{ "type": "bundle", "id": "bundle--59cd3b91-95a4-4efd-9334-4c5b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:44:18.000Z", "modified": "2017-09-29T12:44:18.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59cd3b91-95a4-4efd-9334-4c5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:44:18.000Z", "modified": "2017-09-29T12:44:18.000Z", "name": "M2M - Locky / Trickbot: \"Emailing: Scan0xxx\" from \"Sales\"", "published": "2017-09-29T12:45:04Z", "object_refs": [ "indicator--59cd3b92-bb70-4a40-af6d-723f950d210f", "indicator--59cd3b92-8e98-4293-84c4-7255950d210f", "indicator--59cd3b93-0a1c-43d6-a4f0-427f950d210f", "indicator--59cd3b93-8f5c-47d3-93de-d001950d210f", "observed-data--59cd3b93-405c-491f-8b97-1fad950d210f", "network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f", "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f", "indicator--59cd3b94-d360-45db-be55-46c1950d210f", "indicator--59cd3b94-cfe0-4d54-8d85-4b1d950d210f", "observed-data--59cd3b94-8948-4541-98ab-4963950d210f", "network-traffic--59cd3b94-8948-4541-98ab-4963950d210f", "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f", "indicator--59cd3b95-2338-47d5-991c-cdbd950d210f", "indicator--59cd3b95-6f1c-41ad-9a42-7255950d210f", "indicator--59cd3b96-9184-4a87-8862-1e0c950d210f", "indicator--59cd3b96-fafc-4625-89e3-1b8e950d210f", "indicator--59cd3b97-59c8-4ad2-9a5b-4bf1950d210f", "indicator--59cd3b97-2d00-42f3-8616-4397950d210f", "observed-data--59cd3b97-8c64-4381-b7b1-41eb950d210f", "network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f", "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f", "indicator--59cd3b98-3fb4-48b5-941b-723f950d210f", "indicator--59cd3b98-d8b8-4b9f-85fa-cdbd950d210f", "observed-data--59cd3b98-e690-4938-935b-7255950d210f", "network-traffic--59cd3b98-e690-4938-935b-7255950d210f", "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f", "indicator--59cd3b99-a79c-4658-b709-d001950d210f", "indicator--59cd3b99-c534-430a-813d-1e0c950d210f", "observed-data--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "indicator--59cd3b9b-bd88-4d5f-973b-4485950d210f", "indicator--59cd3b9b-9f0c-4d56-82e0-4294950d210f", "observed-data--59cd3b9b-3470-4bfd-bef8-4410950d210f", "network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f", "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f", "indicator--59cd3b9c-b288-49f1-ada8-723f950d210f", "indicator--59cd3b9c-b56c-4846-b5f9-cdbd950d210f", "observed-data--59cd3b9c-9240-4cf3-b165-4957950d210f", "network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f", "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f", "indicator--59cd3b9d-1360-4b50-8996-1b8e950d210f", "indicator--59cd3b9d-dbf8-4307-83fa-48a4950d210f", "observed-data--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "indicator--59cd3b9e-a13c-4fff-a657-49a2950d210f", "indicator--59cd3b9e-b9e4-489e-af9e-723f950d210f", "observed-data--59cd3b9f-9810-44be-9950-41a3950d210f", "network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f", "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f", "indicator--59cd3b9f-da90-41ff-9a2a-1b8e950d210f", "indicator--59cd3b9f-f35c-4ffe-9231-1fad950d210f", "observed-data--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "indicator--59cd3ba0-50d8-4f4f-b074-4f00950d210f", "indicator--59cd3ba0-c534-4df9-ba25-723f950d210f", "observed-data--59cd3ba1-b9d8-4351-9965-7255950d210f", "network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f", "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f", "indicator--59cd3ba2-e3f0-465f-9c23-1fad950d210f", "indicator--59cd3ba2-db40-4a9a-8416-4c7d950d210f", "observed-data--59cd3ba2-b928-4344-aef0-4589950d210f", "network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f", "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f", "indicator--59cd3ba3-2198-48e4-95b4-723f950d210f", "indicator--59cd3ba3-3758-4b71-9b2a-4026950d210f", "observed-data--59cd3ba3-f394-4b12-8bbc-406d950d210f", "network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f", "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f", "indicator--59cd3ba4-1dcc-4174-8d9a-4fef950d210f", "indicator--59cd3ba4-55e4-406d-ab26-4f61950d210f", "observed-data--59cd3ba4-dda4-4e63-b667-4b16950d210f", "network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f", "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f", "indicator--59cd3ba5-bed4-43d3-9b0c-720b950d210f", "indicator--59cd3ba5-559c-4c88-8689-723f950d210f", "observed-data--59cd3ba5-2840-41b8-94bd-4873950d210f", "network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f", "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f", "indicator--59cd3ba6-c910-462c-a8da-1e0c950d210f", "indicator--59cd3ba6-ad48-49d0-b6a4-1fad950d210f", "indicator--59cd3bcd-b6a0-43c0-a628-413a950d210f", "indicator--59cd3bcd-7424-4f97-a4d9-46e4950d210f", "observed-data--59cd3bcd-48e0-4f67-ba89-42da950d210f", "network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f", "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f", "indicator--59cd3bce-5c40-4e7e-afd7-720b950d210f", "indicator--59cd3bce-12d0-47f2-a2cf-cdbd950d210f", "observed-data--59cd3bce-9718-47e8-8651-4ef8950d210f", "network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f", "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f", "indicator--59cd3bcf-14a4-40d1-b950-1fad950d210f", "indicator--59cd3bcf-a07c-44de-8188-1b8e950d210f", "observed-data--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "indicator--59cd3bd0-f248-4900-8238-403d950d210f", "indicator--59cd3bd0-09b4-486e-9167-41e3950d210f", "observed-data--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "indicator--59cd3bd1-1b58-4ce3-a311-4189950d210f", "indicator--59cd3bd1-6ee4-4d76-beda-d001950d210f", "observed-data--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "indicator--59cd3bd2-1928-4d4a-83ce-48c2950d210f", "indicator--59cd3bd2-430c-48e5-9f97-43ed950d210f", "observed-data--59cd3bd3-835c-4c17-882a-446d950d210f", "network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f", "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f", "indicator--59cd3bd3-5e9c-4b3c-a9a6-4d44950d210f", "indicator--59cd3bd4-b7cc-440c-8adf-4853950d210f", "observed-data--59cd3bd4-d6ac-48a1-800c-d001950d210f", "network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f", "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f", "indicator--59cd3bd4-fba0-44d6-a173-7255950d210f", "indicator--59cd3bd5-c018-4b62-af1d-1b8e950d210f", "observed-data--59cd3bd5-6830-4735-b1c7-4cad950d210f", "network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f", "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f", "indicator--59cd3bd6-b954-418e-813b-4c25950d210f", "indicator--59cd3bd6-ddb0-45bd-a29e-4f3b950d210f", "observed-data--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "indicator--59cd3bd8-4aa4-4b9f-b9f4-723f950d210f", "indicator--59cd3bd8-fa24-465c-bf07-d001950d210f", "observed-data--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "indicator--59cd3bd9-5988-4067-be19-4e50950d210f", "indicator--59cd3bd9-6000-4bbe-b80d-4104950d210f", "observed-data--59cd3bda-bf64-46f2-9852-4512950d210f", "network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f", "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f", "indicator--59cd3bda-b610-4635-8e3b-4edf950d210f", "indicator--59cd3bda-1448-454a-84b9-723f950d210f", "observed-data--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "indicator--59cd3bdb-4f70-4539-b1fd-7255950d210f", "indicator--59cd3bdb-4060-4851-9760-1fad950d210f", "observed-data--59cd3bdc-386c-4704-8855-403e950d210f", "network-traffic--59cd3bdc-386c-4704-8855-403e950d210f", "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f", "indicator--59cd3bdc-e398-4f71-8962-720b950d210f", "indicator--59cd3bdc-cef8-4a4c-b69e-4e03950d210f", "observed-data--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "indicator--59cd3bdd-c1f4-431d-a427-1e0c950d210f", "indicator--59cd3bdd-8b08-4fb1-a08c-1fad950d210f", "observed-data--59cd3bde-d588-408c-b16f-4cc6950d210f", "network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f", "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f", "indicator--59cd3bde-683c-45af-a108-720b950d210f", "indicator--59cd3bde-93ec-47de-b432-4271950d210f", "observed-data--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "indicator--59cd3bdf-86c8-45d3-8bd4-d001950d210f", "indicator--59cd3be0-3a24-4902-b088-1e0c950d210f", "observed-data--59cd3be0-41c4-4bb2-8026-4a94950d210f", "network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f", "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f", "indicator--59cd3be1-bb44-4afe-bc24-720b950d210f", "indicator--59cd3be1-1978-49e6-b7e8-4b0d950d210f", "observed-data--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "indicator--59cd3be2-3948-4c1c-90c9-4143950d210f", "indicator--59cd3be2-d910-4698-a41b-1e0c950d210f", "observed-data--59cd3be2-c43c-4add-ae1d-1fad950d210f", "network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f", "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f", "indicator--59cd3be2-cfd4-45e5-8f7d-4183950d210f", "indicator--59cd3be3-3120-453d-ae46-49ed950d210f", "observed-data--59cd3bf5-f130-4cca-81ee-474f950d210f", "network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f", "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f", "observed-data--59cd3bf6-13e4-49ee-8485-4a46950d210f", "network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f", "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f", "observed-data--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "observed-data--59cd3bf7-251c-4871-b26e-723f950d210f", "network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f", "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f", "observed-data--59cd3bf7-fd74-4640-825a-4718950d210f", "network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f", "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f", "observed-data--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "observed-data--59cd3bf7-0078-4824-b45d-d001950d210f", "network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f", "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f", "observed-data--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "observed-data--59cd3bf8-8ea0-488d-a096-448e950d210f", "network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f", "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f", "observed-data--59cd3bf8-4890-4523-8173-7255950d210f", "network-traffic--59cd3bf8-4890-4523-8173-7255950d210f", "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f", "observed-data--59cd3bf9-214c-48ab-810d-48c4950d210f", "network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f", "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f", "observed-data--59cd3bf9-8474-44e3-878b-4ff5950d210f", "network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f", "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f", "observed-data--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "observed-data--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "observed-data--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "observed-data--59cd3bfa-ab30-4906-a6eb-720b950d210f", "network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f", "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f", "observed-data--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "observed-data--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "observed-data--59cd3bfb-d268-408e-9946-4aad950d210f", "network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f", "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f", "observed-data--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "observed-data--59cd3bfb-b5bc-4415-af53-4cde950d210f", "network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f", "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f", "observed-data--59cd3bfc-4374-4724-9742-48aa950d210f", "network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f", "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f", "observed-data--59cd3bfc-321c-4dcd-981a-4db2950d210f", "network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f", "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f", "observed-data--59cd3bfc-ff04-4fcc-b289-723f950d210f", "network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f", "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f", "observed-data--59cd3bfc-0ad8-470a-a6be-4351950d210f", "network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f", "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f", "observed-data--59cd3bfd-8508-44f2-b490-1e0c950d210f", "network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f", "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f", "observed-data--59cd3bfd-68d8-4ee4-a533-d001950d210f", "network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f", "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f", "observed-data--59cd3bfd-3918-4624-8689-1fad950d210f", "network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f", "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f", "indicator--59ce3688-b86c-4106-b72f-42c002de0b81", "indicator--59ce3688-2090-4809-a5a3-4c2302de0b81", "observed-data--59ce3688-0b74-49d6-bfee-40e802de0b81", "url--59ce3688-0b74-49d6-bfee-40e802de0b81", "indicator--59ce3688-8938-4ff0-aa78-437602de0b81", "indicator--59ce3688-b5bc-4b37-b6ed-48d102de0b81", "observed-data--59ce3688-debc-439a-92c8-4c1902de0b81", "url--59ce3688-debc-439a-92c8-4c1902de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Trick Bot\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b92-bb70-4a40-af6d-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[file:hashes.MD5 = '20a51bf0c489d3f2792cfae6ef4ee337']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b92-8e98-4293-84c4-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[file:hashes.MD5 = 'c86b9c09258f31e1bca843e9c74a9049']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b93-0a1c-43d6-a4f0-427f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[url:value = 'http://ambrogiauto.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b93-8f5c-47d3-93de-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[domain-name:value = 'ambrogiauto.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b93-405c-491f-8b97-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "first_observed": "2017-09-29T12:03:20Z", "last_observed": "2017-09-29T12:03:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f", "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f", "dst_ref": "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f", "value": "89.96.90.17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b94-d360-45db-be55-46c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[url:value = 'http://autoecoleathena.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b94-cfe0-4d54-8d85-4b1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[domain-name:value = 'autoecoleathena.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b94-8948-4541-98ab-4963950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "first_observed": "2017-09-29T12:03:20Z", "last_observed": "2017-09-29T12:03:20Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b94-8948-4541-98ab-4963950d210f", "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b94-8948-4541-98ab-4963950d210f", "dst_ref": "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f", "value": "193.227.248.241" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b95-2338-47d5-991c-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[url:value = 'http://autoecoleboisdesroches.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b95-6f1c-41ad-9a42-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[domain-name:value = 'autoecoleboisdesroches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b96-9184-4a87-8862-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[url:value = 'http://autoecole-jeanpierre.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b96-fafc-4625-89e3-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "pattern": "[domain-name:value = 'autoecole-jeanpierre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b97-59c8-4ad2-9a5b-4bf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://camerawind.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b97-2d00-42f3-8616-4397950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'camerawind.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b97-8c64-4381-b7b1-41eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f", "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f", "dst_ref": "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f", "value": "185.18.198.158" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b98-3fb4-48b5-941b-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://conlin-boats.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b98-d8b8-4b9f-85fa-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'conlin-boats.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b98-e690-4938-935b-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b98-e690-4938-935b-7255950d210f", "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b98-e690-4938-935b-7255950d210f", "dst_ref": "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f", "value": "208.73.32.82" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b99-a79c-4658-b709-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://feng-lian.com.tw/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b99-c534-430a-813d-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'feng-lian.com.tw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "dst_ref": "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f", "value": "203.74.202.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9b-bd88-4d5f-973b-4485950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://flooringforyou.co.uk/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9b-9f0c-4d56-82e0-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'flooringforyou.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b9b-3470-4bfd-bef8-4410950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f", "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f", "dst_ref": "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f", "value": "176.56.61.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9c-b288-49f1-ada8-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://fls-portal.co.uk/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9c-b56c-4846-b5f9-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'fls-portal.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b9c-9240-4cf3-b165-4957950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f", "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f", "dst_ref": "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f", "value": "109.108.149.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9d-1360-4b50-8996-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://fmarson.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9d-dbf8-4307-83fa-48a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'fmarson.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "dst_ref": "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f", "value": "80.172.241.35" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9e-a13c-4fff-a657-49a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://freevillemusic.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9e-b9e4-489e-af9e-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'freevillemusic.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3b9f-9810-44be-9950-41a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f", "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f", "dst_ref": "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f", "value": "66.84.8.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9f-da90-41ff-9a2a-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://geeks-online.de/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3b9f-f35c-4ffe-9231-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'geeks-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "dst_ref": "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f", "value": "78.46.92.133" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba0-50d8-4f4f-b074-4f00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://givensplace.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba0-c534-4df9-ba25-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'givensplace.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba1-b9d8-4351-9965-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f", "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f", "dst_ref": "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f", "value": "69.90.148.231" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba2-e3f0-465f-9c23-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://jakuboweb.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba2-db40-4a9a-8416-4c7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'jakuboweb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba2-b928-4344-aef0-4589950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f", "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f", "dst_ref": "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f", "value": "149.7.99.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba3-2198-48e4-95b4-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://jaysonmorrison.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba3-3758-4b71-9b2a-4026950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'jaysonmorrison.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba3-f394-4b12-8bbc-406d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f", "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f", "dst_ref": "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f", "value": "208.79.200.165" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba4-1dcc-4174-8d9a-4fef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://melting-potes.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba4-55e4-406d-ab26-4f61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'melting-potes.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba4-dda4-4e63-b667-4b16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f", "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f", "dst_ref": "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f", "value": "87.98.167.154" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba5-bed4-43d3-9b0c-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://patrickreeves.com/9hciunery8g']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba5-559c-4c88-8689-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'patrickreeves.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3ba5-2840-41b8-94bd-4873950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f", "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f", "dst_ref": "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f", "value": "208.79.200.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba6-c910-462c-a8da-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://sherylbro.net/p66/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3ba6-ad48-49d0-b6a4-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'sherylbro.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bcd-b6a0-43c0-a628-413a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://americanbulldogradio.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bcd-7424-4f97-a4d9-46e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'americanbulldogradio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bcd-48e0-4f67-ba89-42da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f", "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f", "dst_ref": "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f", "value": "50.31.160.160" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bce-5c40-4e7e-afd7-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://anarakdesert.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bce-12d0-47f2-a2cf-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'anarakdesert.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bce-9718-47e8-8651-4ef8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f", "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f", "dst_ref": "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f", "value": "205.204.66.82" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bcf-14a4-40d1-b950-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://asnsport-bg.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bcf-a07c-44de-8188-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'asnsport-bg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "dst_ref": "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f", "value": "193.107.36.30" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd0-f248-4900-8238-403d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://astilleroscotnsa.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd0-09b4-486e-9167-41e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'astilleroscotnsa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "dst_ref": "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f", "value": "109.234.84.109" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd1-1b58-4ce3-a311-4189950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://atlantarecyclingcenters.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd1-6ee4-4d76-beda-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'atlantarecyclingcenters.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "dst_ref": "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f", "value": "98.124.251.75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd2-1928-4d4a-83ce-48c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://augustinechua.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd2-430c-48e5-9f97-43ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'augustinechua.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd3-835c-4c17-882a-446d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f", "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f", "dst_ref": "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f", "value": "110.4.45.159" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd3-5e9c-4b3c-a9a6-4d44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://classactionlawsuitnewscenter.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd4-b7cc-440c-8adf-4853950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'classactionlawsuitnewscenter.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd4-d6ac-48a1-800c-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f", "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f", "dst_ref": "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f", "value": "50.28.26.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd4-fba0-44d6-a173-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://davidstephensbanjo.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd5-c018-4b62-af1d-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'davidstephensbanjo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd5-6830-4735-b1c7-4cad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f", "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f", "dst_ref": "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f", "value": "63.247.137.98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd6-b954-418e-813b-4c25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[url:value = 'http://essenza.co.id/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd6-ddb0-45bd-a29e-4f3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "pattern": "[domain-name:value = 'essenza.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:19.000Z", "modified": "2017-09-29T12:03:19.000Z", "first_observed": "2017-09-29T12:03:19Z", "last_observed": "2017-09-29T12:03:19Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "dst_ref": "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f", "value": "202.169.44.141" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd8-4aa4-4b9f-b9f4-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://evlilikpsikolojisi.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd8-fa24-465c-bf07-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'evlilikpsikolojisi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "dst_ref": "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f", "value": "178.210.175.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd9-5988-4067-be19-4e50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://e-westchesterpropertytax.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bd9-6000-4bbe-b80d-4104950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'e-westchesterpropertytax.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bda-bf64-46f2-9852-4512950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f", "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f", "dst_ref": "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f", "value": "63.247.142.80" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bda-b610-4635-8e3b-4edf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://felicesfiestas.com.mx/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bda-1448-454a-84b9-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'felicesfiestas.com.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "dst_ref": "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f", "value": "208.79.200.63" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdb-4f70-4539-b1fd-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://financeforautos.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdb-4060-4851-9760-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'financeforautos.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bdc-386c-4704-8855-403e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bdc-386c-4704-8855-403e950d210f", "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bdc-386c-4704-8855-403e950d210f", "dst_ref": "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f", "value": "72.4.145.228" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdc-e398-4f71-8962-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://fincasoroel.es/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdc-cef8-4a4c-b69e-4e03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'fincasoroel.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "dst_ref": "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f", "value": "89.140.72.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdd-c1f4-431d-a427-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://kailanisilks.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdd-8b08-4fb1-a08c-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'kailanisilks.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bde-d588-408c-b16f-4cc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f", "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f", "dst_ref": "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f", "value": "70.39.149.97" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bde-683c-45af-a108-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://mediatrendsistem.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bde-93ec-47de-b432-4271950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'mediatrendsistem.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "dst_ref": "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f", "value": "178.212.207.6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3bdf-86c8-45d3-8bd4-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://modaintensa.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be0-3a24-4902-b088-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'modaintensa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3be0-41c4-4bb2-8026-4a94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f", "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f", "dst_ref": "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f", "value": "192.99.35.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be1-bb44-4afe-bc24-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://mtblanc-let.co.uk/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be1-1978-49e6-b7e8-4b0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'mtblanc-let.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "dst_ref": "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f", "value": "217.199.175.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be2-3948-4c1c-90c9-4143950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://plumanns.com/LUYTbjnrf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be2-d910-4698-a41b-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'plumanns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3be2-c43c-4add-ae1d-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f", "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f", "dst_ref": "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f", "value": "217.160.224.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be2-cfd4-45e5-8f7d-4183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[url:value = 'http://poemsan.info/p66/d8743fgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cd3be3-3120-453d-ae46-49ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "pattern": "[domain-name:value = 'poemsan.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf5-f130-4cca-81ee-474f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f", "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f", "dst_ref": "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f", "value": "91.83.88.51" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf6-13e4-49ee-8485-4a46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f", "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f", "dst_ref": "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f", "value": "89.231.13.38" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "dst_ref": "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f", "value": "94.75.77.162" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf7-251c-4871-b26e-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f", "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f", "dst_ref": "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f", "value": "194.87.103.36" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf7-fd74-4640-825a-4718950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f", "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f", "dst_ref": "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f", "value": "5.45.86.128" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "dst_ref": "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f", "value": "195.133.48.187" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf7-0078-4824-b45d-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f", "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f", "dst_ref": "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f", "value": "194.87.147.212" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "dst_ref": "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f", "value": "5.45.84.9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf8-8ea0-488d-a096-448e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f", "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f", "dst_ref": "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f", "value": "185.158.115.72" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf8-4890-4523-8173-7255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf8-4890-4523-8173-7255950d210f", "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf8-4890-4523-8173-7255950d210f", "dst_ref": "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f", "value": "194.87.145.40" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf9-214c-48ab-810d-48c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f", "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f", "dst_ref": "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f", "value": "185.158.112.67" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf9-8474-44e3-878b-4ff5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f", "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f", "dst_ref": "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f", "value": "195.133.48.38" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "dst_ref": "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f", "value": "194.87.102.225" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "dst_ref": "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f", "value": "5.45.67.36" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "dst_ref": "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f", "value": "194.87.144.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfa-ab30-4906-a6eb-720b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f", "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f", "dst_ref": "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f", "value": "94.242.206.172" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "dst_ref": "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f", "value": "194.87.236.228" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "dst_ref": "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f", "value": "194.87.92.30" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfb-d268-408e-9946-4aad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f", "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f", "dst_ref": "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f", "value": "185.158.115.7" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "dst_ref": "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f", "value": "195.133.145.96" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfb-b5bc-4415-af53-4cde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f", "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f", "dst_ref": "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f", "value": "195.133.49.157" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfc-4374-4724-9742-48aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f", "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f", "dst_ref": "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f", "value": "46.249.59.97" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfc-321c-4dcd-981a-4db2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f", "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f", "dst_ref": "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f", "value": "185.158.115.62" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfc-ff04-4fcc-b289-723f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f", "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f", "dst_ref": "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f", "value": "138.201.44.28" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfc-0ad8-470a-a6be-4351950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f", "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f", "dst_ref": "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f", "value": "217.182.226.168" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfd-8508-44f2-b490-1e0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f", "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f", "dst_ref": "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f", "value": "195.133.48.152" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfd-68d8-4ee4-a533-d001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:18.000Z", "modified": "2017-09-29T12:03:18.000Z", "first_observed": "2017-09-29T12:03:18Z", "last_observed": "2017-09-29T12:03:18Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f", "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f", "dst_ref": "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f", "value": "194.87.234.90" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cd3bfd-3918-4624-8689-1fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:17.000Z", "modified": "2017-09-29T12:03:17.000Z", "first_observed": "2017-09-29T12:03:17Z", "last_observed": "2017-09-29T12:03:17Z", "number_observed": 1, "object_refs": [ "network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f", "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f", "dst_ref": "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f", "value": "217.182.226.165" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ce3688-b86c-4106-b72f-42c002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "description": "- Xchecked via VT: c86b9c09258f31e1bca843e9c74a9049", "pattern": "[file:hashes.SHA256 = '4a4491a5daa0b8c0d4e694601cbb860e0e069356b83e2f6ea215be758f533f1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ce3688-2090-4809-a5a3-4c2302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "description": "- Xchecked via VT: c86b9c09258f31e1bca843e9c74a9049", "pattern": "[file:hashes.SHA1 = '3db124b9ed6064be9389f089b3168747311419a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ce3688-0b74-49d6-bfee-40e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "first_observed": "2017-09-29T12:03:20Z", "last_observed": "2017-09-29T12:03:20Z", "number_observed": 1, "object_refs": [ "url--59ce3688-0b74-49d6-bfee-40e802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ce3688-0b74-49d6-bfee-40e802de0b81", "value": "https://www.virustotal.com/file/4a4491a5daa0b8c0d4e694601cbb860e0e069356b83e2f6ea215be758f533f1e/analysis/1506659811/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ce3688-8938-4ff0-aa78-437602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "description": "- Xchecked via VT: 20a51bf0c489d3f2792cfae6ef4ee337", "pattern": "[file:hashes.SHA256 = '01e771dc6cf9572eac3d87120d7a7d1ff95fdc1499b668c7fde2919e0f685256']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ce3688-b5bc-4b37-b6ed-48d102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "description": "- Xchecked via VT: 20a51bf0c489d3f2792cfae6ef4ee337", "pattern": "[file:hashes.SHA1 = 'c5270e39548d9259b421ad5e94f3e8ebdd2f1cf5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-29T12:03:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59ce3688-debc-439a-92c8-4c1902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-29T12:03:20.000Z", "modified": "2017-09-29T12:03:20.000Z", "first_observed": "2017-09-29T12:03:20Z", "last_observed": "2017-09-29T12:03:20Z", "number_observed": 1, "object_refs": [ "url--59ce3688-debc-439a-92c8-4c1902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59ce3688-debc-439a-92c8-4c1902de0b81", "value": "https://www.virustotal.com/file/01e771dc6cf9572eac3d87120d7a7d1ff95fdc1499b668c7fde2919e0f685256/analysis/1506681763/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }