{ "type": "bundle", "id": "bundle--5786466b-896c-41f4-a39d-46d1950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:58.000Z", "modified": "2016-07-13T13:47:58.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5786466b-896c-41f4-a39d-46d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:58.000Z", "modified": "2016-07-13T13:47:58.000Z", "name": "Malspam 2016-07-13 .wsf campaign", "published": "2016-07-13T13:57:45Z", "object_refs": [ "indicator--5786468a-2eb4-431e-80e6-4d37950d210f", "indicator--5786468b-2920-4efd-8a6e-470a950d210f", "indicator--5786468b-3df0-4240-b52f-48d1950d210f", "indicator--5786468b-7598-4181-aafa-4ace950d210f", "indicator--5786468b-450c-4901-a469-4477950d210f", "indicator--5786468b-fed0-4ed3-8a03-4e07950d210f", "indicator--5786468c-7144-4342-9e6c-473b950d210f", "indicator--5786468c-6c60-4884-a9fe-4064950d210f", "indicator--5786468c-56f0-46a8-bd80-4f6c950d210f", "indicator--5786468c-7e10-4bca-a80e-4828950d210f", "indicator--5786468d-95bc-4ef7-bdd2-41af950d210f", "indicator--5786468d-8dcc-4f9e-b952-487a950d210f", "indicator--5786468d-c270-44b9-a4b8-4705950d210f", "indicator--5786468d-56ac-4aef-a43c-4294950d210f", "indicator--5786468d-b540-4735-9ff4-4e09950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468a-2eb4-431e-80e6-4d37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:54.000Z", "modified": "2016-07-13T13:47:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.156.51.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468b-2920-4efd-8a6e-470a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:55.000Z", "modified": "2016-07-13T13:47:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.50.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468b-3df0-4240-b52f-48d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:55.000Z", "modified": "2016-07-13T13:47:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.55.8.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468b-7598-4181-aafa-4ace950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:55.000Z", "modified": "2016-07-13T13:47:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.38.104.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468b-450c-4901-a469-4477950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:55.000Z", "modified": "2016-07-13T13:47:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.170.86.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468b-fed0-4ed3-8a03-4e07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:55.000Z", "modified": "2016-07-13T13:47:55.000Z", "description": "download location", "pattern": "[domain-name:value = 'ampexholdings.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468c-7144-4342-9e6c-473b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:56.000Z", "modified": "2016-07-13T13:47:56.000Z", "description": "download location", "pattern": "[url:value = 'http://ampexholdings.com/cx5qn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468c-6c60-4884-a9fe-4064950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:56.000Z", "modified": "2016-07-13T13:47:56.000Z", "description": "download location", "pattern": "[url:value = 'http://lifecare-hc.com/05622']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468c-56f0-46a8-bd80-4f6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:56.000Z", "modified": "2016-07-13T13:47:56.000Z", "description": "download location", "pattern": "[url:value = 'http://pernelkul.hu/00i1453']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468c-7e10-4bca-a80e-4828950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:56.000Z", "modified": "2016-07-13T13:47:56.000Z", "description": "download location", "pattern": "[url:value = 'http://sollove.com.br/dtzbbpkz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468d-95bc-4ef7-bdd2-41af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:57.000Z", "modified": "2016-07-13T13:47:57.000Z", "description": "download location", "pattern": "[url:value = 'http://williamsbreak.com/tn7v5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468d-8dcc-4f9e-b952-487a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:57.000Z", "modified": "2016-07-13T13:47:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'lifecare-hc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468d-c270-44b9-a4b8-4705950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:57.000Z", "modified": "2016-07-13T13:47:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'pernelkul.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468d-56ac-4aef-a43c-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:57.000Z", "modified": "2016-07-13T13:47:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'sollove.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5786468d-b540-4735-9ff4-4e09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-13T13:47:57.000Z", "modified": "2016-07-13T13:47:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'williamsbreak.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-13T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }