{ "type": "bundle", "id": "bundle--5922e0ac-0314-43d5-b36e-4ac4950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:16.000Z", "modified": "2017-05-26T12:57:16.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5922e0ac-0314-43d5-b36e-4ac4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:16.000Z", "modified": "2017-05-26T12:57:16.000Z", "name": "Jaff 2017-05-22 : \"Copy of Invoice 12345678\" / \"12345678.PDF\"", "published": "2017-05-26T12:58:10Z", "object_refs": [ "indicator--5922e0ae-4318-4551-b2d6-41a4950d210f", "indicator--5922e0af-39b4-453a-ac80-443d950d210f", "indicator--5922e0b0-4e74-4a75-8791-4974950d210f", "indicator--5922e0b1-71e4-435c-8b0a-4ccd950d210f", "observed-data--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "indicator--5922e0b3-b220-4bf2-b3fd-4e34950d210f", "indicator--5922e0b4-c4c4-4d4b-b2cb-4089950d210f", "indicator--5922e0b8-99e8-471c-8eda-4cad950d210f", "indicator--5922e0b9-00e0-4809-8eb2-441d950d210f", "indicator--5922e0ba-f65c-47ef-b2c4-40e6950d210f", "indicator--5922e0bc-7154-4184-b729-41c6950d210f", "indicator--5922e0bd-25c0-4b14-990f-4a19950d210f", "indicator--5922e0be-3a54-4abf-b6b7-454f950d210f", "indicator--5922e0bf-4d0c-4dcb-96a1-440d950d210f", "indicator--5922e0bf-fbc0-4be0-be3d-4f0c950d210f", "indicator--5922e0c0-2858-4664-9d17-4526950d210f", "indicator--5922e0c1-ad44-4b18-9454-45b6950d210f", "indicator--5922e0c2-7888-42c7-bd43-4dfc950d210f", "indicator--5922e0c3-18e4-4977-96ac-449c950d210f", "indicator--5922e0c4-d64c-48b1-8a6f-426a950d210f", "indicator--5922e0c4-2420-4b23-9737-4484950d210f", "indicator--5922e0c5-c370-4aa8-9329-4259950d210f", "observed-data--5922e0c6-68ac-43b0-8647-4c3a950d210f", "network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f", "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f", "indicator--5922e0c7-4e44-41c2-8bd7-4ee2950d210f", "indicator--5922e0c8-2178-4807-9c05-41e2950d210f", "indicator--5922e0ca-99fc-4e1a-aaeb-42b5950d210f", "indicator--5922e0cb-04f0-47be-bfad-4a08950d210f", "observed-data--5922e0cc-982c-4115-827e-4cb1950d210f", "network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f", "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f", "indicator--5922e0cd-070c-407f-9c19-4515950d210f", "indicator--5922e0ce-dd08-4b84-9490-4294950d210f", "indicator--5922e0cf-9a10-4fea-b7eb-4c14950d210f", "indicator--5922e0d0-5ab4-45b0-af59-44de950d210f", "indicator--5922e0d1-0dac-40b7-987e-49e0950d210f", "observed-data--5922e0d2-ada4-4ad7-866a-4c93950d210f", "network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f", "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f", "indicator--5922e0d3-f680-4470-8c63-4ed6950d210f", "indicator--5922e0d4-2f54-4e39-8d19-41e2950d210f", "observed-data--5922e0d5-7850-4581-8305-47b1950d210f", "network-traffic--5922e0d5-7850-4581-8305-47b1950d210f", "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f", "indicator--5922e0d6-7458-4fa1-96c9-4670950d210f", "indicator--5922e0d6-839c-47a8-861d-40b6950d210f", "observed-data--5922e0d7-e834-48e1-8f17-4699950d210f", "network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f", "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f", "indicator--5922e0d8-d3e4-487d-925d-4a13950d210f", "indicator--5922e0da-b918-4179-98ed-40a2950d210f", "observed-data--5922e0dc-4670-46c0-bfc8-4655950d210f", "network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f", "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f", "indicator--5922e0dd-8594-4220-b67a-4fdf950d210f", "indicator--5922e0de-cef0-4338-bba7-4aca950d210f", "indicator--5922e0e0-8bb0-495a-a9e7-47c4950d210f", "indicator--5922ec55-a8cc-4ac0-976e-4cc102de0b81", "indicator--5922ec55-7140-43b7-aaa9-448502de0b81", "observed-data--5922ec56-e6f4-4cfd-b1bd-42af02de0b81", "url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81", "indicator--5922ec56-a928-47e2-bb25-4f1902de0b81", "indicator--5922ec57-5ebc-43ec-9c92-460c02de0b81", "observed-data--5922ec57-091c-4adb-ae21-420702de0b81", "url--5922ec57-091c-4adb-ae21-420702de0b81", "indicator--5922f376-3e10-4493-896c-449c950d210f", "indicator--5922f377-7ec4-4b74-a8a6-4284950d210f", "indicator--5922f377-9874-4243-b285-47ee950d210f", "indicator--5922f378-a584-4fb7-9810-458b950d210f", "indicator--5922f378-e0c0-48c1-897a-471f950d210f", "observed-data--5922f379-74b0-4dc4-8a6e-493e950d210f", "network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f", "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f", "observed-data--5922f379-5778-475a-b239-482c950d210f", "network-traffic--5922f379-5778-475a-b239-482c950d210f", "ipv4-addr--5922f379-5778-475a-b239-482c950d210f", "observed-data--5922f379-55cc-4bed-8b29-4670950d210f", "network-traffic--5922f379-55cc-4bed-8b29-4670950d210f", "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f", "indicator--5922f37a-2fb0-41ec-b08a-4bf0950d210f", "indicator--5922f37a-8780-4a14-aaaa-4682950d210f", "indicator--5922f37b-b8c4-4745-ab98-45c3950d210f", "indicator--5922f37b-70d8-43b5-9105-4dfe950d210f", "indicator--5922f37c-2874-47c0-b989-4e87950d210f", "indicator--5923f4b3-5c94-495f-a664-4103950d210f", "indicator--5923f4b3-6d2c-4f74-a048-43e7950d210f", "observed-data--5923f4b4-00ec-48d3-bc5f-4524950d210f", "network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f", "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f", "observed-data--5923f4b4-99ac-4089-8b24-4a69950d210f", "network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f", "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f", "observed-data--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "indicator--5923f4b5-b050-45e7-8551-45cf950d210f", "indicator--5923f4b6-1894-4f78-a383-4fb8950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0ae-4318-4551-b2d6-41a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[file:hashes.MD5 = '192b829bf7f6829549519168c173c931']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0af-39b4-453a-ac80-443d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[file:hashes.MD5 = '132d56f533f3a074b441cebff98e7742']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b0-4e74-4a75-8791-4974950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://boomroom.jp/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b1-71e4-435c-8b0a-4ccd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'boomroom.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:12.000Z", "modified": "2017-05-26T12:57:12.000Z", "first_observed": "2017-05-26T12:57:12Z", "last_observed": "2017-05-26T12:57:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "dst_ref": "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f", "value": "219.118.71.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b3-b220-4bf2-b3fd-4e34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://brotexxshferrogd.net/af/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b4-c4c4-4d4b-b2cb-4089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'brotexxshferrogd.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b8-99e8-471c-8eda-4cad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "brotexxshferrogd.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.165.236.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0b9-00e0-4809-8eb2-441d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://byuscorp.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0ba-f65c-47ef-b2c4-40e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'byuscorp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0bc-7154-4184-b729-41c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "byuscorp.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.68.13.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0bd-25c0-4b14-990f-4a19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://datadunyasi.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0be-3a54-4abf-b6b7-454f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'datadunyasi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0bf-4d0c-4dcb-96a1-440d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "datadunyasi.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.84.180.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0bf-fbc0-4be0-be3d-4f0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://endosuitepartners.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c0-2858-4664-9d17-4526950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'endosuitepartners.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c1-ad44-4b18-9454-45b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "endosuitepartners.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.52.154.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c2-7888-42c7-bd43-4dfc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://essensworld.cz/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c3-18e4-4977-96ac-449c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'essensworld.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c4-d64c-48b1-8a6f-426a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "essensworld.cz", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.4.153.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c4-2420-4b23-9737-4484950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://f1toh1.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c5-c370-4aa8-9329-4259950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'f1toh1.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0c6-68ac-43b0-8647-4c3a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:12.000Z", "modified": "2017-05-26T12:57:12.000Z", "first_observed": "2017-05-26T12:57:12Z", "last_observed": "2017-05-26T12:57:12Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f", "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f", "dst_ref": "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f", "value": "107.180.12.39" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c7-4e44-41c2-8bd7-4ee2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0c8-2178-4807-9c05-41e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'herrossoidffr6644qa.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0ca-99fc-4e1a-aaeb-42b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://joesrv.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0cb-04f0-47be-bfad-4a08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'joesrv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0cc-982c-4115-827e-4cb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:13.000Z", "modified": "2017-05-26T12:57:13.000Z", "first_observed": "2017-05-26T12:57:13Z", "last_observed": "2017-05-26T12:57:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f", "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f", "dst_ref": "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f", "value": "184.168.221.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0cd-070c-407f-9c19-4515950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://knowyourmarketing.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0ce-dd08-4b84-9490-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'knowyourmarketing.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0cf-9a10-4fea-b7eb-4c14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "knowyourmarketing.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.235.201.157']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d0-5ab4-45b0-af59-44de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://pattumalamatha.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d1-0dac-40b7-987e-49e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'pattumalamatha.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0d2-ada4-4ad7-866a-4c93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:13.000Z", "modified": "2017-05-26T12:57:13.000Z", "first_observed": "2017-05-26T12:57:13Z", "last_observed": "2017-05-26T12:57:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f", "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f", "dst_ref": "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f", "value": "166.62.30.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d3-f680-4470-8c63-4ed6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://primary-ls.ru/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d4-2f54-4e39-8d19-41e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'primary-ls.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0d5-7850-4581-8305-47b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:13.000Z", "modified": "2017-05-26T12:57:13.000Z", "first_observed": "2017-05-26T12:57:13Z", "last_observed": "2017-05-26T12:57:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0d5-7850-4581-8305-47b1950d210f", "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0d5-7850-4581-8305-47b1950d210f", "dst_ref": "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f", "value": "141.8.195.87" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d6-7458-4fa1-96c9-4670950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://tayangfood.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d6-839c-47a8-861d-40b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'tayangfood.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0d7-e834-48e1-8f17-4699950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:14.000Z", "modified": "2017-05-26T12:57:14.000Z", "first_observed": "2017-05-26T12:57:14Z", "last_observed": "2017-05-26T12:57:14Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f", "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f", "dst_ref": "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f", "value": "103.7.226.18" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0d8-d3e4-487d-925d-4a13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://tipografia.by/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0da-b918-4179-98ed-40a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'tipografia.by']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922e0dc-4670-46c0-bfc8-4655950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:14.000Z", "modified": "2017-05-26T12:57:14.000Z", "first_observed": "2017-05-26T12:57:14Z", "last_observed": "2017-05-26T12:57:14Z", "number_observed": 1, "object_refs": [ "network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f", "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f", "dst_ref": "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f", "value": "93.125.99.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0dd-8594-4220-b67a-4fdf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[url:value = 'http://trollitrancessions.net/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0de-cef0-4338-bba7-4aca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "pattern": "[domain-name:value = 'trollitrancessions.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922e0e0-8bb0-495a-a9e7-47c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:48:45.000Z", "modified": "2017-05-22T13:48:45.000Z", "description": "trollitrancessions.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.29.63.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:48:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922ec55-a8cc-4ac0-976e-4cc102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:09.000Z", "modified": "2017-05-22T13:49:09.000Z", "description": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742", "pattern": "[file:hashes.SHA256 = '3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:49:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922ec55-7140-43b7-aaa9-448502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:09.000Z", "modified": "2017-05-22T13:49:09.000Z", "description": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742", "pattern": "[file:hashes.SHA1 = 'ce62251f9c7b0de95ce324efec94fb703776f4ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:49:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922ec56-e6f4-4cfd-b1bd-42af02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:10.000Z", "modified": "2017-05-22T13:49:10.000Z", "first_observed": "2017-05-22T13:49:10Z", "last_observed": "2017-05-22T13:49:10Z", "number_observed": 1, "object_refs": [ "url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81", "value": "https://www.virustotal.com/file/3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4/analysis/1495459538/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922ec56-a928-47e2-bb25-4f1902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:10.000Z", "modified": "2017-05-22T13:49:10.000Z", "description": "- Xchecked via VT: 192b829bf7f6829549519168c173c931", "pattern": "[file:hashes.SHA256 = 'e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:49:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922ec57-5ebc-43ec-9c92-460c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:11.000Z", "modified": "2017-05-22T13:49:11.000Z", "description": "- Xchecked via VT: 192b829bf7f6829549519168c173c931", "pattern": "[file:hashes.SHA1 = '551f953db4ba48452a4f7de9f5f7149c98ddf52f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T13:49:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922ec57-091c-4adb-ae21-420702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T13:49:11.000Z", "modified": "2017-05-22T13:49:11.000Z", "first_observed": "2017-05-22T13:49:11Z", "last_observed": "2017-05-22T13:49:11Z", "number_observed": 1, "object_refs": [ "url--5922ec57-091c-4adb-ae21-420702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5922ec57-091c-4adb-ae21-420702de0b81", "value": "https://www.virustotal.com/file/e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b/analysis/1495460018/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f376-3e10-4493-896c-449c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[domain-name:value = 'electua.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f377-7ec4-4b74-a8a6-4284950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[domain-name:value = 'everstruct.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f377-9874-4243-b285-47ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[domain-name:value = 'thegardiners.ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f378-a584-4fb7-9810-458b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[domain-name:value = 'tjhangtai.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f378-e0c0-48c1-897a-471f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:19:36.000Z", "modified": "2017-05-22T14:19:36.000Z", "description": "electua.org", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.110.162.146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:19:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922f379-74b0-4dc4-8a6e-493e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:16.000Z", "modified": "2017-05-26T12:57:16.000Z", "first_observed": "2017-05-26T12:57:16Z", "last_observed": "2017-05-26T12:57:16Z", "number_observed": 1, "object_refs": [ "network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f", "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f", "dst_ref": "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f", "value": "27.123.25.1" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922f379-5778-475a-b239-482c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:15.000Z", "modified": "2017-05-26T12:57:15.000Z", "first_observed": "2017-05-26T12:57:15Z", "last_observed": "2017-05-26T12:57:15Z", "number_observed": 1, "object_refs": [ "network-traffic--5922f379-5778-475a-b239-482c950d210f", "ipv4-addr--5922f379-5778-475a-b239-482c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922f379-5778-475a-b239-482c950d210f", "dst_ref": "ipv4-addr--5922f379-5778-475a-b239-482c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922f379-5778-475a-b239-482c950d210f", "value": "184.168.221.1" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5922f379-55cc-4bed-8b29-4670950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:15.000Z", "modified": "2017-05-26T12:57:15.000Z", "first_observed": "2017-05-26T12:57:15Z", "last_observed": "2017-05-26T12:57:15Z", "number_observed": 1, "object_refs": [ "network-traffic--5922f379-55cc-4bed-8b29-4670950d210f", "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5922f379-55cc-4bed-8b29-4670950d210f", "dst_ref": "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f", "value": "69.90.160.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f37a-2fb0-41ec-b08a-4bf0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:19:38.000Z", "modified": "2017-05-22T14:19:38.000Z", "description": "tjhangtai.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.222.47.155']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:19:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f37a-8780-4a14-aaaa-4682950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[url:value = 'http://electua.org/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f37b-b8c4-4745-ab98-45c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[url:value = 'http://everstruct.com.au/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f37b-70d8-43b5-9105-4dfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[url:value = 'http://thegardiners.ca/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5922f37c-2874-47c0-b989-4e87950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-22T14:20:44.000Z", "modified": "2017-05-22T14:20:44.000Z", "pattern": "[url:value = 'http://tjhangtai.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-22T14:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5923f4b3-5c94-495f-a664-4103950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T08:37:57.000Z", "modified": "2017-05-23T08:37:57.000Z", "pattern": "[domain-name:value = 'dewatch.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T08:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5923f4b3-6d2c-4f74-a048-43e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T08:37:57.000Z", "modified": "2017-05-23T08:37:57.000Z", "pattern": "[domain-name:value = 'way2lab.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T08:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5923f4b4-00ec-48d3-bc5f-4524950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:11.000Z", "modified": "2017-05-26T12:57:11.000Z", "first_observed": "2017-05-26T12:57:11Z", "last_observed": "2017-05-26T12:57:11Z", "number_observed": 1, "object_refs": [ "network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f", "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f", "dst_ref": "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f", "value": "81.169.145.105" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5923f4b4-99ac-4089-8b24-4a69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:16.000Z", "modified": "2017-05-26T12:57:16.000Z", "first_observed": "2017-05-26T12:57:16Z", "last_observed": "2017-05-26T12:57:16Z", "number_observed": 1, "object_refs": [ "network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f", "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f", "dst_ref": "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f", "value": "184.168.221.30" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T12:57:16.000Z", "modified": "2017-05-26T12:57:16.000Z", "first_observed": "2017-05-26T12:57:16Z", "last_observed": "2017-05-26T12:57:16Z", "number_observed": 1, "object_refs": [ "network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "dst_ref": "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "value": "31.22.4.236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5923f4b5-b050-45e7-8551-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T08:37:57.000Z", "modified": "2017-05-23T08:37:57.000Z", "pattern": "[url:value = 'http://dewatch.de/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T08:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5923f4b6-1894-4f78-a383-4fb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T08:37:57.000Z", "modified": "2017-05-23T08:37:57.000Z", "pattern": "[url:value = 'http://way2lab.com/jhg6fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T08:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }