{ "type": "bundle", "id": "bundle--5a4c917d-b144-44cc-b046-4e53950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:30.000Z", "modified": "2018-01-03T20:56:30.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a4c917d-b144-44cc-b046-4e53950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:30.000Z", "modified": "2018-01-03T20:56:30.000Z", "name": "M2M - GlobeImposter \"..doc\" 2017-12-28 :\n \"CCE28122017_001234\" - \"CCE28122017_001234.7z\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a4c917d-1d28-4808-b076-4942950d210f", "indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f", "indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f", "indicator--5a4c9181-979c-421b-bad3-4f0b950d210f", "observed-data--5a4c9183-0344-450c-8580-4990950d210f", "network-traffic--5a4c9183-0344-450c-8580-4990950d210f", "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f", "indicator--5a4c9184-dee8-419a-b52c-4af8950d210f", "indicator--5a4c9185-2b28-42b3-b58a-43af950d210f", "observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "indicator--5a4c9188-7188-4391-823d-4251950d210f", "indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f", "observed-data--5a4c918b-78fc-4790-86b9-4700950d210f", "network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f", "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f", "indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f", "indicator--5a4c918d-2180-46cd-82ce-42ec950d210f", "observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f", "network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f", "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f", "indicator--5a4c9191-67ec-484e-9820-43df950d210f", "indicator--5a4c9192-b3c4-4637-af92-4eed950d210f", "observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f", "network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f", "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f", "indicator--5a4c9195-4664-45df-9632-431a950d210f", "indicator--5a4c9196-adb8-4406-9979-4540950d210f", "observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f", "network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f", "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f", "indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f", "indicator--5a4c919b-b310-4a79-9817-411e950d210f", "observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f", "network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f", "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f", "indicator--5a4c919d-f548-4b5f-bb53-432f950d210f", "indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f", "indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f", "indicator--5a4c91a3-581c-4d8b-abae-4668950d210f", "observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f", "network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f", "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f", "indicator--5a4c91a7-a240-4109-894a-4bcf950d210f", "indicator--5a4c91a9-795c-4777-92c8-4769950d210f", "observed-data--5a4c91ab-e288-43b6-a176-432b950d210f", "network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f", "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f", "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb", "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab", "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2", "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6", "relationship--17ae0c7e-fae7-4cdf-8582-e0634b9ca31b", "relationship--5059ff60-313d-4384-813d-6d2dd8ab198d" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Fake Globe Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c917d-1d28-4808-b076-4942950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T08:17:01.000Z", "modified": "2018-01-03T08:17:01.000Z", "pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T08:17:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T08:17:02.000Z", "modified": "2018-01-03T08:17:02.000Z", "pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T08:17:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://berkahbajamakmur.com/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9181-979c-421b-bad3-4f0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'berkahbajamakmur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9183-0344-450c-8580-4990950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9183-0344-450c-8580-4990950d210f", "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9183-0344-450c-8580-4990950d210f", "dst_ref": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f", "value": "202.71.103.249" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9184-dee8-419a-b52c-4af8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://slimthrive.net/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9185-2b28-42b3-b58a-43af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'slimthrive.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "dst_ref": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f", "value": "199.188.200.142" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9188-7188-4391-823d-4251950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://smartnewjerseyhomebuyers.com/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'smartnewjerseyhomebuyers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c918b-78fc-4790-86b9-4700950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f", "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f", "dst_ref": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f", "value": "199.188.200.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://standardfederalproperties.com/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c918d-2180-46cd-82ce-42ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'standardfederalproperties.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f", "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f", "dst_ref": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f", "value": "162.144.81.164" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9191-67ec-484e-9820-43df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://swarm-solutions.com/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9192-b3c4-4637-af92-4eed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'swarm-solutions.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f", "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f", "dst_ref": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f", "value": "50.62.228.1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9195-4664-45df-9632-431a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://weserve.world/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9196-adb8-4406-9979-4540950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'weserve.world']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f", "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f", "dst_ref": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f", "value": "199.188.200.150" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://yourappyourway.com/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c919b-b310-4a79-9817-411e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'yourappyourway.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f", "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f", "dst_ref": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f", "value": "199.188.200.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c919d-f548-4b5f-bb53-432f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://zeeshanasghar.website/06YefeR']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'zeeshanasghar.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c91a3-581c-4d8b-abae-4668950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f", "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f", "dst_ref": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f", "value": "103.198.0.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c91a7-a240-4109-894a-4bcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c91a9-795c-4777-92c8-4769950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "pattern": "[domain-name:value = 'psoeiras.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c91ab-e288-43b6-a176-432b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:18.000Z", "modified": "2018-01-03T20:56:18.000Z", "first_observed": "2018-01-03T20:56:18Z", "last_observed": "2018-01-03T20:56:18Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f", "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f", "dst_ref": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f", "value": "74.220.219.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:21.000Z", "modified": "2018-01-03T20:56:21.000Z", "pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56' AND file:hashes.SHA1 = '6d30c34e4ee30cc257604ac00b73bd03abdf6f38' AND file:hashes.SHA256 = 'f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:19.000Z", "modified": "2018-01-03T20:56:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232/analysis/1514527094/", "category": "External analysis", "uuid": "5a4d4373-3224-4970-af3e-410002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/67", "category": "Other", "uuid": "5a4d4373-7f90-4568-8224-4dbb02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-29 05:58:14", "category": "Other", "uuid": "5a4d4373-5ab0-45ca-8387-4dab02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:22.000Z", "modified": "2018-01-03T20:56:22.000Z", "pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff' AND file:hashes.SHA1 = 'ad7627b1971bc7ac7ce81c77921adf6261bad79e' AND file:hashes.SHA256 = '34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T20:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T20:56:19.000Z", "modified": "2018-01-03T20:56:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba/analysis/1514457956/", "category": "External analysis", "uuid": "5a4d4373-178c-451f-b7b7-4ed802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/68", "category": "Other", "uuid": "5a4d4373-e534-4623-a086-45a302de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-28 10:45:56", "category": "Other", "uuid": "5a4d4373-1430-49a8-9449-441a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17ae0c7e-fae7-4cdf-8582-e0634b9ca31b", "created": "2018-01-03T20:56:19.000Z", "modified": "2018-01-03T20:56:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb", "target_ref": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5059ff60-313d-4384-813d-6d2dd8ab198d", "created": "2018-01-03T20:56:20.000Z", "modified": "2018-01-03T20:56:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2", "target_ref": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }