{ "type": "bundle", "id": "bundle--59dce1ec-b998-42ad-ba4f-48a4950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:46.000Z", "modified": "2017-10-12T17:42:46.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59dce1ec-b998-42ad-ba4f-48a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:46.000Z", "modified": "2017-10-12T17:42:46.000Z", "name": "M2M - Locky Affid=3, \"asasin\" / Trickbot \"mac1\" 2017-10-10 : \"Status of invoice A2171234-56\" - \"A2171234-56.html\"", "published": "2017-10-12T17:45:27Z", "object_refs": [ "indicator--59dce1ed-5068-4bb6-ae81-88d9950d210f", "indicator--59dce1ed-5884-4f7f-9514-40f7950d210f", "indicator--59dce1ed-9cd4-4502-bdd0-2dd8950d210f", "indicator--59dce1ee-3604-4fcc-8698-8864950d210f", "observed-data--59dce1ee-55a0-4080-8e5d-4451950d210f", "network-traffic--59dce1ee-55a0-4080-8e5d-4451950d210f", "ipv4-addr--59dce1ee-55a0-4080-8e5d-4451950d210f", "indicator--59dce1ee-0ca4-4f87-801f-4d49950d210f", "indicator--59dce1ee-da50-4838-9947-86c4950d210f", "observed-data--59dce1ef-9a6c-4720-b747-8751950d210f", "network-traffic--59dce1ef-9a6c-4720-b747-8751950d210f", "ipv4-addr--59dce1ef-9a6c-4720-b747-8751950d210f", "indicator--59dce1ef-5f64-4c61-abf5-48c0950d210f", "indicator--59dce1ef-5664-4fd4-9223-88d9950d210f", "observed-data--59dce1f0-0134-47a1-bdeb-4f44950d210f", "network-traffic--59dce1f0-0134-47a1-bdeb-4f44950d210f", "ipv4-addr--59dce1f0-0134-47a1-bdeb-4f44950d210f", "indicator--59dce1f0-51a8-43ff-96d9-88a8950d210f", "indicator--59dce1f0-3878-46ff-9f53-2dd8950d210f", "observed-data--59dce1f1-bf80-4f79-9f29-8864950d210f", "network-traffic--59dce1f1-bf80-4f79-9f29-8864950d210f", "ipv4-addr--59dce1f1-bf80-4f79-9f29-8864950d210f", "indicator--59dce1f1-5920-4d31-8770-4099950d210f", "indicator--59dce1f1-b9a4-4399-a3df-465f950d210f", "observed-data--59dce1f1-48fc-42cd-9241-86c4950d210f", "network-traffic--59dce1f1-48fc-42cd-9241-86c4950d210f", "ipv4-addr--59dce1f1-48fc-42cd-9241-86c4950d210f", "indicator--59dce1f2-e3c4-4a33-9993-8928950d210f", "observed-data--59dce1f2-2c5c-4b69-bed3-4555950d210f", "network-traffic--59dce1f2-2c5c-4b69-bed3-4555950d210f", "ipv4-addr--59dce1f2-2c5c-4b69-bed3-4555950d210f", "observed-data--59dce1f2-5430-4e13-abe2-4cf7950d210f", "network-traffic--59dce1f2-5430-4e13-abe2-4cf7950d210f", "ipv4-addr--59dce1f2-5430-4e13-abe2-4cf7950d210f", "observed-data--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "network-traffic--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "ipv4-addr--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "observed-data--59dce1f3-c030-49ca-8680-2dd8950d210f", "network-traffic--59dce1f3-c030-49ca-8680-2dd8950d210f", "ipv4-addr--59dce1f3-c030-49ca-8680-2dd8950d210f", "observed-data--59dce1f3-b044-494d-b1f5-882b950d210f", "network-traffic--59dce1f3-b044-494d-b1f5-882b950d210f", "ipv4-addr--59dce1f3-b044-494d-b1f5-882b950d210f", "observed-data--59dce1f3-b708-42b2-aa22-8864950d210f", "network-traffic--59dce1f3-b708-42b2-aa22-8864950d210f", "ipv4-addr--59dce1f3-b708-42b2-aa22-8864950d210f", "observed-data--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "network-traffic--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "ipv4-addr--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "observed-data--59dce1f4-ddb0-4809-af2c-426a950d210f", "network-traffic--59dce1f4-ddb0-4809-af2c-426a950d210f", "ipv4-addr--59dce1f4-ddb0-4809-af2c-426a950d210f", "observed-data--59dce1f4-b930-4908-832d-86c4950d210f", "network-traffic--59dce1f4-b930-4908-832d-86c4950d210f", "ipv4-addr--59dce1f4-b930-4908-832d-86c4950d210f", "observed-data--59dce1f4-19ec-4e92-ab91-8928950d210f", "network-traffic--59dce1f4-19ec-4e92-ab91-8928950d210f", "ipv4-addr--59dce1f4-19ec-4e92-ab91-8928950d210f", "observed-data--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "network-traffic--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "ipv4-addr--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "observed-data--59dce1f5-6bac-4868-8c1b-878f950d210f", "network-traffic--59dce1f5-6bac-4868-8c1b-878f950d210f", "ipv4-addr--59dce1f5-6bac-4868-8c1b-878f950d210f", "observed-data--59dce1f5-7e64-4081-8e0b-8751950d210f", "network-traffic--59dce1f5-7e64-4081-8e0b-8751950d210f", "ipv4-addr--59dce1f5-7e64-4081-8e0b-8751950d210f", "observed-data--59dce1f5-bc8c-441f-a2d8-4150950d210f", "network-traffic--59dce1f5-bc8c-441f-a2d8-4150950d210f", "ipv4-addr--59dce1f5-bc8c-441f-a2d8-4150950d210f", "observed-data--59dce1f6-a098-4022-83b5-88d9950d210f", "network-traffic--59dce1f6-a098-4022-83b5-88d9950d210f", "ipv4-addr--59dce1f6-a098-4022-83b5-88d9950d210f", "observed-data--59dce1f6-3e54-4802-ad22-47f3950d210f", "network-traffic--59dce1f6-3e54-4802-ad22-47f3950d210f", "ipv4-addr--59dce1f6-3e54-4802-ad22-47f3950d210f", "observed-data--59dce1f6-bcb0-4147-bd09-47d9950d210f", "network-traffic--59dce1f6-bcb0-4147-bd09-47d9950d210f", "ipv4-addr--59dce1f6-bcb0-4147-bd09-47d9950d210f", "observed-data--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "network-traffic--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "ipv4-addr--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "observed-data--59dce1f7-0c7c-4db1-a96b-882b950d210f", "network-traffic--59dce1f7-0c7c-4db1-a96b-882b950d210f", "ipv4-addr--59dce1f7-0c7c-4db1-a96b-882b950d210f", "observed-data--59dce1f7-15d4-473c-8767-88a8950d210f", "network-traffic--59dce1f7-15d4-473c-8767-88a8950d210f", "ipv4-addr--59dce1f7-15d4-473c-8767-88a8950d210f", "observed-data--59dce1f7-5fbc-4033-8810-4e37950d210f", "network-traffic--59dce1f7-5fbc-4033-8810-4e37950d210f", "ipv4-addr--59dce1f7-5fbc-4033-8810-4e37950d210f", "observed-data--59dce1f8-069c-4aa2-8cc6-468d950d210f", "network-traffic--59dce1f8-069c-4aa2-8cc6-468d950d210f", "ipv4-addr--59dce1f8-069c-4aa2-8cc6-468d950d210f", "observed-data--59dce1f8-8278-4898-8735-431c950d210f", "network-traffic--59dce1f8-8278-4898-8735-431c950d210f", "ipv4-addr--59dce1f8-8278-4898-8735-431c950d210f", "observed-data--59dce1f8-612c-40b0-832f-8928950d210f", "network-traffic--59dce1f8-612c-40b0-832f-8928950d210f", "ipv4-addr--59dce1f8-612c-40b0-832f-8928950d210f", "observed-data--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "network-traffic--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "ipv4-addr--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "observed-data--59dce1f8-d3a8-4521-ad5f-8751950d210f", "network-traffic--59dce1f8-d3a8-4521-ad5f-8751950d210f", "ipv4-addr--59dce1f8-d3a8-4521-ad5f-8751950d210f", "observed-data--59dce1f9-d490-465a-8e0f-88d9950d210f", "network-traffic--59dce1f9-d490-465a-8e0f-88d9950d210f", "ipv4-addr--59dce1f9-d490-465a-8e0f-88d9950d210f", "observed-data--59dce1f9-5ef4-463a-9681-4185950d210f", "network-traffic--59dce1f9-5ef4-463a-9681-4185950d210f", "ipv4-addr--59dce1f9-5ef4-463a-9681-4185950d210f", "observed-data--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "network-traffic--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "ipv4-addr--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "observed-data--59dce1f9-0958-44ea-9c34-88a8950d210f", "network-traffic--59dce1f9-0958-44ea-9c34-88a8950d210f", "ipv4-addr--59dce1f9-0958-44ea-9c34-88a8950d210f", "observed-data--59dce1fa-4cec-484d-8f70-8864950d210f", "network-traffic--59dce1fa-4cec-484d-8f70-8864950d210f", "ipv4-addr--59dce1fa-4cec-484d-8f70-8864950d210f", "observed-data--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "network-traffic--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "ipv4-addr--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "indicator--59dfa990-1d08-410c-9aa9-36f102de0b81", "indicator--59dfa990-2bd4-419c-a817-36f102de0b81", "observed-data--59dfa990-de4c-4dcd-852f-36f102de0b81", "url--59dfa990-de4c-4dcd-852f-36f102de0b81", "indicator--59dfa990-22d4-41bc-aeaf-36f102de0b81", "indicator--59dfa990-dd38-4234-baa7-36f102de0b81", "observed-data--59dfa990-db78-4b97-a870-36f102de0b81", "url--59dfa990-db78-4b97-a870-36f102de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ed-5068-4bb6-ae81-88d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[file:hashes.MD5 = 'a85fa294fa2d4d48565cd78b4950695d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ed-5884-4f7f-9514-40f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[file:hashes.MD5 = '554a8eabcb28deeb57d70a3c1d6c3a5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ed-9cd4-4502-bdd0-2dd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://haproprab.net/js/*']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ee-3604-4fcc-8698-8864950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[domain-name:value = 'haproprab.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1ee-55a0-4080-8e5d-4451950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1ee-55a0-4080-8e5d-4451950d210f", "ipv4-addr--59dce1ee-55a0-4080-8e5d-4451950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1ee-55a0-4080-8e5d-4451950d210f", "dst_ref": "ipv4-addr--59dce1ee-55a0-4080-8e5d-4451950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1ee-55a0-4080-8e5d-4451950d210f", "value": "49.51.134.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ee-0ca4-4f87-801f-4d49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://yamanashi-jyujin.jp/l0.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ee-da50-4838-9947-86c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[domain-name:value = 'yamanashi-jyujin.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1ef-9a6c-4720-b747-8751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1ef-9a6c-4720-b747-8751950d210f", "ipv4-addr--59dce1ef-9a6c-4720-b747-8751950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1ef-9a6c-4720-b747-8751950d210f", "dst_ref": "ipv4-addr--59dce1ef-9a6c-4720-b747-8751950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1ef-9a6c-4720-b747-8751950d210f", "value": "180.222.185.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ef-5f64-4c61-abf5-48c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://smi-wi.com/l0.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1ef-5664-4fd4-9223-88d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[domain-name:value = 'smi-wi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f0-0134-47a1-bdeb-4f44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f0-0134-47a1-bdeb-4f44950d210f", "ipv4-addr--59dce1f0-0134-47a1-bdeb-4f44950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f0-0134-47a1-bdeb-4f44950d210f", "dst_ref": "ipv4-addr--59dce1f0-0134-47a1-bdeb-4f44950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f0-0134-47a1-bdeb-4f44950d210f", "value": "72.52.195.204" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1f0-51a8-43ff-96d9-88a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://qxr33qxr.com/b0.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1f0-3878-46ff-9f53-2dd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[domain-name:value = 'qxr33qxr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f1-bf80-4f79-9f29-8864950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f1-bf80-4f79-9f29-8864950d210f", "ipv4-addr--59dce1f1-bf80-4f79-9f29-8864950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f1-bf80-4f79-9f29-8864950d210f", "dst_ref": "ipv4-addr--59dce1f1-bf80-4f79-9f29-8864950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f1-bf80-4f79-9f29-8864950d210f", "value": "67.210.102.240" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1f1-5920-4d31-8770-4099950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://mtblanc-let.co.uk/b0.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1f1-b9a4-4399-a3df-465f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[domain-name:value = 'mtblanc-let.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f1-48fc-42cd-9241-86c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f1-48fc-42cd-9241-86c4950d210f", "ipv4-addr--59dce1f1-48fc-42cd-9241-86c4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f1-48fc-42cd-9241-86c4950d210f", "dst_ref": "ipv4-addr--59dce1f1-48fc-42cd-9241-86c4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f1-48fc-42cd-9241-86c4950d210f", "value": "217.199.175.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dce1f2-e3c4-4a33-9993-8928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "pattern": "[url:value = 'http://haproprab.net/eroorrrs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f2-2c5c-4b69-bed3-4555950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f2-2c5c-4b69-bed3-4555950d210f", "ipv4-addr--59dce1f2-2c5c-4b69-bed3-4555950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f2-2c5c-4b69-bed3-4555950d210f", "dst_ref": "ipv4-addr--59dce1f2-2c5c-4b69-bed3-4555950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f2-2c5c-4b69-bed3-4555950d210f", "value": "91.83.88.51" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f2-5430-4e13-abe2-4cf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f2-5430-4e13-abe2-4cf7950d210f", "ipv4-addr--59dce1f2-5430-4e13-abe2-4cf7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f2-5430-4e13-abe2-4cf7950d210f", "dst_ref": "ipv4-addr--59dce1f2-5430-4e13-abe2-4cf7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f2-5430-4e13-abe2-4cf7950d210f", "value": "46.237.117.193" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "ipv4-addr--59dce1f2-5704-4cf0-b1b7-48a7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "dst_ref": "ipv4-addr--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f2-5704-4cf0-b1b7-48a7950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f3-c030-49ca-8680-2dd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f3-c030-49ca-8680-2dd8950d210f", "ipv4-addr--59dce1f3-c030-49ca-8680-2dd8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f3-c030-49ca-8680-2dd8950d210f", "dst_ref": "ipv4-addr--59dce1f3-c030-49ca-8680-2dd8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f3-c030-49ca-8680-2dd8950d210f", "value": "41.57.103.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f3-b044-494d-b1f5-882b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f3-b044-494d-b1f5-882b950d210f", "ipv4-addr--59dce1f3-b044-494d-b1f5-882b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f3-b044-494d-b1f5-882b950d210f", "dst_ref": "ipv4-addr--59dce1f3-b044-494d-b1f5-882b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f3-b044-494d-b1f5-882b950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f3-b708-42b2-aa22-8864950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f3-b708-42b2-aa22-8864950d210f", "ipv4-addr--59dce1f3-b708-42b2-aa22-8864950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f3-b708-42b2-aa22-8864950d210f", "dst_ref": "ipv4-addr--59dce1f3-b708-42b2-aa22-8864950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f3-b708-42b2-aa22-8864950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "ipv4-addr--59dce1f3-4aa4-48d8-b1f5-4e89950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "dst_ref": "ipv4-addr--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f4-ddb0-4809-af2c-426a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f4-ddb0-4809-af2c-426a950d210f", "ipv4-addr--59dce1f4-ddb0-4809-af2c-426a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f4-ddb0-4809-af2c-426a950d210f", "dst_ref": "ipv4-addr--59dce1f4-ddb0-4809-af2c-426a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f4-ddb0-4809-af2c-426a950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f4-b930-4908-832d-86c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f4-b930-4908-832d-86c4950d210f", "ipv4-addr--59dce1f4-b930-4908-832d-86c4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f4-b930-4908-832d-86c4950d210f", "dst_ref": "ipv4-addr--59dce1f4-b930-4908-832d-86c4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f4-b930-4908-832d-86c4950d210f", "value": "194.87.103.184" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f4-19ec-4e92-ab91-8928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f4-19ec-4e92-ab91-8928950d210f", "ipv4-addr--59dce1f4-19ec-4e92-ab91-8928950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f4-19ec-4e92-ab91-8928950d210f", "dst_ref": "ipv4-addr--59dce1f4-19ec-4e92-ab91-8928950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f4-19ec-4e92-ab91-8928950d210f", "value": "92.63.102.64" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "ipv4-addr--59dce1f4-8ec4-40ec-8803-2fc8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "dst_ref": "ipv4-addr--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f4-8ec4-40ec-8803-2fc8950d210f", "value": "194.87.238.53" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f5-6bac-4868-8c1b-878f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f5-6bac-4868-8c1b-878f950d210f", "ipv4-addr--59dce1f5-6bac-4868-8c1b-878f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f5-6bac-4868-8c1b-878f950d210f", "dst_ref": "ipv4-addr--59dce1f5-6bac-4868-8c1b-878f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f5-6bac-4868-8c1b-878f950d210f", "value": "92.63.102.159" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f5-7e64-4081-8e0b-8751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f5-7e64-4081-8e0b-8751950d210f", "ipv4-addr--59dce1f5-7e64-4081-8e0b-8751950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f5-7e64-4081-8e0b-8751950d210f", "dst_ref": "ipv4-addr--59dce1f5-7e64-4081-8e0b-8751950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f5-7e64-4081-8e0b-8751950d210f", "value": "194.87.232.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f5-bc8c-441f-a2d8-4150950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f5-bc8c-441f-a2d8-4150950d210f", "ipv4-addr--59dce1f5-bc8c-441f-a2d8-4150950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f5-bc8c-441f-a2d8-4150950d210f", "dst_ref": "ipv4-addr--59dce1f5-bc8c-441f-a2d8-4150950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f5-bc8c-441f-a2d8-4150950d210f", "value": "149.154.69.70" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f6-a098-4022-83b5-88d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f6-a098-4022-83b5-88d9950d210f", "ipv4-addr--59dce1f6-a098-4022-83b5-88d9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f6-a098-4022-83b5-88d9950d210f", "dst_ref": "ipv4-addr--59dce1f6-a098-4022-83b5-88d9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f6-a098-4022-83b5-88d9950d210f", "value": "78.24.223.153" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f6-3e54-4802-ad22-47f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f6-3e54-4802-ad22-47f3950d210f", "ipv4-addr--59dce1f6-3e54-4802-ad22-47f3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f6-3e54-4802-ad22-47f3950d210f", "dst_ref": "ipv4-addr--59dce1f6-3e54-4802-ad22-47f3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f6-3e54-4802-ad22-47f3950d210f", "value": "194.87.92.207" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f6-bcb0-4147-bd09-47d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f6-bcb0-4147-bd09-47d9950d210f", "ipv4-addr--59dce1f6-bcb0-4147-bd09-47d9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f6-bcb0-4147-bd09-47d9950d210f", "dst_ref": "ipv4-addr--59dce1f6-bcb0-4147-bd09-47d9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f6-bcb0-4147-bd09-47d9950d210f", "value": "194.87.94.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "ipv4-addr--59dce1f7-79c4-4b32-92c8-2dd8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "dst_ref": "ipv4-addr--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f7-79c4-4b32-92c8-2dd8950d210f", "value": "195.133.147.238" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f7-0c7c-4db1-a96b-882b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f7-0c7c-4db1-a96b-882b950d210f", "ipv4-addr--59dce1f7-0c7c-4db1-a96b-882b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f7-0c7c-4db1-a96b-882b950d210f", "dst_ref": "ipv4-addr--59dce1f7-0c7c-4db1-a96b-882b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f7-0c7c-4db1-a96b-882b950d210f", "value": "62.109.15.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f7-15d4-473c-8767-88a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f7-15d4-473c-8767-88a8950d210f", "ipv4-addr--59dce1f7-15d4-473c-8767-88a8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f7-15d4-473c-8767-88a8950d210f", "dst_ref": "ipv4-addr--59dce1f7-15d4-473c-8767-88a8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f7-15d4-473c-8767-88a8950d210f", "value": "194.87.236.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f7-5fbc-4033-8810-4e37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f7-5fbc-4033-8810-4e37950d210f", "ipv4-addr--59dce1f7-5fbc-4033-8810-4e37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f7-5fbc-4033-8810-4e37950d210f", "dst_ref": "ipv4-addr--59dce1f7-5fbc-4033-8810-4e37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f7-5fbc-4033-8810-4e37950d210f", "value": "62.109.6.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f8-069c-4aa2-8cc6-468d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f8-069c-4aa2-8cc6-468d950d210f", "ipv4-addr--59dce1f8-069c-4aa2-8cc6-468d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f8-069c-4aa2-8cc6-468d950d210f", "dst_ref": "ipv4-addr--59dce1f8-069c-4aa2-8cc6-468d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f8-069c-4aa2-8cc6-468d950d210f", "value": "149.154.69.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f8-8278-4898-8735-431c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f8-8278-4898-8735-431c950d210f", "ipv4-addr--59dce1f8-8278-4898-8735-431c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f8-8278-4898-8735-431c950d210f", "dst_ref": "ipv4-addr--59dce1f8-8278-4898-8735-431c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f8-8278-4898-8735-431c950d210f", "value": "82.146.47.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f8-612c-40b0-832f-8928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f8-612c-40b0-832f-8928950d210f", "ipv4-addr--59dce1f8-612c-40b0-832f-8928950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f8-612c-40b0-832f-8928950d210f", "dst_ref": "ipv4-addr--59dce1f8-612c-40b0-832f-8928950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f8-612c-40b0-832f-8928950d210f", "value": "78.24.216.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "ipv4-addr--59dce1f8-9778-4d26-9d0e-2fc8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "dst_ref": "ipv4-addr--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f8-9778-4d26-9d0e-2fc8950d210f", "value": "82.146.56.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f8-d3a8-4521-ad5f-8751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:39.000Z", "modified": "2017-10-12T17:42:39.000Z", "first_observed": "2017-10-12T17:42:39Z", "last_observed": "2017-10-12T17:42:39Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f8-d3a8-4521-ad5f-8751950d210f", "ipv4-addr--59dce1f8-d3a8-4521-ad5f-8751950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f8-d3a8-4521-ad5f-8751950d210f", "dst_ref": "ipv4-addr--59dce1f8-d3a8-4521-ad5f-8751950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f8-d3a8-4521-ad5f-8751950d210f", "value": "185.159.131.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f9-d490-465a-8e0f-88d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f9-d490-465a-8e0f-88d9950d210f", "ipv4-addr--59dce1f9-d490-465a-8e0f-88d9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f9-d490-465a-8e0f-88d9950d210f", "dst_ref": "ipv4-addr--59dce1f9-d490-465a-8e0f-88d9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f9-d490-465a-8e0f-88d9950d210f", "value": "194.87.146.32" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f9-5ef4-463a-9681-4185950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f9-5ef4-463a-9681-4185950d210f", "ipv4-addr--59dce1f9-5ef4-463a-9681-4185950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f9-5ef4-463a-9681-4185950d210f", "dst_ref": "ipv4-addr--59dce1f9-5ef4-463a-9681-4185950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f9-5ef4-463a-9681-4185950d210f", "value": "5.133.179.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "ipv4-addr--59dce1f9-012c-4a8e-a8a4-2dd8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "dst_ref": "ipv4-addr--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "value": "94.242.224.214" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1f9-0958-44ea-9c34-88a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1f9-0958-44ea-9c34-88a8950d210f", "ipv4-addr--59dce1f9-0958-44ea-9c34-88a8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1f9-0958-44ea-9c34-88a8950d210f", "dst_ref": "ipv4-addr--59dce1f9-0958-44ea-9c34-88a8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1f9-0958-44ea-9c34-88a8950d210f", "value": "194.87.92.242" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1fa-4cec-484d-8f70-8864950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1fa-4cec-484d-8f70-8864950d210f", "ipv4-addr--59dce1fa-4cec-484d-8f70-8864950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1fa-4cec-484d-8f70-8864950d210f", "dst_ref": "ipv4-addr--59dce1fa-4cec-484d-8f70-8864950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1fa-4cec-484d-8f70-8864950d210f", "value": "195.133.146.236" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "network-traffic--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "ipv4-addr--59dce1fa-4d8c-488c-9ad6-4b09950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "dst_ref": "ipv4-addr--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59dce1fa-4d8c-488c-9ad6-4b09950d210f", "value": "193.124.117.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa990-1d08-410c-9aa9-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "description": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d", "pattern": "[file:hashes.SHA256 = 'aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa990-2bd4-419c-a817-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "description": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d", "pattern": "[file:hashes.SHA1 = '47dde438bfb84ef917b8beadf5fde3f0f503c013']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa990-de4c-4dcd-852f-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "url--59dfa990-de4c-4dcd-852f-36f102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa990-de4c-4dcd-852f-36f102de0b81", "value": "https://www.virustotal.com/file/aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10/analysis/1507712630/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa990-22d4-41bc-aeaf-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "description": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d", "pattern": "[file:hashes.SHA256 = '10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa990-dd38-4234-baa7-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "description": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d", "pattern": "[file:hashes.SHA1 = '0db85dd510c03b3642bd7d1f214bade1a2574106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa990-db78-4b97-a870-36f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:40.000Z", "modified": "2017-10-12T17:42:40.000Z", "first_observed": "2017-10-12T17:42:40Z", "last_observed": "2017-10-12T17:42:40Z", "number_observed": 1, "object_refs": [ "url--59dfa990-db78-4b97-a870-36f102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa990-db78-4b97-a870-36f102de0b81", "value": "https://www.virustotal.com/file/10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0/analysis/1507712666/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }