{ "type": "bundle", "id": "bundle--59ef2c5a-eed8-4b10-88c4-4685950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:24:05.000Z", "modified": "2017-10-25T08:24:05.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59ef2c5a-eed8-4b10-88c4-4685950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:24:05.000Z", "modified": "2017-10-25T08:24:05.000Z", "name": "M2M - Locky Affid=3/Trickbot \"mac1\" 2017-10-24 : \"Your\n Invoice 12345\" - \"Invoice_file_654321.doc\"", "context": "suspicious-activity", "object_refs": [ "indicator--59ef2c5b-d440-4c0a-b109-4f35950d210f", "indicator--59ef2c5b-0078-4c5a-baae-460d950d210f", "indicator--59ef2c5b-24a8-4b42-84ac-44c2950d210f", "indicator--59ef2c5b-8144-4e6b-9164-d493950d210f", "indicator--59ef2c5c-a548-4673-a210-4efa950d210f", "observed-data--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "network-traffic--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "ipv4-addr--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "indicator--59ef2c5c-d1d8-47bc-88d2-9959950d210f", "indicator--59ef2c5c-e9e0-467f-b60f-4848950d210f", "observed-data--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "network-traffic--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "ipv4-addr--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "indicator--59ef2c5d-8098-488a-a937-4706950d210f", "indicator--59ef2c5d-b6d8-4209-b44f-9959950d210f", "observed-data--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "network-traffic--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "ipv4-addr--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "indicator--59ef2c5e-848c-49e1-8659-4c33950d210f", "indicator--59ef2c5e-6694-457f-be1b-436f950d210f", "observed-data--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "network-traffic--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "ipv4-addr--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "indicator--59ef2c5e-513c-4e01-ac01-9959950d210f", "indicator--59ef2c5f-a594-460d-a75a-4499950d210f", "observed-data--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "network-traffic--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "ipv4-addr--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "indicator--59ef2c5f-0298-453c-89d8-4128950d210f", "indicator--59ef2c5f-bd48-4eae-bd06-4b5f950d210f", "observed-data--59ef2c60-4ac4-4290-ad3d-464d950d210f", "network-traffic--59ef2c60-4ac4-4290-ad3d-464d950d210f", "ipv4-addr--59ef2c60-4ac4-4290-ad3d-464d950d210f", "indicator--59ef2c60-b410-4529-a253-47d6950d210f", "indicator--59ef2c60-0c14-4616-afe2-412f950d210f", "indicator--59ef2c7e-97b0-410c-bcd9-4772950d210f", "indicator--59ef2c7e-7374-4d15-835e-4874950d210f", "observed-data--59ef2c7f-4518-4f01-9a80-44db950d210f", "network-traffic--59ef2c7f-4518-4f01-9a80-44db950d210f", "ipv4-addr--59ef2c7f-4518-4f01-9a80-44db950d210f", "indicator--59ef2c7f-3d68-4e40-ae8d-49fc950d210f", "indicator--59ef2c7f-b914-4be7-8bc8-4289950d210f", "observed-data--59ef2c80-11dc-4320-a462-41bd950d210f", "network-traffic--59ef2c80-11dc-4320-a462-41bd950d210f", "ipv4-addr--59ef2c80-11dc-4320-a462-41bd950d210f", "observed-data--59ef2c80-a74c-4f19-b630-9959950d210f", "network-traffic--59ef2c80-a74c-4f19-b630-9959950d210f", "ipv4-addr--59ef2c80-a74c-4f19-b630-9959950d210f", "observed-data--59ef2c80-9a10-431b-9b35-45fd950d210f", "network-traffic--59ef2c80-9a10-431b-9b35-45fd950d210f", "ipv4-addr--59ef2c80-9a10-431b-9b35-45fd950d210f", "observed-data--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "network-traffic--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "ipv4-addr--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "observed-data--59ef2c81-f200-41c7-96e7-d493950d210f", "network-traffic--59ef2c81-f200-41c7-96e7-d493950d210f", "ipv4-addr--59ef2c81-f200-41c7-96e7-d493950d210f", "observed-data--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "network-traffic--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "ipv4-addr--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "observed-data--59ef2c81-c180-436d-83c3-4828950d210f", "network-traffic--59ef2c81-c180-436d-83c3-4828950d210f", "ipv4-addr--59ef2c81-c180-436d-83c3-4828950d210f", "observed-data--59ef2c81-e648-474f-bdcc-498b950d210f", "network-traffic--59ef2c81-e648-474f-bdcc-498b950d210f", "ipv4-addr--59ef2c81-e648-474f-bdcc-498b950d210f", "observed-data--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "network-traffic--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "ipv4-addr--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "observed-data--59ef2c82-6334-4cbf-9756-4332950d210f", "network-traffic--59ef2c82-6334-4cbf-9756-4332950d210f", "ipv4-addr--59ef2c82-6334-4cbf-9756-4332950d210f", "observed-data--59ef2c82-9458-48ae-b0b0-4696950d210f", "network-traffic--59ef2c82-9458-48ae-b0b0-4696950d210f", "ipv4-addr--59ef2c82-9458-48ae-b0b0-4696950d210f", "observed-data--59ef2c82-35a4-48f7-8824-4f33950d210f", "network-traffic--59ef2c82-35a4-48f7-8824-4f33950d210f", "ipv4-addr--59ef2c82-35a4-48f7-8824-4f33950d210f", "observed-data--59ef2c83-407c-4766-97b1-4a07950d210f", "network-traffic--59ef2c83-407c-4766-97b1-4a07950d210f", "ipv4-addr--59ef2c83-407c-4766-97b1-4a07950d210f", "observed-data--59ef2c83-432c-408f-9092-4dad950d210f", "network-traffic--59ef2c83-432c-408f-9092-4dad950d210f", "ipv4-addr--59ef2c83-432c-408f-9092-4dad950d210f", "observed-data--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "network-traffic--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "ipv4-addr--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "observed-data--59ef2c84-7ecc-4f70-bc47-4313950d210f", "network-traffic--59ef2c84-7ecc-4f70-bc47-4313950d210f", "ipv4-addr--59ef2c84-7ecc-4f70-bc47-4313950d210f", "observed-data--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "network-traffic--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "ipv4-addr--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "observed-data--59ef2c84-ce58-40e3-9f25-4c04950d210f", "network-traffic--59ef2c84-ce58-40e3-9f25-4c04950d210f", "ipv4-addr--59ef2c84-ce58-40e3-9f25-4c04950d210f", "observed-data--59ef2c85-00e4-4726-b9b2-447c950d210f", "network-traffic--59ef2c85-00e4-4726-b9b2-447c950d210f", "ipv4-addr--59ef2c85-00e4-4726-b9b2-447c950d210f", "observed-data--59ef2c85-5314-42a1-a075-415e950d210f", "network-traffic--59ef2c85-5314-42a1-a075-415e950d210f", "ipv4-addr--59ef2c85-5314-42a1-a075-415e950d210f", "observed-data--59ef2c85-3b58-4312-b1a1-44e6950d210f", "network-traffic--59ef2c85-3b58-4312-b1a1-44e6950d210f", "ipv4-addr--59ef2c85-3b58-4312-b1a1-44e6950d210f", "observed-data--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "network-traffic--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "ipv4-addr--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "observed-data--59ef2c86-d55c-493c-a31d-9959950d210f", "network-traffic--59ef2c86-d55c-493c-a31d-9959950d210f", "ipv4-addr--59ef2c86-d55c-493c-a31d-9959950d210f", "observed-data--59ef2c86-f1e4-46be-9130-d493950d210f", "network-traffic--59ef2c86-f1e4-46be-9130-d493950d210f", "ipv4-addr--59ef2c86-f1e4-46be-9130-d493950d210f", "observed-data--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "network-traffic--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "ipv4-addr--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "observed-data--59ef2c86-e07c-4196-9613-4611950d210f", "network-traffic--59ef2c86-e07c-4196-9613-4611950d210f", "ipv4-addr--59ef2c86-e07c-4196-9613-4611950d210f", "observed-data--59ef2c87-c048-4a44-b72f-4946950d210f", "network-traffic--59ef2c87-c048-4a44-b72f-4946950d210f", "ipv4-addr--59ef2c87-c048-4a44-b72f-4946950d210f", "observed-data--59ef2c87-74c0-4f83-a815-4bfc950d210f", "network-traffic--59ef2c87-74c0-4f83-a815-4bfc950d210f", "ipv4-addr--59ef2c87-74c0-4f83-a815-4bfc950d210f", "observed-data--59ef2c87-10d4-434a-8329-9959950d210f", "network-traffic--59ef2c87-10d4-434a-8329-9959950d210f", "ipv4-addr--59ef2c87-10d4-434a-8329-9959950d210f", "observed-data--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "network-traffic--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "ipv4-addr--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "observed-data--59ef2c88-ef80-43bf-9b36-4672950d210f", "network-traffic--59ef2c88-ef80-43bf-9b36-4672950d210f", "ipv4-addr--59ef2c88-ef80-43bf-9b36-4672950d210f", "observed-data--59ef2c88-fbc0-40c9-971b-40ff950d210f", "network-traffic--59ef2c88-fbc0-40c9-971b-40ff950d210f", "ipv4-addr--59ef2c88-fbc0-40c9-971b-40ff950d210f", "observed-data--59ef2c88-bc0c-456b-b74a-48d1950d210f", "network-traffic--59ef2c88-bc0c-456b-b74a-48d1950d210f", "ipv4-addr--59ef2c88-bc0c-456b-b74a-48d1950d210f", "observed-data--59ef2c89-5940-40d5-bdc9-d493950d210f", "network-traffic--59ef2c89-5940-40d5-bdc9-d493950d210f", "ipv4-addr--59ef2c89-5940-40d5-bdc9-d493950d210f", "observed-data--59ef2c89-5dc0-498e-a5e5-422b950d210f", "network-traffic--59ef2c89-5dc0-498e-a5e5-422b950d210f", "ipv4-addr--59ef2c89-5dc0-498e-a5e5-422b950d210f", "observed-data--59ef2c89-56f8-4434-8088-4c64950d210f", "network-traffic--59ef2c89-56f8-4434-8088-4c64950d210f", "ipv4-addr--59ef2c89-56f8-4434-8088-4c64950d210f", "observed-data--59ef2c89-9b00-4fc7-8cef-4399950d210f", "network-traffic--59ef2c89-9b00-4fc7-8cef-4399950d210f", "ipv4-addr--59ef2c89-9b00-4fc7-8cef-4399950d210f", "observed-data--59ef2c89-1018-4272-8bdd-4a80950d210f", "network-traffic--59ef2c89-1018-4272-8bdd-4a80950d210f", "ipv4-addr--59ef2c89-1018-4272-8bdd-4a80950d210f", "indicator--59f04a1f-0be8-4be8-9070-4c1102de0b81", "indicator--59f04a1f-0f90-40ec-8cd7-45b602de0b81", "observed-data--59f04a1f-f1b0-4ec7-b297-455902de0b81", "url--59f04a1f-f1b0-4ec7-b297-455902de0b81", "indicator--59f04a1f-15f8-4be3-ba6a-49d602de0b81", "indicator--59f04a1f-68e8-417b-a2b6-4eb102de0b81", "observed-data--59f04a1f-9980-40e8-97a3-470502de0b81", "url--59f04a1f-9980-40e8-97a3-470502de0b81", "indicator--59f04a1f-fa60-409c-8145-419602de0b81", "indicator--59f04a1f-4d5c-4b4c-ab21-486a02de0b81", "observed-data--59f04a1f-8130-4600-8161-4e9202de0b81", "url--59f04a1f-8130-4600-8161-4e9202de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Trick Bot\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5b-d440-4c0a-b109-4f35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[file:hashes.MD5 = 'eae849f6510db451f4fbdb780b5d49aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5b-0078-4c5a-baae-460d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[file:hashes.MD5 = '7bbc46655683df7a0e842c0adff987a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5b-24a8-4b42-84ac-44c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[file:hashes.MD5 = '5f38c8bd1a58a755108d27a7fdf034b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5b-8144-4e6b-9164-d493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://transmercasa.com/JHGGsdsw6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5c-a548-4673-a210-4efa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'transmercasa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "ipv4-addr--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "dst_ref": "ipv4-addr--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "value": "75.98.175.70" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5c-d1d8-47bc-88d2-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://upgrademypc.ie/JHGGsdsw6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5c-e9e0-467f-b60f-4848950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'upgrademypc.ie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "ipv4-addr--59ef2c5d-eff8-4fbb-a5f1-4016950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "dst_ref": "ipv4-addr--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "value": "78.153.200.123" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5d-8098-488a-a937-4706950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://urcho.com/JHGGsdsw6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5d-b6d8-4209-b44f-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'urcho.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "ipv4-addr--59ef2c5d-42b4-468c-94d7-4a1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "dst_ref": "ipv4-addr--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c5d-42b4-468c-94d7-4a1c950d210f", "value": "87.106.69.81" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5e-848c-49e1-8659-4c33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://tatianadecastelbajac.fr/kjhgFG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5e-6694-457f-be1b-436f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'tatianadecastelbajac.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "ipv4-addr--59ef2c5e-6e30-4bc9-85ee-43f9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "dst_ref": "ipv4-addr--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "value": "151.236.60.40" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5e-513c-4e01-ac01-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://video.rb-webdev.de/kjhgFG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5f-a594-460d-a75a-4499950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'video.rb-webdev.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "ipv4-addr--59ef2c5f-4bc0-4c3b-b414-43ad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "dst_ref": "ipv4-addr--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "value": "85.214.28.187" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5f-0298-453c-89d8-4128950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[url:value = 'http://themclarenfamily.com/kjhgFG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c5f-bd48-4eae-bd06-4b5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "pattern": "[domain-name:value = 'themclarenfamily.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c60-4ac4-4290-ad3d-464d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:57.000Z", "modified": "2017-10-25T08:23:57.000Z", "first_observed": "2017-10-25T08:23:57Z", "last_observed": "2017-10-25T08:23:57Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c60-4ac4-4290-ad3d-464d950d210f", "ipv4-addr--59ef2c60-4ac4-4290-ad3d-464d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c60-4ac4-4290-ad3d-464d950d210f", "dst_ref": "ipv4-addr--59ef2c60-4ac4-4290-ad3d-464d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c60-4ac4-4290-ad3d-464d950d210f", "value": "92.48.90.34" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c60-b410-4529-a253-47d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[url:value = 'http://gdiscoun.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c60-0c14-4616-afe2-412f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[domain-name:value = 'gdiscoun.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c7e-97b0-410c-bcd9-4772950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[url:value = 'http://xn--diseo-rta.es/UHGus3.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c7e-7374-4d15-835e-4874950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[domain-name:value = 'xn--diseo-rta.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c7f-4518-4f01-9a80-44db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c7f-4518-4f01-9a80-44db950d210f", "ipv4-addr--59ef2c7f-4518-4f01-9a80-44db950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c7f-4518-4f01-9a80-44db950d210f", "dst_ref": "ipv4-addr--59ef2c7f-4518-4f01-9a80-44db950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c7f-4518-4f01-9a80-44db950d210f", "value": "31.24.46.103" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c7f-3d68-4e40-ae8d-49fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[url:value = 'http://webhotell.enivest.no/cuYT39.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef2c7f-b914-4be7-8bc8-4289950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "pattern": "[domain-name:value = 'webhotell.enivest.no']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c80-11dc-4320-a462-41bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c80-11dc-4320-a462-41bd950d210f", "ipv4-addr--59ef2c80-11dc-4320-a462-41bd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c80-11dc-4320-a462-41bd950d210f", "dst_ref": "ipv4-addr--59ef2c80-11dc-4320-a462-41bd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c80-11dc-4320-a462-41bd950d210f", "value": "62.50.190.101" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c80-a74c-4f19-b630-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c80-a74c-4f19-b630-9959950d210f", "ipv4-addr--59ef2c80-a74c-4f19-b630-9959950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c80-a74c-4f19-b630-9959950d210f", "dst_ref": "ipv4-addr--59ef2c80-a74c-4f19-b630-9959950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c80-a74c-4f19-b630-9959950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c80-9a10-431b-9b35-45fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c80-9a10-431b-9b35-45fd950d210f", "ipv4-addr--59ef2c80-9a10-431b-9b35-45fd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c80-9a10-431b-9b35-45fd950d210f", "dst_ref": "ipv4-addr--59ef2c80-9a10-431b-9b35-45fd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c80-9a10-431b-9b35-45fd950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "ipv4-addr--59ef2c80-5a78-4aa0-84aa-45f3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "dst_ref": "ipv4-addr--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c80-5a78-4aa0-84aa-45f3950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c81-f200-41c7-96e7-d493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c81-f200-41c7-96e7-d493950d210f", "ipv4-addr--59ef2c81-f200-41c7-96e7-d493950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c81-f200-41c7-96e7-d493950d210f", "dst_ref": "ipv4-addr--59ef2c81-f200-41c7-96e7-d493950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c81-f200-41c7-96e7-d493950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "ipv4-addr--59ef2c81-ebe8-4a4b-9dea-452b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "dst_ref": "ipv4-addr--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c81-ebe8-4a4b-9dea-452b950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c81-c180-436d-83c3-4828950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c81-c180-436d-83c3-4828950d210f", "ipv4-addr--59ef2c81-c180-436d-83c3-4828950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c81-c180-436d-83c3-4828950d210f", "dst_ref": "ipv4-addr--59ef2c81-c180-436d-83c3-4828950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c81-c180-436d-83c3-4828950d210f", "value": "156.17.92.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c81-e648-474f-bdcc-498b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c81-e648-474f-bdcc-498b950d210f", "ipv4-addr--59ef2c81-e648-474f-bdcc-498b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c81-e648-474f-bdcc-498b950d210f", "dst_ref": "ipv4-addr--59ef2c81-e648-474f-bdcc-498b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c81-e648-474f-bdcc-498b950d210f", "value": "86.80.209.49" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "ipv4-addr--59ef2c82-8fcc-4ce7-bdd9-9959950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "dst_ref": "ipv4-addr--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "value": "46.20.56.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c82-6334-4cbf-9756-4332950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c82-6334-4cbf-9756-4332950d210f", "ipv4-addr--59ef2c82-6334-4cbf-9756-4332950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c82-6334-4cbf-9756-4332950d210f", "dst_ref": "ipv4-addr--59ef2c82-6334-4cbf-9756-4332950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c82-6334-4cbf-9756-4332950d210f", "value": "62.87.151.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c82-9458-48ae-b0b0-4696950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c82-9458-48ae-b0b0-4696950d210f", "ipv4-addr--59ef2c82-9458-48ae-b0b0-4696950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c82-9458-48ae-b0b0-4696950d210f", "dst_ref": "ipv4-addr--59ef2c82-9458-48ae-b0b0-4696950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c82-9458-48ae-b0b0-4696950d210f", "value": "188.137.86.7" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c82-35a4-48f7-8824-4f33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c82-35a4-48f7-8824-4f33950d210f", "ipv4-addr--59ef2c82-35a4-48f7-8824-4f33950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c82-35a4-48f7-8824-4f33950d210f", "dst_ref": "ipv4-addr--59ef2c82-35a4-48f7-8824-4f33950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c82-35a4-48f7-8824-4f33950d210f", "value": "178.254.183.34" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c83-407c-4766-97b1-4a07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c83-407c-4766-97b1-4a07950d210f", "ipv4-addr--59ef2c83-407c-4766-97b1-4a07950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c83-407c-4766-97b1-4a07950d210f", "dst_ref": "ipv4-addr--59ef2c83-407c-4766-97b1-4a07950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c83-407c-4766-97b1-4a07950d210f", "value": "178.254.183.13" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c83-432c-408f-9092-4dad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c83-432c-408f-9092-4dad950d210f", "ipv4-addr--59ef2c83-432c-408f-9092-4dad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c83-432c-408f-9092-4dad950d210f", "dst_ref": "ipv4-addr--59ef2c83-432c-408f-9092-4dad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c83-432c-408f-9092-4dad950d210f", "value": "176.111.24.4" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "ipv4-addr--59ef2c84-d1e4-4d10-a0d7-4f37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "dst_ref": "ipv4-addr--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "value": "178.217.117.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c84-7ecc-4f70-bc47-4313950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c84-7ecc-4f70-bc47-4313950d210f", "ipv4-addr--59ef2c84-7ecc-4f70-bc47-4313950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c84-7ecc-4f70-bc47-4313950d210f", "dst_ref": "ipv4-addr--59ef2c84-7ecc-4f70-bc47-4313950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c84-7ecc-4f70-bc47-4313950d210f", "value": "178.217.119.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "ipv4-addr--59ef2c84-4aec-439c-a2ed-4eeb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "dst_ref": "ipv4-addr--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c84-4aec-439c-a2ed-4eeb950d210f", "value": "78.24.219.105" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c84-ce58-40e3-9f25-4c04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c84-ce58-40e3-9f25-4c04950d210f", "ipv4-addr--59ef2c84-ce58-40e3-9f25-4c04950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c84-ce58-40e3-9f25-4c04950d210f", "dst_ref": "ipv4-addr--59ef2c84-ce58-40e3-9f25-4c04950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c84-ce58-40e3-9f25-4c04950d210f", "value": "92.63.105.129" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c85-00e4-4726-b9b2-447c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c85-00e4-4726-b9b2-447c950d210f", "ipv4-addr--59ef2c85-00e4-4726-b9b2-447c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c85-00e4-4726-b9b2-447c950d210f", "dst_ref": "ipv4-addr--59ef2c85-00e4-4726-b9b2-447c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c85-00e4-4726-b9b2-447c950d210f", "value": "62.109.30.9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c85-5314-42a1-a075-415e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c85-5314-42a1-a075-415e950d210f", "ipv4-addr--59ef2c85-5314-42a1-a075-415e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c85-5314-42a1-a075-415e950d210f", "dst_ref": "ipv4-addr--59ef2c85-5314-42a1-a075-415e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c85-5314-42a1-a075-415e950d210f", "value": "82.146.44.189" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c85-3b58-4312-b1a1-44e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c85-3b58-4312-b1a1-44e6950d210f", "ipv4-addr--59ef2c85-3b58-4312-b1a1-44e6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c85-3b58-4312-b1a1-44e6950d210f", "dst_ref": "ipv4-addr--59ef2c85-3b58-4312-b1a1-44e6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c85-3b58-4312-b1a1-44e6950d210f", "value": "82.146.60.211" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "ipv4-addr--59ef2c85-dc2c-4378-a47a-4f5f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "dst_ref": "ipv4-addr--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c85-dc2c-4378-a47a-4f5f950d210f", "value": "194.87.238.205" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c86-d55c-493c-a31d-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c86-d55c-493c-a31d-9959950d210f", "ipv4-addr--59ef2c86-d55c-493c-a31d-9959950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c86-d55c-493c-a31d-9959950d210f", "dst_ref": "ipv4-addr--59ef2c86-d55c-493c-a31d-9959950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c86-d55c-493c-a31d-9959950d210f", "value": "195.133.49.20" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c86-f1e4-46be-9130-d493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c86-f1e4-46be-9130-d493950d210f", "ipv4-addr--59ef2c86-f1e4-46be-9130-d493950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c86-f1e4-46be-9130-d493950d210f", "dst_ref": "ipv4-addr--59ef2c86-f1e4-46be-9130-d493950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c86-f1e4-46be-9130-d493950d210f", "value": "46.17.40.97" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "ipv4-addr--59ef2c86-68b4-4551-9bbf-4e6c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "dst_ref": "ipv4-addr--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c86-68b4-4551-9bbf-4e6c950d210f", "value": "141.255.167.112" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c86-e07c-4196-9613-4611950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c86-e07c-4196-9613-4611950d210f", "ipv4-addr--59ef2c86-e07c-4196-9613-4611950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c86-e07c-4196-9613-4611950d210f", "dst_ref": "ipv4-addr--59ef2c86-e07c-4196-9613-4611950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c86-e07c-4196-9613-4611950d210f", "value": "194.87.92.6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c87-c048-4a44-b72f-4946950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c87-c048-4a44-b72f-4946950d210f", "ipv4-addr--59ef2c87-c048-4a44-b72f-4946950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c87-c048-4a44-b72f-4946950d210f", "dst_ref": "ipv4-addr--59ef2c87-c048-4a44-b72f-4946950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c87-c048-4a44-b72f-4946950d210f", "value": "62.109.30.96" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c87-74c0-4f83-a815-4bfc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c87-74c0-4f83-a815-4bfc950d210f", "ipv4-addr--59ef2c87-74c0-4f83-a815-4bfc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c87-74c0-4f83-a815-4bfc950d210f", "dst_ref": "ipv4-addr--59ef2c87-74c0-4f83-a815-4bfc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c87-74c0-4f83-a815-4bfc950d210f", "value": "194.87.146.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c87-10d4-434a-8329-9959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c87-10d4-434a-8329-9959950d210f", "ipv4-addr--59ef2c87-10d4-434a-8329-9959950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c87-10d4-434a-8329-9959950d210f", "dst_ref": "ipv4-addr--59ef2c87-10d4-434a-8329-9959950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c87-10d4-434a-8329-9959950d210f", "value": "62.109.4.137" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "ipv4-addr--59ef2c88-c3ac-45fc-adeb-4b79950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "dst_ref": "ipv4-addr--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c88-c3ac-45fc-adeb-4b79950d210f", "value": "194.87.239.60" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c88-ef80-43bf-9b36-4672950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c88-ef80-43bf-9b36-4672950d210f", "ipv4-addr--59ef2c88-ef80-43bf-9b36-4672950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c88-ef80-43bf-9b36-4672950d210f", "dst_ref": "ipv4-addr--59ef2c88-ef80-43bf-9b36-4672950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c88-ef80-43bf-9b36-4672950d210f", "value": "185.125.46.88" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c88-fbc0-40c9-971b-40ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c88-fbc0-40c9-971b-40ff950d210f", "ipv4-addr--59ef2c88-fbc0-40c9-971b-40ff950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c88-fbc0-40c9-971b-40ff950d210f", "dst_ref": "ipv4-addr--59ef2c88-fbc0-40c9-971b-40ff950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c88-fbc0-40c9-971b-40ff950d210f", "value": "5.101.78.97" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c88-bc0c-456b-b74a-48d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c88-bc0c-456b-b74a-48d1950d210f", "ipv4-addr--59ef2c88-bc0c-456b-b74a-48d1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c88-bc0c-456b-b74a-48d1950d210f", "dst_ref": "ipv4-addr--59ef2c88-bc0c-456b-b74a-48d1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c88-bc0c-456b-b74a-48d1950d210f", "value": "185.12.94.101" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c89-5940-40d5-bdc9-d493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c89-5940-40d5-bdc9-d493950d210f", "ipv4-addr--59ef2c89-5940-40d5-bdc9-d493950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c89-5940-40d5-bdc9-d493950d210f", "dst_ref": "ipv4-addr--59ef2c89-5940-40d5-bdc9-d493950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c89-5940-40d5-bdc9-d493950d210f", "value": "193.19.119.190" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c89-5dc0-498e-a5e5-422b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c89-5dc0-498e-a5e5-422b950d210f", "ipv4-addr--59ef2c89-5dc0-498e-a5e5-422b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c89-5dc0-498e-a5e5-422b950d210f", "dst_ref": "ipv4-addr--59ef2c89-5dc0-498e-a5e5-422b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c89-5dc0-498e-a5e5-422b950d210f", "value": "179.43.147.232" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c89-56f8-4434-8088-4c64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c89-56f8-4434-8088-4c64950d210f", "ipv4-addr--59ef2c89-56f8-4434-8088-4c64950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c89-56f8-4434-8088-4c64950d210f", "dst_ref": "ipv4-addr--59ef2c89-56f8-4434-8088-4c64950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c89-56f8-4434-8088-4c64950d210f", "value": "195.133.197.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c89-9b00-4fc7-8cef-4399950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:58.000Z", "modified": "2017-10-25T08:23:58.000Z", "first_observed": "2017-10-25T08:23:58Z", "last_observed": "2017-10-25T08:23:58Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c89-9b00-4fc7-8cef-4399950d210f", "ipv4-addr--59ef2c89-9b00-4fc7-8cef-4399950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c89-9b00-4fc7-8cef-4399950d210f", "dst_ref": "ipv4-addr--59ef2c89-9b00-4fc7-8cef-4399950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c89-9b00-4fc7-8cef-4399950d210f", "value": "188.227.17.104" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ef2c89-1018-4272-8bdd-4a80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "first_observed": "2017-10-25T08:23:59Z", "last_observed": "2017-10-25T08:23:59Z", "number_observed": 1, "object_refs": [ "network-traffic--59ef2c89-1018-4272-8bdd-4a80950d210f", "ipv4-addr--59ef2c89-1018-4272-8bdd-4a80950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59ef2c89-1018-4272-8bdd-4a80950d210f", "dst_ref": "ipv4-addr--59ef2c89-1018-4272-8bdd-4a80950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59ef2c89-1018-4272-8bdd-4a80950d210f", "value": "194.87.111.47" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-0be8-4be8-9070-4c1102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: 5f38c8bd1a58a755108d27a7fdf034b1", "pattern": "[file:hashes.SHA256 = '76e52d91742467b8772799531ba33f43287805753a26c3893d29676f55f5301a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-0f90-40ec-8cd7-45b602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: 5f38c8bd1a58a755108d27a7fdf034b1", "pattern": "[file:hashes.SHA1 = '3a3c813526c60939e8cdd6a119194ee02d062d3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f04a1f-f1b0-4ec7-b297-455902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "first_observed": "2017-10-25T08:23:59Z", "last_observed": "2017-10-25T08:23:59Z", "number_observed": 1, "object_refs": [ "url--59f04a1f-f1b0-4ec7-b297-455902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59f04a1f-f1b0-4ec7-b297-455902de0b81", "value": "https://www.virustotal.com/file/76e52d91742467b8772799531ba33f43287805753a26c3893d29676f55f5301a/analysis/1508852075/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-15f8-4be3-ba6a-49d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: 7bbc46655683df7a0e842c0adff987a3", "pattern": "[file:hashes.SHA256 = '0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-68e8-417b-a2b6-4eb102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: 7bbc46655683df7a0e842c0adff987a3", "pattern": "[file:hashes.SHA1 = 'c631280d0ae50e708891fa72d73997bdf5f35bf6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f04a1f-9980-40e8-97a3-470502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "first_observed": "2017-10-25T08:23:59Z", "last_observed": "2017-10-25T08:23:59Z", "number_observed": 1, "object_refs": [ "url--59f04a1f-9980-40e8-97a3-470502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59f04a1f-9980-40e8-97a3-470502de0b81", "value": "https://www.virustotal.com/file/0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc/analysis/1508917150/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-fa60-409c-8145-419602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: eae849f6510db451f4fbdb780b5d49aa", "pattern": "[file:hashes.SHA256 = '6106d1b5963feb632eee28aaee5b68e85aef1d090c5e5ef2899b3a0f1a3f7c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f04a1f-4d5c-4b4c-ab21-486a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "description": "- Xchecked via VT: eae849f6510db451f4fbdb780b5d49aa", "pattern": "[file:hashes.SHA1 = '60b9e6798a2099674fb189e262282d06ab7f29be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T08:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f04a1f-8130-4600-8161-4e9202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T08:23:59.000Z", "modified": "2017-10-25T08:23:59.000Z", "first_observed": "2017-10-25T08:23:59Z", "last_observed": "2017-10-25T08:23:59Z", "number_observed": 1, "object_refs": [ "url--59f04a1f-8130-4600-8161-4e9202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59f04a1f-8130-4600-8161-4e9202de0b81", "value": "https://www.virustotal.com/file/6106d1b5963feb632eee28aaee5b68e85aef1d090c5e5ef2899b3a0f1a3f7c5b/analysis/1508916686/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }