{ "type": "bundle", "id": "bundle--593a6d56-c9d4-44a5-af47-4b68950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T15:41:24.000Z", "modified": "2017-06-09T15:41:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--593a6d56-c9d4-44a5-af47-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T15:41:24.000Z", "modified": "2017-06-09T15:41:24.000Z", "name": "M2M - Jaff 2017-06-09 : missing subject - \"IMG_1234.ZIP\" / \"DOC_1234.docm\"", "published": "2017-06-09T15:41:31Z", "object_refs": [ "indicator--593a6d57-58fc-4226-b97d-4bcc950d210f", "indicator--593a6d57-e1b8-45f5-9285-42bb950d210f", "indicator--593a6d58-72ac-4fa3-ada6-4bb5950d210f", "indicator--593a6d59-df44-4ffb-8489-424e950d210f", "observed-data--593a6d59-b5ec-4157-a7a1-4389950d210f", "network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f", "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f", "indicator--593a6d5a-f8c4-4d08-b9a6-4204950d210f", "indicator--593a6d5a-819c-4a3a-a629-4f85950d210f", "observed-data--593a6d5b-a6c8-48e0-ba22-4204950d210f", "network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f", "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f", "indicator--593a6d5c-961c-4212-a8a4-4426950d210f", "indicator--593a6d5c-795c-4892-b868-400e950d210f", "observed-data--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "indicator--593a6d5e-c724-4953-9510-45fb950d210f", "indicator--593a6d5e-0adc-486a-84ab-4b68950d210f", "observed-data--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "indicator--593a6d5f-f310-415c-b8ed-44b6950d210f", "indicator--593a6d60-fbec-4a5f-8a69-4b68950d210f", "observed-data--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "indicator--593a6d61-5074-4db3-ad28-44f8950d210f", "indicator--593a6d61-5f1c-4115-b961-46c6950d210f", "observed-data--593a6d62-40c4-4568-b027-4174950d210f", "network-traffic--593a6d62-40c4-4568-b027-4174950d210f", "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f", "indicator--593a6d63-0714-4916-8cb8-4ece950d210f", "indicator--593a6d63-1f10-42ea-afce-49cf950d210f", "observed-data--593a6d64-b1dc-4e1c-92ed-4625950d210f", "network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f", "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f", "indicator--593a6d65-0ad0-4d5c-b410-4f1e950d210f", "indicator--593a6d66-7014-4fda-8360-4f0e950d210f", "observed-data--593a6d66-4a40-4d97-b24b-4611950d210f", "network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f", "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f", "indicator--593a6d67-1280-48f3-af5a-4ed9950d210f", "indicator--593a6d68-bcdc-44fe-841c-4891950d210f", "observed-data--593a6d68-1c40-42d1-b850-7db6950d210f", "network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f", "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f", "indicator--593a6d69-aaa4-4362-a248-3089950d210f", "indicator--593a6d69-2250-42e1-aed6-4b68950d210f", "observed-data--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "indicator--593a6d6b-1108-4e8b-8341-463c950d210f", "indicator--593a6d6b-0338-44c4-8012-4d9e950d210f", "observed-data--593a6d6c-38cc-45f4-bbff-41c7950d210f", "network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f", "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f", "indicator--593a6d6d-a2b0-4d35-94e6-4eda950d210f", "indicator--593a6d6d-f494-4c87-b2fb-4faf950d210f", "observed-data--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "indicator--593a6d6f-8d28-43fb-9cbe-42bb950d210f", "indicator--593a6d6f-7a04-4c12-aff4-4800950d210f", "observed-data--593a6d70-fc30-4695-94ac-4bfe950d210f", "network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f", "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f", "indicator--593a6d71-43b0-4df2-97e9-4987950d210f", "indicator--593a6d71-c848-4aff-952a-43cb950d210f", "observed-data--593a6d72-f048-44bb-8ead-4204950d210f", "network-traffic--593a6d72-f048-44bb-8ead-4204950d210f", "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f", "indicator--593a6d72-fcf4-4be5-a24f-4b68950d210f", "indicator--593a6d73-b018-41dc-9df7-4009950d210f", "observed-data--593a6d74-500c-48ff-8a55-4b68950d210f", "network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f", "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f", "indicator--593a6d74-aad4-47ad-a791-4304950d210f", "indicator--593a6d75-5e60-41af-b1cc-4bfe950d210f", "observed-data--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "indicator--593a6d79-f5d4-4538-8b78-429f950d210f", "indicator--593a6d7a-8c20-4465-8abf-4204950d210f", "observed-data--593a6d7b-7cac-460d-b525-465c950d210f", "network-traffic--593a6d7b-7cac-460d-b525-465c950d210f", "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f", "indicator--593a6d7b-0688-4c58-bc14-4843950d210f", "indicator--593a6d7c-62a8-4a9b-b12c-4b68950d210f", "observed-data--593a6d7d-8934-4e26-af72-46d0950d210f", "network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f", "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f", "indicator--593a6d7d-b0ec-449d-8ebf-47f6950d210f", "indicator--593a6d7e-c974-409d-b9c7-3089950d210f", "observed-data--593a6d7f-4bd8-42f9-b909-4204950d210f", "network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f", "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f", "indicator--593a6d7f-4358-42d3-8aaf-420f950d210f", "indicator--593a6d80-c7b8-4aaf-b9f4-49b6950d210f", "observed-data--593a6d81-bbb4-4c6c-be7b-446a950d210f", "network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f", "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f", "indicator--593a6d81-0eb8-469c-93d6-4e9f950d210f", "indicator--593a6d82-2ad0-4d99-b9c7-4bfe950d210f", "observed-data--593a6d83-e750-4e7a-a81d-4452950d210f", "network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f", "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f", "indicator--593a6d84-fb54-450b-b3c2-420d950d210f", "indicator--593a6d84-fff4-4e07-9a3d-43ed950d210f", "observed-data--593a6d85-ebc4-4163-8e20-421e950d210f", "network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f", "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f", "indicator--593a6d85-5b50-4710-bdd9-45d4950d210f", "indicator--593a6d86-f1d8-48e2-9bbb-3089950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d57-58fc-4226-b97d-4bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:43.000Z", "modified": "2017-06-09T09:41:43.000Z", "pattern": "[file:hashes.MD5 = 'a810aa0c0f88929f805056a2b75956c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d57-e1b8-45f5-9285-42bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:43.000Z", "modified": "2017-06-09T09:41:43.000Z", "pattern": "[file:hashes.MD5 = 'a6be6ea02acd9138578cae3ef408cbe7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d58-72ac-4fa3-ada6-4bb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:44.000Z", "modified": "2017-06-09T09:41:44.000Z", "pattern": "[url:value = 'http://7prisms.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d59-df44-4ffb-8489-424e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:45.000Z", "modified": "2017-06-09T09:41:45.000Z", "pattern": "[domain-name:value = '7prisms.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d59-b5ec-4157-a7a1-4389950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:45.000Z", "modified": "2017-06-09T09:41:45.000Z", "first_observed": "2017-06-09T09:41:45Z", "last_observed": "2017-06-09T09:41:45Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f", "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f", "dst_ref": "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f", "value": "70.40.221.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5a-f8c4-4d08-b9a6-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:46.000Z", "modified": "2017-06-09T09:41:46.000Z", "pattern": "[url:value = 'http://adjlegal.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5a-819c-4a3a-a629-4f85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:46.000Z", "modified": "2017-06-09T09:41:46.000Z", "pattern": "[domain-name:value = 'adjlegal.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d5b-a6c8-48e0-ba22-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:47.000Z", "modified": "2017-06-09T09:41:47.000Z", "first_observed": "2017-06-09T09:41:47Z", "last_observed": "2017-06-09T09:41:47Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f", "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f", "dst_ref": "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f", "value": "162.222.226.195" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5c-961c-4212-a8a4-4426950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:48.000Z", "modified": "2017-06-09T09:41:48.000Z", "pattern": "[url:value = 'http://akira-sushi34.ru/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5c-795c-4892-b868-400e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:48.000Z", "modified": "2017-06-09T09:41:48.000Z", "pattern": "[domain-name:value = 'akira-sushi34.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:49.000Z", "modified": "2017-06-09T09:41:49.000Z", "first_observed": "2017-06-09T09:41:49Z", "last_observed": "2017-06-09T09:41:49Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "dst_ref": "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f", "value": "141.8.194.135" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5e-c724-4953-9510-45fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:50.000Z", "modified": "2017-06-09T09:41:50.000Z", "pattern": "[url:value = 'http://assuresolutions.in/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5e-0adc-486a-84ab-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:50.000Z", "modified": "2017-06-09T09:41:50.000Z", "pattern": "[domain-name:value = 'assuresolutions.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:51.000Z", "modified": "2017-06-09T09:41:51.000Z", "first_observed": "2017-06-09T09:41:51Z", "last_observed": "2017-06-09T09:41:51Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "dst_ref": "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f", "value": "209.99.16.227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d5f-f310-415c-b8ed-44b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:51.000Z", "modified": "2017-06-09T09:41:51.000Z", "pattern": "[url:value = 'http://charlenelouw.co.za/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d60-fbec-4a5f-8a69-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:52.000Z", "modified": "2017-06-09T09:41:52.000Z", "pattern": "[domain-name:value = 'charlenelouw.co.za']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:52.000Z", "modified": "2017-06-09T09:41:52.000Z", "first_observed": "2017-06-09T09:41:52Z", "last_observed": "2017-06-09T09:41:52Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "dst_ref": "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f", "value": "196.46.186.187" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d61-5074-4db3-ad28-44f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:53.000Z", "modified": "2017-06-09T09:41:53.000Z", "pattern": "[url:value = 'http://coregroupindia.co.in/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d61-5f1c-4115-b961-46c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:53.000Z", "modified": "2017-06-09T09:41:53.000Z", "pattern": "[domain-name:value = 'coregroupindia.co.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d62-40c4-4568-b027-4174950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:54.000Z", "modified": "2017-06-09T09:41:54.000Z", "first_observed": "2017-06-09T09:41:54Z", "last_observed": "2017-06-09T09:41:54Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d62-40c4-4568-b027-4174950d210f", "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d62-40c4-4568-b027-4174950d210f", "dst_ref": "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f", "value": "199.79.62.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d63-0714-4916-8cb8-4ece950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:55.000Z", "modified": "2017-06-09T09:41:55.000Z", "pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d63-1f10-42ea-afce-49cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:55.000Z", "modified": "2017-06-09T09:41:55.000Z", "pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d64-b1dc-4e1c-92ed-4625950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:56.000Z", "modified": "2017-06-09T09:41:56.000Z", "first_observed": "2017-06-09T09:41:56Z", "last_observed": "2017-06-09T09:41:56Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f", "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f", "dst_ref": "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f", "value": "119.28.85.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d65-0ad0-4d5c-b410-4f1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:57.000Z", "modified": "2017-06-09T09:41:57.000Z", "pattern": "[url:value = 'http://gidrowash.ru/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d66-7014-4fda-8360-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:58.000Z", "modified": "2017-06-09T09:41:58.000Z", "pattern": "[domain-name:value = 'gidrowash.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d66-4a40-4d97-b24b-4611950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:58.000Z", "modified": "2017-06-09T09:41:58.000Z", "first_observed": "2017-06-09T09:41:58Z", "last_observed": "2017-06-09T09:41:58Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f", "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f", "dst_ref": "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f", "value": "151.248.113.29" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d67-1280-48f3-af5a-4ed9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:41:59.000Z", "modified": "2017-06-09T09:41:59.000Z", "pattern": "[url:value = 'http://matbaa.be/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d68-bcdc-44fe-841c-4891950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:00.000Z", "modified": "2017-06-09T09:42:00.000Z", "pattern": "[domain-name:value = 'matbaa.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d68-1c40-42d1-b850-7db6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:00.000Z", "modified": "2017-06-09T09:42:00.000Z", "first_observed": "2017-06-09T09:42:00Z", "last_observed": "2017-06-09T09:42:00Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f", "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f", "dst_ref": "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f", "value": "185.158.165.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d69-aaa4-4362-a248-3089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:01.000Z", "modified": "2017-06-09T09:42:01.000Z", "pattern": "[url:value = 'http://mercobel.be/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d69-2250-42e1-aed6-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:01.000Z", "modified": "2017-06-09T09:42:01.000Z", "pattern": "[domain-name:value = 'mercobel.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:02.000Z", "modified": "2017-06-09T09:42:02.000Z", "first_observed": "2017-06-09T09:42:02Z", "last_observed": "2017-06-09T09:42:02Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "dst_ref": "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f", "value": "37.97.228.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6b-1108-4e8b-8341-463c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:03.000Z", "modified": "2017-06-09T09:42:03.000Z", "pattern": "[url:value = 'http://missangel.org/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6b-0338-44c4-8012-4d9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:03.000Z", "modified": "2017-06-09T09:42:03.000Z", "pattern": "[domain-name:value = 'missangel.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d6c-38cc-45f4-bbff-41c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:04.000Z", "modified": "2017-06-09T09:42:04.000Z", "first_observed": "2017-06-09T09:42:04Z", "last_observed": "2017-06-09T09:42:04Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f", "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f", "dst_ref": "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f", "value": "111.118.215.77" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6d-a2b0-4d35-94e6-4eda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:05.000Z", "modified": "2017-06-09T09:42:05.000Z", "pattern": "[url:value = 'http://msbn.net/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6d-f494-4c87-b2fb-4faf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:05.000Z", "modified": "2017-06-09T09:42:05.000Z", "pattern": "[domain-name:value = 'msbn.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:06.000Z", "modified": "2017-06-09T09:42:06.000Z", "first_observed": "2017-06-09T09:42:06Z", "last_observed": "2017-06-09T09:42:06Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "dst_ref": "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "value": "69.64.147.34" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6f-8d28-43fb-9cbe-42bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:07.000Z", "modified": "2017-06-09T09:42:07.000Z", "pattern": "[url:value = 'http://mscomunicacion.com.mx/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d6f-7a04-4c12-aff4-4800950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:07.000Z", "modified": "2017-06-09T09:42:07.000Z", "pattern": "[domain-name:value = 'mscomunicacion.com.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d70-fc30-4695-94ac-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:08.000Z", "modified": "2017-06-09T09:42:08.000Z", "first_observed": "2017-06-09T09:42:08Z", "last_observed": "2017-06-09T09:42:08Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f", "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f", "dst_ref": "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f", "value": "173.254.28.87" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d71-43b0-4df2-97e9-4987950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:09.000Z", "modified": "2017-06-09T09:42:09.000Z", "pattern": "[url:value = 'http://seminator.de/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d71-c848-4aff-952a-43cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:09.000Z", "modified": "2017-06-09T09:42:09.000Z", "pattern": "[domain-name:value = 'seminator.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d72-f048-44bb-8ead-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:10.000Z", "modified": "2017-06-09T09:42:10.000Z", "first_observed": "2017-06-09T09:42:10Z", "last_observed": "2017-06-09T09:42:10Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d72-f048-44bb-8ead-4204950d210f", "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d72-f048-44bb-8ead-4204950d210f", "dst_ref": "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f", "value": "81.169.145.94" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d72-fcf4-4be5-a24f-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:10.000Z", "modified": "2017-06-09T09:42:10.000Z", "pattern": "[url:value = 'http://sevsem.biz/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d73-b018-41dc-9df7-4009950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:11.000Z", "modified": "2017-06-09T09:42:11.000Z", "pattern": "[domain-name:value = 'sevsem.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d74-500c-48ff-8a55-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:12.000Z", "modified": "2017-06-09T09:42:12.000Z", "first_observed": "2017-06-09T09:42:12Z", "last_observed": "2017-06-09T09:42:12Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f", "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f", "dst_ref": "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f", "value": "46.29.160.48" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d74-aad4-47ad-a791-4304950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:12.000Z", "modified": "2017-06-09T09:42:12.000Z", "pattern": "[url:value = 'http://speaklifegreetings.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d75-5e60-41af-b1cc-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:13.000Z", "modified": "2017-06-09T09:42:13.000Z", "pattern": "[domain-name:value = 'speaklifegreetings.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:16.000Z", "modified": "2017-06-09T09:42:16.000Z", "first_observed": "2017-06-09T09:42:16Z", "last_observed": "2017-06-09T09:42:16Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "dst_ref": "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f", "value": "174.127.105.121" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d79-f5d4-4538-8b78-429f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:17.000Z", "modified": "2017-06-09T09:42:17.000Z", "pattern": "[url:value = 'http://sportsandsocialchange.org/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7a-8c20-4465-8abf-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:18.000Z", "modified": "2017-06-09T09:42:18.000Z", "pattern": "[domain-name:value = 'sportsandsocialchange.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d7b-7cac-460d-b525-465c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:19.000Z", "modified": "2017-06-09T09:42:19.000Z", "first_observed": "2017-06-09T09:42:19Z", "last_observed": "2017-06-09T09:42:19Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d7b-7cac-460d-b525-465c950d210f", "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d7b-7cac-460d-b525-465c950d210f", "dst_ref": "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f", "value": "192.185.5.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7b-0688-4c58-bc14-4843950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:19.000Z", "modified": "2017-06-09T09:42:19.000Z", "pattern": "[url:value = 'http://stock-fallimenti.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7c-62a8-4a9b-b12c-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:20.000Z", "modified": "2017-06-09T09:42:20.000Z", "pattern": "[domain-name:value = 'stock-fallimenti.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d7d-8934-4e26-af72-46d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:21.000Z", "modified": "2017-06-09T09:42:21.000Z", "first_observed": "2017-06-09T09:42:21Z", "last_observed": "2017-06-09T09:42:21Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f", "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f", "dst_ref": "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f", "value": "213.32.71.234" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7d-b0ec-449d-8ebf-47f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:21.000Z", "modified": "2017-06-09T09:42:21.000Z", "pattern": "[url:value = 'http://xp.com.sg/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7e-c974-409d-b9c7-3089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:22.000Z", "modified": "2017-06-09T09:42:22.000Z", "pattern": "[domain-name:value = 'xp.com.sg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d7f-4bd8-42f9-b909-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:23.000Z", "modified": "2017-06-09T09:42:23.000Z", "first_observed": "2017-06-09T09:42:23Z", "last_observed": "2017-06-09T09:42:23Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f", "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f", "dst_ref": "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f", "value": "198.252.98.191" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d7f-4358-42d3-8aaf-420f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:23.000Z", "modified": "2017-06-09T09:42:23.000Z", "pattern": "[url:value = 'http://yesman.me/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d80-c7b8-4aaf-b9f4-49b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:24.000Z", "modified": "2017-06-09T09:42:24.000Z", "pattern": "[domain-name:value = 'yesman.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d81-bbb4-4c6c-be7b-446a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:25.000Z", "modified": "2017-06-09T09:42:25.000Z", "first_observed": "2017-06-09T09:42:25Z", "last_observed": "2017-06-09T09:42:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f", "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f", "dst_ref": "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f", "value": "103.254.148.134" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d81-0eb8-469c-93d6-4e9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:25.000Z", "modified": "2017-06-09T09:42:25.000Z", "pattern": "[url:value = 'http://zeshta.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d82-2ad0-4d99-b9c7-4bfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:26.000Z", "modified": "2017-06-09T09:42:26.000Z", "pattern": "[domain-name:value = 'zeshta.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d83-e750-4e7a-a81d-4452950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:27.000Z", "modified": "2017-06-09T09:42:27.000Z", "first_observed": "2017-06-09T09:42:27Z", "last_observed": "2017-06-09T09:42:27Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f", "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f", "dst_ref": "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f", "value": "103.21.59.169" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d84-fb54-450b-b3c2-420d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:28.000Z", "modified": "2017-06-09T09:42:28.000Z", "pattern": "[url:value = 'http://zonnit.com/0hbtyHG']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d84-fff4-4e07-9a3d-43ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:28.000Z", "modified": "2017-06-09T09:42:28.000Z", "pattern": "[domain-name:value = 'zonnit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a6d85-ebc4-4163-8e20-421e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:29.000Z", "modified": "2017-06-09T09:42:29.000Z", "first_observed": "2017-06-09T09:42:29Z", "last_observed": "2017-06-09T09:42:29Z", "number_observed": 1, "object_refs": [ "network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f", "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f", "dst_ref": "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f", "value": "23.229.221.200" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d85-5b50-4710-bdd9-45d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:29.000Z", "modified": "2017-06-09T09:42:29.000Z", "pattern": "[url:value = 'http://brookstecholiggronm.net/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a6d86-f1d8-48e2-9bbb-3089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T09:42:30.000Z", "modified": "2017-06-09T09:42:30.000Z", "pattern": "[domain-name:value = 'brookstecholiggronm.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T09:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }