{ "type": "bundle", "id": "bundle--591d566d-3ec0-4195-adb2-9f28950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:30:40.000Z", "modified": "2017-05-18T11:30:40.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--591d566d-3ec0-4195-adb2-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T11:30:40.000Z", "modified": "2017-05-18T11:30:40.000Z", "name": "Invoice ###### 05/17/2017 from dontreply@random", "published": "2017-05-18T11:32:19Z", "object_refs": [ "indicator--591d566e-62ec-4abd-afc7-99a0950d210f", "indicator--591d566f-19f4-4248-8fcb-c522950d210f", "indicator--591d566f-652c-4398-8074-c520950d210f", "indicator--591d5670-d1d8-4260-8674-c51c950d210f", "indicator--591d5671-0dec-43e6-9433-a001950d210f", "indicator--591d5672-5a04-495b-94ef-99a4950d210f", "indicator--591d5673-d418-4ebc-bd4d-99a3950d210f", "indicator--591d5673-5ff8-47f0-80d3-c51f950d210f", "indicator--591d5674-c140-4f6e-bb6a-c525950d210f", "indicator--591d5675-f1b4-4ea5-8309-c518950d210f", "indicator--591d5676-3edc-4315-b274-c520950d210f", "indicator--591d5677-5d30-464f-9cae-99a4950d210f", "indicator--591d5678-a17c-4409-839d-c516950d210f", "indicator--591d567a-f30c-4d86-98a5-c525950d210f", "indicator--591d567b-8ef4-432c-9d56-c524950d210f", "indicator--591d567c-df8c-4725-9176-c520950d210f", "indicator--591d567c-9e1c-48a2-a284-a005950d210f", "indicator--591d567d-9648-4540-9fda-c51f950d210f", "indicator--591d567e-c210-4045-899b-c50f950d210f", "indicator--591d567f-5a6c-4ab4-b74f-9f28950d210f", "indicator--591d567f-0bf4-4c9b-bd65-c522950d210f", "indicator--591d5680-b5c0-4717-93d9-c525950d210f", "indicator--591d5681-c820-4a67-9e6e-c51c950d210f", "indicator--591d5682-65ec-49eb-828e-99a3950d210f", "indicator--591d5683-2460-40df-9bc5-a005950d210f", "indicator--591d5684-da58-47dc-b71c-9f28950d210f", "indicator--591d5684-3590-4187-b67a-c516950d210f", "indicator--591d5685-2d9c-425a-8675-c51a950d210f", "indicator--591d5686-cba4-4688-a059-c524950d210f", "indicator--591d5687-8ec4-4fdf-bf9c-c51c950d210f", "indicator--591d5687-c398-4836-9aba-9f05950d210f", "indicator--591d5689-fb50-41a1-9c4e-c522950d210f", "indicator--591d5689-f07c-460a-a550-c51a950d210f", "indicator--591d568a-efe8-466d-9d75-a001950d210f", "indicator--591d568b-8fc0-4477-b23f-99a4950d210f", "indicator--591d568c-5480-445f-a906-99a3950d210f", "indicator--591d568c-be8c-4963-8ff3-a005950d210f", "indicator--591d568d-0eac-4d4c-bd6e-a004950d210f", "indicator--591d568e-7604-4e46-b09a-c522950d210f", "indicator--591d568f-e164-46d5-b8e8-c525950d210f", "indicator--591d5690-1d74-450c-a151-c524950d210f", "indicator--591d5690-f610-4604-9929-c523950d210f", "indicator--591d5691-80c8-4e0d-90af-99a4950d210f", "indicator--591d5692-4e4c-4071-890e-c51c950d210f", "indicator--591d5693-4c1c-40a4-83b6-9f05950d210f", "indicator--591d5693-d028-44a4-94a9-9f28950d210f", "indicator--591d5695-5f28-40b5-9d2b-c525950d210f", "indicator--591d5695-ed38-41e4-a25d-c523950d210f", "indicator--591d5697-ae14-41fc-99e4-99a4950d210f", "indicator--591d5698-6bc8-48cc-8a2f-c50f950d210f", "indicator--591d5699-23c4-43df-9757-9f05950d210f", "indicator--591d569a-04d0-4f56-ae42-c522950d210f", "indicator--591d569b-e098-4072-ae21-c523950d210f", "indicator--591d569b-f564-482b-90ab-c51f950d210f", "indicator--591d569c-1cb8-4be4-9169-99a6950d210f", "indicator--591d569d-2cc0-4494-8c0f-9f28950d210f", "indicator--591d569e-bcec-42ff-9653-c522950d210f", "indicator--591d569f-7540-44c6-a46a-99a4950d210f", "indicator--591d56a0-3c60-4b15-82d4-a005950d210f", "indicator--591d56a1-71c0-499d-a32d-9f28950d210f", "indicator--591d56a3-f300-45b3-97b8-c522950d210f", "indicator--591d56a6-1ef4-4f60-ad3f-99a4950d210f", "indicator--591d56a6-fb98-44c0-8ff2-a004950d210f", "indicator--591d56a7-b498-4f2c-94a2-9f05950d210f", "indicator--591d56a8-3b6c-47d0-8804-c525950d210f", "indicator--591d56a9-bd50-4f1f-861d-99a6950d210f", "indicator--591d56aa-74dc-4c8e-a999-c516950d210f", "indicator--591d56ab-0ad0-4d34-8554-99a0950d210f", "indicator--591d56ab-d324-40da-aa6c-c522950d210f", "indicator--591d56ac-2120-4a85-ba45-c520950d210f", "indicator--591d56ad-fd60-4967-9f00-c50f950d210f", "indicator--591d56ae-67a0-4b6d-b09b-c516950d210f", "indicator--591d56af-ddb0-46ff-a49c-a005950d210f", "indicator--591d56b0-2ee0-44b9-bb32-99a6950d210f", "indicator--591d56b1-b190-4be1-a470-c51a950d210f", "indicator--591d56b2-e3d8-457f-aee1-c516950d210f", "indicator--591d56b5-37f0-4960-9a3d-c50f950d210f", "observed-data--591d56b5-9bdc-4bc7-85ef-c51f950d210f", "url--591d56b5-9bdc-4bc7-85ef-c51f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d566e-62ec-4abd-afc7-99a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:14.000Z", "modified": "2017-05-18T08:08:14.000Z", "pattern": "[file:hashes.MD5 = '716165fb5e07ecc95d45e8761b10ab30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d566f-19f4-4248-8fcb-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:15.000Z", "modified": "2017-05-18T08:08:15.000Z", "pattern": "[file:hashes.MD5 = 'f3d9b2cb51e81d12ff3d5faaca231041']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d566f-652c-4398-8074-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:15.000Z", "modified": "2017-05-18T08:08:15.000Z", "pattern": "[file:hashes.MD5 = '3f6c1a2735a8595cb1b03260bec9cb1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5670-d1d8-4260-8674-c51c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:16.000Z", "modified": "2017-05-18T08:08:16.000Z", "pattern": "[file:hashes.MD5 = '14d05276125e70d43e710ef186261c95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5671-0dec-43e6-9433-a001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:17.000Z", "modified": "2017-05-18T08:08:17.000Z", "pattern": "[file:hashes.SHA256 = '86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5672-5a04-495b-94ef-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:18.000Z", "modified": "2017-05-18T08:08:18.000Z", "pattern": "[url:value = 'http://bbz-regeling.nl/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5673-d418-4ebc-bd4d-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:19.000Z", "modified": "2017-05-18T08:08:19.000Z", "pattern": "[domain-name:value = 'bbz-regeling.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5673-5ff8-47f0-80d3-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:19.000Z", "modified": "2017-05-18T08:08:19.000Z", "description": "bbz-regeling.nl", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.87.184.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5674-c140-4f6e-bb6a-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:20.000Z", "modified": "2017-05-18T08:08:20.000Z", "pattern": "[url:value = 'http://blackempire.it/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5675-f1b4-4ea5-8309-c518950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:21.000Z", "modified": "2017-05-18T08:08:21.000Z", "pattern": "[domain-name:value = 'blackempire.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5676-3edc-4315-b274-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:22.000Z", "modified": "2017-05-18T08:08:22.000Z", "description": "blackempire.it", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.18.226.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5677-5d30-464f-9cae-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:23.000Z", "modified": "2017-05-18T08:08:23.000Z", "pattern": "[url:value = 'http://diytp.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5678-a17c-4409-839d-c516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:24.000Z", "modified": "2017-05-18T08:08:24.000Z", "pattern": "[domain-name:value = 'diytp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567a-f30c-4d86-98a5-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:26.000Z", "modified": "2017-05-18T08:08:26.000Z", "description": "diytp.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.115.89.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567b-8ef4-432c-9d56-c524950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:27.000Z", "modified": "2017-05-18T08:08:27.000Z", "pattern": "[url:value = 'http://doppellutz.de/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567c-df8c-4725-9176-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:28.000Z", "modified": "2017-05-18T08:08:28.000Z", "pattern": "[domain-name:value = 'doppellutz.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567c-9e1c-48a2-a284-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:28.000Z", "modified": "2017-05-18T08:08:28.000Z", "description": "doppellutz.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567d-9648-4540-9fda-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:29.000Z", "modified": "2017-05-18T08:08:29.000Z", "pattern": "[url:value = 'http://easternmas.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567e-c210-4045-899b-c50f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:30.000Z", "modified": "2017-05-18T08:08:30.000Z", "pattern": "[domain-name:value = 'easternmas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567f-5a6c-4ab4-b74f-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:31.000Z", "modified": "2017-05-18T08:08:31.000Z", "description": "easternmas.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.121.5.206']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d567f-0bf4-4c9b-bd65-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:31.000Z", "modified": "2017-05-18T08:08:31.000Z", "pattern": "[url:value = 'http://edazhu.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5680-b5c0-4717-93d9-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:32.000Z", "modified": "2017-05-18T08:08:32.000Z", "pattern": "[domain-name:value = 'edazhu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5681-c820-4a67-9e6e-c51c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:33.000Z", "modified": "2017-05-18T08:08:33.000Z", "description": "edazhu.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.149.239.112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5682-65ec-49eb-828e-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:34.000Z", "modified": "2017-05-18T08:08:34.000Z", "pattern": "[url:value = 'http://estimatingservicesinc.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5683-2460-40df-9bc5-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:35.000Z", "modified": "2017-05-18T08:08:35.000Z", "pattern": "[domain-name:value = 'estimatingservicesinc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5684-da58-47dc-b71c-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:36.000Z", "modified": "2017-05-18T08:08:36.000Z", "description": "estimatingservicesinc.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.166.6.15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5684-3590-4187-b67a-c516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:36.000Z", "modified": "2017-05-18T08:08:36.000Z", "pattern": "[url:value = 'http://evasalome.nl/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5685-2d9c-425a-8675-c51a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:37.000Z", "modified": "2017-05-18T08:08:37.000Z", "pattern": "[domain-name:value = 'evasalome.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5686-cba4-4688-a059-c524950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:38.000Z", "modified": "2017-05-18T08:08:38.000Z", "description": "evasalome.nl", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.213.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5687-8ec4-4fdf-bf9c-c51c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:39.000Z", "modified": "2017-05-18T08:08:39.000Z", "pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5687-c398-4836-9aba-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:39.000Z", "modified": "2017-05-18T08:08:39.000Z", "pattern": "[domain-name:value = 'herrossoidffr6644qa.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5689-fb50-41a1-9c4e-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:41.000Z", "modified": "2017-05-18T08:08:41.000Z", "description": "herrossoidffr6644qa.top", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.209.214.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5689-f07c-460a-a550-c51a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:41.000Z", "modified": "2017-05-18T08:08:41.000Z", "pattern": "[url:value = 'http://kezakotheatre.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568a-efe8-466d-9d75-a001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:42.000Z", "modified": "2017-05-18T08:08:42.000Z", "pattern": "[domain-name:value = 'kezakotheatre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568b-8fc0-4477-b23f-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:43.000Z", "modified": "2017-05-18T08:08:43.000Z", "description": "kezakotheatre.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568c-5480-445f-a906-99a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:44.000Z", "modified": "2017-05-18T08:08:44.000Z", "pattern": "[url:value = 'http://monowheels.ru/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568c-be8c-4963-8ff3-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:44.000Z", "modified": "2017-05-18T08:08:44.000Z", "pattern": "[domain-name:value = 'monowheels.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568d-0eac-4d4c-bd6e-a004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:45.000Z", "modified": "2017-05-18T08:08:45.000Z", "description": "monowheels.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.162.100.191']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568e-7604-4e46-b09a-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:46.000Z", "modified": "2017-05-18T08:08:46.000Z", "pattern": "[url:value = 'http://oylumsut.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d568f-e164-46d5-b8e8-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:47.000Z", "modified": "2017-05-18T08:08:47.000Z", "pattern": "[domain-name:value = 'oylumsut.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5690-1d74-450c-a151-c524950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:48.000Z", "modified": "2017-05-18T08:08:48.000Z", "description": "oylumsut.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.230.111.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5690-f610-4604-9929-c523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:48.000Z", "modified": "2017-05-18T08:08:48.000Z", "pattern": "[url:value = 'http://peryskop.biz/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5691-80c8-4e0d-90af-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:49.000Z", "modified": "2017-05-18T08:08:49.000Z", "pattern": "[domain-name:value = 'peryskop.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5692-4e4c-4071-890e-c51c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:50.000Z", "modified": "2017-05-18T08:08:50.000Z", "description": "peryskop.biz", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.43.113.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5693-4c1c-40a4-83b6-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:51.000Z", "modified": "2017-05-18T08:08:51.000Z", "pattern": "[url:value = 'http://pta-babel.net/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5693-d028-44a4-94a9-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:51.000Z", "modified": "2017-05-18T08:08:51.000Z", "pattern": "[domain-name:value = 'pta-babel.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5695-5f28-40b5-9d2b-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:53.000Z", "modified": "2017-05-18T08:08:53.000Z", "description": "pta-babel.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.247.9.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5695-ed38-41e4-a25d-c523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:53.000Z", "modified": "2017-05-18T08:08:53.000Z", "pattern": "[url:value = 'http://sjffonrvcik45bd.info/af/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5697-ae14-41fc-99e4-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:55.000Z", "modified": "2017-05-18T08:08:55.000Z", "pattern": "[domain-name:value = 'sjffonrvcik45bd.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5698-6bc8-48cc-8a2f-c50f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:56.000Z", "modified": "2017-05-18T08:08:56.000Z", "pattern": "[url:value = 'http://taure.cz/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d5699-23c4-43df-9757-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:57.000Z", "modified": "2017-05-18T08:08:57.000Z", "pattern": "[domain-name:value = 'taure.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569a-04d0-4f56-ae42-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:58.000Z", "modified": "2017-05-18T08:08:58.000Z", "description": "taure.cz", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.185.104.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569b-e098-4072-ae21-c523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:59.000Z", "modified": "2017-05-18T08:08:59.000Z", "pattern": "[url:value = 'http://tenda.it/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569b-f564-482b-90ab-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:08:59.000Z", "modified": "2017-05-18T08:08:59.000Z", "pattern": "[domain-name:value = 'tenda.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569c-1cb8-4be4-9169-99a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:00.000Z", "modified": "2017-05-18T08:09:00.000Z", "description": "tenda.it", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.159.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569d-2cc0-4494-8c0f-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:01.000Z", "modified": "2017-05-18T08:09:01.000Z", "pattern": "[url:value = 'http://texaslandandlifestyle.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569e-bcec-42ff-9653-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:02.000Z", "modified": "2017-05-18T08:09:02.000Z", "pattern": "[domain-name:value = 'texaslandandlifestyle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d569f-7540-44c6-a46a-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:03.000Z", "modified": "2017-05-18T08:09:03.000Z", "description": "texaslandandlifestyle.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.161.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a0-3c60-4b15-82d4-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:04.000Z", "modified": "2017-05-18T08:09:04.000Z", "description": "texaslandandlifestyle.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.168.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a1-71c0-499d-a32d-9f28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:05.000Z", "modified": "2017-05-18T08:09:05.000Z", "pattern": "[url:value = 'http://tvapps.ir/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a3-f300-45b3-97b8-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:07.000Z", "modified": "2017-05-18T08:09:07.000Z", "pattern": "[domain-name:value = 'tvapps.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a6-1ef4-4f60-ad3f-99a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:10.000Z", "modified": "2017-05-18T08:09:10.000Z", "description": "tvapps.ir", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.25.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a6-fb98-44c0-8ff2-a004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:10.000Z", "modified": "2017-05-18T08:09:10.000Z", "pattern": "[url:value = 'http://unykmodels.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a7-b498-4f2c-94a2-9f05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:11.000Z", "modified": "2017-05-18T08:09:11.000Z", "pattern": "[domain-name:value = 'unykmodels.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a8-3b6c-47d0-8804-c525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:12.000Z", "modified": "2017-05-18T08:09:12.000Z", "description": "unykmodels.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.74.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56a9-bd50-4f1f-861d-99a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:13.000Z", "modified": "2017-05-18T08:09:13.000Z", "pattern": "[url:value = 'http://westprod.fr/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56aa-74dc-4c8e-a999-c516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:14.000Z", "modified": "2017-05-18T08:09:14.000Z", "pattern": "[domain-name:value = 'westprod.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ab-0ad0-4d34-8554-99a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:15.000Z", "modified": "2017-05-18T08:09:15.000Z", "description": "westprod.fr", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.246.39.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ab-d324-40da-aa6c-c522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:15.000Z", "modified": "2017-05-18T08:09:15.000Z", "pattern": "[url:value = 'http://ws500.net/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ac-2120-4a85-ba45-c520950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:16.000Z", "modified": "2017-05-18T08:09:16.000Z", "pattern": "[domain-name:value = 'ws500.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ad-fd60-4967-9f00-c50f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:17.000Z", "modified": "2017-05-18T08:09:17.000Z", "description": "ws500.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.19.169.34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56ae-67a0-4b6d-b09b-c516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:18.000Z", "modified": "2017-05-18T08:09:18.000Z", "pattern": "[url:value = 'http://wxklfy.com/hjt67t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56af-ddb0-46ff-a49c-a005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:19.000Z", "modified": "2017-05-18T08:09:19.000Z", "pattern": "[domain-name:value = 'wxklfy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b0-2ee0-44b9-bb32-99a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:20.000Z", "modified": "2017-05-18T08:09:20.000Z", "description": "wxklfy.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.248.183']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b1-b190-4be1-a470-c51a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:21.000Z", "modified": "2017-05-18T08:09:21.000Z", "pattern": "[url:value = 'http://eesiiuroffde445.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b2-e3d8-457f-aee1-c516950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:22.000Z", "modified": "2017-05-18T08:09:22.000Z", "pattern": "[domain-name:value = 'eesiiuroffde445.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591d56b5-37f0-4960-9a3d-c50f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:25.000Z", "modified": "2017-05-18T08:09:25.000Z", "description": "eesiiuroffde445.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.107.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-18T08:09:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591d56b5-9bdc-4bc7-85ef-c51f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-18T08:09:25.000Z", "modified": "2017-05-18T08:09:25.000Z", "first_observed": "2017-05-18T08:09:25Z", "last_observed": "2017-05-18T08:09:25Z", "number_observed": 1, "object_refs": [ "url--591d56b5-9bdc-4bc7-85ef-c51f950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591d56b5-9bdc-4bc7-85ef-c51f950d210f", "value": "https://www.virustotal.com/en/url/86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181/analysis/1495024235/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }