{ "type": "bundle", "id": "bundle--5b06a89d-64d4-4643-a41e-c25d0acd0835", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2021-09-07T20:08:26.000Z", "modified": "2021-09-07T20:08:26.000Z", "name": "Synovus Financial", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b06a89d-64d4-4643-a41e-c25d0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2021-09-07T20:08:26.000Z", "modified": "2021-09-07T20:08:26.000Z", "name": "Emotet - 5/17/2018", "published": "2020-06-29T12:48:29Z", "object_refs": [ "observed-data--a3ee94ef-45dd-4021-9849-6e184f711f65", "url--a3ee94ef-45dd-4021-9849-6e184f711f65", "indicator--51cd1cd4-d58a-4286-b82f-c3d13dbabd18", "indicator--6a6cf69a-cb94-4830-ac00-cb11c14eb9ae", "indicator--eda81c14-c468-47d2-8c39-f13a128cf56e", "indicator--f742f7a5-2694-4792-b32e-467b9470cb10", "indicator--997ce30f-b837-4c81-8a33-df3a07f618b5", "indicator--b6167eec-15a9-454a-93ee-727eca6ce939", "indicator--d7cde6b5-84e6-42b1-9cf3-e90bf9872808", "indicator--8a0152ea-c5bf-4ee5-ad92-8a9bc0458a88", "indicator--04c0f1b6-e6ce-468c-b9db-bc6b3ed95d00", "indicator--1ff3037b-72d9-4b2f-91b8-41d293f97c9a", "indicator--b508a0b5-4343-4c8d-b19b-4c602e571aae", "indicator--c421a999-6f8d-4c1e-9f52-9eaacab64705", "indicator--6a8909b9-4fb4-4cc4-b7ef-77db1c439db0", "indicator--cabab3f8-7af3-4deb-a43f-56dab6fbdd7d", "indicator--966d319d-fa42-4402-af74-ef24b772cff4", "indicator--83acd0a0-d86f-42ca-9783-3a94da9623b4", "indicator--b89709fc-08e8-498e-8eec-9476f5aedd05", "indicator--c9b49e56-1c70-41d0-a4d8-68096d77578b", "indicator--dc4a577f-bab7-47a4-bbdc-dd3a4198ec61", "indicator--fb4fada3-d010-4cd6-b0cf-fd0057611274", "indicator--0889008a-886f-44f4-bac8-ac03a687ab50", "indicator--7a60ebc3-2d5e-4648-8336-30f08eac9963", "indicator--a5ea34a5-bd49-4127-bd0c-ffab558aaa61", "indicator--91eb3247-baee-4c7f-8972-c6ef46f68efc" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Emotet\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--a3ee94ef-45dd-4021-9849-6e184f711f65", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-23T14:53:29.000Z", "modified": "2018-08-23T14:53:29.000Z", "first_observed": "2018-08-23T14:53:29Z", "last_observed": "2018-08-23T14:53:29Z", "number_observed": 1, "object_refs": [ "url--a3ee94ef-45dd-4021-9849-6e184f711f65" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--a3ee94ef-45dd-4021-9849-6e184f711f65", "value": "https://protonmail.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--51cd1cd4-d58a-4286-b82f-c3d13dbabd18", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:57:35.000Z", "modified": "2018-05-24T11:57:35.000Z", "pattern": "[url:value = 'http://die-tauchbar.de/0sqozcr7t/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a6cf69a-cb94-4830-ac00-cb11c14eb9ae", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:57:41.000Z", "modified": "2018-05-24T11:57:41.000Z", "pattern": "[url:value = 'http://angelabphotography.com/odTXjg2LUj/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:57:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eda81c14-c468-47d2-8c39-f13a128cf56e", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:57:48.000Z", "modified": "2018-05-24T11:57:48.000Z", "pattern": "[url:value = 'http://davehale.co.uk/PEi9fva6/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:57:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f742f7a5-2694-4792-b32e-467b9470cb10", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:57:54.000Z", "modified": "2018-05-24T11:57:54.000Z", "pattern": "[url:value = 'https://computerspendehamburg.de/AZ0d3f2/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:57:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--997ce30f-b837-4c81-8a33-df3a07f618b5", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:00.000Z", "modified": "2018-05-24T11:58:00.000Z", "pattern": "[url:value = 'http://cedric-2000.de/2ZKr9GWOTYfA/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6167eec-15a9-454a-93ee-727eca6ce939", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:06.000Z", "modified": "2018-05-24T11:58:06.000Z", "pattern": "[url:value = 'http://amicidisantorfeto.com/xqib2HviBaMVX/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7cde6b5-84e6-42b1-9cf3-e90bf9872808", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:12.000Z", "modified": "2018-05-24T11:58:12.000Z", "pattern": "[url:value = 'http://jackhonky.com/jHCmUpcpWY/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a0152ea-c5bf-4ee5-ad92-8a9bc0458a88", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:18.000Z", "modified": "2018-05-24T11:58:18.000Z", "pattern": "[url:value = 'http://lewistonsports.com/Tc9KflZQff/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04c0f1b6-e6ce-468c-b9db-bc6b3ed95d00", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:24.000Z", "modified": "2018-05-24T11:58:24.000Z", "pattern": "[url:value = 'http://brownaudio.com/HIKvfaK4i00N/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ff3037b-72d9-4b2f-91b8-41d293f97c9a", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:30.000Z", "modified": "2018-05-24T11:58:30.000Z", "pattern": "[url:value = 'http://iceraven.com/wiqK7wrood/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b508a0b5-4343-4c8d-b19b-4c602e571aae", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:36.000Z", "modified": "2018-05-24T11:58:36.000Z", "pattern": "[url:value = 'http://eliaswessel.com/xwlNVbDXquiHb/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c421a999-6f8d-4c1e-9f52-9eaacab64705", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:42.000Z", "modified": "2018-05-24T11:58:42.000Z", "pattern": "[url:value = 'http://eiskugel.org/0x62gdvG/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a8909b9-4fb4-4cc4-b7ef-77db1c439db0", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:48.000Z", "modified": "2018-05-24T11:58:48.000Z", "pattern": "[url:value = 'http://fam-koenig.de/WI08F7EB5xfSb/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cabab3f8-7af3-4deb-a43f-56dab6fbdd7d", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:58:54.000Z", "modified": "2018-05-24T11:58:54.000Z", "pattern": "[url:value = 'http://bernardesdias.com.br/Tp3pGZcNeFgf/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:58:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--966d319d-fa42-4402-af74-ef24b772cff4", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:00.000Z", "modified": "2018-05-24T11:59:00.000Z", "pattern": "[url:value = 'http://prokeyboardist.com/0qLVjK7JgMX/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83acd0a0-d86f-42ca-9783-3a94da9623b4", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:07.000Z", "modified": "2018-05-24T11:59:07.000Z", "pattern": "[url:value = 'http://jorgensenco.dk/DY4MWPI/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b89709fc-08e8-498e-8eec-9476f5aedd05", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:13.000Z", "modified": "2018-05-24T11:59:13.000Z", "pattern": "[url:value = 'http://fischereiverein-dotternhausen.de/o6q0hhj9s/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9b49e56-1c70-41d0-a4d8-68096d77578b", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:19.000Z", "modified": "2018-05-24T11:59:19.000Z", "pattern": "[url:value = 'http://imagemarketingwest.com/Rv72B/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc4a577f-bab7-47a4-bbdc-dd3a4198ec61", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:25.000Z", "modified": "2018-05-24T11:59:25.000Z", "pattern": "[url:value = 'https://jaseminedenise.com/ycxPnqQ/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb4fada3-d010-4cd6-b0cf-fd0057611274", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:31.000Z", "modified": "2018-05-24T11:59:31.000Z", "pattern": "[url:value = 'http://leavemeinstitches.com/ZLYU/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0889008a-886f-44f4-bac8-ac03a687ab50", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:37.000Z", "modified": "2018-05-24T11:59:37.000Z", "pattern": "[url:value = 'http://jsaphotoarts.com/0s4G/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a60ebc3-2d5e-4648-8336-30f08eac9963", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T11:59:44.000Z", "modified": "2018-05-24T11:59:44.000Z", "pattern": "[url:value = 'http://downinthecountry.com/pW3xNW/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T11:59:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5ea34a5-bd49-4127-bd0c-ffab558aaa61", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T12:02:06.000Z", "modified": "2018-05-24T12:02:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.21.67.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T12:02:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91eb3247-baee-4c7f-8972-c6ef46f68efc", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-24T12:02:09.000Z", "modified": "2018-05-24T12:02:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.120.170.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-24T12:02:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }