{ "type": "bundle", "id": "bundle--5a044f70-28a8-45a4-b350-cdab950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:26:02.000Z", "modified": "2017-11-09T20:26:02.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a044f70-28a8-45a4-b350-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:26:02.000Z", "modified": "2017-11-09T20:26:02.000Z", "name": "M2M - Locky Affid=3, \".asasin\" 2017-11-02 : \"12_Invoice_3456\" - \"001_1234.doc\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a044f71-4498-467c-ab71-48ff950d210f", "indicator--5a044f72-27b4-401e-89b0-4ab9950d210f", "indicator--5a044f72-adcc-4152-89f8-4ee9950d210f", "observed-data--5a044f72-e3ac-4b5d-978a-cda3950d210f", "network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f", "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f", "indicator--5a044f72-a9c8-4ddd-b446-991b950d210f", "indicator--5a044f73-d3b8-4499-9158-cdb1950d210f", "observed-data--5a044f73-cba0-4e88-89e8-cdab950d210f", "network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f", "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f", "indicator--5a044f73-3948-40c5-a2f7-cc6f950d210f", "indicator--5a044f73-8444-4c98-9302-48f9950d210f", "observed-data--5a044f74-fcac-4eff-aed4-4414950d210f", "network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f", "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f", "indicator--5a044f74-fa18-495a-87e8-20a6950d210f", "indicator--5a044f74-5734-481a-a7dc-cd35950d210f", "observed-data--5a044f74-5c24-4898-9219-4ac3950d210f", "network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f", "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f", "indicator--5a044f75-9a44-415e-88a7-cda3950d210f", "indicator--5a044f75-6c00-4ebc-8fae-991b950d210f", "observed-data--5a044f75-c740-4f76-9b4a-cdb1950d210f", "network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f", "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f", "indicator--5a044f75-bdc4-4877-9069-cdab950d210f", "indicator--5a044f76-61a4-4bfe-8e0d-2214950d210f", "observed-data--5a044f76-f550-4ea7-8437-462c950d210f", "network-traffic--5a044f76-f550-4ea7-8437-462c950d210f", "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f", "indicator--5a044f76-ae48-41f2-a4bb-4d84950d210f", "indicator--5a044f76-ae04-44b9-8a3f-4eda950d210f", "observed-data--5a044f77-d234-4fb1-8bd4-75a9950d210f", "network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f", "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f", "indicator--5a044f7a-e1b4-40c9-9c18-75a9950d210f", "indicator--5a044f7b-aa14-4c53-b56d-20a6950d210f", "observed-data--5a044f7b-29a0-41dc-96a4-42b9950d210f", "network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f", "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f", "indicator--5a044f7b-bd48-43f4-a5d7-991b950d210f", "indicator--5a044f7b-cdf8-4123-8992-48ec950d210f", "observed-data--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "indicator--5a044f7c-0f38-4603-b7d5-cc6f950d210f", "indicator--5a044f7c-5c74-4e31-8738-47c6950d210f", "observed-data--5a044f7d-b22c-432a-a43e-75a9950d210f", "network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f", "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f", "indicator--5a044f7d-32d8-47f3-85f2-4a7e950d210f", "indicator--5a044f7d-b21c-48e5-b462-cda3950d210f", "observed-data--5a044f7d-731c-4c6d-a6d2-991b950d210f", "network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f", "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f", "indicator--5a044f7d-afbc-47a0-ab66-4d24950d210f", "indicator--5a044f7e-353c-48dd-b43d-4d17950d210f", "observed-data--5a044f7e-ad0c-4742-93e8-cdab950d210f", "network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f", "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f", "indicator--5a044f7e-ce38-414d-ba71-2214950d210f", "indicator--5a044f7f-9d74-49e7-86c0-4337950d210f", "observed-data--5a044f7f-d44c-48dd-ab0f-498f950d210f", "network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f", "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f", "indicator--5a044f7f-9e20-4642-a4a9-cd35950d210f", "indicator--5a044f80-34c4-4182-a96e-717b950d210f", "indicator--5a04b9d4-6098-4af4-a972-4c9702de0b81", "indicator--5a04b9d4-f76c-43c8-a7b5-48a102de0b81", "observed-data--5a04b9d4-17ac-4410-b44a-494d02de0b81", "url--5a04b9d4-17ac-4410-b44a-494d02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f71-4498-467c-ab71-48ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[file:hashes.MD5 = '26671a0b08b87754a72ab3d0c2256059']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f72-27b4-401e-89b0-4ab9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://nozovent.net/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f72-adcc-4152-89f8-4ee9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[domain-name:value = 'nozovent.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f72-e3ac-4b5d-978a-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "first_observed": "2017-11-09T20:25:55Z", "last_observed": "2017-11-09T20:25:55Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f", "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f", "dst_ref": "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f", "value": "167.114.138.110" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f72-a9c8-4ddd-b446-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://pccreatief.nl/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f73-d3b8-4499-9158-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[domain-name:value = 'pccreatief.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f73-cba0-4e88-89e8-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "first_observed": "2017-11-09T20:25:55Z", "last_observed": "2017-11-09T20:25:55Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f", "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f", "dst_ref": "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f", "value": "85.25.192.252" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f73-3948-40c5-a2f7-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://plaissetty.com/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f73-8444-4c98-9302-48f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[domain-name:value = 'plaissetty.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f74-fcac-4eff-aed4-4414950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "first_observed": "2017-11-09T20:25:55Z", "last_observed": "2017-11-09T20:25:55Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f", "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f", "dst_ref": "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f", "value": "91.121.183.59" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f74-fa18-495a-87e8-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://ro.isuzu.it/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f74-5734-481a-a7dc-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[domain-name:value = 'ro.isuzu.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f74-5c24-4898-9219-4ac3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "first_observed": "2017-11-09T20:25:55Z", "last_observed": "2017-11-09T20:25:55Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f", "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f", "dst_ref": "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f", "value": "95.110.189.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f75-9a44-415e-88a7-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://sirbis.de/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f75-6c00-4ebc-8fae-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[domain-name:value = 'sirbis.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f75-c740-4f76-9b4a-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "first_observed": "2017-11-09T20:25:55Z", "last_observed": "2017-11-09T20:25:55Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f", "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f", "dst_ref": "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f", "value": "46.163.72.181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f75-bdc4-4877-9069-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:55.000Z", "modified": "2017-11-09T20:25:55.000Z", "pattern": "[url:value = 'http://skivvies.com/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f76-61a4-4bfe-8e0d-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'skivvies.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f76-f550-4ea7-8437-462c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f76-f550-4ea7-8437-462c950d210f", "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f76-f550-4ea7-8437-462c950d210f", "dst_ref": "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f", "value": "204.197.241.45" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f76-ae48-41f2-a4bb-4d84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://studio311.de/Jmdnaf36dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f76-ae04-44b9-8a3f-4eda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'studio311.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f77-d234-4fb1-8bd4-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f", "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f", "dst_ref": "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f", "value": "217.182.199.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7a-e1b4-40c9-9c18-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://michelsmarkt.de/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7b-aa14-4c53-b56d-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'michelsmarkt.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7b-29a0-41dc-96a4-42b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f", "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f", "dst_ref": "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f", "value": "173.212.228.135" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7b-bd48-43f4-a5d7-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://noya-en.eu/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7b-cdf8-4123-8992-48ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'noya-en.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "dst_ref": "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "value": "185.66.251.178" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7c-0f38-4603-b7d5-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://ruemmelin.info/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7c-5c74-4e31-8738-47c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'ruemmelin.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7d-b22c-432a-a43e-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f", "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f", "dst_ref": "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f", "value": "81.90.33.38" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7d-32d8-47f3-85f2-4a7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://remers-messebau.de/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7d-b21c-48e5-b462-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'remers-messebau.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7d-731c-4c6d-a6d2-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f", "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f", "dst_ref": "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f", "value": "89.163.140.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7d-afbc-47a0-ab66-4d24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://ollyandfriends.de/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7e-353c-48dd-b43d-4d17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'ollyandfriends.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7e-ad0c-4742-93e8-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f", "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f", "dst_ref": "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f", "value": "85.119.155.42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7e-ce38-414d-ba71-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://primeassociatesinc.com/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7f-9d74-49e7-86c0-4337950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'primeassociatesinc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044f7f-d44c-48dd-ab0f-498f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f", "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f", "dst_ref": "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f", "value": "209.54.51.32" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f7f-9e20-4642-a4a9-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[url:value = 'http://verwadirephen.info/p66/Jgsn5srs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044f80-34c4-4182-a96e-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "pattern": "[domain-name:value = 'verwadirephen.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b9d4-6098-4af4-a972-4c9702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "description": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059", "pattern": "[file:hashes.SHA256 = '68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04b9d4-f76c-43c8-a7b5-48a102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "description": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059", "pattern": "[file:hashes.SHA1 = '491178c82dee6e81030bd880ec3647c93b307e01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:25:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04b9d4-17ac-4410-b44a-494d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:25:56.000Z", "modified": "2017-11-09T20:25:56.000Z", "first_observed": "2017-11-09T20:25:56Z", "last_observed": "2017-11-09T20:25:56Z", "number_observed": 1, "object_refs": [ "url--5a04b9d4-17ac-4410-b44a-494d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04b9d4-17ac-4410-b44a-494d02de0b81", "value": "https://www.virustotal.com/file/68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd/analysis/1510096080/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }