{ "type": "bundle", "id": "bundle--578cde89-5064-4b29-96c5-45e6950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:50.000Z", "modified": "2016-07-18T14:40:50.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--578cde89-5064-4b29-96c5-45e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:50.000Z", "modified": "2016-07-18T14:40:50.000Z", "name": "Malspam 2016-07-18 .wsf (campaign: \"company database\")", "published": "2016-07-18T14:41:21Z", "object_refs": [ "indicator--578cdeba-c690-488e-8d7a-403a950d210f", "indicator--578cdeba-e67c-4f0e-979f-4bdf950d210f", "indicator--578cdebb-7cb4-4c25-832c-455b950d210f", "indicator--578cdebb-1b0c-47ad-8402-445a950d210f", "indicator--578cdebc-c080-450a-b067-42d1950d210f", "indicator--578cdebc-be94-45f7-9829-458f950d210f", "indicator--578cdebd-f758-4456-b174-4f83950d210f", "indicator--578cdebd-f728-4077-8e0c-4c8b950d210f", "indicator--578cdebd-8c1c-4444-9fdf-4f0a950d210f", "indicator--578cdebe-2cd0-4571-9790-4582950d210f", "indicator--578cdebe-dbac-4bc9-89d7-4265950d210f", "indicator--578cdebf-9e70-4722-ba28-418c950d210f", "indicator--578cdebf-af24-4352-903a-4d78950d210f", "indicator--578cdec0-981c-4420-a095-4e9a950d210f", "indicator--578cdec0-759c-4d79-a1a4-4c7a950d210f", "indicator--578cdec1-5ab8-4340-ae15-436d950d210f", "indicator--578cdec1-d9cc-42ae-b475-491a950d210f", "indicator--578cdec1-7424-4940-bb77-49ba950d210f", "indicator--578cdec2-8278-4c22-ba25-44f2950d210f", "indicator--578cdec2-1a74-4568-990d-497e950d210f", "indicator--578cdec3-a928-4899-9293-4012950d210f", "indicator--578cdec3-e520-4a3a-be4e-4676950d210f", "indicator--578cdec4-fa18-4e1c-95ff-4073950d210f", "indicator--578cdec4-e6f0-47c5-9251-4d63950d210f", "x-misp-attribute--578cdf8d-5574-4992-a875-4231950d210f", "observed-data--578cdfa3-a058-4435-9e68-4629950d210f", "email-message--578cdfa3-a058-4435-9e68-4629950d210f", "indicator--578ce472-b0a4-44e4-b143-41b8950d210f", "indicator--578ce473-eef8-4595-a83e-42b7950d210f", "indicator--578ce473-da54-408e-9292-4d5e950d210f", "indicator--578ce474-6560-4f09-8a42-4efc950d210f", "indicator--578ce474-f32c-4f2c-b3ae-42d4950d210f", "indicator--578ce475-03c0-4256-a403-4e8e950d210f", "indicator--578ce475-0c20-4fac-bd46-4010950d210f", "indicator--578ce476-f1d8-4e41-b306-45ef950d210f", "indicator--578ce476-91c8-4a99-9d71-4723950d210f", "indicator--578ce477-8f64-41c0-88e3-4196950d210f", "indicator--578ce477-893c-4460-8176-47f6950d210f", "indicator--578ce478-bf7c-4e76-83b0-475e950d210f", "indicator--578ce478-55f8-4d9d-af31-4982950d210f", "indicator--578ce479-02cc-4d2c-aeb9-40b0950d210f", "indicator--578ce479-ea2c-4056-93b8-4f87950d210f", "indicator--578cea6d-4700-4ecf-ab61-49e6950d210f", "indicator--578cea6f-b6e8-4640-ae92-43d8950d210f", "indicator--578cea6f-db94-4c9a-9258-43c3950d210f", "indicator--578cea70-e7ec-40e4-bc7b-401a950d210f", "indicator--578cea70-0c38-4eeb-b007-4b78950d210f", "indicator--578cea70-963c-4c2f-85da-463e950d210f", "indicator--578cea71-b670-421f-b78e-4d51950d210f", "indicator--578cea71-f2d8-41c5-8fe2-42c4950d210f", "indicator--578cea72-df10-43ba-9101-4ce5950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdeba-c690-488e-8d7a-403a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:50.000Z", "modified": "2016-07-18T13:50:50.000Z", "description": "download location", "pattern": "[url:value = 'http://gv.com.my/qbnuau']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdeba-e67c-4f0e-979f-4bdf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:50.000Z", "modified": "2016-07-18T13:50:50.000Z", "description": "download location", "pattern": "[domain-name:value = 'gv.com.my']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebb-7cb4-4c25-832c-455b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:51.000Z", "modified": "2016-07-18T13:50:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.48.153.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebb-1b0c-47ad-8402-445a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:51.000Z", "modified": "2016-07-18T13:50:51.000Z", "description": "download location", "pattern": "[url:value = 'http://dnp9.com/zpfqk2l']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebc-c080-450a-b067-42d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:52.000Z", "modified": "2016-07-18T13:50:52.000Z", "description": "download location", "pattern": "[domain-name:value = 'dnp9.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebc-be94-45f7-9829-458f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:52.000Z", "modified": "2016-07-18T13:50:52.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.164.189.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebd-f758-4456-b174-4f83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:53.000Z", "modified": "2016-07-18T13:50:53.000Z", "description": "download location", "pattern": "[url:value = 'http://cloudbws.com/m0tu07b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebd-f728-4077-8e0c-4c8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:53.000Z", "modified": "2016-07-18T13:50:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'cloudbws.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebd-8c1c-4444-9fdf-4f0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:53.000Z", "modified": "2016-07-18T13:50:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.201.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebe-2cd0-4571-9790-4582950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:54.000Z", "modified": "2016-07-18T13:50:54.000Z", "description": "download location", "pattern": "[url:value = 'http://blackdildo.net/h9kyu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebe-dbac-4bc9-89d7-4265950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:54.000Z", "modified": "2016-07-18T13:50:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'blackdildo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebf-9e70-4722-ba28-418c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:55.000Z", "modified": "2016-07-18T13:50:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.31.160.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdebf-af24-4352-903a-4d78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:55.000Z", "modified": "2016-07-18T13:50:55.000Z", "description": "download location", "pattern": "[url:value = 'http://vakantiehuisinauvergne.com/apyd17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec0-981c-4420-a095-4e9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:56.000Z", "modified": "2016-07-18T13:50:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'vakantiehuisinauvergne.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec0-759c-4d79-a1a4-4c7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:56.000Z", "modified": "2016-07-18T13:50:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.27.173.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec1-5ab8-4340-ae15-436d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:57.000Z", "modified": "2016-07-18T13:50:57.000Z", "description": "download location", "pattern": "[url:value = 'http://wcouto.com.br/9d207v']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec1-d9cc-42ae-b475-491a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:57.000Z", "modified": "2016-07-18T13:50:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'wcouto.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec1-7424-4940-bb77-49ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:57.000Z", "modified": "2016-07-18T13:50:57.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec2-8278-4c22-ba25-44f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:58.000Z", "modified": "2016-07-18T13:50:58.000Z", "description": "download location", "pattern": "[url:value = 'http://anchortron.com/hiqsij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec2-1a74-4568-990d-497e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:58.000Z", "modified": "2016-07-18T13:50:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'anchortron.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec3-a928-4899-9293-4012950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:59.000Z", "modified": "2016-07-18T13:50:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.209.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec3-e520-4a3a-be4e-4676950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:50:59.000Z", "modified": "2016-07-18T13:50:59.000Z", "description": "download location", "pattern": "[url:value = 'http://travoxsb.com/qmi5u0n']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec4-fa18-4e1c-95ff-4073950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:51:00.000Z", "modified": "2016-07-18T13:51:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'travoxsb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:51:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cdec4-e6f0-47c5-9251-4d63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:51:00.000Z", "modified": "2016-07-18T13:51:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.4.45.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T13:51:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--578cdf8d-5574-4992-a875-4231950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:54:21.000Z", "modified": "2016-07-18T13:54:21.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Payload delivery\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "user-agent", "x_misp_value": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--578cdfa3-a058-4435-9e68-4629950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T13:54:43.000Z", "modified": "2016-07-18T13:54:43.000Z", "first_observed": "2016-07-18T13:54:43Z", "last_observed": "2016-07-18T13:54:43Z", "number_observed": 1, "object_refs": [ "email-message--578cdfa3-a058-4435-9e68-4629950d210f" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--578cdfa3-a058-4435-9e68-4629950d210f", "is_multipart": false, "subject": "company database" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce472-b0a4-44e4-b143-41b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:14.000Z", "modified": "2016-07-18T14:15:14.000Z", "description": "download location", "pattern": "[url:value = 'http://deanstum.com/z9opr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce473-eef8-4595-a83e-42b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:15.000Z", "modified": "2016-07-18T14:15:15.000Z", "description": "download location", "pattern": "[domain-name:value = 'deanstum.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce473-da54-408e-9292-4d5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:15.000Z", "modified": "2016-07-18T14:15:15.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.229.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce474-6560-4f09-8a42-4efc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:16.000Z", "modified": "2016-07-18T14:15:16.000Z", "description": "download location", "pattern": "[url:value = 'http://gruposoluciomatica.com.br/ryi81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce474-f32c-4f2c-b3ae-42d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:16.000Z", "modified": "2016-07-18T14:15:16.000Z", "description": "download location", "pattern": "[domain-name:value = 'gruposoluciomatica.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce475-03c0-4256-a403-4e8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:17.000Z", "modified": "2016-07-18T14:15:17.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.17.98.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce475-0c20-4fac-bd46-4010950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:17.000Z", "modified": "2016-07-18T14:15:17.000Z", "description": "download location", "pattern": "[url:value = 'http://serviceautoiasi.com/4tbvsfcz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce476-f1d8-4e41-b306-45ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:18.000Z", "modified": "2016-07-18T14:15:18.000Z", "description": "download location", "pattern": "[domain-name:value = 'serviceautoiasi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce476-91c8-4a99-9d71-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:18.000Z", "modified": "2016-07-18T14:15:18.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.9.56.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce477-8f64-41c0-88e3-4196950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:19.000Z", "modified": "2016-07-18T14:15:19.000Z", "description": "download location", "pattern": "[url:value = 'http://trans-free.ru/2hx1l']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce477-893c-4460-8176-47f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:19.000Z", "modified": "2016-07-18T14:15:19.000Z", "description": "download location", "pattern": "[domain-name:value = 'trans-free.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce478-bf7c-4e76-83b0-475e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:20.000Z", "modified": "2016-07-18T14:15:20.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.222.62.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce478-55f8-4d9d-af31-4982950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:20.000Z", "modified": "2016-07-18T14:15:20.000Z", "description": "download location", "pattern": "[url:value = 'http://s2mgmt.com/do40lc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce479-02cc-4d2c-aeb9-40b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:21.000Z", "modified": "2016-07-18T14:15:21.000Z", "description": "download location", "pattern": "[domain-name:value = 's2mgmt.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578ce479-ea2c-4056-93b8-4f87950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:15:21.000Z", "modified": "2016-07-18T14:15:21.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.33.23.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea6d-4700-4ecf-ab61-49e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:45.000Z", "modified": "2016-07-18T14:40:45.000Z", "description": "download location", "pattern": "[url:value = 'http://benavidezhoy.com/8zrg48k']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea6f-b6e8-4640-ae92-43d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:47.000Z", "modified": "2016-07-18T14:40:47.000Z", "description": "download location", "pattern": "[domain-name:value = 'benavidezhoy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea6f-db94-4c9a-9258-43c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:47.000Z", "modified": "2016-07-18T14:40:47.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.16.243.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea70-e7ec-40e4-bc7b-401a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:48.000Z", "modified": "2016-07-18T14:40:48.000Z", "description": "download location", "pattern": "[url:value = 'http://aquatixbottle.com/ygyngc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea70-0c38-4eeb-b007-4b78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:48.000Z", "modified": "2016-07-18T14:40:48.000Z", "description": "download location", "pattern": "[domain-name:value = 'aquatixbottle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea70-963c-4c2f-85da-463e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:48.000Z", "modified": "2016-07-18T14:40:48.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.212.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea71-b670-421f-b78e-4d51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:49.000Z", "modified": "2016-07-18T14:40:49.000Z", "description": "download location", "pattern": "[url:value = 'http://davisdoherty.co.nz/g0vi70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea71-f2d8-41c5-8fe2-42c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:49.000Z", "modified": "2016-07-18T14:40:49.000Z", "description": "download location", "pattern": "[domain-name:value = 'davisdoherty.co.nz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cea72-df10-43ba-9101-4ce5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T14:40:50.000Z", "modified": "2016-07-18T14:40:50.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.234.42.102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T14:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }