{ "type": "bundle", "id": "bundle--5a04510c-b2d0-467b-97a3-75a9950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:15.000Z", "modified": "2017-11-09T21:07:15.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a04510c-b2d0-467b-97a3-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:15.000Z", "modified": "2017-11-09T21:07:15.000Z", "name": "M2M - Locky 2017-11-06 : Affid=3, \".asasin\" : \"E3S1234567890123 Payment advice\" - \"advice_123456_20171106.doc\"", "published": "2017-11-09T21:08:03Z", "object_refs": [ "indicator--5a04510d-6f08-4fcb-9abc-46e9950d210f", "indicator--5a04510d-85ec-4e5c-9bdd-cdb4950d210f", "indicator--5a04510e-48d0-4681-9f11-2214950d210f", "indicator--5a04510e-db8c-48d9-aca7-cda3950d210f", "indicator--5a04510f-9ca4-463c-ba53-cc6f950d210f", "indicator--5a04510f-0f10-477f-8ab5-42bf950d210f", "observed-data--5a04510f-2938-4aa9-81a8-cdab950d210f", "network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f", "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f", "indicator--5a04510f-5834-4227-8b16-717b950d210f", "indicator--5a04510f-1ad0-4c01-9e82-4220950d210f", "observed-data--5a045110-4374-44ef-8ca7-cdb4950d210f", "network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f", "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f", "indicator--5a045110-3dc4-4a5d-a5fb-2214950d210f", "indicator--5a045110-3fa8-44dd-8070-cda3950d210f", "observed-data--5a045110-84a0-42e2-8e81-49ea950d210f", "network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f", "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f", "indicator--5a045110-0ec8-43e0-a33c-4b46950d210f", "indicator--5a045111-c574-43be-88e4-4285950d210f", "observed-data--5a045111-6edc-4521-8077-cc6f950d210f", "network-traffic--5a045111-6edc-4521-8077-cc6f950d210f", "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f", "indicator--5a045111-cea0-42db-8311-48e7950d210f", "indicator--5a045111-c028-4d9e-833a-cdab950d210f", "observed-data--5a045111-0bc4-4d02-83cc-20a6950d210f", "network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f", "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f", "indicator--5a045112-d638-4a03-9431-4f44950d210f", "indicator--5a045112-6224-4889-802c-cdb4950d210f", "observed-data--5a045112-21b8-48b3-9d83-cdb1950d210f", "network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f", "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f", "indicator--5a045112-1a60-44cd-bc92-cda3950d210f", "indicator--5a045113-45a4-4db1-a60e-cd7d950d210f", "observed-data--5a045113-9e44-49dd-9032-4b57950d210f", "network-traffic--5a045113-9e44-49dd-9032-4b57950d210f", "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f", "observed-data--5a045113-6d64-465a-bcb8-75a9950d210f", "url--5a045113-6d64-465a-bcb8-75a9950d210f", "observed-data--5a045113-54c0-4ad0-ab03-4756950d210f", "url--5a045113-54c0-4ad0-ab03-4756950d210f", "indicator--5a045114-54ec-4dd0-a020-717b950d210f", "observed-data--5a045114-77fc-40ef-b3be-4c35950d210f", "network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f", "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f", "indicator--5a045114-d8a0-4dcc-8631-44c0950d210f", "observed-data--5a045115-07c4-4c02-9ba9-2214950d210f", "network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f", "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f", "indicator--5a045115-9904-49a4-898d-cda3950d210f", "observed-data--5a045115-9484-4c01-8faf-46bd950d210f", "network-traffic--5a045115-9484-4c01-8faf-46bd950d210f", "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f", "indicator--5a045115-46d4-4c43-912e-44ec950d210f", "observed-data--5a045115-44d8-4d7b-9026-75a9950d210f", "network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f", "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f", "indicator--5a045116-36cc-43d5-a62b-cc6f950d210f", "indicator--5a045116-1dc0-4f67-9b30-4f57950d210f", "observed-data--5a045116-b2d0-4957-bec5-4e3b950d210f", "network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f", "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f", "indicator--5a045116-fc5c-43f5-b9cb-717b950d210f", "observed-data--5a045117-10d0-47e9-8f94-412e950d210f", "network-traffic--5a045117-10d0-47e9-8f94-412e950d210f", "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f", "indicator--5a045117-5bf0-43e7-95cf-4345950d210f", "observed-data--5a045117-10c4-491a-8e69-2214950d210f", "network-traffic--5a045117-10c4-491a-8e69-2214950d210f", "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f", "indicator--5a045117-f2cc-4a1f-8dcb-cda3950d210f", "indicator--5a045137-359c-4477-8abb-20a6950d210f", "indicator--5a045137-0038-4640-8665-cdb4950d210f", "indicator--5a045137-75e8-4c38-9d96-4aa0950d210f", "indicator--5a045138-872c-4a85-9691-cc6f950d210f", "indicator--5a045138-2ac4-46b6-816b-20a6950d210f", "indicator--5a045139-ba58-45cf-a34f-444b950d210f", "indicator--5a045139-6b84-4a74-9c65-448a950d210f", "indicator--5a04513a-359c-4d35-9f9c-75a9950d210f", "indicator--5a04513a-a3f4-40a2-b834-20a6950d210f", "observed-data--5a04c375-1448-4e4d-8820-4b6302de0b81", "url--5a04c375-1448-4e4d-8820-4b6302de0b81", "indicator--5a04c375-301c-47df-9482-44b902de0b81", "indicator--5a04c375-ef78-4d94-849c-407d02de0b81", "observed-data--5a04c375-005c-4bc3-b01e-44a002de0b81", "url--5a04c375-005c-4bc3-b01e-44a002de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510d-6f08-4fcb-9abc-46e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[file:hashes.MD5 = '804156021313adfee00e9406f8de1031']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510d-85ec-4e5c-9bdd-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[file:hashes.MD5 = 'deed16eadb1a270dfc54daf84f53aad6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510e-48d0-4681-9f11-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[file:hashes.SHA1 = 'd39e97a9ff6dceb4e8430036f43fb187b8a80003']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510e-db8c-48d9-aca7-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[file:hashes.SHA256 = '3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510f-9ca4-463c-ba53-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://primeassociatesinc.com/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510f-0f10-477f-8ab5-42bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'primeassociatesinc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04510f-2938-4aa9-81a8-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f", "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f", "dst_ref": "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f", "value": "209.54.51.32" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510f-5834-4227-8b16-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://ro.isuzu.it/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04510f-1ad0-4c01-9e82-4220950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'ro.isuzu.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045110-4374-44ef-8ca7-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f", "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f", "dst_ref": "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f", "value": "95.110.189.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045110-3dc4-4a5d-a5fb-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://saranville.com/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045110-3fa8-44dd-8070-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'saranville.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045110-84a0-42e2-8e81-49ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f", "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f", "dst_ref": "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f", "value": "27.254.148.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045110-0ec8-43e0-a33c-4b46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://studio311.de/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045111-c574-43be-88e4-4285950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'studio311.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045111-6edc-4521-8077-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045111-6edc-4521-8077-cc6f950d210f", "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045111-6edc-4521-8077-cc6f950d210f", "dst_ref": "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f", "value": "217.182.199.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045111-cea0-42db-8311-48e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://testbxc.u-host.ru/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045111-c028-4d9e-833a-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'testbxc.u-host.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045111-0bc4-4d02-83cc-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f", "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f", "dst_ref": "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f", "value": "212.220.124.233" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045112-d638-4a03-9431-4f44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://themollymalone.es/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045112-6224-4889-802c-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'themollymalone.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045112-21b8-48b3-9d83-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f", "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f", "dst_ref": "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f", "value": "37.247.120.83" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045112-1a60-44cd-bc92-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[url:value = 'http://xn--buremrt-9wa.ch/12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045113-45a4-4db1-a60e-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'xn--buremrt-9wa.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045113-9e44-49dd-9032-4b57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045113-9e44-49dd-9032-4b57950d210f", "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045113-9e44-49dd-9032-4b57950d210f", "dst_ref": "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f", "value": "82.98.87.48" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045113-6d64-465a-bcb8-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "url--5a045113-6d64-465a-bcb8-75a9950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a045113-6d64-465a-bcb8-75a9950d210f", "value": "https://www.virustotal.com/#/file/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5/detection" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045113-54c0-4ad0-ab03-4756950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "url--5a045113-54c0-4ad0-ab03-4756950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a045113-54c0-4ad0-ab03-4756950d210f", "value": "https://www.hybrid-analysis.com/sample/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5?environmentId=100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045114-54ec-4dd0-a020-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'maeserdruck.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045114-77fc-40ef-b3be-4c35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f", "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f", "dst_ref": "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f", "value": "194.208.76.18" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045114-d8a0-4dcc-8631-44c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "pattern": "[domain-name:value = 'lvps212-67-205-60.vps.webfusion.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045115-07c4-4c02-9ba9-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:00.000Z", "modified": "2017-11-09T21:07:00.000Z", "first_observed": "2017-11-09T21:07:00Z", "last_observed": "2017-11-09T21:07:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f", "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f", "dst_ref": "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f", "value": "212.67.205.60" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045115-9904-49a4-898d-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'ist-profy.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045115-9484-4c01-8faf-46bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045115-9484-4c01-8faf-46bd950d210f", "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045115-9484-4c01-8faf-46bd950d210f", "dst_ref": "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f", "value": "90.156.144.159" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045115-46d4-4c43-912e-44ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'hilaryandsavio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045115-44d8-4d7b-9026-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f", "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f", "dst_ref": "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f", "value": "72.249.127.194" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045116-36cc-43d5-a62b-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'nikom.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045116-1dc0-4f67-9b30-4f57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'l-up.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045116-b2d0-4957-bec5-4e3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f", "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f", "dst_ref": "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f", "value": "89.104.72.196" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045116-fc5c-43f5-b9cb-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'michelsmarkt.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045117-10d0-47e9-8f94-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045117-10d0-47e9-8f94-412e950d210f", "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045117-10d0-47e9-8f94-412e950d210f", "dst_ref": "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f", "value": "173.212.228.135" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045117-5bf0-43e7-95cf-4345950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'jimhalltreeservice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a045117-10c4-491a-8e69-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "network-traffic--5a045117-10c4-491a-8e69-2214950d210f", "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a045117-10c4-491a-8e69-2214950d210f", "dst_ref": "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f", "value": "74.200.89.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045117-f2cc-4a1f-8dcb-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[domain-name:value = 'toftinrontonsfo.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045137-359c-4477-8abb-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://lvps212-67-205-60.vps.webfusion.co.uk/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045137-0038-4640-8665-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://ist-profy.ru/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045137-75e8-4c38-9d96-4aa0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://maeserdruck.com/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045138-872c-4a85-9691-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://hilaryandsavio.com/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045138-2ac4-46b6-816b-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://nikom.be/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045139-ba58-45cf-a34f-444b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://l-up.net/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045139-6b84-4a74-9c65-448a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://michelsmarkt.de/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04513a-359c-4d35-9f9c-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://jimhalltreeservice.com/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04513a-a3f4-40a2-b834-20a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "pattern": "[url:value = 'http://toftinrontonsfo.info/p66/mnbv374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04c375-1448-4e4d-8820-4b6302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "url--5a04c375-1448-4e4d-8820-4b6302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04c375-1448-4e4d-8820-4b6302de0b81", "value": "https://www.virustotal.com/file/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5/analysis/1510123961/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04c375-301c-47df-9482-44b902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "description": "- Xchecked via VT: deed16eadb1a270dfc54daf84f53aad6", "pattern": "[file:hashes.SHA256 = 'e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04c375-ef78-4d94-849c-407d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "description": "- Xchecked via VT: deed16eadb1a270dfc54daf84f53aad6", "pattern": "[file:hashes.SHA1 = 'cfa00beec23e1221ec6197abe887ef51ca0722d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T21:07:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04c375-005c-4bc3-b01e-44a002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T21:07:01.000Z", "modified": "2017-11-09T21:07:01.000Z", "first_observed": "2017-11-09T21:07:01Z", "last_observed": "2017-11-09T21:07:01Z", "number_observed": 1, "object_refs": [ "url--5a04c375-005c-4bc3-b01e-44a002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04c375-005c-4bc3-b01e-44a002de0b81", "value": "https://www.virustotal.com/file/e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537/analysis/1510233221/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }