{ "type": "bundle", "id": "bundle--561d86b1-3fdc-4229-84dd-1048950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:17.000Z", "modified": "2015-11-03T16:34:17.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--561d86b1-3fdc-4229-84dd-1048950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:17.000Z", "modified": "2015-11-03T16:34:17.000Z", "name": "OSINT Dyre Malware Campaigners Innovate with Distribution Techniques by ProofPoint", "published": "2015-11-03T16:35:35Z", "object_refs": [ "observed-data--561d86c4-dba0-4b9a-8c7f-4253950d210b", "url--561d86c4-dba0-4b9a-8c7f-4253950d210b", "indicator--5638e1f1-ed68-4c75-a3c9-2069950d210b", "indicator--5638e1f1-f07c-4b89-bd8f-2069950d210b", "indicator--5638e1f2-362c-44b0-802b-2069950d210b", "indicator--5638e1f2-d0ec-4ac0-929a-2069950d210b", "indicator--5638e1f3-9910-4236-b4b2-2069950d210b", "indicator--5638e1f3-1974-4709-b4e0-2069950d210b", "indicator--5638e1f4-307c-4963-9c83-2069950d210b", "indicator--5638e1f4-920c-46f0-ac7a-2069950d210b", "indicator--5638e1f5-d67c-4212-9007-2069950d210b", "indicator--5638e1f5-29d8-4d9f-8cbb-2069950d210b", "indicator--5638e1f6-9020-4c68-812c-2069950d210b", "indicator--5638e1f6-b890-4c0e-b368-2069950d210b", "indicator--5638e1f7-882c-44a8-acd5-2069950d210b", "indicator--5638e1f7-2ff0-4dcc-823a-2069950d210b", "indicator--5638e1f8-a118-4599-9dd0-2069950d210b", "indicator--5638e1f8-c240-439a-97af-2069950d210b", "indicator--5638e1f9-e808-43c9-af43-2069950d210b", "indicator--5638e1f9-0554-49f6-9458-2069950d210b", "indicator--5638e1fa-10ec-4346-91a6-2069950d210b", "indicator--5638e1fa-10e4-4484-bcdf-2069950d210b", "indicator--5638e1fb-7de8-4838-8af4-2069950d210b", "indicator--5638e1fb-6d3c-4a5a-8e8c-2069950d210b", "indicator--5638e1fc-c81c-4e83-977e-2069950d210b", "indicator--5638e1fc-9e24-4077-b9b0-2069950d210b", "indicator--5638e1fd-91b8-4388-b27e-2069950d210b", "indicator--5638e1fd-ba50-4049-903a-2069950d210b", "indicator--5638e1fd-fafc-4ebd-b1d9-2069950d210b", "indicator--5638e1fe-9bac-4388-bea8-2069950d210b", "indicator--5638e1fe-2544-4805-a062-2069950d210b", "indicator--5638e1ff-2098-4196-bfba-2069950d210b", "indicator--5638e1ff-e1b8-4f2f-8597-2069950d210b", "indicator--5638e1ff-0e88-4389-850e-2069950d210b", "indicator--5638e200-58dc-47fc-bb98-2069950d210b", "indicator--5638e200-bb90-410f-8c43-2069950d210b", "indicator--5638e201-a00c-428e-98fc-2069950d210b", "indicator--5638e201-e08c-4c22-804b-2069950d210b", "indicator--5638e201-82d8-4311-964e-2069950d210b", "indicator--5638e202-efc4-4a8b-9a67-2069950d210b", "indicator--5638e202-5968-4134-b17e-2069950d210b", "indicator--5638e203-385c-409b-9af0-2069950d210b", "indicator--5638e203-4d40-4629-a798-2069950d210b", "indicator--5638e203-5058-49e3-b0b2-2069950d210b", "indicator--5638e204-4718-4d3b-a03c-2069950d210b", "indicator--5638e204-a074-460d-98cf-2069950d210b", "indicator--5638e205-7490-49d2-b0ea-2069950d210b", "indicator--5638e205-8030-4af7-b68a-2069950d210b", "indicator--5638e205-d7c0-4103-999f-2069950d210b", "indicator--5638e206-4f8c-411c-abf8-2069950d210b", "indicator--5638e206-70b8-4151-859d-2069950d210b", "indicator--5638e207-187c-4154-b616-2069950d210b", "indicator--5638e207-1ca0-4290-bdb4-2069950d210b", "indicator--5638e207-536c-4159-b89d-2069950d210b", "indicator--5638e208-6890-4992-bac3-2069950d210b", "indicator--5638e208-bfd8-4965-a312-2069950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--561d86c4-dba0-4b9a-8c7f-4253950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-13T22:33:40.000Z", "modified": "2015-10-13T22:33:40.000Z", "first_observed": "2015-10-13T22:33:40Z", "last_observed": "2015-10-13T22:33:40Z", "number_observed": 1, "object_refs": [ "url--561d86c4-dba0-4b9a-8c7f-4253950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--561d86c4-dba0-4b9a-8c7f-4253950d210b", "value": "https://www.proofpoint.com/us/dyre-malware-campaigners-innovate-distribution-techniques" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f1-ed68-4c75-a3c9-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:53.000Z", "modified": "2015-11-03T16:33:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.182.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f1-f07c-4b89-bd8f-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:53.000Z", "modified": "2015-11-03T16:33:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.162.193.207']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f2-362c-44b0-802b-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:54.000Z", "modified": "2015-11-03T16:33:54.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.149.90.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f2-d0ec-4ac0-929a-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:54.000Z", "modified": "2015-11-03T16:33:54.000Z", "pattern": "[file:hashes.SHA256 = '94ecc7d1f0fa098975a0984e55ba77ec93719b56dc3157d36311e18c51d581dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f3-9910-4236-b4b2-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:55.000Z", "modified": "2015-11-03T16:33:55.000Z", "pattern": "[url:value = 'https://65.255.135.178/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f3-1974-4709-b4e0-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:55.000Z", "modified": "2015-11-03T16:33:55.000Z", "pattern": "[url:value = 'https://188.93.122.150/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f4-307c-4963-9c83-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:56.000Z", "modified": "2015-11-03T16:33:56.000Z", "pattern": "[url:value = 'https://88.93.122.150/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f4-920c-46f0-ac7a-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:56.000Z", "modified": "2015-11-03T16:33:56.000Z", "pattern": "[url:value = 'https://67.222.201.105/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f5-d67c-4212-9007-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:57.000Z", "modified": "2015-11-03T16:33:57.000Z", "pattern": "[url:value = 'https://212.72.123.130/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f5-29d8-4d9f-8cbb-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:57.000Z", "modified": "2015-11-03T16:33:57.000Z", "pattern": "[url:value = 'https://50.24.13.21/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f6-9020-4c68-812c-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:58.000Z", "modified": "2015-11-03T16:33:58.000Z", "pattern": "[url:value = 'https://186.16.203.154/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f6-b890-4c0e-b368-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:58.000Z", "modified": "2015-11-03T16:33:58.000Z", "pattern": "[url:value = 'https://93.103.20.189/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f7-882c-44a8-acd5-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:59.000Z", "modified": "2015-11-03T16:33:59.000Z", "pattern": "[url:value = 'https://190.121.163.46/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f7-2ff0-4dcc-823a-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:33:59.000Z", "modified": "2015-11-03T16:33:59.000Z", "pattern": "[url:value = 'https://202.79.57.155/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f8-a118-4599-9dd0-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:00.000Z", "modified": "2015-11-03T16:34:00.000Z", "pattern": "[url:value = 'https://202.70.89.57/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f8-c240-439a-97af-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:00.000Z", "modified": "2015-11-03T16:34:00.000Z", "pattern": "[url:value = 'https://190.121.164.10/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f9-e808-43c9-af43-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:01.000Z", "modified": "2015-11-03T16:34:01.000Z", "pattern": "[url:value = 'https://181.40.117.66/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1f9-0554-49f6-9458-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:01.000Z", "modified": "2015-11-03T16:34:01.000Z", "pattern": "[url:value = 'https://201.217.51.92/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fa-10ec-4346-91a6-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:02.000Z", "modified": "2015-11-03T16:34:02.000Z", "pattern": "[url:value = 'https://94.40.82.66/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fa-10e4-4484-bcdf-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:02.000Z", "modified": "2015-11-03T16:34:02.000Z", "pattern": "[url:value = 'https://69.9.204.114/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fb-7de8-4838-8af4-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:03.000Z", "modified": "2015-11-03T16:34:03.000Z", "pattern": "[url:value = 'https://201.217.56.83/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fb-6d3c-4a5a-8e8c-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:03.000Z", "modified": "2015-11-03T16:34:03.000Z", "pattern": "[url:value = 'https://24.33.131.116/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fc-c81c-4e83-977e-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:04.000Z", "modified": "2015-11-03T16:34:04.000Z", "pattern": "[url:value = 'https://72.230.82.80/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fc-9e24-4077-b9b0-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:04.000Z", "modified": "2015-11-03T16:34:04.000Z", "pattern": "[url:value = 'https://173.248.31.6/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fd-91b8-4388-b27e-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:05.000Z", "modified": "2015-11-03T16:34:05.000Z", "pattern": "[url:value = 'https://208.117.68.78/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fd-ba50-4049-903a-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:05.000Z", "modified": "2015-11-03T16:34:05.000Z", "pattern": "[url:value = 'https://69.144.171.44/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fd-fafc-4ebd-b1d9-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:05.000Z", "modified": "2015-11-03T16:34:05.000Z", "pattern": "[url:value = 'https://24.148.217.188/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fe-9bac-4388-bea8-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:06.000Z", "modified": "2015-11-03T16:34:06.000Z", "pattern": "[url:value = 'https://173.216.247.74/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1fe-2544-4805-a062-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:06.000Z", "modified": "2015-11-03T16:34:06.000Z", "pattern": "[url:value = 'https://37.57.144.177/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1ff-2098-4196-bfba-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:07.000Z", "modified": "2015-11-03T16:34:07.000Z", "pattern": "[url:value = 'https://68.70.242.203/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1ff-e1b8-4f2f-8597-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:07.000Z", "modified": "2015-11-03T16:34:07.000Z", "pattern": "[url:value = 'https://27.109.20.53/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e1ff-0e88-4389-850e-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:07.000Z", "modified": "2015-11-03T16:34:07.000Z", "pattern": "[url:value = 'https://67.222.201.61/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e200-58dc-47fc-bb98-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:08.000Z", "modified": "2015-11-03T16:34:08.000Z", "pattern": "[url:value = 'https://203.129.197.50/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e200-bb90-410f-8c43-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:08.000Z", "modified": "2015-11-03T16:34:08.000Z", "pattern": "[url:value = 'https://112.133.203.43/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e201-a00c-428e-98fc-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:09.000Z", "modified": "2015-11-03T16:34:09.000Z", "pattern": "[url:value = 'https://45.64.159.18/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e201-e08c-4c22-804b-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:09.000Z", "modified": "2015-11-03T16:34:09.000Z", "pattern": "[url:value = 'https://150.129.49.11/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e201-82d8-4311-964e-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:09.000Z", "modified": "2015-11-03T16:34:09.000Z", "pattern": "[url:value = 'https://213.92.138.154/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e202-efc4-4a8b-9a67-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:10.000Z", "modified": "2015-11-03T16:34:10.000Z", "pattern": "[url:value = 'https://109.199.11.51/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e202-5968-4134-b17e-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:10.000Z", "modified": "2015-11-03T16:34:10.000Z", "pattern": "[url:value = 'https://82.115.76.211/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e203-385c-409b-9af0-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:11.000Z", "modified": "2015-11-03T16:34:11.000Z", "pattern": "[url:value = 'https://78.72.233.105/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e203-4d40-4629-a798-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:11.000Z", "modified": "2015-11-03T16:34:11.000Z", "pattern": "[url:value = 'https://82.160.64.45/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e203-5058-49e3-b0b2-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:11.000Z", "modified": "2015-11-03T16:34:11.000Z", "pattern": "[url:value = 'https://197.210.199.21/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e204-4718-4d3b-a03c-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:12.000Z", "modified": "2015-11-03T16:34:12.000Z", "pattern": "[url:value = 'https://78.108.101.67/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e204-a074-460d-98cf-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:12.000Z", "modified": "2015-11-03T16:34:12.000Z", "pattern": "[url:value = 'https://94.40.82.239/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e205-7490-49d2-b0ea-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:13.000Z", "modified": "2015-11-03T16:34:13.000Z", "pattern": "[url:value = 'https://185.89.64.160/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e205-8030-4af7-b68a-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:13.000Z", "modified": "2015-11-03T16:34:13.000Z", "pattern": "[url:value = 'https://87.126.65.67/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e205-d7c0-4103-999f-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:13.000Z", "modified": "2015-11-03T16:34:13.000Z", "pattern": "[url:value = 'https://93.183.155.22/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e206-4f8c-411c-abf8-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:14.000Z", "modified": "2015-11-03T16:34:14.000Z", "pattern": "[url:value = 'https://87.97.168.205/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e206-70b8-4151-859d-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:14.000Z", "modified": "2015-11-03T16:34:14.000Z", "pattern": "[url:value = 'https://62.233.252.207/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e207-187c-4154-b616-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:15.000Z", "modified": "2015-11-03T16:34:15.000Z", "pattern": "[url:value = 'https://85.11.144.37/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e207-1ca0-4290-bdb4-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:15.000Z", "modified": "2015-11-03T16:34:15.000Z", "pattern": "[url:value = 'https://188.167.93.231/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e207-536c-4159-b89d-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:15.000Z", "modified": "2015-11-03T16:34:15.000Z", "pattern": "[url:value = 'https://91.240.236.148/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e208-6890-4992-bac3-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:16.000Z", "modified": "2015-11-03T16:34:16.000Z", "pattern": "[url:value = 'https://91.240.236.122/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5638e208-bfd8-4965-a312-2069950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-03T16:34:16.000Z", "modified": "2015-11-03T16:34:16.000Z", "pattern": "[url:value = 'https://93.115.172.232/limto1.tar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-03T16:34:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }