{ "type": "bundle", "id": "bundle--59de12ce-625c-4b9a-95fb-fc5b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:26.000Z", "modified": "2017-10-12T17:42:26.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59de12ce-625c-4b9a-95fb-fc5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:42:26.000Z", "modified": "2017-10-12T17:42:26.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-11 : \"Supplement payment 1234567890\" - \"F1234567890_11102017.7z\"", "published": "2017-10-12T17:42:32Z", "object_refs": [ "indicator--59de12cf-2490-4184-92a6-fbb6950d210f", "indicator--59de12cf-78d4-4a70-bbbd-44fd950d210f", "indicator--59de12cf-3efc-46e9-a078-4bb9950d210f", "indicator--59de12d0-c714-4833-81a0-ac3b950d210f", "observed-data--59de12d0-6840-4eeb-88c9-4194950d210f", "network-traffic--59de12d0-6840-4eeb-88c9-4194950d210f", "ipv4-addr--59de12d0-6840-4eeb-88c9-4194950d210f", "indicator--59de12d0-e244-49fe-9840-4188950d210f", "indicator--59de12d0-51a4-447d-95df-fc5b950d210f", "observed-data--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "network-traffic--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "ipv4-addr--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "indicator--59de12d1-06d0-4051-ae42-4142950d210f", "indicator--59de12d1-7390-45e9-9f08-4e60950d210f", "observed-data--59de12d2-54b8-4142-8a2f-fc1d950d210f", "network-traffic--59de12d2-54b8-4142-8a2f-fc1d950d210f", "ipv4-addr--59de12d2-54b8-4142-8a2f-fc1d950d210f", "indicator--59de12d2-243c-4f7d-9d4f-ade0950d210f", "indicator--59de12d3-cf60-41cf-8241-ae14950d210f", "observed-data--59de12d3-5b54-4359-9caf-ac3b950d210f", "network-traffic--59de12d3-5b54-4359-9caf-ac3b950d210f", "ipv4-addr--59de12d3-5b54-4359-9caf-ac3b950d210f", "indicator--59de12d3-48e8-410d-adcc-4194950d210f", "indicator--59de12d3-ca90-4afd-b630-47cd950d210f", "observed-data--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "network-traffic--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "ipv4-addr--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "indicator--59de12d4-a624-4d4d-a073-ad5d950d210f", "indicator--59de12d4-19f8-4528-929a-4652950d210f", "observed-data--59de12d4-3324-40a0-9285-4e28950d210f", "network-traffic--59de12d4-3324-40a0-9285-4e28950d210f", "ipv4-addr--59de12d4-3324-40a0-9285-4e28950d210f", "indicator--59de12d5-5120-499c-a513-4f82950d210f", "indicator--59de12d5-6814-4d97-bbca-fbb6950d210f", "observed-data--59de12d5-50d0-4d07-a2b5-ade0950d210f", "network-traffic--59de12d5-50d0-4d07-a2b5-ade0950d210f", "ipv4-addr--59de12d5-50d0-4d07-a2b5-ade0950d210f", "indicator--59de12d5-7780-4b44-be12-ae14950d210f", "indicator--59de12d6-a99c-4a4c-80dc-45eb950d210f", "observed-data--59de12d7-6b9c-4f69-b65b-4188950d210f", "network-traffic--59de12d7-6b9c-4f69-b65b-4188950d210f", "ipv4-addr--59de12d7-6b9c-4f69-b65b-4188950d210f", "indicator--59de12d7-5934-4b0e-b941-443a950d210f", "indicator--59de12d7-b708-45eb-8d91-fbb6950d210f", "observed-data--59de12d8-ad80-4bba-8613-4592950d210f", "network-traffic--59de12d8-ad80-4bba-8613-4592950d210f", "ipv4-addr--59de12d8-ad80-4bba-8613-4592950d210f", "indicator--59de12d8-9fd8-489b-bc66-fc5b950d210f", "indicator--59de12d9-6acc-4d10-a3f8-4f3b950d210f", "observed-data--59de12d9-f9a4-4c98-843b-3f0e950d210f", "network-traffic--59de12d9-f9a4-4c98-843b-3f0e950d210f", "ipv4-addr--59de12d9-f9a4-4c98-843b-3f0e950d210f", "indicator--59de12d9-1784-47b9-ac3d-4142950d210f", "indicator--59de12d9-d9ac-4d9f-9c7a-4a3e950d210f", "observed-data--59de12da-5f50-4530-a218-491b950d210f", "network-traffic--59de12da-5f50-4530-a218-491b950d210f", "ipv4-addr--59de12da-5f50-4530-a218-491b950d210f", "indicator--59de12da-f510-4f97-bdd9-ade0950d210f", "indicator--59de12db-4a3c-44e7-b391-ae14950d210f", "indicator--59de12f9-8228-4fee-a870-ae14950d210f", "indicator--59de12f9-3fd8-487e-8da4-4b00950d210f", "observed-data--59de12f9-3d48-4a92-91fe-449f950d210f", "network-traffic--59de12f9-3d48-4a92-91fe-449f950d210f", "ipv4-addr--59de12f9-3d48-4a92-91fe-449f950d210f", "indicator--59de12fa-38e8-466b-b5d6-443b950d210f", "indicator--59de12fa-4218-4da1-a1d9-4194950d210f", "observed-data--59de12fa-6b60-4fde-aa13-ad5d950d210f", "network-traffic--59de12fa-6b60-4fde-aa13-ad5d950d210f", "ipv4-addr--59de12fa-6b60-4fde-aa13-ad5d950d210f", "indicator--59de12fa-1560-4f42-bcbf-49a4950d210f", "indicator--59de12fa-1824-46ee-b827-4142950d210f", "observed-data--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "network-traffic--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "ipv4-addr--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "indicator--59de12fb-1b78-488a-8a8a-3f0e950d210f", "indicator--59de12fb-9e48-4750-a840-435f950d210f", "observed-data--59de12fc-3058-4e4d-b8bc-ae14950d210f", "network-traffic--59de12fc-3058-4e4d-b8bc-ae14950d210f", "ipv4-addr--59de12fc-3058-4e4d-b8bc-ae14950d210f", "indicator--59de12fc-c1b8-4135-8181-48ad950d210f", "indicator--59de12fc-7e2c-4647-8461-430c950d210f", "observed-data--59de12fd-ded0-4413-b45c-4759950d210f", "network-traffic--59de12fd-ded0-4413-b45c-4759950d210f", "ipv4-addr--59de12fd-ded0-4413-b45c-4759950d210f", "indicator--59de12fd-cbc4-41c0-b92d-4194950d210f", "indicator--59de12fd-ba3c-4336-8813-ad5d950d210f", "observed-data--59de12fe-2cc4-4d03-b513-4c8c950d210f", "network-traffic--59de12fe-2cc4-4d03-b513-4c8c950d210f", "ipv4-addr--59de12fe-2cc4-4d03-b513-4c8c950d210f", "indicator--59de12ff-8ba4-4da5-985f-4e03950d210f", "indicator--59de12ff-f8a0-4f71-90e0-445f950d210f", "observed-data--59de12ff-116c-445d-8cda-fc1d950d210f", "network-traffic--59de12ff-116c-445d-8cda-fc1d950d210f", "ipv4-addr--59de12ff-116c-445d-8cda-fc1d950d210f", "indicator--59de12ff-132c-4d95-9bce-fbb6950d210f", "indicator--59de12ff-0364-4d36-9379-ae14950d210f", "observed-data--59de1300-3718-4c5f-a436-ac3b950d210f", "network-traffic--59de1300-3718-4c5f-a436-ac3b950d210f", "ipv4-addr--59de1300-3718-4c5f-a436-ac3b950d210f", "indicator--59de1300-2d88-4fe9-b7ec-fc1c950d210f", "indicator--59de1300-4940-496f-9583-400a950d210f", "observed-data--59de1301-c154-4009-9434-fc5b950d210f", "network-traffic--59de1301-c154-4009-9434-fc5b950d210f", "ipv4-addr--59de1301-c154-4009-9434-fc5b950d210f", "indicator--59de1301-cd38-48e0-a8c3-401a950d210f", "indicator--59de1301-0ad4-4cee-981c-4188950d210f", "observed-data--59de1302-ef64-4a89-bd10-4c93950d210f", "network-traffic--59de1302-ef64-4a89-bd10-4c93950d210f", "ipv4-addr--59de1302-ef64-4a89-bd10-4c93950d210f", "indicator--59de1302-33d4-4112-89de-4c5b950d210f", "indicator--59de1302-59ec-4bf0-9734-fc1d950d210f", "observed-data--59de1303-03d0-42bd-8bc6-fbb6950d210f", "network-traffic--59de1303-03d0-42bd-8bc6-fbb6950d210f", "ipv4-addr--59de1303-03d0-42bd-8bc6-fbb6950d210f", "indicator--59de1303-18e8-462d-84a8-49ee950d210f", "indicator--59de1303-6fcc-4d37-9038-ac3b950d210f", "observed-data--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "network-traffic--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "ipv4-addr--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "indicator--59de1304-ebc4-4f2c-a33c-4194950d210f", "indicator--59de1304-36d0-49b7-bdb0-ad5d950d210f", "observed-data--59de1304-ab68-44f5-8ca0-4188950d210f", "network-traffic--59de1304-ab68-44f5-8ca0-4188950d210f", "ipv4-addr--59de1304-ab68-44f5-8ca0-4188950d210f", "indicator--59de1304-30dc-424a-a0c6-4142950d210f", "indicator--59de1305-c410-4ccd-ab6c-4a30950d210f", "observed-data--59de1305-f134-4796-8df7-4094950d210f", "network-traffic--59de1305-f134-4796-8df7-4094950d210f", "ipv4-addr--59de1305-f134-4796-8df7-4094950d210f", "indicator--59de1305-2e18-4cba-a09d-3f0e950d210f", "indicator--59de1305-60dc-45ef-b433-ade0950d210f", "observed-data--59de1306-700c-4e36-9a47-ae14950d210f", "network-traffic--59de1306-700c-4e36-9a47-ae14950d210f", "ipv4-addr--59de1306-700c-4e36-9a47-ae14950d210f", "indicator--59de1306-07dc-4522-b39a-447e950d210f", "observed-data--59de1306-c638-4cfb-a195-fc1c950d210f", "network-traffic--59de1306-c638-4cfb-a195-fc1c950d210f", "ipv4-addr--59de1306-c638-4cfb-a195-fc1c950d210f", "observed-data--59de1306-4f14-4f92-8bd0-4194950d210f", "network-traffic--59de1306-4f14-4f92-8bd0-4194950d210f", "ipv4-addr--59de1306-4f14-4f92-8bd0-4194950d210f", "observed-data--59de1307-f744-4282-aac8-ad5d950d210f", "network-traffic--59de1307-f744-4282-aac8-ad5d950d210f", "ipv4-addr--59de1307-f744-4282-aac8-ad5d950d210f", "observed-data--59de1307-c250-4542-9a2c-4067950d210f", "network-traffic--59de1307-c250-4542-9a2c-4067950d210f", "ipv4-addr--59de1307-c250-4542-9a2c-4067950d210f", "observed-data--59de1308-5160-428d-a55e-40fa950d210f", "network-traffic--59de1308-5160-428d-a55e-40fa950d210f", "ipv4-addr--59de1308-5160-428d-a55e-40fa950d210f", "observed-data--59de1308-6f4c-42e4-96da-4bac950d210f", "network-traffic--59de1308-6f4c-42e4-96da-4bac950d210f", "ipv4-addr--59de1308-6f4c-42e4-96da-4bac950d210f", "observed-data--59de1309-aaf8-46b2-8edc-fc1d950d210f", "network-traffic--59de1309-aaf8-46b2-8edc-fc1d950d210f", "ipv4-addr--59de1309-aaf8-46b2-8edc-fc1d950d210f", "observed-data--59de1309-c490-46ac-88d7-ae14950d210f", "network-traffic--59de1309-c490-46ac-88d7-ae14950d210f", "ipv4-addr--59de1309-c490-46ac-88d7-ae14950d210f", "observed-data--59de1309-25e0-4d50-8fe3-4637950d210f", "network-traffic--59de1309-25e0-4d50-8fe3-4637950d210f", "ipv4-addr--59de1309-25e0-4d50-8fe3-4637950d210f", "observed-data--59de1309-d178-4c31-8d0c-ac3b950d210f", "network-traffic--59de1309-d178-4c31-8d0c-ac3b950d210f", "ipv4-addr--59de1309-d178-4c31-8d0c-ac3b950d210f", "observed-data--59de130a-2654-4d8e-885e-fc1c950d210f", "network-traffic--59de130a-2654-4d8e-885e-fc1c950d210f", "ipv4-addr--59de130a-2654-4d8e-885e-fc1c950d210f", "observed-data--59de130a-cd48-4da6-8e64-4194950d210f", "network-traffic--59de130a-cd48-4da6-8e64-4194950d210f", "ipv4-addr--59de130a-cd48-4da6-8e64-4194950d210f", "observed-data--59de130a-2d98-4a8d-93c5-4188950d210f", "network-traffic--59de130a-2d98-4a8d-93c5-4188950d210f", "ipv4-addr--59de130a-2d98-4a8d-93c5-4188950d210f", "observed-data--59de130b-75bc-4b6e-a703-4142950d210f", "network-traffic--59de130b-75bc-4b6e-a703-4142950d210f", "ipv4-addr--59de130b-75bc-4b6e-a703-4142950d210f", "observed-data--59de130b-4818-44f2-b10e-4229950d210f", "network-traffic--59de130b-4818-44f2-b10e-4229950d210f", "ipv4-addr--59de130b-4818-44f2-b10e-4229950d210f", "observed-data--59de130b-ad58-400f-bf8f-498e950d210f", "network-traffic--59de130b-ad58-400f-bf8f-498e950d210f", "ipv4-addr--59de130b-ad58-400f-bf8f-498e950d210f", "observed-data--59de130c-8e74-4aee-b67c-fc1d950d210f", "network-traffic--59de130c-8e74-4aee-b67c-fc1d950d210f", "ipv4-addr--59de130c-8e74-4aee-b67c-fc1d950d210f", "observed-data--59de130c-c560-4073-a9d8-ae14950d210f", "network-traffic--59de130c-c560-4073-a9d8-ae14950d210f", "ipv4-addr--59de130c-c560-4073-a9d8-ae14950d210f", "observed-data--59de130c-ec8c-4ad2-987d-42c1950d210f", "network-traffic--59de130c-ec8c-4ad2-987d-42c1950d210f", "ipv4-addr--59de130c-ec8c-4ad2-987d-42c1950d210f", "observed-data--59de130d-bf64-454f-b7a4-49c3950d210f", "network-traffic--59de130d-bf64-454f-b7a4-49c3950d210f", "ipv4-addr--59de130d-bf64-454f-b7a4-49c3950d210f", "observed-data--59de130d-c8e0-4988-8ae9-fc1c950d210f", "network-traffic--59de130d-c8e0-4988-8ae9-fc1c950d210f", "ipv4-addr--59de130d-c8e0-4988-8ae9-fc1c950d210f", "observed-data--59de130d-0014-44f5-b7eb-4194950d210f", "network-traffic--59de130d-0014-44f5-b7eb-4194950d210f", "ipv4-addr--59de130d-0014-44f5-b7eb-4194950d210f", "observed-data--59de130d-95a0-49b0-86a0-ad5d950d210f", "network-traffic--59de130d-95a0-49b0-86a0-ad5d950d210f", "ipv4-addr--59de130d-95a0-49b0-86a0-ad5d950d210f", "observed-data--59de130e-e5ec-4c5d-be1b-4142950d210f", "network-traffic--59de130e-e5ec-4c5d-be1b-4142950d210f", "ipv4-addr--59de130e-e5ec-4c5d-be1b-4142950d210f", "observed-data--59de130e-8000-462d-a8c3-42f1950d210f", "network-traffic--59de130e-8000-462d-a8c3-42f1950d210f", "ipv4-addr--59de130e-8000-462d-a8c3-42f1950d210f", "observed-data--59de130e-9670-4e0e-b75f-4a46950d210f", "network-traffic--59de130e-9670-4e0e-b75f-4a46950d210f", "ipv4-addr--59de130e-9670-4e0e-b75f-4a46950d210f", "observed-data--59de130f-2314-4b76-9252-3f0e950d210f", "network-traffic--59de130f-2314-4b76-9252-3f0e950d210f", "ipv4-addr--59de130f-2314-4b76-9252-3f0e950d210f", "observed-data--59de130f-98bc-4e1a-87b1-ade0950d210f", "network-traffic--59de130f-98bc-4e1a-87b1-ade0950d210f", "ipv4-addr--59de130f-98bc-4e1a-87b1-ade0950d210f", "observed-data--59de130f-8a44-4ed1-b173-ae14950d210f", "network-traffic--59de130f-8a44-4ed1-b173-ae14950d210f", "ipv4-addr--59de130f-8a44-4ed1-b173-ae14950d210f", "observed-data--59de130f-7584-49f3-9d2a-fbb6950d210f", "network-traffic--59de130f-7584-49f3-9d2a-fbb6950d210f", "ipv4-addr--59de130f-7584-49f3-9d2a-fbb6950d210f", "observed-data--59de1310-7f88-4b88-8545-ac3b950d210f", "network-traffic--59de1310-7f88-4b88-8545-ac3b950d210f", "ipv4-addr--59de1310-7f88-4b88-8545-ac3b950d210f", "observed-data--59de1310-8100-42a7-8904-fc1c950d210f", "network-traffic--59de1310-8100-42a7-8904-fc1c950d210f", "ipv4-addr--59de1310-8100-42a7-8904-fc1c950d210f", "indicator--59dfa923-5820-4ad2-95b3-a10802de0b81", "indicator--59dfa923-7ed4-4684-845e-a10802de0b81", "observed-data--59dfa923-fa70-472e-839f-a10802de0b81", "url--59dfa923-fa70-472e-839f-a10802de0b81", "indicator--59dfa923-6484-4697-bbd7-a10802de0b81", "indicator--59dfa923-8108-4f54-b36c-a10802de0b81", "observed-data--59dfa923-9e5c-46c2-b4a6-a10802de0b81", "url--59dfa923-9e5c-46c2-b4a6-a10802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12cf-2490-4184-92a6-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[file:hashes.MD5 = '6cc527a3d3297aa5d175b06b7bb6b27a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12cf-78d4-4a70-bbbd-44fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[file:hashes.MD5 = '1a9d91c1a290ec5e36e3fc8ddac60bd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12cf-3efc-46e9-a078-4bb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://abdulhamit.org/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d0-c714-4833-81a0-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'abdulhamit.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d0-6840-4eeb-88c9-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d0-6840-4eeb-88c9-4194950d210f", "ipv4-addr--59de12d0-6840-4eeb-88c9-4194950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d0-6840-4eeb-88c9-4194950d210f", "dst_ref": "ipv4-addr--59de12d0-6840-4eeb-88c9-4194950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d0-6840-4eeb-88c9-4194950d210f", "value": "77.245.149.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d0-e244-49fe-9840-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://bdbl.com.np/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d0-51a4-447d-95df-fc5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'bdbl.com.np']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "ipv4-addr--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "dst_ref": "ipv4-addr--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d1-3a5c-4fc4-a4a1-ad5d950d210f", "value": "74.200.89.84" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d1-06d0-4051-ae42-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://bnphealthcare.com/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d1-7390-45e9-9f08-4e60950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'bnphealthcare.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d2-54b8-4142-8a2f-fc1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d2-54b8-4142-8a2f-fc1d950d210f", "ipv4-addr--59de12d2-54b8-4142-8a2f-fc1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d2-54b8-4142-8a2f-fc1d950d210f", "dst_ref": "ipv4-addr--59de12d2-54b8-4142-8a2f-fc1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d2-54b8-4142-8a2f-fc1d950d210f", "value": "202.169.44.152" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d2-243c-4f7d-9d4f-ade0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://demopowerindo.com/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d3-cf60-41cf-8241-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'demopowerindo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d3-5b54-4359-9caf-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d3-5b54-4359-9caf-ac3b950d210f", "ipv4-addr--59de12d3-5b54-4359-9caf-ac3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d3-5b54-4359-9caf-ac3b950d210f", "dst_ref": "ipv4-addr--59de12d3-5b54-4359-9caf-ac3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d3-5b54-4359-9caf-ac3b950d210f", "value": "202.169.44.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d3-48e8-410d-adcc-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://dispjutr.nl/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d3-ca90-4afd-b630-47cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'dispjutr.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "ipv4-addr--59de12d4-3e54-4cd3-8b8d-fc5b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "dst_ref": "ipv4-addr--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d4-3e54-4cd3-8b8d-fc5b950d210f", "value": "144.76.149.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d4-a624-4d4d-a073-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://globoart.es/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d4-19f8-4528-929a-4652950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'globoart.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d4-3324-40a0-9285-4e28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d4-3324-40a0-9285-4e28950d210f", "ipv4-addr--59de12d4-3324-40a0-9285-4e28950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d4-3324-40a0-9285-4e28950d210f", "dst_ref": "ipv4-addr--59de12d4-3324-40a0-9285-4e28950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d4-3324-40a0-9285-4e28950d210f", "value": "86.109.170.198" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d5-5120-499c-a513-4f82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://highlandfamily.org/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d5-6814-4d97-bbca-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'highlandfamily.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d5-50d0-4d07-a2b5-ade0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d5-50d0-4d07-a2b5-ade0950d210f", "ipv4-addr--59de12d5-50d0-4d07-a2b5-ade0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d5-50d0-4d07-a2b5-ade0950d210f", "dst_ref": "ipv4-addr--59de12d5-50d0-4d07-a2b5-ade0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d5-50d0-4d07-a2b5-ade0950d210f", "value": "98.124.252.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d5-7780-4b44-be12-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://holidaypools.com.au/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d6-a99c-4a4c-80dc-45eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'holidaypools.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d7-6b9c-4f69-b65b-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d7-6b9c-4f69-b65b-4188950d210f", "ipv4-addr--59de12d7-6b9c-4f69-b65b-4188950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d7-6b9c-4f69-b65b-4188950d210f", "dst_ref": "ipv4-addr--59de12d7-6b9c-4f69-b65b-4188950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d7-6b9c-4f69-b65b-4188950d210f", "value": "27.50.86.12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d7-5934-4b0e-b941-443a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://louisawong.net/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d7-b708-45eb-8d91-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'louisawong.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d8-ad80-4bba-8613-4592950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d8-ad80-4bba-8613-4592950d210f", "ipv4-addr--59de12d8-ad80-4bba-8613-4592950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d8-ad80-4bba-8613-4592950d210f", "dst_ref": "ipv4-addr--59de12d8-ad80-4bba-8613-4592950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d8-ad80-4bba-8613-4592950d210f", "value": "123.242.230.63" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d8-9fd8-489b-bc66-fc5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[url:value = 'http://supremocartuchos.com/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d9-6acc-4d10-a3f8-4f3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "pattern": "[domain-name:value = 'supremocartuchos.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12d9-f9a4-4c98-843b-3f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:49.000Z", "modified": "2017-10-12T17:40:49.000Z", "first_observed": "2017-10-12T17:40:49Z", "last_observed": "2017-10-12T17:40:49Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12d9-f9a4-4c98-843b-3f0e950d210f", "ipv4-addr--59de12d9-f9a4-4c98-843b-3f0e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12d9-f9a4-4c98-843b-3f0e950d210f", "dst_ref": "ipv4-addr--59de12d9-f9a4-4c98-843b-3f0e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12d9-f9a4-4c98-843b-3f0e950d210f", "value": "80.172.241.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d9-1784-47b9-ac3d-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://teracom.co.id/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12d9-d9ac-4d9f-9c7a-4a3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'teracom.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12da-5f50-4530-a218-491b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12da-5f50-4530-a218-491b950d210f", "ipv4-addr--59de12da-5f50-4530-a218-491b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12da-5f50-4530-a218-491b950d210f", "dst_ref": "ipv4-addr--59de12da-5f50-4530-a218-491b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12da-5f50-4530-a218-491b950d210f", "value": "202.169.44.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12da-f510-4f97-bdd9-ade0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://fetchstats.net/p66/jhbfvg7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12db-4a3c-44e7-b391-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'fetchstats.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12f9-8228-4fee-a870-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://accessyouraudience.com/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12f9-3fd8-487e-8da4-4b00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'accessyouraudience.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12f9-3d48-4a92-91fe-449f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12f9-3d48-4a92-91fe-449f950d210f", "ipv4-addr--59de12f9-3d48-4a92-91fe-449f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12f9-3d48-4a92-91fe-449f950d210f", "dst_ref": "ipv4-addr--59de12f9-3d48-4a92-91fe-449f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12f9-3d48-4a92-91fe-449f950d210f", "value": "98.124.251.75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fa-38e8-466b-b5d6-443b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://areanuova.it/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fa-4218-4da1-a1d9-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'areanuova.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12fa-6b60-4fde-aa13-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12fa-6b60-4fde-aa13-ad5d950d210f", "ipv4-addr--59de12fa-6b60-4fde-aa13-ad5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12fa-6b60-4fde-aa13-ad5d950d210f", "dst_ref": "ipv4-addr--59de12fa-6b60-4fde-aa13-ad5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12fa-6b60-4fde-aa13-ad5d950d210f", "value": "85.235.130.46" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fa-1560-4f42-bcbf-49a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://eurecas.org/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fa-1824-46ee-b827-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'eurecas.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "ipv4-addr--59de12fb-b4a8-44d2-b5a8-4aee950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "dst_ref": "ipv4-addr--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12fb-b4a8-44d2-b5a8-4aee950d210f", "value": "185.58.7.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fb-1b78-488a-8a8a-3f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://georginabringas.com/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fb-9e48-4750-a840-435f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'georginabringas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12fc-3058-4e4d-b8bc-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12fc-3058-4e4d-b8bc-ae14950d210f", "ipv4-addr--59de12fc-3058-4e4d-b8bc-ae14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12fc-3058-4e4d-b8bc-ae14950d210f", "dst_ref": "ipv4-addr--59de12fc-3058-4e4d-b8bc-ae14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12fc-3058-4e4d-b8bc-ae14950d210f", "value": "40.76.209.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fc-c1b8-4135-8181-48ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://highpressurewelding.co.uk/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fc-7e2c-4647-8461-430c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'highpressurewelding.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12fd-ded0-4413-b45c-4759950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12fd-ded0-4413-b45c-4759950d210f", "ipv4-addr--59de12fd-ded0-4413-b45c-4759950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12fd-ded0-4413-b45c-4759950d210f", "dst_ref": "ipv4-addr--59de12fd-ded0-4413-b45c-4759950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12fd-ded0-4413-b45c-4759950d210f", "value": "91.192.195.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fd-cbc4-41c0-b92d-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://jns.co.th/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12fd-ba3c-4336-8813-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'jns.co.th']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12fe-2cc4-4d03-b513-4c8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12fe-2cc4-4d03-b513-4c8c950d210f", "ipv4-addr--59de12fe-2cc4-4d03-b513-4c8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12fe-2cc4-4d03-b513-4c8c950d210f", "dst_ref": "ipv4-addr--59de12fe-2cc4-4d03-b513-4c8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12fe-2cc4-4d03-b513-4c8c950d210f", "value": "203.146.43.65" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12ff-8ba4-4da5-985f-4e03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://maule.biz/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12ff-f8a0-4f71-90e0-445f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'maule.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de12ff-116c-445d-8cda-fc1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de12ff-116c-445d-8cda-fc1d950d210f", "ipv4-addr--59de12ff-116c-445d-8cda-fc1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de12ff-116c-445d-8cda-fc1d950d210f", "dst_ref": "ipv4-addr--59de12ff-116c-445d-8cda-fc1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de12ff-116c-445d-8cda-fc1d950d210f", "value": "98.124.251.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12ff-132c-4d95-9bce-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://missinglynxsystems.com/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de12ff-0364-4d36-9379-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'missinglynxsystems.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1300-3718-4c5f-a436-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1300-3718-4c5f-a436-ac3b950d210f", "ipv4-addr--59de1300-3718-4c5f-a436-ac3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1300-3718-4c5f-a436-ac3b950d210f", "dst_ref": "ipv4-addr--59de1300-3718-4c5f-a436-ac3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1300-3718-4c5f-a436-ac3b950d210f", "value": "66.36.173.181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1300-2d88-4fe9-b7ec-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://old.tuttoggi.info/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1300-4940-496f-9583-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'old.tuttoggi.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1301-c154-4009-9434-fc5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1301-c154-4009-9434-fc5b950d210f", "ipv4-addr--59de1301-c154-4009-9434-fc5b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1301-c154-4009-9434-fc5b950d210f", "dst_ref": "ipv4-addr--59de1301-c154-4009-9434-fc5b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1301-c154-4009-9434-fc5b950d210f", "value": "66.71.182.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1301-cd38-48e0-a8c3-401a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://pdj.co.id/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1301-0ad4-4cee-981c-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'pdj.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1302-ef64-4a89-bd10-4c93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1302-ef64-4a89-bd10-4c93950d210f", "ipv4-addr--59de1302-ef64-4a89-bd10-4c93950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1302-ef64-4a89-bd10-4c93950d210f", "dst_ref": "ipv4-addr--59de1302-ef64-4a89-bd10-4c93950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1302-ef64-4a89-bd10-4c93950d210f", "value": "202.169.44.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1302-33d4-4112-89de-4c5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://resortphotographics.com/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1302-59ec-4bf0-9734-fc1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'resortphotographics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1303-03d0-42bd-8bc6-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1303-03d0-42bd-8bc6-fbb6950d210f", "ipv4-addr--59de1303-03d0-42bd-8bc6-fbb6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1303-03d0-42bd-8bc6-fbb6950d210f", "dst_ref": "ipv4-addr--59de1303-03d0-42bd-8bc6-fbb6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1303-03d0-42bd-8bc6-fbb6950d210f", "value": "68.171.62.61" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1303-18e8-462d-84a8-49ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://team-bobcat.org/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1303-6fcc-4d37-9038-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'team-bobcat.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "ipv4-addr--59de1304-ef7c-4b24-a1fd-fc1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "dst_ref": "ipv4-addr--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1304-ef7c-4b24-a1fd-fc1c950d210f", "value": "212.224.65.254" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1304-ebc4-4f2c-a33c-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://t-plesk.com/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1304-36d0-49b7-bdb0-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 't-plesk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1304-ab68-44f5-8ca0-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1304-ab68-44f5-8ca0-4188950d210f", "ipv4-addr--59de1304-ab68-44f5-8ca0-4188950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1304-ab68-44f5-8ca0-4188950d210f", "dst_ref": "ipv4-addr--59de1304-ab68-44f5-8ca0-4188950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1304-ab68-44f5-8ca0-4188950d210f", "value": "77.92.99.9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1304-30dc-424a-a0c6-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://vithos.de/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1305-c410-4ccd-ab6c-4a30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'vithos.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1305-f134-4796-8df7-4094950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1305-f134-4796-8df7-4094950d210f", "ipv4-addr--59de1305-f134-4796-8df7-4094950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1305-f134-4796-8df7-4094950d210f", "dst_ref": "ipv4-addr--59de1305-f134-4796-8df7-4094950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1305-f134-4796-8df7-4094950d210f", "value": "87.106.30.57" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1305-2e18-4cba-a09d-3f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://wiskundebijles.nu/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1305-60dc-45ef-b433-ade0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[domain-name:value = 'wiskundebijles.nu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1306-700c-4e36-9a47-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1306-700c-4e36-9a47-ae14950d210f", "ipv4-addr--59de1306-700c-4e36-9a47-ae14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1306-700c-4e36-9a47-ae14950d210f", "dst_ref": "ipv4-addr--59de1306-700c-4e36-9a47-ae14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1306-700c-4e36-9a47-ae14950d210f", "value": "37.48.73.139" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59de1306-07dc-4522-b39a-447e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "pattern": "[url:value = 'http://fetchstats.net/p66/8y6ghhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1306-c638-4cfb-a195-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1306-c638-4cfb-a195-fc1c950d210f", "ipv4-addr--59de1306-c638-4cfb-a195-fc1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1306-c638-4cfb-a195-fc1c950d210f", "dst_ref": "ipv4-addr--59de1306-c638-4cfb-a195-fc1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1306-c638-4cfb-a195-fc1c950d210f", "value": "91.83.88.51" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1306-4f14-4f92-8bd0-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1306-4f14-4f92-8bd0-4194950d210f", "ipv4-addr--59de1306-4f14-4f92-8bd0-4194950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1306-4f14-4f92-8bd0-4194950d210f", "dst_ref": "ipv4-addr--59de1306-4f14-4f92-8bd0-4194950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1306-4f14-4f92-8bd0-4194950d210f", "value": "46.237.117.193" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1307-f744-4282-aac8-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1307-f744-4282-aac8-ad5d950d210f", "ipv4-addr--59de1307-f744-4282-aac8-ad5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1307-f744-4282-aac8-ad5d950d210f", "dst_ref": "ipv4-addr--59de1307-f744-4282-aac8-ad5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1307-f744-4282-aac8-ad5d950d210f", "value": "79.170.7.139" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1307-c250-4542-9a2c-4067950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:50.000Z", "modified": "2017-10-12T17:40:50.000Z", "first_observed": "2017-10-12T17:40:50Z", "last_observed": "2017-10-12T17:40:50Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1307-c250-4542-9a2c-4067950d210f", "ipv4-addr--59de1307-c250-4542-9a2c-4067950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1307-c250-4542-9a2c-4067950d210f", "dst_ref": "ipv4-addr--59de1307-c250-4542-9a2c-4067950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1307-c250-4542-9a2c-4067950d210f", "value": "41.57.103.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1308-5160-428d-a55e-40fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1308-5160-428d-a55e-40fa950d210f", "ipv4-addr--59de1308-5160-428d-a55e-40fa950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1308-5160-428d-a55e-40fa950d210f", "dst_ref": "ipv4-addr--59de1308-5160-428d-a55e-40fa950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1308-5160-428d-a55e-40fa950d210f", "value": "196.202.194.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1308-6f4c-42e4-96da-4bac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1308-6f4c-42e4-96da-4bac950d210f", "ipv4-addr--59de1308-6f4c-42e4-96da-4bac950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1308-6f4c-42e4-96da-4bac950d210f", "dst_ref": "ipv4-addr--59de1308-6f4c-42e4-96da-4bac950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1308-6f4c-42e4-96da-4bac950d210f", "value": "46.20.56.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1309-aaf8-46b2-8edc-fc1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1309-aaf8-46b2-8edc-fc1d950d210f", "ipv4-addr--59de1309-aaf8-46b2-8edc-fc1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1309-aaf8-46b2-8edc-fc1d950d210f", "dst_ref": "ipv4-addr--59de1309-aaf8-46b2-8edc-fc1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1309-aaf8-46b2-8edc-fc1d950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1309-c490-46ac-88d7-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1309-c490-46ac-88d7-ae14950d210f", "ipv4-addr--59de1309-c490-46ac-88d7-ae14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1309-c490-46ac-88d7-ae14950d210f", "dst_ref": "ipv4-addr--59de1309-c490-46ac-88d7-ae14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1309-c490-46ac-88d7-ae14950d210f", "value": "91.239.249.118" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1309-25e0-4d50-8fe3-4637950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1309-25e0-4d50-8fe3-4637950d210f", "ipv4-addr--59de1309-25e0-4d50-8fe3-4637950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1309-25e0-4d50-8fe3-4637950d210f", "dst_ref": "ipv4-addr--59de1309-25e0-4d50-8fe3-4637950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1309-25e0-4d50-8fe3-4637950d210f", "value": "194.87.103.184" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1309-d178-4c31-8d0c-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1309-d178-4c31-8d0c-ac3b950d210f", "ipv4-addr--59de1309-d178-4c31-8d0c-ac3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1309-d178-4c31-8d0c-ac3b950d210f", "dst_ref": "ipv4-addr--59de1309-d178-4c31-8d0c-ac3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1309-d178-4c31-8d0c-ac3b950d210f", "value": "92.63.102.64" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130a-2654-4d8e-885e-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130a-2654-4d8e-885e-fc1c950d210f", "ipv4-addr--59de130a-2654-4d8e-885e-fc1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130a-2654-4d8e-885e-fc1c950d210f", "dst_ref": "ipv4-addr--59de130a-2654-4d8e-885e-fc1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130a-2654-4d8e-885e-fc1c950d210f", "value": "194.87.238.53" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130a-cd48-4da6-8e64-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130a-cd48-4da6-8e64-4194950d210f", "ipv4-addr--59de130a-cd48-4da6-8e64-4194950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130a-cd48-4da6-8e64-4194950d210f", "dst_ref": "ipv4-addr--59de130a-cd48-4da6-8e64-4194950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130a-cd48-4da6-8e64-4194950d210f", "value": "92.63.102.159" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130a-2d98-4a8d-93c5-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130a-2d98-4a8d-93c5-4188950d210f", "ipv4-addr--59de130a-2d98-4a8d-93c5-4188950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130a-2d98-4a8d-93c5-4188950d210f", "dst_ref": "ipv4-addr--59de130a-2d98-4a8d-93c5-4188950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130a-2d98-4a8d-93c5-4188950d210f", "value": "194.87.232.219" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130b-75bc-4b6e-a703-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130b-75bc-4b6e-a703-4142950d210f", "ipv4-addr--59de130b-75bc-4b6e-a703-4142950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130b-75bc-4b6e-a703-4142950d210f", "dst_ref": "ipv4-addr--59de130b-75bc-4b6e-a703-4142950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130b-75bc-4b6e-a703-4142950d210f", "value": "149.154.69.70" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130b-4818-44f2-b10e-4229950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130b-4818-44f2-b10e-4229950d210f", "ipv4-addr--59de130b-4818-44f2-b10e-4229950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130b-4818-44f2-b10e-4229950d210f", "dst_ref": "ipv4-addr--59de130b-4818-44f2-b10e-4229950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130b-4818-44f2-b10e-4229950d210f", "value": "78.24.223.153" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130b-ad58-400f-bf8f-498e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130b-ad58-400f-bf8f-498e950d210f", "ipv4-addr--59de130b-ad58-400f-bf8f-498e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130b-ad58-400f-bf8f-498e950d210f", "dst_ref": "ipv4-addr--59de130b-ad58-400f-bf8f-498e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130b-ad58-400f-bf8f-498e950d210f", "value": "194.87.92.207" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130c-8e74-4aee-b67c-fc1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130c-8e74-4aee-b67c-fc1d950d210f", "ipv4-addr--59de130c-8e74-4aee-b67c-fc1d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130c-8e74-4aee-b67c-fc1d950d210f", "dst_ref": "ipv4-addr--59de130c-8e74-4aee-b67c-fc1d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130c-8e74-4aee-b67c-fc1d950d210f", "value": "194.87.94.239" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130c-c560-4073-a9d8-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130c-c560-4073-a9d8-ae14950d210f", "ipv4-addr--59de130c-c560-4073-a9d8-ae14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130c-c560-4073-a9d8-ae14950d210f", "dst_ref": "ipv4-addr--59de130c-c560-4073-a9d8-ae14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130c-c560-4073-a9d8-ae14950d210f", "value": "195.133.147.238" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130c-ec8c-4ad2-987d-42c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130c-ec8c-4ad2-987d-42c1950d210f", "ipv4-addr--59de130c-ec8c-4ad2-987d-42c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130c-ec8c-4ad2-987d-42c1950d210f", "dst_ref": "ipv4-addr--59de130c-ec8c-4ad2-987d-42c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130c-ec8c-4ad2-987d-42c1950d210f", "value": "62.109.15.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130d-bf64-454f-b7a4-49c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130d-bf64-454f-b7a4-49c3950d210f", "ipv4-addr--59de130d-bf64-454f-b7a4-49c3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130d-bf64-454f-b7a4-49c3950d210f", "dst_ref": "ipv4-addr--59de130d-bf64-454f-b7a4-49c3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130d-bf64-454f-b7a4-49c3950d210f", "value": "194.87.236.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130d-c8e0-4988-8ae9-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130d-c8e0-4988-8ae9-fc1c950d210f", "ipv4-addr--59de130d-c8e0-4988-8ae9-fc1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130d-c8e0-4988-8ae9-fc1c950d210f", "dst_ref": "ipv4-addr--59de130d-c8e0-4988-8ae9-fc1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130d-c8e0-4988-8ae9-fc1c950d210f", "value": "62.109.6.237" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130d-0014-44f5-b7eb-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130d-0014-44f5-b7eb-4194950d210f", "ipv4-addr--59de130d-0014-44f5-b7eb-4194950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130d-0014-44f5-b7eb-4194950d210f", "dst_ref": "ipv4-addr--59de130d-0014-44f5-b7eb-4194950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130d-0014-44f5-b7eb-4194950d210f", "value": "149.154.69.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130d-95a0-49b0-86a0-ad5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130d-95a0-49b0-86a0-ad5d950d210f", "ipv4-addr--59de130d-95a0-49b0-86a0-ad5d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130d-95a0-49b0-86a0-ad5d950d210f", "dst_ref": "ipv4-addr--59de130d-95a0-49b0-86a0-ad5d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130d-95a0-49b0-86a0-ad5d950d210f", "value": "82.146.47.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130e-e5ec-4c5d-be1b-4142950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130e-e5ec-4c5d-be1b-4142950d210f", "ipv4-addr--59de130e-e5ec-4c5d-be1b-4142950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130e-e5ec-4c5d-be1b-4142950d210f", "dst_ref": "ipv4-addr--59de130e-e5ec-4c5d-be1b-4142950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130e-e5ec-4c5d-be1b-4142950d210f", "value": "78.24.216.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130e-8000-462d-a8c3-42f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130e-8000-462d-a8c3-42f1950d210f", "ipv4-addr--59de130e-8000-462d-a8c3-42f1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130e-8000-462d-a8c3-42f1950d210f", "dst_ref": "ipv4-addr--59de130e-8000-462d-a8c3-42f1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130e-8000-462d-a8c3-42f1950d210f", "value": "82.146.56.218" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130e-9670-4e0e-b75f-4a46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130e-9670-4e0e-b75f-4a46950d210f", "ipv4-addr--59de130e-9670-4e0e-b75f-4a46950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130e-9670-4e0e-b75f-4a46950d210f", "dst_ref": "ipv4-addr--59de130e-9670-4e0e-b75f-4a46950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130e-9670-4e0e-b75f-4a46950d210f", "value": "185.159.131.198" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130f-2314-4b76-9252-3f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130f-2314-4b76-9252-3f0e950d210f", "ipv4-addr--59de130f-2314-4b76-9252-3f0e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130f-2314-4b76-9252-3f0e950d210f", "dst_ref": "ipv4-addr--59de130f-2314-4b76-9252-3f0e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130f-2314-4b76-9252-3f0e950d210f", "value": "194.87.146.32" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130f-98bc-4e1a-87b1-ade0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130f-98bc-4e1a-87b1-ade0950d210f", "ipv4-addr--59de130f-98bc-4e1a-87b1-ade0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130f-98bc-4e1a-87b1-ade0950d210f", "dst_ref": "ipv4-addr--59de130f-98bc-4e1a-87b1-ade0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130f-98bc-4e1a-87b1-ade0950d210f", "value": "5.133.179.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130f-8a44-4ed1-b173-ae14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130f-8a44-4ed1-b173-ae14950d210f", "ipv4-addr--59de130f-8a44-4ed1-b173-ae14950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130f-8a44-4ed1-b173-ae14950d210f", "dst_ref": "ipv4-addr--59de130f-8a44-4ed1-b173-ae14950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130f-8a44-4ed1-b173-ae14950d210f", "value": "94.242.224.214" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de130f-7584-49f3-9d2a-fbb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de130f-7584-49f3-9d2a-fbb6950d210f", "ipv4-addr--59de130f-7584-49f3-9d2a-fbb6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de130f-7584-49f3-9d2a-fbb6950d210f", "dst_ref": "ipv4-addr--59de130f-7584-49f3-9d2a-fbb6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de130f-7584-49f3-9d2a-fbb6950d210f", "value": "194.87.92.242" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1310-7f88-4b88-8545-ac3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1310-7f88-4b88-8545-ac3b950d210f", "ipv4-addr--59de1310-7f88-4b88-8545-ac3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1310-7f88-4b88-8545-ac3b950d210f", "dst_ref": "ipv4-addr--59de1310-7f88-4b88-8545-ac3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1310-7f88-4b88-8545-ac3b950d210f", "value": "195.133.146.236" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59de1310-8100-42a7-8904-fc1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "network-traffic--59de1310-8100-42a7-8904-fc1c950d210f", "ipv4-addr--59de1310-8100-42a7-8904-fc1c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59de1310-8100-42a7-8904-fc1c950d210f", "dst_ref": "ipv4-addr--59de1310-8100-42a7-8904-fc1c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59de1310-8100-42a7-8904-fc1c950d210f", "value": "193.124.117.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa923-5820-4ad2-95b3-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "description": "- Xchecked via VT: 1a9d91c1a290ec5e36e3fc8ddac60bd5", "pattern": "[file:hashes.SHA256 = 'a1183310a389c528fafd288d574307db2bb9dba7358bae50a08cee4cddaaecf0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa923-7ed4-4684-845e-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "description": "- Xchecked via VT: 1a9d91c1a290ec5e36e3fc8ddac60bd5", "pattern": "[file:hashes.SHA1 = '8808d159cf0178687e068c1b3f914a0faec06c6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa923-fa70-472e-839f-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "url--59dfa923-fa70-472e-839f-a10802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa923-fa70-472e-839f-a10802de0b81", "value": "https://www.virustotal.com/file/a1183310a389c528fafd288d574307db2bb9dba7358bae50a08cee4cddaaecf0/analysis/1507726127/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa923-6484-4697-bbd7-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "description": "- Xchecked via VT: 6cc527a3d3297aa5d175b06b7bb6b27a", "pattern": "[file:hashes.SHA256 = '15bbdae2a95fb65dd3cbc280bf63fb2e172fd3cf37384f3a0f96c2fd83f905c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59dfa923-8108-4f54-b36c-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "description": "- Xchecked via VT: 6cc527a3d3297aa5d175b06b7bb6b27a", "pattern": "[file:hashes.SHA1 = 'cb536c8d40b0e75ddb76702ba90791f738694a75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-12T17:40:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59dfa923-9e5c-46c2-b4a6-a10802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-12T17:40:51.000Z", "modified": "2017-10-12T17:40:51.000Z", "first_observed": "2017-10-12T17:40:51Z", "last_observed": "2017-10-12T17:40:51Z", "number_observed": 1, "object_refs": [ "url--59dfa923-9e5c-46c2-b4a6-a10802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59dfa923-9e5c-46c2-b4a6-a10802de0b81", "value": "https://www.virustotal.com/file/15bbdae2a95fb65dd3cbc280bf63fb2e172fd3cf37384f3a0f96c2fd83f905c6/analysis/1507777609/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }