{ "type": "bundle", "id": "bundle--57c821ca-f2ac-43e7-a2e4-4470950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:49:10.000Z", "modified": "2016-09-01T12:49:10.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c821ca-f2ac-43e7-a2e4-4470950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:49:10.000Z", "modified": "2016-09-01T12:49:10.000Z", "name": "Malspam 2016-09-01 (.wsf in .zip) - campaign: \"Please find attached invoice no:\"", "published": "2016-09-01T12:49:32Z", "object_refs": [ "indicator--57c82253-68a8-47c1-8701-4549950d210f", "indicator--57c82253-6c64-475c-94de-4f52950d210f", "indicator--57c82253-4d3c-4803-ac3a-4c91950d210f", "indicator--57c82254-b2a4-4c04-9b48-40dd950d210f", "indicator--57c82254-580c-40dc-84ad-4742950d210f", "indicator--57c82254-0e1c-450b-91b2-4118950d210f", "indicator--57c82254-fa88-479d-a216-411b950d210f", "indicator--57c82255-4f4c-494a-9bb8-4e24950d210f", "indicator--57c82255-4c98-4521-b5e5-423b950d210f", "indicator--57c82255-9990-46c3-8869-411e950d210f", "indicator--57c82255-6e44-47d6-9cc8-4004950d210f", "indicator--57c82255-4aa8-4635-92cb-4358950d210f", "indicator--57c82256-c578-4239-be73-496f950d210f", "indicator--57c82256-d614-44be-aaa5-48af950d210f", "indicator--57c82256-163c-4973-bb93-4a8d950d210f", "indicator--57c82256-9564-4207-ac52-4984950d210f", "indicator--57c82257-1f60-4cc5-9164-4f6e950d210f", "indicator--57c82257-9488-4661-aaad-418f950d210f", "indicator--57c82257-3c44-4753-9623-41c1950d210f", "indicator--57c82257-2070-43cd-9fe8-4aed950d210f", "indicator--57c82257-ef10-46d1-bb6d-41fa950d210f", "indicator--57c82258-c98c-4f75-a4a5-4337950d210f", "indicator--57c82258-4bbc-4b38-b53f-4ba4950d210f", "indicator--57c82258-c9ec-415c-9e3a-4e81950d210f", "indicator--57c82258-5198-45ec-9f0f-473f950d210f", "indicator--57c82259-4f38-4b93-bd59-41b6950d210f", "indicator--57c82259-c1e8-4a69-b12c-4f5c950d210f", "indicator--57c82259-10cc-4310-8341-4e98950d210f", "indicator--57c82259-0a50-479b-828f-4ad8950d210f", "indicator--57c82259-fc84-4326-9804-4513950d210f", "indicator--57c8225a-1c80-453e-93d2-4c98950d210f", "indicator--57c8225a-37b8-48fa-8fd7-4c01950d210f", "indicator--57c8225a-b8f0-43f5-acbb-46bb950d210f", "indicator--57c8225a-01d4-4358-90ca-4d40950d210f", "indicator--57c8225b-fde8-4552-8fef-447e950d210f", "indicator--57c8225b-bdb0-4afe-952e-47ec950d210f", "indicator--57c8225b-8868-429d-b583-4800950d210f", "indicator--57c8225b-7c50-4057-b606-4879950d210f", "indicator--57c8225b-4328-4690-940d-47e7950d210f", "indicator--57c8225c-ee18-4738-91b5-4036950d210f", "indicator--57c8225c-2f40-4cbe-9091-4d10950d210f", "indicator--57c8225c-4220-4ace-906c-43ce950d210f", "indicator--57c8225c-dbbc-4b2d-95d7-48d1950d210f", "indicator--57c8225d-2778-42bc-95e4-4bb7950d210f", "indicator--57c8225d-1bcc-4362-9ea5-47c8950d210f", "indicator--57c8225d-bed0-4e86-9455-47f8950d210f", "indicator--57c8225d-483c-4a9e-ac43-4b3d950d210f", "indicator--57c8225d-c0c0-44c7-8adf-4d95950d210f", "indicator--57c8225e-0c88-4a11-800d-443e950d210f", "indicator--57c8225e-0888-4a67-a4f5-4a29950d210f", "indicator--57c8225e-2244-4921-9411-4ac6950d210f", "indicator--57c8225e-6818-4541-b16d-4b3c950d210f", "indicator--57c8225f-2fe8-4bc1-883e-47e9950d210f", "indicator--57c8225f-f6b8-4fa6-83af-430a950d210f", "indicator--57c8225f-2bbc-48ca-926b-4ed4950d210f", "indicator--57c8225f-a6b0-4663-9f84-4ff5950d210f", "indicator--57c82260-3dd8-46fd-9f9a-49ae950d210f", "indicator--57c82260-6060-4f5a-b726-4249950d210f", "indicator--57c82260-dd84-4e8d-a4f2-4748950d210f", "indicator--57c82260-8ae8-4089-bd3d-498f950d210f", "indicator--57c82260-85a4-4f4c-88bb-4de9950d210f", "indicator--57c82261-093c-449e-bab8-4077950d210f", "indicator--57c82261-c61c-4c36-aa6f-408e950d210f", "indicator--57c82314-bbf0-4c73-aca3-4d4b950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82253-68a8-47c1-8701-4549950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:42:59.000Z", "modified": "2016-09-01T12:42:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'chal4.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82253-6c64-475c-94de-4f52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:42:59.000Z", "modified": "2016-09-01T12:42:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.165.38.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82253-4d3c-4803-ac3a-4c91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:42:59.000Z", "modified": "2016-09-01T12:42:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'abcbureautique.abc.perso.neuf.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82254-b2a4-4c04-9b48-40dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:00.000Z", "modified": "2016-09-01T12:43:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.65.123.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82254-580c-40dc-84ad-4742950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:00.000Z", "modified": "2016-09-01T12:43:00.000Z", "description": "download location", "pattern": "[url:value = 'http://www.valerypro.com/87hcrn33g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82254-0e1c-450b-91b2-4118950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:00.000Z", "modified": "2016-09-01T12:43:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.valerypro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82254-fa88-479d-a216-411b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:00.000Z", "modified": "2016-09-01T12:43:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82255-4f4c-494a-9bb8-4e24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:00.000Z", "modified": "2016-09-01T12:43:00.000Z", "description": "download location", "pattern": "[url:value = 'http://pp4_09_10_2s.republika.pl/87hcrn33g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82255-4c98-4521-b5e5-423b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:01.000Z", "modified": "2016-09-01T12:43:01.000Z", "description": "download location", "pattern": "[file:name = 'pp4_09_10_2s.republika.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82255-9990-46c3-8869-411e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:01.000Z", "modified": "2016-09-01T12:43:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82255-6e44-47d6-9cc8-4004950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:01.000Z", "modified": "2016-09-01T12:43:01.000Z", "description": "download location", "pattern": "[domain-name:value = 'school3.50webs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82255-4aa8-4635-92cb-4358950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:01.000Z", "modified": "2016-09-01T12:43:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.151.153.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82256-c578-4239-be73-496f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:02.000Z", "modified": "2016-09-01T12:43:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.195.68.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82256-d614-44be-aaa5-48af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:02.000Z", "modified": "2016-09-01T12:43:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'szkolagrojec.republika.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82256-163c-4973-bb93-4a8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:02.000Z", "modified": "2016-09-01T12:43:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'imperium.nazory.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82256-9564-4207-ac52-4984950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:02.000Z", "modified": "2016-09-01T12:43:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.219.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82257-1f60-4cc5-9164-4f6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:03.000Z", "modified": "2016-09-01T12:43:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.galaturs.com.ua']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82257-9488-4661-aaad-418f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:03.000Z", "modified": "2016-09-01T12:43:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.207.44.3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82257-3c44-4753-9623-41c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:03.000Z", "modified": "2016-09-01T12:43:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.idiomestarradellas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82257-2070-43cd-9fe8-4aed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:03.000Z", "modified": "2016-09-01T12:43:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.42.230.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82257-ef10-46d1-bb6d-41fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:03.000Z", "modified": "2016-09-01T12:43:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.infoteria.cba.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82258-c98c-4f75-a4a5-4337950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:04.000Z", "modified": "2016-09-01T12:43:04.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82258-4bbc-4b38-b53f-4ba4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:04.000Z", "modified": "2016-09-01T12:43:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'srxrun.nobody.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82258-c9ec-415c-9e3a-4e81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:04.000Z", "modified": "2016-09-01T12:43:04.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.140.42.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82258-5198-45ec-9f0f-473f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:04.000Z", "modified": "2016-09-01T12:43:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'kissfm.rdsor.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82259-4f38-4b93-bd59-41b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:05.000Z", "modified": "2016-09-01T12:43:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.231.238.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82259-c1e8-4a69-b12c-4f5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:05.000Z", "modified": "2016-09-01T12:43:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.gebrvanorsouw.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82259-10cc-4310-8341-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:05.000Z", "modified": "2016-09-01T12:43:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.250.4.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82259-0a50-479b-828f-4ad8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:05.000Z", "modified": "2016-09-01T12:43:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.gunaldy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82259-fc84-4326-9804-4513950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:05.000Z", "modified": "2016-09-01T12:43:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.22.4.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225a-1c80-453e-93d2-4c98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:06.000Z", "modified": "2016-09-01T12:43:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.termoalbiate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225a-37b8-48fa-8fd7-4c01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:06.000Z", "modified": "2016-09-01T12:43:06.000Z", "description": "download location", "pattern": "[url:value = 'http://www.agridiving.net/87hcrn33g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225a-b8f0-43f5-acbb-46bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:06.000Z", "modified": "2016-09-01T12:43:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.agridiving.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225a-01d4-4358-90ca-4d40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:06.000Z", "modified": "2016-09-01T12:43:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.238.0.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225b-fde8-4552-8fef-447e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:07.000Z", "modified": "2016-09-01T12:43:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'olivier.coroenne.perso.sfr.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225b-bdb0-4afe-952e-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:07.000Z", "modified": "2016-09-01T12:43:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'dcqoutlet.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225b-8868-429d-b583-4800950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:07.000Z", "modified": "2016-09-01T12:43:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.0.11.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225b-7c50-4057-b606-4879950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:07.000Z", "modified": "2016-09-01T12:43:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'kawasima0506.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225b-4328-4690-940d-47e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:07.000Z", "modified": "2016-09-01T12:43:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225c-ee18-4738-91b5-4036950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:08.000Z", "modified": "2016-09-01T12:43:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'sac360.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225c-2f40-4cbe-9091-4d10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:08.000Z", "modified": "2016-09-01T12:43:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225c-4220-4ace-906c-43ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:08.000Z", "modified": "2016-09-01T12:43:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.carloabati.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225c-dbbc-4b2d-95d7-48d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:08.000Z", "modified": "2016-09-01T12:43:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.archiviestoria.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225d-2778-42bc-95e4-4bb7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:09.000Z", "modified": "2016-09-01T12:43:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'branchjp.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225d-1bcc-4362-9ea5-47c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:09.000Z", "modified": "2016-09-01T12:43:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225d-bed0-4e86-9455-47f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:09.000Z", "modified": "2016-09-01T12:43:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'rodewelshcobs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225d-483c-4a9e-ac43-4b3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:09.000Z", "modified": "2016-09-01T12:43:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225d-c0c0-44c7-8adf-4d95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:09.000Z", "modified": "2016-09-01T12:43:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'reklamnibannery.wz.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225e-0c88-4a11-800d-443e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:10.000Z", "modified": "2016-09-01T12:43:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.219.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225e-0888-4a67-a4f5-4a29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:10.000Z", "modified": "2016-09-01T12:43:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'nevrincea.50webs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225e-2244-4921-9411-4ac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:10.000Z", "modified": "2016-09-01T12:43:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225e-6818-4541-b16d-4b3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:10.000Z", "modified": "2016-09-01T12:43:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.cmg-ingegneria.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225f-2fe8-4bc1-883e-47e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:11.000Z", "modified": "2016-09-01T12:43:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'forum.sandalcraft.cba.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225f-f6b8-4fa6-83af-430a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:11.000Z", "modified": "2016-09-01T12:43:11.000Z", "description": "download location", "pattern": "[url:value = 'http://postaldigitalrs.com.br/87hcrn33g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225f-2bbc-48ca-926b-4ed4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:11.000Z", "modified": "2016-09-01T12:43:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'postaldigitalrs.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c8225f-a6b0-4663-9f84-4ff5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:11.000Z", "modified": "2016-09-01T12:43:11.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.45.193.139']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82260-3dd8-46fd-9f9a-49ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:12.000Z", "modified": "2016-09-01T12:43:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'dashman.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82260-6060-4f5a-b726-4249950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:12.000Z", "modified": "2016-09-01T12:43:12.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82260-dd84-4e8d-a4f2-4748950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:12.000Z", "modified": "2016-09-01T12:43:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'rhanwid.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82260-8ae8-4089-bd3d-498f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:12.000Z", "modified": "2016-09-01T12:43:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'wccf.huuryuu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82260-85a4-4f4c-88bb-4de9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:12.000Z", "modified": "2016-09-01T12:43:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.courtesyweb.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82261-093c-449e-bab8-4077950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:13.000Z", "modified": "2016-09-01T12:43:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'hotcarshhhs6632.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82261-c61c-4c36-aa6f-408e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:43:13.000Z", "modified": "2016-09-01T12:43:13.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.106.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:43:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c82314-bbf0-4c73-aca3-4d4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T12:46:12.000Z", "modified": "2016-09-01T12:46:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.coseincredibili.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T12:46:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }