{ "type": "bundle", "id": "bundle--57c067b5-4cf0-480d-9409-496d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:04:57.000Z", "modified": "2016-08-26T16:04:57.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c067b5-4cf0-480d-9409-496d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:04:57.000Z", "modified": "2016-08-26T16:04:57.000Z", "name": "Malspam 2016-08-26 (.wsf in .zip) - campaign: \"Voice Message from Outside Caller\"", "published": "2016-08-26T16:05:08Z", "object_refs": [ "indicator--57c067d4-5c48-483d-b060-41af950d210f", "indicator--57c067d5-9070-470e-807a-4052950d210f", "indicator--57c067d5-3f50-4735-8909-4d25950d210f", "indicator--57c067d5-6fa0-4a30-81e8-4047950d210f", "indicator--57c067d5-c7f0-4bc8-9923-4c4d950d210f", "indicator--57c067d6-30d4-415c-ad4d-4a90950d210f", "indicator--57c067d6-e9dc-46a7-84a0-4ebe950d210f", "indicator--57c067d6-6468-453a-abf5-469a950d210f", "indicator--57c067d6-da34-46fa-a8e3-48ea950d210f", "indicator--57c067d6-7898-4cce-afd8-49cc950d210f", "indicator--57c067d6-f21c-442b-9088-42ad950d210f", "indicator--57c067d7-a27c-4b3f-940e-4341950d210f", "indicator--57c067d7-0d04-4985-85ce-4baf950d210f", "indicator--57c067d7-460c-4d91-9d33-491f950d210f", "indicator--57c067d7-ffc4-4720-9e3d-4350950d210f", "indicator--57c067d7-9b80-4c4d-a6ff-4ec8950d210f", "indicator--57c067d8-a478-4b62-ac34-4d7c950d210f", "indicator--57c067d8-aca0-413d-a60b-47fb950d210f", "indicator--57c067d8-d974-43eb-8305-4b16950d210f", "indicator--57c067d8-35fc-43fc-a00b-464e950d210f", "indicator--57c067d8-1094-4eae-8705-42a6950d210f", "indicator--57c067d8-8368-4780-9ab2-4d3f950d210f", "indicator--57c067d9-dc9c-4f59-898c-4862950d210f", "indicator--57c067d9-4598-4d14-9bb3-450f950d210f", "indicator--57c067d9-bc40-4970-8e2d-4840950d210f", "indicator--57c067d9-3fa8-44bb-bb4b-4b7b950d210f", "indicator--57c067d9-9fc0-45f1-8847-47eb950d210f", "indicator--57c067da-47b0-4d36-8f4a-4c54950d210f", "indicator--57c067da-e59c-42c7-b3dc-4f95950d210f", "indicator--57c067da-b8dc-4794-8510-4dfd950d210f", "indicator--57c067da-5198-4d7e-89d8-46db950d210f", "indicator--57c067da-d858-4dea-a009-47a9950d210f", "indicator--57c067db-deb0-48fb-8912-4b16950d210f", "indicator--57c067db-b0c0-4ca3-a8b4-4cfd950d210f", "indicator--57c067db-3344-4006-8bd9-4269950d210f", "indicator--57c067db-173c-4e14-b9bd-4825950d210f", "indicator--57c067db-a210-418e-8b93-413d950d210f", "indicator--57c067db-45a8-4933-b4c5-41e4950d210f", "indicator--57c067dc-d13c-46e4-8010-4e5b950d210f", "indicator--57c067dc-da40-4be9-8669-4c84950d210f", "indicator--57c067dc-0a88-4083-8b6e-4127950d210f", "indicator--57c067dc-1f58-4701-ac62-432d950d210f", "indicator--57c067dc-b39c-4c2a-84af-4912950d210f", "indicator--57c067dd-fbd4-4268-a90b-4667950d210f", "indicator--57c067dd-5c58-404d-8cf7-48f7950d210f", "indicator--57c067dd-3528-4795-8ebd-402b950d210f", "indicator--57c067dd-6e54-49d5-ab95-4245950d210f", "indicator--57c067dd-bf6c-4e20-97b9-4723950d210f", "indicator--57c067dd-4ff0-4374-b15c-41ef950d210f", "indicator--57c067de-d7e0-4123-adcd-40a2950d210f", "indicator--57c067de-38a0-480c-a356-44b4950d210f", "indicator--57c067de-2694-41e9-b093-4643950d210f", "indicator--57c067de-07c4-455a-ba01-4d5e950d210f", "indicator--57c067de-6c8c-4902-9ed5-4c40950d210f", "indicator--57c067de-2468-40a9-8534-4def950d210f", "indicator--57c067df-3eb4-4b2e-8308-4097950d210f", "indicator--57c067df-a120-40f9-9a38-4b43950d210f", "indicator--57c067df-1d4c-411a-ac48-4e76950d210f", "indicator--57c067df-276c-4ecc-95b5-4ad3950d210f", "indicator--57c067df-5120-44d1-afaa-4f2a950d210f", "indicator--57c067e0-cc7c-449b-a560-42c1950d210f", "indicator--57c067e0-bc64-4b20-9c3b-489d950d210f", "indicator--57c067e0-bb18-4f91-97b0-4d11950d210f", "indicator--57c067e0-99ec-418b-9bb2-4c18950d210f", "indicator--57c067e0-5f90-46b0-9ab4-44ec950d210f", "indicator--57c067e0-9198-4f99-9872-449b950d210f", "indicator--57c067e1-2200-45de-9050-41da950d210f", "indicator--57c067e1-6d8c-4a3c-9a18-4403950d210f", "indicator--57c067e1-7fec-40d4-9f5c-484e950d210f", "indicator--57c067e1-f1dc-4b77-b985-4239950d210f", "indicator--57c067e1-266c-4706-a91a-4c4b950d210f", "observed-data--57c068a9-fc8c-4f87-8108-4f2f950d210f", "email-message--57c068a9-fc8c-4f87-8108-4f2f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d4-5c48-483d-b060-41af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:24.000Z", "modified": "2016-08-26T16:01:24.000Z", "description": "download location", "pattern": "[url:value = 'http://www.rhanwid.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d5-9070-470e-807a-4052950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:25.000Z", "modified": "2016-08-26T16:01:25.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.rhanwid.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d5-3f50-4735-8909-4d25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:25.000Z", "modified": "2016-08-26T16:01:25.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d5-6fa0-4a30-81e8-4047950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:25.000Z", "modified": "2016-08-26T16:01:25.000Z", "description": "download location", "pattern": "[url:value = 'http://gameszonelove.hi2.ro/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d5-c7f0-4bc8-9923-4c4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:25.000Z", "modified": "2016-08-26T16:01:25.000Z", "description": "download location", "pattern": "[domain-name:value = 'gameszonelove.hi2.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-30d4-415c-ad4d-4a90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.39.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-e9dc-46a7-84a0-4ebe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[url:value = 'http://digho.web.fc2.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-6468-453a-abf5-469a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[domain-name:value = 'digho.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-da34-46fa-a8e3-48ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-7898-4cce-afd8-49cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[url:value = 'http://seishinkaikenpo.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d6-f21c-442b-9088-42ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:26.000Z", "modified": "2016-08-26T16:01:26.000Z", "description": "download location", "pattern": "[domain-name:value = 'seishinkaikenpo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d7-a27c-4b3f-940e-4341950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:27.000Z", "modified": "2016-08-26T16:01:27.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.157.30.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d7-0d04-4985-85ce-4baf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:27.000Z", "modified": "2016-08-26T16:01:27.000Z", "description": "download location", "pattern": "[url:value = 'http://m_lena.republika.pl/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d7-460c-4d91-9d33-491f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:27.000Z", "modified": "2016-08-26T16:01:27.000Z", "description": "download location", "pattern": "[file:name = 'm_lena.republika.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d7-ffc4-4720-9e3d-4350950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:27.000Z", "modified": "2016-08-26T16:01:27.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d7-9b80-4c4d-a6ff-4ec8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:27.000Z", "modified": "2016-08-26T16:01:27.000Z", "description": "download location", "pattern": "[url:value = 'http://m-richter.homepage.t-online.de/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-a478-4b62-ac34-4d7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[domain-name:value = 'm-richter.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-aca0-413d-a60b-47fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-d974-43eb-8305-4b16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[url:value = 'http://ecolgp.ru/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-35fc-43fc-a00b-464e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[domain-name:value = 'ecolgp.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-1094-4eae-8705-42a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.113.112.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d8-8368-4780-9ab2-4d3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:28.000Z", "modified": "2016-08-26T16:01:28.000Z", "description": "download location", "pattern": "[url:value = 'http://gosyuinmeguri.web.fc2.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d9-dc9c-4f59-898c-4862950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:29.000Z", "modified": "2016-08-26T16:01:29.000Z", "description": "download location", "pattern": "[domain-name:value = 'gosyuinmeguri.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d9-4598-4d14-9bb3-450f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:29.000Z", "modified": "2016-08-26T16:01:29.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d9-bc40-4970-8e2d-4840950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:29.000Z", "modified": "2016-08-26T16:01:29.000Z", "description": "download location", "pattern": "[url:value = 'http://www.ctpconegliano.it/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d9-3fa8-44bb-bb4b-4b7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:29.000Z", "modified": "2016-08-26T16:01:29.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ctpconegliano.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067d9-9fc0-45f1-8847-47eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:29.000Z", "modified": "2016-08-26T16:01:29.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067da-47b0-4d36-8f4a-4c54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:30.000Z", "modified": "2016-08-26T16:01:30.000Z", "description": "download location", "pattern": "[url:value = 'http://www.onixfocsani.home.ro/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067da-e59c-42c7-b3dc-4f95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:30.000Z", "modified": "2016-08-26T16:01:30.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.onixfocsani.home.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067da-b8dc-4794-8510-4dfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:30.000Z", "modified": "2016-08-26T16:01:30.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067da-5198-4d7e-89d8-46db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:30.000Z", "modified": "2016-08-26T16:01:30.000Z", "description": "download location", "pattern": "[url:value = 'http://www.ristorantelacoppa.it/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067da-d858-4dea-a009-47a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:30.000Z", "modified": "2016-08-26T16:01:30.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ristorantelacoppa.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-deb0-48fb-8912-4b16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[url:value = 'http://t3wmueller.homepage.t-online.de/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-b0c0-4ca3-a8b4-4cfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[domain-name:value = 't3wmueller.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-3344-4006-8bd9-4269950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[url:value = 'http://freedom0001.web.fc2.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-173c-4e14-b9bd-4825950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[domain-name:value = 'freedom0001.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-a210-418e-8b93-413d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067db-45a8-4933-b4c5-41e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:31.000Z", "modified": "2016-08-26T16:01:31.000Z", "description": "download location", "pattern": "[url:value = 'http://atsmedical.net/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dc-d13c-46e4-8010-4e5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:32.000Z", "modified": "2016-08-26T16:01:32.000Z", "description": "download location", "pattern": "[domain-name:value = 'atsmedical.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dc-da40-4be9-8669-4c84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:32.000Z", "modified": "2016-08-26T16:01:32.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.151.202.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dc-0a88-4083-8b6e-4127950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:32.000Z", "modified": "2016-08-26T16:01:32.000Z", "description": "download location", "pattern": "[url:value = 'http://leinburgermichl-de.homepage.t-online.de/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dc-1f58-4701-ac62-432d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:32.000Z", "modified": "2016-08-26T16:01:32.000Z", "description": "download location", "pattern": "[domain-name:value = 'leinburgermichl-de.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dc-b39c-4c2a-84af-4912950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:32.000Z", "modified": "2016-08-26T16:01:32.000Z", "description": "download location", "pattern": "[url:value = 'http://theramom.web.fc2.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-fbd4-4268-a90b-4667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[domain-name:value = 'theramom.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-5c58-404d-8cf7-48f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-3528-4795-8ebd-402b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[url:value = 'http://verloskundigedenbosch.nl/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-6e54-49d5-ab95-4245950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[domain-name:value = 'verloskundigedenbosch.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-bf6c-4e20-97b9-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.100.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067dd-4ff0-4374-b15c-41ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:33.000Z", "modified": "2016-08-26T16:01:33.000Z", "description": "download location", "pattern": "[url:value = 'http://mywebsink.homepage.t-online.de/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-d7e0-4123-adcd-40a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[domain-name:value = 'mywebsink.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-38a0-480c-a356-44b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[url:value = 'http://calvaryresort.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-2694-41e9-b093-4643950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[domain-name:value = 'calvaryresort.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-07c4-455a-ba01-4d5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.241.56.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-6c8c-4902-9ed5-4c40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[url:value = 'http://gibus973.web.ool.fr/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067de-2468-40a9-8534-4def950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:34.000Z", "modified": "2016-08-26T16:01:34.000Z", "description": "download location", "pattern": "[domain-name:value = 'gibus973.web.ool.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067df-3eb4-4b2e-8308-4097950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:35.000Z", "modified": "2016-08-26T16:01:35.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.175.160.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067df-a120-40f9-9a38-4b43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:35.000Z", "modified": "2016-08-26T16:01:35.000Z", "description": "download location", "pattern": "[url:value = 'http://qualite.co.jp/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067df-1d4c-411a-ac48-4e76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:35.000Z", "modified": "2016-08-26T16:01:35.000Z", "description": "download location", "pattern": "[domain-name:value = 'qualite.co.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067df-276c-4ecc-95b5-4ad3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:35.000Z", "modified": "2016-08-26T16:01:35.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.160.220.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067df-5120-44d1-afaa-4f2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:35.000Z", "modified": "2016-08-26T16:01:35.000Z", "description": "download location", "pattern": "[url:value = 'http://www.drk-lennep.de/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-cc7c-449b-a560-42c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.drk-lennep.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-bc64-4b20-9c3b-489d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.86.184.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-bb18-4f91-97b0-4d11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[url:value = 'http://fameoconnor.customer.netspace.net.au/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-99ec-418b-9bb2-4c18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[domain-name:value = 'fameoconnor.customer.netspace.net.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-5f90-46b0-9ab4-44ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.15.254.232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e0-9198-4f99-9872-449b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:36.000Z", "modified": "2016-08-26T16:01:36.000Z", "description": "download location", "pattern": "[url:value = 'http://amxbans.dax.ru/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e1-2200-45de-9050-41da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:37.000Z", "modified": "2016-08-26T16:01:37.000Z", "description": "download location", "pattern": "[domain-name:value = 'amxbans.dax.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e1-6d8c-4a3c-9a18-4403950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:37.000Z", "modified": "2016-08-26T16:01:37.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.46.196.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e1-7fec-40d4-9f5c-484e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:37.000Z", "modified": "2016-08-26T16:01:37.000Z", "description": "download location", "pattern": "[url:value = 'http://mueller-holz-bau.com/nb20gjBV']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e1-f1dc-4b77-b985-4239950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:37.000Z", "modified": "2016-08-26T16:01:37.000Z", "description": "download location", "pattern": "[domain-name:value = 'mueller-holz-bau.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c067e1-266c-4706-a91a-4c4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:01:37.000Z", "modified": "2016-08-26T16:01:37.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-26T16:01:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57c068a9-fc8c-4f87-8108-4f2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-26T16:04:57.000Z", "modified": "2016-08-26T16:04:57.000Z", "first_observed": "2016-08-26T16:04:57Z", "last_observed": "2016-08-26T16:04:57Z", "number_observed": 1, "object_refs": [ "email-message--57c068a9-fc8c-4f87-8108-4f2f950d210f" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--57c068a9-fc8c-4f87-8108-4f2f950d210f", "is_multipart": false, "subject": "Voice Message from Outside Caller" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }