{ "type": "bundle", "id": "bundle--5a044ec0-f460-4e39-921e-cda3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:06:37.000Z", "modified": "2017-11-09T20:06:37.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a044ec0-f460-4e39-921e-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:06:37.000Z", "modified": "2017-11-09T20:06:37.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-11-01 : \"Invoice\" - \"12345_Invoice.doc\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a044ec2-4aac-4839-ac9f-717b950d210f", "indicator--5a044ec2-1edc-48ad-bf31-cd35950d210f", "indicator--5a044ec2-921c-4007-9857-4ab6950d210f", "indicator--5a044ec2-a6ac-48db-9608-cdb4950d210f", "indicator--5a044ec3-d960-48d0-a2b8-429f950d210f", "observed-data--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "indicator--5a044ec4-ffe4-4b1a-8101-cdab950d210f", "indicator--5a044ec4-9820-4356-ad87-4661950d210f", "observed-data--5a044ec6-37f0-4d22-8c85-4c47950d210f", "network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f", "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f", "indicator--5a044ec6-353c-4c68-a3b2-49bc950d210f", "indicator--5a044ec6-ab84-4b85-b123-717b950d210f", "observed-data--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "indicator--5a044ec7-6948-4904-bb94-75a9950d210f", "indicator--5a044ec7-adb4-4bfe-99ef-4ce6950d210f", "observed-data--5a044ec8-a4d4-41f3-91c3-4946950d210f", "network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f", "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f", "indicator--5a044ec8-98a8-4dae-807d-991b950d210f", "indicator--5a044ec8-6e88-492b-b465-cd7d950d210f", "observed-data--5a044ec8-560c-4c98-a799-cd35950d210f", "network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f", "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f", "indicator--5a044ec9-2674-4c92-973b-2214950d210f", "indicator--5a044ec9-01e4-4eb9-981e-4eba950d210f", "observed-data--5a044eca-e554-4590-8358-4c28950d210f", "network-traffic--5a044eca-e554-4590-8358-4c28950d210f", "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f", "indicator--5a044eca-9580-4921-bcd1-cd7d950d210f", "indicator--5a044eca-20e4-4db6-8816-717b950d210f", "observed-data--5a044ecb-ce04-4144-bd4c-4d45950d210f", "network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f", "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f", "indicator--5a044ecb-6658-4a5c-8d08-4021950d210f", "indicator--5a044ecb-a790-4494-8965-cdb4950d210f", "observed-data--5a044ecb-36f0-43d5-970c-2214950d210f", "network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f", "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f", "indicator--5a044ecc-3428-481d-96b6-44f1950d210f", "indicator--5a044ecc-f998-4ea3-b12d-cdb1950d210f", "observed-data--5a044ecc-808c-437a-9c38-cc6f950d210f", "network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f", "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f", "indicator--5a044ecc-13d8-4f6e-96fa-cdab950d210f", "indicator--5a044ecd-080c-412a-a7a6-400a950d210f", "observed-data--5a044ecd-d81c-4ce0-86f7-4777950d210f", "network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f", "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f", "indicator--5a044ecd-0f68-4015-a3d0-20a6950d210f", "indicator--5a044ecd-09dc-4877-82e5-424c950d210f", "observed-data--5a044ece-540c-4253-8932-cdb1950d210f", "network-traffic--5a044ece-540c-4253-8932-cdb1950d210f", "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f", "indicator--5a044ece-2410-4c72-8770-4694950d210f", "indicator--5a044ece-e60c-4808-8a9c-4c53950d210f", "observed-data--5a044ecf-8a70-4600-8324-cdab950d210f", "network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f", "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f", "indicator--5a044ecf-6c50-4f56-937f-cd35950d210f", "indicator--5a044ecf-a4c0-403b-9923-4233950d210f", "indicator--5a044ed0-08c4-4c72-9551-cda3950d210f", "indicator--5a044ed0-b238-410e-9bb1-20a6950d210f", "observed-data--5a044ed0-a514-406f-8de0-4e77950d210f", "network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f", "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f", "indicator--5a044ed0-2498-4074-a602-45f2950d210f", "indicator--5a044ed1-7554-4dfe-99d1-991b950d210f", "observed-data--5a044ed1-b108-453b-affc-cc6f950d210f", "network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f", "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f", "observed-data--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "observed-data--5a044ed2-bb8c-44e7-b091-717b950d210f", "network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f", "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f", "observed-data--5a044ed2-a16c-46a3-9685-44ec950d210f", "network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f", "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f", "observed-data--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "observed-data--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "observed-data--5a044ed3-bbb8-4639-823e-439d950d210f", "network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f", "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f", "observed-data--5a044ed3-4130-4562-9185-44fe950d210f", "network-traffic--5a044ed3-4130-4562-9185-44fe950d210f", "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f", "observed-data--5a044ed3-1be0-4100-971b-cd7d950d210f", "network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f", "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f", "observed-data--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "observed-data--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "observed-data--5a044ed4-cff0-465e-af6b-4a56950d210f", "network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f", "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f", "observed-data--5a044ed4-bda8-45ed-9993-cdb4950d210f", "network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f", "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f", "observed-data--5a044ed5-455c-4cdc-92cb-430c950d210f", "network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f", "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f", "observed-data--5a044ed5-7200-426d-a34e-2214950d210f", "network-traffic--5a044ed5-7200-426d-a34e-2214950d210f", "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f", "observed-data--5a044ed5-dd58-4892-b825-4863950d210f", "network-traffic--5a044ed5-dd58-4892-b825-4863950d210f", "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f", "observed-data--5a044ed6-9770-4714-8de8-cd7d950d210f", "network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f", "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f", "observed-data--5a044ed6-6c1c-4438-a4e8-717b950d210f", "network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f", "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f", "observed-data--5a044ed6-7028-45a9-9513-cda3950d210f", "network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f", "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f", "observed-data--5a044ed6-9274-4758-bf80-cdb4950d210f", "network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f", "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f", "observed-data--5a044ed7-618c-450b-883d-75a9950d210f", "network-traffic--5a044ed7-618c-450b-883d-75a9950d210f", "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f", "observed-data--5a044ed7-5be4-4402-a588-991b950d210f", "network-traffic--5a044ed7-5be4-4402-a588-991b950d210f", "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f", "observed-data--5a044ed7-f23c-41a9-a967-4355950d210f", "network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f", "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f", "observed-data--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "observed-data--5a044ed8-ca3c-406f-b637-cd35950d210f", "network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f", "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f", "observed-data--5a044ed8-57e4-4970-a252-4e63950d210f", "network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f", "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f", "indicator--5a04b527-d510-4195-8195-400a02de0b81", "indicator--5a04b527-1640-46be-bdf3-418e02de0b81", "observed-data--5a04b527-86f4-4327-9085-4d9702de0b81", "url--5a04b527-86f4-4327-9085-4d9702de0b81", "indicator--5a04b527-a4a8-4cea-b11a-4ac102de0b81", "indicator--5a04b527-0c38-4de7-9bb4-466202de0b81", "observed-data--5a04b527-6ce8-4069-ba5e-45c702de0b81", "url--5a04b527-6ce8-4069-ba5e-45c702de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec2-4aac-4839-ac9f-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[file:hashes.MD5 = '1949e616ddb130c27c0e65ddb170d5a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec2-1edc-48ad-bf31-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[file:hashes.MD5 = '4cd6a1c9aaf6ef7445900d94a978dfcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec2-921c-4007-9857-4ab6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[file:hashes.MD5 = '5525cc2e9b021a6c5cda63a7c3a3e9c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec2-a6ac-48db-9608-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[url:value = 'http://cirad.or.id/mnfTRw3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec3-d960-48d0-a2b8-429f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[domain-name:value = 'cirad.or.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "first_observed": "2017-11-09T20:05:57Z", "last_observed": "2017-11-09T20:05:57Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "dst_ref": "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "value": "202.145.0.45" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec4-ffe4-4b1a-8101-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[url:value = 'http://heart-sp.com/mnfTRw3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec4-9820-4356-ad87-4661950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[domain-name:value = 'heart-sp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ec6-37f0-4d22-8c85-4c47950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "first_observed": "2017-11-09T20:05:57Z", "last_observed": "2017-11-09T20:05:57Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f", "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f", "dst_ref": "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f", "value": "111.68.20.150" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec6-353c-4c68-a3b2-49bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[url:value = 'http://hilaryandsavio.com/mnfTRw3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec6-ab84-4b85-b123-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "pattern": "[domain-name:value = 'hilaryandsavio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:57.000Z", "modified": "2017-11-09T20:05:57.000Z", "first_observed": "2017-11-09T20:05:57Z", "last_observed": "2017-11-09T20:05:57Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "dst_ref": "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "value": "72.249.127.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec7-6948-4904-bb94-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://internet-webshops.de/mnfTRw3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec7-adb4-4bfe-99ef-4ce6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'internet-webshops.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ec8-a4d4-41f3-91c3-4946950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f", "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f", "dst_ref": "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f", "value": "217.160.224.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec8-98a8-4dae-807d-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://givagarden.com/mnfTRw3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec8-6e88-492b-b465-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'givagarden.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ec8-560c-4c98-a799-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f", "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f", "dst_ref": "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f", "value": "93.186.244.43" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec9-2674-4c92-973b-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://toptrends.org/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ec9-01e4-4eb9-981e-4eba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'toptrends.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044eca-e554-4590-8358-4c28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044eca-e554-4590-8358-4c28950d210f", "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044eca-e554-4590-8358-4c28950d210f", "dst_ref": "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f", "value": "87.230.95.138" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044eca-9580-4921-bcd1-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://celebrityonline.cz/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044eca-20e4-4db6-8816-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'celebrityonline.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ecb-ce04-4144-bd4c-4d45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f", "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f", "dst_ref": "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f", "value": "78.24.8.144" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecb-6658-4a5c-8d08-4021950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://aurea-art.ru/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecb-a790-4494-8965-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'aurea-art.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ecb-36f0-43d5-970c-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f", "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f", "dst_ref": "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f", "value": "212.220.124.226" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecc-3428-481d-96b6-44f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://transmercasa.com/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecc-f998-4ea3-b12d-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'transmercasa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ecc-808c-437a-9c38-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f", "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f", "dst_ref": "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f", "value": "75.98.175.70" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecc-13d8-4f6e-96fa-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://envi-herzog.de/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecd-080c-412a-a7a6-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'envi-herzog.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ecd-d81c-4ce0-86f7-4777950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f", "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f", "dst_ref": "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f", "value": "194.116.187.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecd-0f68-4015-a3d0-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://dotecnia.cl/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecd-09dc-4877-82e5-424c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'dotecnia.cl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ece-540c-4253-8932-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ece-540c-4253-8932-cdb1950d210f", "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ece-540c-4253-8932-cdb1950d210f", "dst_ref": "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f", "value": "72.249.104.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ece-2410-4c72-8770-4694950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://claridge-holdings.com/ndgHSKFte4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ece-e60c-4808-8a9c-4c53950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'claridge-holdings.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ecf-8a70-4600-8324-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f", "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f", "dst_ref": "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f", "value": "202.160.120.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecf-6c50-4f56-937f-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://dalmobil.info/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ecf-a4c0-403b-9923-4233950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'dalmobil.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ed0-08c4-4c72-9551-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://flipcapella.com/KJ63dggs332']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ed0-b238-410e-9bb1-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'flipcapella.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed0-a514-406f-8de0-4e77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f", "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f", "dst_ref": "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f", "value": "188.40.94.83" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ed0-2498-4074-a602-45f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[url:value = 'http://hobbystube.net/djskfh824']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ed1-7554-4dfe-99d1-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "pattern": "[domain-name:value = 'hobbystube.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed1-b108-453b-affc-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f", "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f", "dst_ref": "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f", "value": "83.220.128.111" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "dst_ref": "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed2-bb8c-44e7-b091-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f", "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f", "dst_ref": "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f", "value": "156.17.92.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed2-a16c-46a3-9685-44ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f", "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f", "dst_ref": "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f", "value": "187.191.0.42" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "dst_ref": "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f", "value": "181.211.34.154" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "dst_ref": "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "value": "200.117.251.52" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed3-bbb8-4639-823e-439d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f", "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f", "dst_ref": "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f", "value": "78.24.217.88" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed3-4130-4562-9185-44fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed3-4130-4562-9185-44fe950d210f", "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed3-4130-4562-9185-44fe950d210f", "dst_ref": "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f", "value": "62.109.1.68" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed3-1be0-4100-971b-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f", "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f", "dst_ref": "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f", "value": "195.133.147.74" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "dst_ref": "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f", "value": "195.133.146.117" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "dst_ref": "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f", "value": "195.133.146.122" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed4-cff0-465e-af6b-4a56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f", "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f", "dst_ref": "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f", "value": "78.24.222.226" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed4-bda8-45ed-9993-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f", "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f", "dst_ref": "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f", "value": "95.213.252.23" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed5-455c-4cdc-92cb-430c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f", "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f", "dst_ref": "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f", "value": "95.213.251.95" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed5-7200-426d-a34e-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed5-7200-426d-a34e-2214950d210f", "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed5-7200-426d-a34e-2214950d210f", "dst_ref": "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f", "value": "194.87.93.55" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed5-dd58-4892-b825-4863950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed5-dd58-4892-b825-4863950d210f", "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed5-dd58-4892-b825-4863950d210f", "dst_ref": "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f", "value": "62.109.8.186" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed6-9770-4714-8de8-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f", "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f", "dst_ref": "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f", "value": "188.120.246.189" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed6-6c1c-4438-a4e8-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f", "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f", "dst_ref": "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f", "value": "194.87.98.249" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed6-7028-45a9-9513-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f", "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f", "dst_ref": "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f", "value": "95.213.195.174" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed6-9274-4758-bf80-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:58.000Z", "modified": "2017-11-09T20:05:58.000Z", "first_observed": "2017-11-09T20:05:58Z", "last_observed": "2017-11-09T20:05:58Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f", "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f", "dst_ref": "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f", "value": "185.143.173.244" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed7-618c-450b-883d-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed7-618c-450b-883d-75a9950d210f", "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed7-618c-450b-883d-75a9950d210f", "dst_ref": "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f", "value": "194.87.110.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed7-5be4-4402-a588-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed7-5be4-4402-a588-991b950d210f", "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed7-5be4-4402-a588-991b950d210f", "dst_ref": "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f", "value": "179.43.147.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed7-f23c-41a9-a967-4355950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f", "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f", "dst_ref": "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f", "value": "82.146.43.178" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "dst_ref": "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f", "value": "185.158.114.114" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed8-ca3c-406f-b637-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f", "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f", "dst_ref": "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f", "value": "62.109.10.93" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ed8-57e4-4970-a252-4e63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f", "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f", "dst_ref": "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f", "value": "185.34.52.236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b527-d510-4195-8195-400a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "description": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb", "pattern": "[file:hashes.SHA256 = 'f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b527-1640-46be-bdf3-418e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "description": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb", "pattern": "[file:hashes.SHA1 = 'a00eaf4174afc4086356f87cc3df1255dd707604']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04b527-86f4-4327-9085-4d9702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "url--5a04b527-86f4-4327-9085-4d9702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04b527-86f4-4327-9085-4d9702de0b81", "value": "https://www.virustotal.com/file/f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87/analysis/1509591920/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b527-a4a8-4cea-b11a-4ac102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "description": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9", "pattern": "[file:hashes.SHA256 = 'cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b527-0c38-4de7-9bb4-466202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "description": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9", "pattern": "[file:hashes.SHA1 = '0887de24845eb898c5bcaba9139ed701cde61325']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:05:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04b527-6ce8-4069-ba5e-45c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:05:59.000Z", "modified": "2017-11-09T20:05:59.000Z", "first_observed": "2017-11-09T20:05:59Z", "last_observed": "2017-11-09T20:05:59Z", "number_observed": 1, "object_refs": [ "url--5a04b527-6ce8-4069-ba5e-45c702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04b527-6ce8-4069-ba5e-45c702de0b81", "value": "https://www.virustotal.com/file/cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596/analysis/1509682395/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }