{ "type": "bundle", "id": "bundle--59b6a0c8-ed80-4d1a-8693-4551950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:45:31.000Z", "modified": "2017-09-11T14:45:31.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59b6a0c8-ed80-4d1a-8693-4551950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:45:31.000Z", "modified": "2017-09-11T14:45:31.000Z", "name": "M2M - Malspam 2017-09-11 \"Email Invoice Requested\"", "published": "2017-09-11T14:45:41Z", "object_refs": [ "indicator--59b6a0c8-4d1c-4095-8d53-4d84950d210f", "indicator--59b6a0c8-31c4-4cfe-8ac9-4e50950d210f", "indicator--59b6a0c9-4330-4e20-be0d-4251950d210f", "indicator--59b6a0c9-14f4-4295-8453-420b950d210f", "indicator--59b6a0c9-ecf8-444f-95ef-4433950d210f", "observed-data--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "indicator--59b6a0ca-e1cc-4527-a3e3-4133950d210f", "indicator--59b6a0ca-0324-4a60-b382-4d35950d210f", "observed-data--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "indicator--59b6a0ca-777c-4991-8c6c-455a950d210f", "indicator--59b6a0cb-60c8-4f86-8431-48da950d210f", "observed-data--59b6a0cb-bfa0-46c6-b073-4732950d210f", "network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f", "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f", "indicator--59b6a0cb-2614-4ff0-be35-45ba950d210f", "indicator--59b6a0cc-8c68-4fe6-8340-4630950d210f", "indicator--59b6a0cc-dfd0-4134-bad7-fc5a950d210f", "indicator--59b6a0cd-1604-41c5-b644-4856950d210f", "observed-data--59b6a0cd-de90-4961-a7bb-4f85950d210f", "network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f", "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f", "indicator--59b6a0cd-e25c-47ea-bb21-4634950d210f", "indicator--59b6a0cd-e230-470f-8245-4df3950d210f", "observed-data--59b6a0ce-5bc8-4564-83c5-4921950d210f", "network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f", "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f", "indicator--59b6a0ce-3348-4d6f-afab-4751950d210f", "indicator--59b6a0ce-b48c-4612-aa7c-4aa5950d210f", "indicator--59b6a0cf-094c-4e99-afbd-4cee950d210f", "indicator--59b6a0cf-4e14-44d9-9fbb-fc5a950d210f", "indicator--59b6a0cf-ade8-4e24-86fc-4ab6950d210f", "indicator--59b6a0cf-1798-4e79-b4d6-40d3950d210f", "indicator--59b6a0d0-0fe4-4e59-81a2-4399950d210f", "indicator--59b6a0d0-a41c-444f-ad94-4b2e950d210f", "indicator--59b6a0d0-2010-4efd-a111-4df1950d210f", "indicator--59b6a0d1-b184-4081-a883-4e01950d210f", "observed-data--59b6a0d1-6488-48cd-b879-4dd4950d210f", "network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f", "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f", "indicator--59b6a0d1-504c-4ef1-8a3b-46f6950d210f", "indicator--59b6a0d1-6e68-41eb-837d-4543950d210f", "indicator--59b6a0d2-ca20-4b80-b51d-437d950d210f", "indicator--59b6a0d2-cea0-4524-ad2f-468c950d210f", "indicator--59b6a0d2-aac8-4ac2-a78c-4c7a950d210f", "indicator--59b6a0d3-27b0-478a-9b34-4938950d210f", "indicator--59b6a0d3-1844-477e-960c-4d9e950d210f", "indicator--59b6a0d3-4768-4a4c-bc34-4661950d210f", "indicator--59b6a0d3-3e28-4bf8-b59a-478b950d210f", "indicator--59b6a0d4-c908-4c9b-8269-4996950d210f", "indicator--59b6a0d5-a2f8-49e2-9d44-4f5d950d210f", "indicator--59b6a0d5-996c-4d96-9187-4446950d210f", "indicator--59b6a0d5-179c-43ce-8b15-4925950d210f", "indicator--59b6a0d5-ea8c-4e72-a592-497b950d210f", "indicator--59b6a0d6-4a00-4421-a69a-4900950d210f", "indicator--59b6a0d6-d464-47ad-8528-4a17950d210f", "observed-data--59b6a0d7-4118-46e4-b6d8-450c950d210f", "network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f", "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f", "indicator--59b6a0d7-dcb4-40c1-8bb5-45d1950d210f", "indicator--59b6a0d7-840c-4206-9d05-4373950d210f", "indicator--59b6a0d7-ffb4-446e-a3db-4804950d210f", "indicator--59b6a0d7-a91c-4b57-b40f-43d7950d210f", "observed-data--59b6a0d8-44c0-46db-96c7-47e0950d210f", "network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f", "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f", "indicator--59b6a0d8-313c-4379-85d1-449e950d210f", "indicator--59b6a0d8-f374-4112-ae52-4db0950d210f", "observed-data--59b6a0d8-0d14-49df-9398-457c950d210f", "network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f", "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f", "indicator--59b6a0d9-c9ec-4db2-8fe4-43bc950d210f", "indicator--59b6a0d9-4a08-4ed3-8d3d-49d7950d210f", "observed-data--59b6a0d9-f21c-4f54-ba95-4801950d210f", "network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f", "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f", "indicator--59b6a0d9-5800-49b8-a329-47fc950d210f", "indicator--59b6a0d9-25f0-4b07-94fb-4f8d950d210f", "indicator--59b6a0da-ece4-46a9-bee9-4567950d210f", "indicator--59b6a0da-218c-4dd0-a37c-4467950d210f", "indicator--59b6a0da-7224-40ba-a138-4101950d210f", "indicator--59b6a0db-f858-4efa-85c3-414a950d210f", "observed-data--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "indicator--59b6a0db-bb48-4fa0-b787-405c950d210f", "indicator--59b6a0db-aa78-4a68-8c2f-44ee950d210f", "indicator--59b6a0dc-8e58-4e24-82b1-4356950d210f", "indicator--59b6a0dc-a0e0-4932-8ed0-4e51950d210f", "observed-data--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "indicator--59b6a0dc-d618-4f65-8155-4946950d210f", "indicator--59b6a0dd-8198-40fb-926e-fc5a950d210f", "indicator--59b6a0dd-789c-41e8-960d-452b950d210f", "indicator--59b6a0dd-94c0-473e-b353-4115950d210f", "indicator--59b6a0de-89a4-4ef4-aee9-4654950d210f", "indicator--59b6a0de-491c-4cef-bcd5-49c1950d210f", "indicator--59b6a0df-e08c-4675-af62-4dd9950d210f", "indicator--59b6a0df-f4b8-4afc-9af1-fc5a950d210f", "indicator--59b6a0df-b060-4fc5-bdf7-41fb950d210f", "indicator--59b6a0df-4e6c-4cf4-89e1-47eb950d210f", "indicator--59b6a0e0-bac0-40e0-896f-4310950d210f", "indicator--59b6a0e0-cf3c-4b2f-a9a0-4c76950d210f", "indicator--59b6a0e0-df78-4e27-aeff-4566950d210f", "indicator--59b6a0e0-578c-4f5c-b96b-4123950d210f", "indicator--59b6a0e1-3a3c-46f1-bbf6-47ad950d210f", "indicator--59b6a0e1-352c-49c0-b4f2-4836950d210f", "indicator--59b6a0e2-ad14-4539-8b8a-4926950d210f", "indicator--59b6a0e2-4194-4589-9e25-4309950d210f", "indicator--59b6a0e2-4314-4f08-b111-4378950d210f", "indicator--59b6a0e3-7d38-4f81-b69d-4efc950d210f", "indicator--59b6a0e3-8f50-4d86-9f27-4ee7950d210f", "indicator--59b6a0e3-38b8-48a3-aaf3-409c950d210f", "indicator--59b6a0e3-229c-4cae-9a37-49a2950d210f", "indicator--59b6a0e4-6a64-40a8-bef9-4ec4950d210f", "observed-data--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "indicator--59b6a0e4-361c-4c7b-881e-4f71950d210f", "indicator--59b6a0e4-5a2c-4651-b824-420a950d210f", "indicator--59b6a0e5-2dd0-4983-8f0d-47e0950d210f", "indicator--59b6a0e5-ec10-4f6c-958b-410b950d210f", "indicator--59b6a0e5-3da0-4036-9cfa-424c950d210f", "indicator--59b6a0e6-d2c0-44f8-9f1d-fc5a950d210f", "observed-data--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "indicator--59b6a0e6-b9c8-45b0-98c4-4077950d210f", "indicator--59b6a0e7-9dfc-43db-b96b-4961950d210f", "observed-data--59b6a0e7-444c-4a19-94f3-4004950d210f", "network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f", "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f", "indicator--59b6a0e7-f7fc-4ba2-acaa-40c2950d210f", "indicator--59b6a0e7-0a90-43bb-b195-47ed950d210f", "observed-data--59b6a0e8-2b18-43c7-beec-49f9950d210f", "network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f", "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f", "observed-data--59b6a0e8-df70-413c-bf5d-4038950d210f", "url--59b6a0e8-df70-413c-bf5d-4038950d210f", "observed-data--59b6a0e9-b694-463b-982f-fc5a950d210f", "network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f", "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f", "observed-data--59b6a0e9-faf0-47cd-8fce-408a950d210f", "url--59b6a0e9-faf0-47cd-8fce-408a950d210f", "observed-data--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "indicator--59b6a0e9-8a6c-4da4-8071-4776950d210f", "indicator--59b6a0e9-1ae0-4629-a9ac-456e950d210f", "indicator--59b6a0ea-d034-493e-9f02-43d2950d210f", "indicator--59b6a0ea-8b50-439f-b3dc-421a950d210f", "indicator--59b6a0ea-db5c-45e6-95e6-4fe9950d210f", "indicator--59b6a0ea-5360-4b1a-9c87-41be950d210f", "indicator--59b6a0eb-efe0-487a-89d8-477e950d210f", "indicator--59b6a0eb-e9e8-44ea-89dc-4e48950d210f", "indicator--59b6a0eb-0880-4327-baa2-40dc950d210f", "indicator--59b6a0eb-a70c-4a23-af70-432c950d210f", "indicator--59b6a0eb-9cec-4666-8785-4290950d210f", "indicator--59b6a0ec-03f0-493f-8daf-4ac2950d210f", "observed-data--59b6a0ec-769c-4be2-b54d-48c1950d210f", "network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f", "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f", "indicator--59b6a0ec-424c-407d-80ac-49a6950d210f", "indicator--59b6a0ec-bcb0-40d8-af8b-461a950d210f", "indicator--59b6a0ec-6cf4-451f-b949-43fa950d210f", "indicator--59b6a0ed-aa4c-4b1a-8729-4535950d210f", "indicator--59b6a0ed-67b4-48d3-9a61-4781950d210f", "indicator--59b6a0ed-3d3c-470e-accb-fc5a950d210f", "indicator--59b6a0ed-c0c0-45a4-8dec-4a6b950d210f", "indicator--59b6a0ee-f498-4980-8420-4941950d210f", "indicator--59b6a0ee-043c-4aae-be8a-4f5d950d210f", "indicator--59b6a0ee-a400-4701-a612-44a6950d210f", "indicator--59b6a0ef-0140-44c4-85bd-401f950d210f", "indicator--59b6a0ef-1634-4dc4-9471-42fa950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0c8-4d1c-4095-8d53-4d84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:16.000Z", "modified": "2017-09-11T14:42:16.000Z", "pattern": "[file:hashes.MD5 = 'd4b05d9ecb82761df4b1e997c225c216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0c8-31c4-4cfe-8ac9-4e50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:16.000Z", "modified": "2017-09-11T14:42:16.000Z", "pattern": "[file:hashes.MD5 = '6a9181b6e3cb369bdca58c1b98353fa7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0c9-4330-4e20-be0d-4251950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:17.000Z", "modified": "2017-09-11T14:42:17.000Z", "pattern": "[file:hashes.MD5 = 'fb349ce628eadfd3e56f0bc8f8db6947']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0c9-14f4-4295-8453-420b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:17.000Z", "modified": "2017-09-11T14:42:17.000Z", "pattern": "[url:value = 'http://1.babybrain.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0c9-ecf8-444f-95ef-4433950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:17.000Z", "modified": "2017-09-11T14:42:17.000Z", "pattern": "[domain-name:value = '1.babybrain.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:18.000Z", "modified": "2017-09-11T14:42:18.000Z", "first_observed": "2017-09-11T14:42:18Z", "last_observed": "2017-09-11T14:42:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "dst_ref": "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f", "value": "81.177.139.92" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ca-e1cc-4527-a3e3-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:18.000Z", "modified": "2017-09-11T14:42:18.000Z", "pattern": "[url:value = 'http://ar777.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ca-0324-4a60-b382-4d35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:18.000Z", "modified": "2017-09-11T14:42:18.000Z", "pattern": "[domain-name:value = 'ar777.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:18.000Z", "modified": "2017-09-11T14:42:18.000Z", "first_observed": "2017-09-11T14:42:18Z", "last_observed": "2017-09-11T14:42:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "dst_ref": "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f", "value": "151.248.118.201" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ca-777c-4991-8c6c-455a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:18.000Z", "modified": "2017-09-11T14:42:18.000Z", "pattern": "[url:value = 'http://atm-digital.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cb-60c8-4f86-8431-48da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:19.000Z", "modified": "2017-09-11T14:42:19.000Z", "pattern": "[domain-name:value = 'atm-digital.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0cb-bfa0-46c6-b073-4732950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:19.000Z", "modified": "2017-09-11T14:42:19.000Z", "first_observed": "2017-09-11T14:42:19Z", "last_observed": "2017-09-11T14:42:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f", "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f", "dst_ref": "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f", "value": "188.225.77.99" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cb-2614-4ff0-be35-45ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:19.000Z", "modified": "2017-09-11T14:42:19.000Z", "pattern": "[url:value = 'http://avtomir2.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cc-8c68-4fe6-8340-4630950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:20.000Z", "modified": "2017-09-11T14:42:20.000Z", "pattern": "[domain-name:value = 'avtomir2.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cc-dfd0-4134-bad7-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:20.000Z", "modified": "2017-09-11T14:42:20.000Z", "pattern": "[url:value = 'http://bestclines.1234max.com/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cd-1604-41c5-b644-4856950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:21.000Z", "modified": "2017-09-11T14:42:21.000Z", "pattern": "[domain-name:value = 'bestclines.1234max.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0cd-de90-4961-a7bb-4f85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:21.000Z", "modified": "2017-09-11T14:42:21.000Z", "first_observed": "2017-09-11T14:42:21Z", "last_observed": "2017-09-11T14:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f", "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f", "dst_ref": "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f", "value": "5.189.167.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cd-e25c-47ea-bb21-4634950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:21.000Z", "modified": "2017-09-11T14:42:21.000Z", "pattern": "[url:value = 'http://biohazard.net-live.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cd-e230-470f-8245-4df3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:21.000Z", "modified": "2017-09-11T14:42:21.000Z", "pattern": "[domain-name:value = 'biohazard.net-live.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0ce-5bc8-4564-83c5-4921950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:22.000Z", "modified": "2017-09-11T14:42:22.000Z", "first_observed": "2017-09-11T14:42:22Z", "last_observed": "2017-09-11T14:42:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f", "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f", "dst_ref": "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f", "value": "188.244.34.63" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ce-3348-4d6f-afab-4751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:22.000Z", "modified": "2017-09-11T14:42:22.000Z", "pattern": "[url:value = 'http://bip32.1234max.com/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ce-b48c-4612-aa7c-4aa5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:22.000Z", "modified": "2017-09-11T14:42:22.000Z", "pattern": "[domain-name:value = 'bip32.1234max.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cf-094c-4e99-afbd-4cee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:23.000Z", "modified": "2017-09-11T14:42:23.000Z", "pattern": "[url:value = 'http://civ.net-live.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cf-4e14-44d9-9fbb-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:23.000Z", "modified": "2017-09-11T14:42:23.000Z", "pattern": "[domain-name:value = 'civ.net-live.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cf-ade8-4e24-86fc-4ab6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:23.000Z", "modified": "2017-09-11T14:42:23.000Z", "pattern": "[url:value = 'http://cyberline-tech.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0cf-1798-4e79-b4d6-40d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:23.000Z", "modified": "2017-09-11T14:42:23.000Z", "pattern": "[domain-name:value = 'cyberline-tech.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d0-0fe4-4e59-81a2-4399950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:24.000Z", "modified": "2017-09-11T14:42:24.000Z", "pattern": "[url:value = 'http://dice.1234max.com/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d0-a41c-444f-ad94-4b2e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:24.000Z", "modified": "2017-09-11T14:42:24.000Z", "pattern": "[domain-name:value = 'dice.1234max.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d0-2010-4efd-a111-4df1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:24.000Z", "modified": "2017-09-11T14:42:24.000Z", "pattern": "[url:value = 'http://ecers.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d1-b184-4081-a883-4e01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:25.000Z", "modified": "2017-09-11T14:42:25.000Z", "pattern": "[domain-name:value = 'ecers.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0d1-6488-48cd-b879-4dd4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:25.000Z", "modified": "2017-09-11T14:42:25.000Z", "first_observed": "2017-09-11T14:42:25Z", "last_observed": "2017-09-11T14:42:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f", "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f", "dst_ref": "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f", "value": "78.110.50.125" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d1-504c-4ef1-8a3b-46f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:25.000Z", "modified": "2017-09-11T14:42:25.000Z", "pattern": "[url:value = 'http://edtrend.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d1-6e68-41eb-837d-4543950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:25.000Z", "modified": "2017-09-11T14:42:25.000Z", "pattern": "[domain-name:value = 'edtrend.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d2-ca20-4b80-b51d-437d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:26.000Z", "modified": "2017-09-11T14:42:26.000Z", "pattern": "[url:value = 'http://edu.ecers.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d2-cea0-4524-ad2f-468c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:26.000Z", "modified": "2017-09-11T14:42:26.000Z", "pattern": "[domain-name:value = 'edu.ecers.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d2-aac8-4ac2-a78c-4c7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:26.000Z", "modified": "2017-09-11T14:42:26.000Z", "pattern": "[url:value = 'http://fil.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d3-27b0-478a-9b34-4938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:27.000Z", "modified": "2017-09-11T14:42:27.000Z", "pattern": "[domain-name:value = 'fil.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d3-1844-477e-960c-4d9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:27.000Z", "modified": "2017-09-11T14:42:27.000Z", "pattern": "[url:value = 'http://holdtime.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d3-4768-4a4c-bc34-4661950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:27.000Z", "modified": "2017-09-11T14:42:27.000Z", "pattern": "[domain-name:value = 'holdtime.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d3-3e28-4bf8-b59a-478b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:27.000Z", "modified": "2017-09-11T14:42:27.000Z", "pattern": "[url:value = 'http://isp.mgpu.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d4-c908-4c9b-8269-4996950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:28.000Z", "modified": "2017-09-11T14:42:28.000Z", "pattern": "[domain-name:value = 'isp.mgpu.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d5-a2f8-49e2-9d44-4f5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:29.000Z", "modified": "2017-09-11T14:42:29.000Z", "pattern": "[url:value = 'http://k1000.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d5-996c-4d96-9187-4446950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:29.000Z", "modified": "2017-09-11T14:42:29.000Z", "pattern": "[domain-name:value = 'k1000.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d5-179c-43ce-8b15-4925950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:29.000Z", "modified": "2017-09-11T14:42:29.000Z", "pattern": "[url:value = 'http://kancmarkt.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d5-ea8c-4e72-a592-497b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:29.000Z", "modified": "2017-09-11T14:42:29.000Z", "pattern": "[domain-name:value = 'kancmarkt.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d6-4a00-4421-a69a-4900950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:30.000Z", "modified": "2017-09-11T14:42:30.000Z", "pattern": "[url:value = 'http://lum0s.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d6-d464-47ad-8528-4a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:30.000Z", "modified": "2017-09-11T14:42:30.000Z", "pattern": "[domain-name:value = 'lum0s.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0d7-4118-46e4-b6d8-450c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:30.000Z", "modified": "2017-09-11T14:42:30.000Z", "first_observed": "2017-09-11T14:42:30Z", "last_observed": "2017-09-11T14:42:30Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f", "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f", "dst_ref": "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f", "value": "81.177.141.172" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d7-dcb4-40c1-8bb5-45d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:31.000Z", "modified": "2017-09-11T14:42:31.000Z", "pattern": "[url:value = 'http://mama.holdtime.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d7-840c-4206-9d05-4373950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:31.000Z", "modified": "2017-09-11T14:42:31.000Z", "pattern": "[domain-name:value = 'mama.holdtime.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d7-ffb4-446e-a3db-4804950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:31.000Z", "modified": "2017-09-11T14:42:31.000Z", "pattern": "[url:value = 'http://martinagebhardt.hu/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d7-a91c-4b57-b40f-43d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:31.000Z", "modified": "2017-09-11T14:42:31.000Z", "pattern": "[domain-name:value = 'martinagebhardt.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0d8-44c0-46db-96c7-47e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:32.000Z", "modified": "2017-09-11T14:42:32.000Z", "first_observed": "2017-09-11T14:42:32Z", "last_observed": "2017-09-11T14:42:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f", "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f", "dst_ref": "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f", "value": "95.85.29.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d8-313c-4379-85d1-449e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:32.000Z", "modified": "2017-09-11T14:42:32.000Z", "pattern": "[url:value = 'http://molapple.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d8-f374-4112-ae52-4db0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:32.000Z", "modified": "2017-09-11T14:42:32.000Z", "pattern": "[domain-name:value = 'molapple.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0d8-0d14-49df-9398-457c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:32.000Z", "modified": "2017-09-11T14:42:32.000Z", "first_observed": "2017-09-11T14:42:32Z", "last_observed": "2017-09-11T14:42:32Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f", "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f", "dst_ref": "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f", "value": "77.108.83.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d9-c9ec-4db2-8fe4-43bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:33.000Z", "modified": "2017-09-11T14:42:33.000Z", "pattern": "[url:value = 'http://old.tsg-upravdom.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d9-4a08-4ed3-8d3d-49d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:33.000Z", "modified": "2017-09-11T14:42:33.000Z", "pattern": "[domain-name:value = 'old.tsg-upravdom.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0d9-f21c-4f54-ba95-4801950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:33.000Z", "modified": "2017-09-11T14:42:33.000Z", "first_observed": "2017-09-11T14:42:33Z", "last_observed": "2017-09-11T14:42:33Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f", "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f", "dst_ref": "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f", "value": "81.177.141.82" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d9-5800-49b8-a329-47fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:33.000Z", "modified": "2017-09-11T14:42:33.000Z", "pattern": "[url:value = 'http://portal.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0d9-25f0-4b07-94fb-4f8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:33.000Z", "modified": "2017-09-11T14:42:33.000Z", "pattern": "[domain-name:value = 'portal.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0da-ece4-46a9-bee9-4567950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:34.000Z", "modified": "2017-09-11T14:42:34.000Z", "pattern": "[url:value = 'http://proxy.tor4.biz/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0da-218c-4dd0-a37c-4467950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:34.000Z", "modified": "2017-09-11T14:42:34.000Z", "pattern": "[domain-name:value = 'proxy.tor4.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0da-7224-40ba-a138-4101950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:34.000Z", "modified": "2017-09-11T14:42:34.000Z", "pattern": "[url:value = 'http://ptr-spb.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0db-f858-4efa-85c3-414a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:35.000Z", "modified": "2017-09-11T14:42:35.000Z", "pattern": "[domain-name:value = 'ptr-spb.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:35.000Z", "modified": "2017-09-11T14:42:35.000Z", "first_observed": "2017-09-11T14:42:35Z", "last_observed": "2017-09-11T14:42:35Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "dst_ref": "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f", "value": "188.127.230.15" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0db-bb48-4fa0-b787-405c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:35.000Z", "modified": "2017-09-11T14:42:35.000Z", "pattern": "[url:value = 'http://rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0db-aa78-4a68-8c2f-44ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:35.000Z", "modified": "2017-09-11T14:42:35.000Z", "pattern": "[domain-name:value = 'rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dc-8e58-4e24-82b1-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:36.000Z", "modified": "2017-09-11T14:42:36.000Z", "pattern": "[url:value = 'http://reicon.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dc-a0e0-4932-8ed0-4e51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:36.000Z", "modified": "2017-09-11T14:42:36.000Z", "pattern": "[domain-name:value = 'reicon.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:36.000Z", "modified": "2017-09-11T14:42:36.000Z", "first_observed": "2017-09-11T14:42:36Z", "last_observed": "2017-09-11T14:42:36Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "dst_ref": "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f", "value": "109.120.162.26" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dc-d618-4f65-8155-4946950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:36.000Z", "modified": "2017-09-11T14:42:36.000Z", "pattern": "[url:value = 'http://renych.net-live.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dd-8198-40fb-926e-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:37.000Z", "modified": "2017-09-11T14:42:37.000Z", "pattern": "[domain-name:value = 'renych.net-live.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dd-789c-41e8-960d-452b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:37.000Z", "modified": "2017-09-11T14:42:37.000Z", "pattern": "[url:value = 'http://rp.holdtime.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0dd-94c0-473e-b353-4115950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:37.000Z", "modified": "2017-09-11T14:42:37.000Z", "pattern": "[domain-name:value = 'rp.holdtime.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0de-89a4-4ef4-aee9-4654950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:38.000Z", "modified": "2017-09-11T14:42:38.000Z", "pattern": "[url:value = 'http://scripts.tor4.biz/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0de-491c-4cef-bcd5-49c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:38.000Z", "modified": "2017-09-11T14:42:38.000Z", "pattern": "[domain-name:value = 'scripts.tor4.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0df-e08c-4675-af62-4dd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:39.000Z", "modified": "2017-09-11T14:42:39.000Z", "pattern": "[url:value = 'http://shtamp.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0df-f4b8-4afc-9af1-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:39.000Z", "modified": "2017-09-11T14:42:39.000Z", "pattern": "[domain-name:value = 'shtamp.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0df-b060-4fc5-bdf7-41fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:39.000Z", "modified": "2017-09-11T14:42:39.000Z", "pattern": "[url:value = 'http://sptorgsib.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0df-4e6c-4cf4-89e1-47eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:39.000Z", "modified": "2017-09-11T14:42:39.000Z", "pattern": "[domain-name:value = 'sptorgsib.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e0-bac0-40e0-896f-4310950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:40.000Z", "modified": "2017-09-11T14:42:40.000Z", "pattern": "[url:value = 'http://team.givati.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e0-cf3c-4b2f-a9a0-4c76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:40.000Z", "modified": "2017-09-11T14:42:40.000Z", "pattern": "[domain-name:value = 'team.givati.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e0-df78-4e27-aeff-4566950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:40.000Z", "modified": "2017-09-11T14:42:40.000Z", "pattern": "[url:value = 'http://test.holdtime.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e0-578c-4f5c-b96b-4123950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:40.000Z", "modified": "2017-09-11T14:42:40.000Z", "pattern": "[domain-name:value = 'test.holdtime.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e1-3a3c-46f1-bbf6-47ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:41.000Z", "modified": "2017-09-11T14:42:41.000Z", "pattern": "[url:value = 'http://thenovelgroup.com/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e1-352c-49c0-b4f2-4836950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:41.000Z", "modified": "2017-09-11T14:42:41.000Z", "pattern": "[domain-name:value = 'thenovelgroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e2-ad14-4539-8b8a-4926950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:42.000Z", "modified": "2017-09-11T14:42:42.000Z", "pattern": "[url:value = 'http://tor4.biz/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e2-4194-4589-9e25-4309950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:42.000Z", "modified": "2017-09-11T14:42:42.000Z", "pattern": "[domain-name:value = 'tor4.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e2-4314-4f08-b111-4378950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:42.000Z", "modified": "2017-09-11T14:42:42.000Z", "pattern": "[url:value = 'http://triumf.rbs62.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e3-7d38-4f81-b69d-4efc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:42.000Z", "modified": "2017-09-11T14:42:42.000Z", "pattern": "[domain-name:value = 'triumf.rbs62.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e3-8f50-4d86-9f27-4ee7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:43.000Z", "modified": "2017-09-11T14:42:43.000Z", "pattern": "[url:value = 'http://umo.holdtime.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e3-38b8-48a3-aaf3-409c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:43.000Z", "modified": "2017-09-11T14:42:43.000Z", "pattern": "[domain-name:value = 'umo.holdtime.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e3-229c-4cae-9a37-49a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:43.000Z", "modified": "2017-09-11T14:42:43.000Z", "pattern": "[url:value = 'http://urstab.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e4-6a64-40a8-bef9-4ec4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:44.000Z", "modified": "2017-09-11T14:42:44.000Z", "pattern": "[domain-name:value = 'urstab.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:44.000Z", "modified": "2017-09-11T14:42:44.000Z", "first_observed": "2017-09-11T14:42:44Z", "last_observed": "2017-09-11T14:42:44Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "dst_ref": "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f", "value": "81.177.135.41" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e4-361c-4c7b-881e-4f71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:44.000Z", "modified": "2017-09-11T14:42:44.000Z", "pattern": "[url:value = 'http://visa-sport.ru/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e4-5a2c-4651-b824-420a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:44.000Z", "modified": "2017-09-11T14:42:44.000Z", "pattern": "[domain-name:value = 'visa-sport.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e5-2dd0-4983-8f0d-47e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:45.000Z", "modified": "2017-09-11T14:42:45.000Z", "pattern": "[url:value = 'http://webmail.tor4.biz/w/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e5-ec10-4f6c-958b-410b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:45.000Z", "modified": "2017-09-11T14:42:45.000Z", "pattern": "[domain-name:value = 'webmail.tor4.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e5-3da0-4036-9cfa-424c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:45.000Z", "modified": "2017-09-11T14:42:45.000Z", "pattern": "[url:value = 'http://wittinhohemmo.net/load.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e6-d2c0-44f8-9f1d-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:46.000Z", "modified": "2017-09-11T14:42:46.000Z", "pattern": "[domain-name:value = 'wittinhohemmo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:46.000Z", "modified": "2017-09-11T14:42:46.000Z", "first_observed": "2017-09-11T14:42:46Z", "last_observed": "2017-09-11T14:42:46Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "dst_ref": "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f", "value": "47.88.55.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e6-b9c8-45b0-98c4-4077950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:46.000Z", "modified": "2017-09-11T14:42:46.000Z", "pattern": "[url:value = 'http://phuket-olivia-yoga.com/isklsvx.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e7-9dfc-43db-b96b-4961950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:47.000Z", "modified": "2017-09-11T14:42:47.000Z", "pattern": "[domain-name:value = 'phuket-olivia-yoga.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e7-444c-4a19-94f3-4004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:47.000Z", "modified": "2017-09-11T14:42:47.000Z", "first_observed": "2017-09-11T14:42:47Z", "last_observed": "2017-09-11T14:42:47Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f", "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f", "dst_ref": "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f", "value": "208.86.184.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e7-f7fc-4ba2-acaa-40c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:47.000Z", "modified": "2017-09-11T14:42:47.000Z", "pattern": "[url:value = 'http://setincon.com/brpxsfr.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e7-0a90-43bb-b195-47ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:47.000Z", "modified": "2017-09-11T14:42:47.000Z", "pattern": "[domain-name:value = 'setincon.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e8-2b18-43c7-beec-49f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:48.000Z", "modified": "2017-09-11T14:42:48.000Z", "first_observed": "2017-09-11T14:42:48Z", "last_observed": "2017-09-11T14:42:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f", "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f", "dst_ref": "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f", "value": "64.6.250.196" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e8-df70-413c-bf5d-4038950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:48.000Z", "modified": "2017-09-11T14:42:48.000Z", "first_observed": "2017-09-11T14:42:48Z", "last_observed": "2017-09-11T14:42:48Z", "number_observed": 1, "object_refs": [ "url--59b6a0e8-df70-413c-bf5d-4038950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b6a0e8-df70-413c-bf5d-4038950d210f", "value": "http://188.127.239.10/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e9-b694-463b-982f-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:49.000Z", "modified": "2017-09-11T14:42:49.000Z", "first_observed": "2017-09-11T14:42:49Z", "last_observed": "2017-09-11T14:42:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f", "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f", "dst_ref": "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f", "value": "188.127.239.10" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e9-faf0-47cd-8fce-408a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:49.000Z", "modified": "2017-09-11T14:42:49.000Z", "first_observed": "2017-09-11T14:42:49Z", "last_observed": "2017-09-11T14:42:49Z", "number_observed": 1, "object_refs": [ "url--59b6a0e9-faf0-47cd-8fce-408a950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b6a0e9-faf0-47cd-8fce-408a950d210f", "value": "http://185.67.2.156/imageload.cgi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:49.000Z", "modified": "2017-09-11T14:42:49.000Z", "first_observed": "2017-09-11T14:42:49Z", "last_observed": "2017-09-11T14:42:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "dst_ref": "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f", "value": "185.67.2.156" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e9-8a6c-4da4-8071-4776950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:49.000Z", "modified": "2017-09-11T14:42:49.000Z", "pattern": "[url:value = 'http://hcpedowpqrgw.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0e9-1ae0-4629-a9ac-456e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:49.000Z", "modified": "2017-09-11T14:42:49.000Z", "pattern": "[domain-name:value = 'hcpedowpqrgw.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ea-d034-493e-9f02-43d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:50.000Z", "modified": "2017-09-11T14:42:50.000Z", "pattern": "[url:value = 'http://vkhwgkp.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ea-8b50-439f-b3dc-421a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:50.000Z", "modified": "2017-09-11T14:42:50.000Z", "pattern": "[domain-name:value = 'vkhwgkp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ea-db5c-45e6-95e6-4fe9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:50.000Z", "modified": "2017-09-11T14:42:50.000Z", "pattern": "[url:value = 'http://evruhqgfyyw.pl/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ea-5360-4b1a-9c87-41be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:50.000Z", "modified": "2017-09-11T14:42:50.000Z", "pattern": "[domain-name:value = 'evruhqgfyyw.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0eb-efe0-487a-89d8-477e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:51.000Z", "modified": "2017-09-11T14:42:51.000Z", "pattern": "[url:value = 'http://ybtjrjdtkxeakbcre.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0eb-e9e8-44ea-89dc-4e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:51.000Z", "modified": "2017-09-11T14:42:51.000Z", "pattern": "[domain-name:value = 'ybtjrjdtkxeakbcre.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0eb-0880-4327-baa2-40dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:51.000Z", "modified": "2017-09-11T14:42:51.000Z", "pattern": "[url:value = 'http://daohevtnaju.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0eb-a70c-4a23-af70-432c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:51.000Z", "modified": "2017-09-11T14:42:51.000Z", "pattern": "[domain-name:value = 'daohevtnaju.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0eb-9cec-4666-8785-4290950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:51.000Z", "modified": "2017-09-11T14:42:51.000Z", "pattern": "[url:value = 'http://giogbxgijr.pw/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ec-03f0-493f-8daf-4ac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:52.000Z", "modified": "2017-09-11T14:42:52.000Z", "pattern": "[domain-name:value = 'giogbxgijr.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b6a0ec-769c-4be2-b54d-48c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:52.000Z", "modified": "2017-09-11T14:42:52.000Z", "first_observed": "2017-09-11T14:42:52Z", "last_observed": "2017-09-11T14:42:52Z", "number_observed": 1, "object_refs": [ "network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f", "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f", "dst_ref": "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f", "value": "141.8.226.58" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ec-424c-407d-80ac-49a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:52.000Z", "modified": "2017-09-11T14:42:52.000Z", "pattern": "[url:value = 'http://dljyopb.org/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ec-bcb0-40d8-af8b-461a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:52.000Z", "modified": "2017-09-11T14:42:52.000Z", "pattern": "[domain-name:value = 'dljyopb.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ec-6cf4-451f-b949-43fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:52.000Z", "modified": "2017-09-11T14:42:52.000Z", "pattern": "[url:value = 'http://mdojgtygelmlfxmiu.work/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ed-aa4c-4b1a-8729-4535950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:53.000Z", "modified": "2017-09-11T14:42:53.000Z", "pattern": "[domain-name:value = 'mdojgtygelmlfxmiu.work']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ed-67b4-48d3-9a61-4781950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:53.000Z", "modified": "2017-09-11T14:42:53.000Z", "pattern": "[url:value = 'http://cykyqrpomfks.ru/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ed-3d3c-470e-accb-fc5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:53.000Z", "modified": "2017-09-11T14:42:53.000Z", "pattern": "[domain-name:value = 'cykyqrpomfks.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ed-c0c0-45a4-8dec-4a6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:53.000Z", "modified": "2017-09-11T14:42:53.000Z", "pattern": "[url:value = 'http://qjxyuqlikgmkagbns.info/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ee-f498-4980-8420-4941950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:54.000Z", "modified": "2017-09-11T14:42:54.000Z", "pattern": "[domain-name:value = 'qjxyuqlikgmkagbns.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ee-043c-4aae-be8a-4f5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:54.000Z", "modified": "2017-09-11T14:42:54.000Z", "pattern": "[url:value = 'http://oxqtrmlafwhumnni.info/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ee-a400-4701-a612-44a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:54.000Z", "modified": "2017-09-11T14:42:54.000Z", "pattern": "[domain-name:value = 'oxqtrmlafwhumnni.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ef-0140-44c4-85bd-401f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:55.000Z", "modified": "2017-09-11T14:42:55.000Z", "pattern": "[url:value = 'http://nxlrplajhv.biz/imageload.cgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b6a0ef-1634-4dc4-9471-42fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-11T14:42:55.000Z", "modified": "2017-09-11T14:42:55.000Z", "pattern": "[domain-name:value = 'nxlrplajhv.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-11T14:42:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }