4d1-d5d4-4283-85b0-a30602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a28f4d1-d5d4-4283-85b0-a30602de0b81", "value": "https://www.virustotal.com/file/18ef9d0649ea655ab0b8fea5e57ffb8a8493a0ac695863fb0290afe13d3bb01a/analysis/1512629846/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }