{ "type": "bundle", "id": "bundle--5b4f5308-42c0-434a-a8c5-48ae950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-20T14:02:51.000Z", "modified": "2018-07-20T14:02:51.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b4f5308-42c0-434a-a8c5-48ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-20T14:02:51.000Z", "modified": "2018-07-20T14:02:51.000Z", "name": "OVH Phishing", "published": "2018-07-20T14:03:10Z", "object_refs": [ "indicator--d64b0aa2-2712-440f-ae2d-405b02afe37f", "indicator--8a483d15-8731-46eb-802a-4dad004e29ad", "observed-data--f5cfa131-4703-426c-a7b5-cbe616e76ea7", "email-message--f5cfa131-4703-426c-a7b5-cbe616e76ea7", "email-addr--76432d08-a77d-4cdb-9fbb-3c2d12e7b6b9", "email-addr--334cb4ea-384c-43f2-ab65-de6c244bbe55", "relationship--42282eb8-bfe8-4011-b988-6c1a7072a502", "relationship--997ac925-7b17-46d8-94fb-21ca6db871d7" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d64b0aa2-2712-440f-ae2d-405b02afe37f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-20T14:02:48.000Z", "modified": "2018-07-20T14:02:48.000Z", "pattern": "[url:value = 'https://xyu7564.phpnet.org/?page0=rafi0t.fr#https://www.ovh.com/fr/cgi-bin/order/renew.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-20T14:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a483d15-8731-46eb-802a-4dad004e29ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-18T14:47:40.000Z", "modified": "2018-07-18T14:47:40.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.144.11.40') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'xyu7564.phpnet.org')]", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-18T14:47:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f5cfa131-4703-426c-a7b5-cbe616e76ea7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-18T14:47:44.000Z", "modified": "2018-07-18T14:47:44.000Z", "first_observed": "2018-07-18T14:47:44Z", "last_observed": "2018-07-18T14:47:44Z", "number_observed": 1, "object_refs": [ "email-message--f5cfa131-4703-426c-a7b5-cbe616e76ea7", "email-addr--76432d08-a77d-4cdb-9fbb-3c2d12e7b6b9", "email-addr--334cb4ea-384c-43f2-ab65-de6c244bbe55" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--f5cfa131-4703-426c-a7b5-cbe616e76ea7", "is_multipart": false, "from_ref": "email-addr--76432d08-a77d-4cdb-9fbb-3c2d12e7b6b9", "to_refs": [ "email-addr--334cb4ea-384c-43f2-ab65-de6c244bbe55" ], "message_id": "<15319105661d91a508966dcc5f602c73b4f97fa392_540455@ovh.com>", "subject": "[OVH-WEB] Suspension du nom de domaine rafi0t.fr", "additional_header_fields": { "Reply-To": "support@ovh.com" }, "x_misp_email_body": "\n
\n\n\n\n