{ "type": "bundle", "id": "bundle--59f87123-2624-486b-92c9-4f14950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T15:33:57.000Z", "modified": "2017-11-09T15:33:57.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59f87123-2624-486b-92c9-4f14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T15:33:57.000Z", "modified": "2017-11-09T15:33:57.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-31 : \"Invoice INV0000123\" - \"INV0000123.doc\"", "published": "2017-11-09T15:34:41Z", "object_refs": [ "indicator--59f87124-b2cc-44c7-bbb2-4092950d210f", "indicator--59f87124-f2d0-4ffb-b750-411d950d210f", "indicator--59f87124-e0c0-4263-8f2b-4200950d210f", "indicator--59f87125-021c-4494-b94e-4f3e950d210f", "indicator--59f87125-b548-4ff1-88e2-47ac950d210f", "observed-data--59f87125-3ff8-4a35-b794-4bc3950d210f", "network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f", "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f", "indicator--59f87125-d35c-467c-83b0-4039950d210f", "indicator--59f87125-79b8-4447-9337-4caa950d210f", "observed-data--59f87126-d768-4de0-b5d2-4c15950d210f", "network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f", "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f", "indicator--59f87126-821c-4f45-b217-4499950d210f", "indicator--59f87126-4e68-482c-938a-4654950d210f", "observed-data--59f87126-b338-43b5-8597-4bbd950d210f", "network-traffic--59f87126-b338-43b5-8597-4bbd950d210f", "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f", "indicator--59f87127-b2c8-444e-803e-47f6950d210f", "indicator--59f87127-eb3c-483a-9321-47cd950d210f", "observed-data--59f87127-856c-4091-bfe4-431e950d210f", "network-traffic--59f87127-856c-4091-bfe4-431e950d210f", "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f", "indicator--59f87127-4b38-41a9-b74c-4581950d210f", "indicator--59f87128-4560-41b4-8996-4657950d210f", "observed-data--59f87128-2080-42bb-b8cd-41ec950d210f", "network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f", "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f", "indicator--59f87128-f1d0-4877-a57b-4afd950d210f", "indicator--59f87128-6630-488d-8671-40e2950d210f", "observed-data--59f87129-5114-40c2-9be1-4282950d210f", "network-traffic--59f87129-5114-40c2-9be1-4282950d210f", "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f", "indicator--59f87129-54e0-4bc2-9d7a-4059950d210f", "indicator--59f87129-e024-4779-883c-4510950d210f", "observed-data--59f8712a-1134-4ab7-acd7-429f950d210f", "network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f", "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f", "indicator--59f8712a-7ef8-46ea-8a42-4404950d210f", "indicator--59f8712a-3700-4375-93ea-4039950d210f", "observed-data--59f8712b-ef4c-481c-9630-4972950d210f", "network-traffic--59f8712b-ef4c-481c-9630-4972950d210f", "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f", "indicator--59f8712b-c1b8-4210-a57e-4c5a950d210f", "indicator--59f8712c-c984-41a0-94e5-4409950d210f", "observed-data--59f8712c-50b4-49d5-b63b-4925950d210f", "network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f", "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f", "indicator--59f8712c-3040-49eb-8bc3-41de950d210f", "indicator--59f8712c-8910-4767-a196-4d97950d210f", "observed-data--59f8712d-8d10-48a8-ac9d-4330950d210f", "network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f", "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f", "indicator--59f8712d-5c84-49fa-8d9e-4a01950d210f", "indicator--59f8712d-d5f4-4a82-86b7-4894950d210f", "indicator--59f8714b-c2f8-40ec-98f7-4de9950d210f", "indicator--59f8714c-1ae4-4fb1-bb33-4039950d210f", "observed-data--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "indicator--59f8714c-07b0-4118-98c0-4e41950d210f", "indicator--59f8714d-9288-4422-b1c9-468e950d210f", "observed-data--59f8714d-b6dc-49ed-b0c3-4657950d210f", "network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f", "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f", "observed-data--59f8714d-2c10-4d3d-938e-47a1950d210f", "network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f", "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f", "observed-data--59f8714d-208c-4673-849e-40af950d210f", "network-traffic--59f8714d-208c-4673-849e-40af950d210f", "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f", "observed-data--59f8714e-6aec-4a17-915e-435d950d210f", "network-traffic--59f8714e-6aec-4a17-915e-435d950d210f", "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f", "observed-data--59f8714e-933c-46d7-8a8d-4d16950d210f", "network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f", "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f", "observed-data--59f8714e-d304-4a22-87f3-4a58950d210f", "network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f", "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f", "observed-data--59f8714f-3c7c-4762-a078-49c9950d210f", "network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f", "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f", "observed-data--59f8714f-ec74-4d31-839c-4c1e950d210f", "network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f", "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f", "observed-data--59f87150-7be4-4e16-9d48-45c4950d210f", "network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f", "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f", "observed-data--59f87150-97e8-4679-959a-4650950d210f", "network-traffic--59f87150-97e8-4679-959a-4650950d210f", "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f", "observed-data--59f87150-65fc-405f-8a78-4122950d210f", "network-traffic--59f87150-65fc-405f-8a78-4122950d210f", "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f", "observed-data--59f87150-d200-4460-89a9-4bdb950d210f", "network-traffic--59f87150-d200-4460-89a9-4bdb950d210f", "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f", "observed-data--59f87151-a3d4-4ead-9b2e-48b2950d210f", "network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f", "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f", "observed-data--59f87152-1cac-4e3a-9fbb-4372950d210f", "network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f", "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f", "observed-data--59f87152-22dc-4901-8785-4c5c950d210f", "network-traffic--59f87152-22dc-4901-8785-4c5c950d210f", "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f", "observed-data--59f87152-5764-4606-b6ef-4039950d210f", "network-traffic--59f87152-5764-4606-b6ef-4039950d210f", "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f", "observed-data--59f87152-9b78-451b-bfa3-4821950d210f", "network-traffic--59f87152-9b78-451b-bfa3-4821950d210f", "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f", "observed-data--59f87153-ba3c-483c-9839-4098950d210f", "network-traffic--59f87153-ba3c-483c-9839-4098950d210f", "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f", "observed-data--59f87153-2e0c-4202-9a61-4657950d210f", "network-traffic--59f87153-2e0c-4202-9a61-4657950d210f", "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f", "observed-data--59f87153-7ffc-489f-a123-4378950d210f", "network-traffic--59f87153-7ffc-489f-a123-4378950d210f", "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f", "observed-data--59f87153-2e7c-4189-95c3-4fa6950d210f", "network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f", "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f", "observed-data--59f87154-5ec0-4445-ae49-4198950d210f", "network-traffic--59f87154-5ec0-4445-ae49-4198950d210f", "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f", "observed-data--59f87154-e794-4893-b78e-4c58950d210f", "network-traffic--59f87154-e794-4893-b78e-4c58950d210f", "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f", "observed-data--59f87154-1554-459a-98c7-4429950d210f", "network-traffic--59f87154-1554-459a-98c7-4429950d210f", "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f", "observed-data--59f87155-58b4-43c8-932f-4248950d210f", "network-traffic--59f87155-58b4-43c8-932f-4248950d210f", "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f", "observed-data--59f87155-6cac-48a9-8dca-4e5b950d210f", "network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f", "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f", "indicator--59fa183c-8a6c-4218-8271-1ad302de0b81", "indicator--59fa183c-a688-48ed-9d1b-1ad302de0b81", "observed-data--59fa183d-ac44-48bb-84fc-1ad302de0b81", "url--59fa183d-ac44-48bb-84fc-1ad302de0b81", "indicator--59fa183d-8f68-422e-9cc5-1ad302de0b81", "indicator--59fa183d-fbb4-45e8-b2e4-1ad302de0b81", "observed-data--59fa183d-8348-4ca4-bbec-1ad302de0b81", "url--59fa183d-8348-4ca4-bbec-1ad302de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87124-b2cc-44c7-bbb2-4092950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "pattern": "[file:hashes.MD5 = '1916150b3356fe6e6da7ec2e2a78e189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87124-f2d0-4ffb-b750-411d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "pattern": "[file:hashes.MD5 = 'e67b2f58896059cce8c6ff83c5737687']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87124-e0c0-4263-8f2b-4200950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "pattern": "[file:hashes.MD5 = 'e1ac6820b8b94ee937d8fe301437609d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87125-021c-4494-b94e-4f3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "pattern": "[url:value = 'http://christakranzl.at/eiuhf384']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87125-b548-4ff1-88e2-47ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "pattern": "[domain-name:value = 'christakranzl.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87125-3ff8-4a35-b794-4bc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:47.000Z", "modified": "2017-11-01T18:53:47.000Z", "first_observed": "2017-11-01T18:53:47Z", "last_observed": "2017-11-01T18:53:47Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f", "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f", "dst_ref": "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f", "value": "88.198.9.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87125-d35c-467c-83b0-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://cornertape.net/eiuhf384']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87125-79b8-4447-9337-4caa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'cornertape.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87126-d768-4de0-b5d2-4c15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f", "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f", "dst_ref": "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f", "value": "62.50.188.17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87126-821c-4f45-b217-4499950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://claridge-holdings.com/eiuhf384']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87126-4e68-482c-938a-4654950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'claridge-holdings.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87126-b338-43b5-8597-4bbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87126-b338-43b5-8597-4bbd950d210f", "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87126-b338-43b5-8597-4bbd950d210f", "dst_ref": "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f", "value": "202.160.120.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87127-b2c8-444e-803e-47f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://dvprojekt.hr/eiuhf384']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87127-eb3c-483a-9321-47cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'dvprojekt.hr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87127-856c-4091-bfe4-431e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87127-856c-4091-bfe4-431e950d210f", "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87127-856c-4091-bfe4-431e950d210f", "dst_ref": "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f", "value": "213.202.100.90" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87127-4b38-41a9-b74c-4581950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://projex-dz.com/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87128-4560-41b4-8996-4657950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'projex-dz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87128-2080-42bb-b8cd-41ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f", "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f", "dst_ref": "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f", "value": "5.196.81.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87128-f1d0-4877-a57b-4afd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://celebrityonline.cz/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87128-6630-488d-8671-40e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'celebrityonline.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87129-5114-40c2-9be1-4282950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87129-5114-40c2-9be1-4282950d210f", "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87129-5114-40c2-9be1-4282950d210f", "dst_ref": "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f", "value": "78.24.8.144" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87129-54e0-4bc2-9d7a-4059950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://sigmanet.gr/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f87129-e024-4779-883c-4510950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'sigmanet.gr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8712a-1134-4ab7-acd7-429f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f", "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f", "dst_ref": "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f", "value": "185.25.20.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712a-7ef8-46ea-8a42-4404950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://apply.pam-innovation.com/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712a-3700-4375-93ea-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'apply.pam-innovation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8712b-ef4c-481c-9630-4972950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8712b-ef4c-481c-9630-4972950d210f", "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8712b-ef4c-481c-9630-4972950d210f", "dst_ref": "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f", "value": "202.129.207.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712b-c1b8-4210-a57e-4c5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://bwos.be/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712c-c984-41a0-94e5-4409950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'bwos.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8712c-50b4-49d5-b63b-4925950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f", "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f", "dst_ref": "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f", "value": "91.121.34.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712c-3040-49eb-8bc3-41de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://zahntechnik-imlau.de/i8745fydd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712c-8910-4767-a196-4d97950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'zahntechnik-imlau.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8712d-8d10-48a8-ac9d-4330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f", "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f", "dst_ref": "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f", "value": "185.138.24.185" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712d-5c84-49fa-8d9e-4a01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://fetchstats.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8712d-d5f4-4a82-86b7-4894950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'fetchstats.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8714b-c2f8-40ec-98f7-4de9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://kengray.com/iudsfy7834']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8714c-1ae4-4fb1-bb33-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'kengray.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "dst_ref": "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f", "value": "209.239.114.217" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8714c-07b0-4118-98c0-4e41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[url:value = 'http://hobbystube.net/dkjshfg643']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f8714d-9288-4422-b1c9-468e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "pattern": "[domain-name:value = 'hobbystube.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714d-b6dc-49ed-b0c3-4657950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f", "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f", "dst_ref": "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f", "value": "83.220.128.111" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714d-2c10-4d3d-938e-47a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f", "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f", "dst_ref": "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714d-208c-4673-849e-40af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714d-208c-4673-849e-40af950d210f", "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714d-208c-4673-849e-40af950d210f", "dst_ref": "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f", "value": "156.17.92.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714e-6aec-4a17-915e-435d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714e-6aec-4a17-915e-435d950d210f", "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714e-6aec-4a17-915e-435d950d210f", "dst_ref": "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f", "value": "187.191.0.42" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714e-933c-46d7-8a8d-4d16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f", "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f", "dst_ref": "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f", "value": "181.211.34.154" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714e-d304-4a22-87f3-4a58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f", "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f", "dst_ref": "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f", "value": "200.117.251.52" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714f-3c7c-4762-a078-49c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f", "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f", "dst_ref": "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f", "value": "78.24.217.88" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f8714f-ec74-4d31-839c-4c1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f", "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f", "dst_ref": "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f", "value": "62.109.1.68" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87150-7be4-4e16-9d48-45c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f", "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f", "dst_ref": "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f", "value": "195.133.147.74" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87150-97e8-4679-959a-4650950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87150-97e8-4679-959a-4650950d210f", "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87150-97e8-4679-959a-4650950d210f", "dst_ref": "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f", "value": "195.133.146.117" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87150-65fc-405f-8a78-4122950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87150-65fc-405f-8a78-4122950d210f", "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87150-65fc-405f-8a78-4122950d210f", "dst_ref": "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f", "value": "195.133.146.122" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87150-d200-4460-89a9-4bdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87150-d200-4460-89a9-4bdb950d210f", "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87150-d200-4460-89a9-4bdb950d210f", "dst_ref": "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f", "value": "78.24.222.226" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87151-a3d4-4ead-9b2e-48b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f", "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f", "dst_ref": "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f", "value": "95.213.252.23" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87152-1cac-4e3a-9fbb-4372950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f", "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f", "dst_ref": "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f", "value": "95.213.251.95" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87152-22dc-4901-8785-4c5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87152-22dc-4901-8785-4c5c950d210f", "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87152-22dc-4901-8785-4c5c950d210f", "dst_ref": "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f", "value": "194.87.93.55" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87152-5764-4606-b6ef-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87152-5764-4606-b6ef-4039950d210f", "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87152-5764-4606-b6ef-4039950d210f", "dst_ref": "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f", "value": "62.109.8.186" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87152-9b78-451b-bfa3-4821950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87152-9b78-451b-bfa3-4821950d210f", "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87152-9b78-451b-bfa3-4821950d210f", "dst_ref": "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f", "value": "188.120.246.189" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87153-ba3c-483c-9839-4098950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87153-ba3c-483c-9839-4098950d210f", "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87153-ba3c-483c-9839-4098950d210f", "dst_ref": "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f", "value": "194.87.98.249" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87153-2e0c-4202-9a61-4657950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87153-2e0c-4202-9a61-4657950d210f", "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87153-2e0c-4202-9a61-4657950d210f", "dst_ref": "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f", "value": "95.213.195.174" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87153-7ffc-489f-a123-4378950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87153-7ffc-489f-a123-4378950d210f", "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87153-7ffc-489f-a123-4378950d210f", "dst_ref": "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f", "value": "185.143.173.244" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87153-2e7c-4189-95c3-4fa6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f", "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f", "dst_ref": "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f", "value": "194.87.110.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87154-5ec0-4445-ae49-4198950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87154-5ec0-4445-ae49-4198950d210f", "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87154-5ec0-4445-ae49-4198950d210f", "dst_ref": "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f", "value": "179.43.147.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87154-e794-4893-b78e-4c58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87154-e794-4893-b78e-4c58950d210f", "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87154-e794-4893-b78e-4c58950d210f", "dst_ref": "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f", "value": "82.146.43.178" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87154-1554-459a-98c7-4429950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87154-1554-459a-98c7-4429950d210f", "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87154-1554-459a-98c7-4429950d210f", "dst_ref": "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f", "value": "185.158.114.114" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87155-58b4-43c8-932f-4248950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87155-58b4-43c8-932f-4248950d210f", "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87155-58b4-43c8-932f-4248950d210f", "dst_ref": "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f", "value": "62.109.10.93" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f87155-6cac-48a9-8dca-4e5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f", "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f", "dst_ref": "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f", "value": "185.34.52.236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59fa183c-8a6c-4218-8271-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "description": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687", "pattern": "[file:hashes.SHA256 = '9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59fa183c-a688-48ed-9d1b-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "description": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687", "pattern": "[file:hashes.SHA1 = 'b39d9320806573fdb49f5f9dc0307c4fbcd9c327']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59fa183d-ac44-48bb-84fc-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:48.000Z", "modified": "2017-11-01T18:53:48.000Z", "first_observed": "2017-11-01T18:53:48Z", "last_observed": "2017-11-01T18:53:48Z", "number_observed": 1, "object_refs": [ "url--59fa183d-ac44-48bb-84fc-1ad302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59fa183d-ac44-48bb-84fc-1ad302de0b81", "value": "https://www.virustotal.com/file/9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49/analysis/1509513298/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59fa183d-8f68-422e-9cc5-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:49.000Z", "modified": "2017-11-01T18:53:49.000Z", "description": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189", "pattern": "[file:hashes.SHA256 = 'd97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59fa183d-fbb4-45e8-b2e4-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:49.000Z", "modified": "2017-11-01T18:53:49.000Z", "description": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189", "pattern": "[file:hashes.SHA1 = '7e8bf6cc4bb2540dce895244347a017565fddbc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-01T18:53:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59fa183d-8348-4ca4-bbec-1ad302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-01T18:53:49.000Z", "modified": "2017-11-01T18:53:49.000Z", "first_observed": "2017-11-01T18:53:49Z", "last_observed": "2017-11-01T18:53:49Z", "number_observed": 1, "object_refs": [ "url--59fa183d-8348-4ca4-bbec-1ad302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59fa183d-8348-4ca4-bbec-1ad302de0b81", "value": "https://www.virustotal.com/file/d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2/analysis/1509502196/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }