{
"type": "bundle",
"id": "bundle--56e87ebe-7b6c-4008-bcfd-42a302de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:35:08.000Z",
"modified": "2016-03-15T21:35:08.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e87ebe-7b6c-4008-bcfd-42a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:35:08.000Z",
"modified": "2016-03-15T21:35:08.000Z",
"name": "Dridex botnet 222 (20160315)",
"published": "2016-03-15T21:35:36Z",
"object_refs": [
"observed-data--56e87ef7-abb8-4ce0-8154-418602de0b81",
"url--56e87ef7-abb8-4ce0-8154-418602de0b81",
"indicator--56e87f05-b4f8-49a2-b5c6-4be602de0b81",
"indicator--56e87f27-eb34-4eb1-ab7b-4f5d02de0b81",
"indicator--56e87f27-02dc-4fa1-9c84-42c602de0b81",
"observed-data--56e87f28-adfc-40e4-bada-4cb502de0b81",
"url--56e87f28-adfc-40e4-bada-4cb502de0b81",
"indicator--56e87f73-cfbc-449d-bbc3-4fde02de0b81",
"indicator--56e87f74-71f8-41d9-8ddb-4fa302de0b81",
"indicator--56e87f74-3050-4f11-b734-465b02de0b81",
"indicator--56e87f74-7e28-4ee0-8a54-424b02de0b81",
"indicator--56e87f75-8cc4-482b-b402-40fa02de0b81",
"indicator--56e87f75-a32c-4a93-87e0-4f4702de0b81",
"indicator--56e87f75-3c10-4dd6-8006-451502de0b81",
"indicator--56e87f76-d284-48e3-b743-496702de0b81",
"indicator--56e87f76-cc7c-4716-8e92-4e5602de0b81",
"indicator--56e87f76-ad90-4a2c-aa9a-4fec02de0b81",
"indicator--56e87f77-2f48-43c4-9a30-4d9d02de0b81",
"indicator--56e87f77-9cdc-4bcc-b5f7-40a502de0b81",
"indicator--56e87f77-2bd0-47f5-a4bf-483902de0b81",
"indicator--56e87f77-cdb8-440e-9991-4e4002de0b81",
"indicator--56e87f78-f264-43ad-8138-4a5d02de0b81",
"indicator--56e87f78-4298-44e3-b60a-42f702de0b81",
"indicator--56e87f79-9b2c-4187-ba5a-437502de0b81",
"indicator--56e87f79-571c-427a-b237-4e6402de0b81",
"indicator--56e87f79-0104-4d80-a0f6-440002de0b81",
"indicator--56e87f7a-a3ec-41b7-a7fa-476002de0b81",
"indicator--56e87f7a-64a0-4b59-9228-4a5602de0b81",
"indicator--56e87f7a-9030-44f7-bf32-439602de0b81",
"indicator--56e87f7b-2050-481f-bd93-48f802de0b81",
"indicator--56e87f7b-d670-4c97-b119-47b702de0b81",
"indicator--56e87f7b-ab3c-4b61-817a-454702de0b81",
"indicator--56e87f7c-7db8-4f24-b556-4a4f02de0b81",
"indicator--56e87f7c-d510-45e7-a09b-4a8802de0b81",
"indicator--56e87f7c-a0bc-4e02-810f-49a002de0b81",
"indicator--56e87f7d-4e9c-4555-a70c-415002de0b81",
"indicator--56e87f99-ca78-4783-93a3-419f02de0b81",
"indicator--56e87f99-4814-426d-99fc-40b402de0b81",
"indicator--56e87f9a-2510-4bb9-8e43-42f502de0b81",
"indicator--56e87fae-b260-44f9-a932-4d1602de0b81",
"indicator--56e87fae-cd88-431e-8fa6-439a02de0b81",
"indicator--56e87faf-71cc-46ee-a650-41de02de0b81",
"x-misp-attribute--56e87fe6-60d4-4af7-9f3d-4f2502de0b81",
"x-misp-attribute--56e8800c-8fb4-4d45-b4da-4d1d02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e87ef7-abb8-4ce0-8154-418602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:30:31.000Z",
"modified": "2016-03-15T21:30:31.000Z",
"first_observed": "2016-03-15T21:30:31Z",
"last_observed": "2016-03-15T21:30:31Z",
"number_observed": 1,
"object_refs": [
"url--56e87ef7-abb8-4ce0-8154-418602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e87ef7-abb8-4ce0-8154-418602de0b81",
"value": "https://www.virustotal.com/en/file/4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f05-b4f8-49a2-b5c6-4be602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:30:45.000Z",
"modified": "2016-03-15T21:30:45.000Z",
"pattern": "[file:hashes.SHA256 = '4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:30:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f27-eb34-4eb1-ab7b-4f5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:31:19.000Z",
"modified": "2016-03-15T21:31:19.000Z",
"description": "- Xchecked via VT: 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010",
"pattern": "[file:hashes.SHA1 = 'b1259b8287e38e79a2afc003471fe4750edefdaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f27-02dc-4fa1-9c84-42c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:31:19.000Z",
"modified": "2016-03-15T21:31:19.000Z",
"description": "- Xchecked via VT: 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010",
"pattern": "[file:hashes.MD5 = 'f71977440032b680e91baef49d9ca7f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e87f28-adfc-40e4-bada-4cb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:31:20.000Z",
"modified": "2016-03-15T21:31:20.000Z",
"first_observed": "2016-03-15T21:31:20Z",
"last_observed": "2016-03-15T21:31:20Z",
"number_observed": 1,
"object_refs": [
"url--56e87f28-adfc-40e4-bada-4cb502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e87f28-adfc-40e4-bada-4cb502de0b81",
"value": "https://www.virustotal.com/file/4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010/analysis/1458053512/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f73-cfbc-449d-bbc3-4fde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:35.000Z",
"modified": "2016-03-15T21:32:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/0/1/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f74-71f8-41d9-8ddb-4fa302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:36.000Z",
"modified": "2016-03-15T21:32:36.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/1/1/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f74-3050-4f11-b734-465b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:36.000Z",
"modified": "2016-03-15T21:32:36.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/1/2/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f74-7e28-4ee0-8a54-424b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:36.000Z",
"modified": "2016-03-15T21:32:36.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/1/3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f75-8cc4-482b-b402-40fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:37.000Z",
"modified": "2016-03-15T21:32:37.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/2/1/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f75-a32c-4a93-87e0-4f4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:37.000Z",
"modified": "2016-03-15T21:32:37.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/2/2/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f75-3c10-4dd6-8006-451502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:37.000Z",
"modified": "2016-03-15T21:32:37.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/3/1/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f76-d284-48e3-b743-496702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:38.000Z",
"modified": "2016-03-15T21:32:38.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/3/2/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f76-cc7c-4716-8e92-4e5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:38.000Z",
"modified": "2016-03-15T21:32:38.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/0/3/3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f76-ad90-4a2c-aa9a-4fec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:38.000Z",
"modified": "2016-03-15T21:32:38.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/09Zpm2kAxBn6kzsP_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f77-2f48-43c4-9a30-4d9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:39.000Z",
"modified": "2016-03-15T21:32:39.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/5GKESykA88VV9kVk_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f77-9cdc-4bcc-b5f7-40a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:39.000Z",
"modified": "2016-03-15T21:32:39.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/5vgOnl464R46YHaW_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f77-2bd0-47f5-a4bf-483902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:39.000Z",
"modified": "2016-03-15T21:32:39.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/bosbiz_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f77-cdb8-440e-9991-4e4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:39.000Z",
"modified": "2016-03-15T21:32:39.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/cybiz_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f78-f264-43ad-8138-4a5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:40.000Z",
"modified": "2016-03-15T21:32:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f78-4298-44e3-b60a-42f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:40.000Z",
"modified": "2016-03-15T21:32:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/default_redirect.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f79-9b2c-4187-ba5a-437502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:41.000Z",
"modified": "2016-03-15T21:32:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/files/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f79-571c-427a-b237-4e6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:41.000Z",
"modified": "2016-03-15T21:32:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/hsbcnet_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f79-0104-4d80-a0f6-440002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:41.000Z",
"modified": "2016-03-15T21:32:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/lloydsbiz_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7a-a3ec-41b7-a7fa-476002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:42.000Z",
"modified": "2016-03-15T21:32:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/lloydscorp_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7a-64a0-4b59-9228-4a5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:42.000Z",
"modified": "2016-03-15T21:32:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/lloydslink_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7a-9030-44f7-bf32-439602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:42.000Z",
"modified": "2016-03-15T21:32:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/nationwide_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7b-2050-481f-bd93-48f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:43.000Z",
"modified": "2016-03-15T21:32:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/santacorp_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7b-d670-4c97-b119-47b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:43.000Z",
"modified": "2016-03-15T21:32:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/tsbbiz_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7b-ab3c-4b61-817a-454702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:43.000Z",
"modified": "2016-03-15T21:32:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/XlxFi7aP7bK5w2vW_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7c-7db8-4f24-b556-4a4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:44.000Z",
"modified": "2016-03-15T21:32:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://158.255.193.15:4331/2/Ya4SYLq6fbMz712y_logon/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7c-d510-45e7-a09b-4a8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:44.000Z",
"modified": "2016-03-15T21:32:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://5.152.201.6:4331/eatlightas']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7c-a0bc-4e02-810f-49a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:44.000Z",
"modified": "2016-03-15T21:32:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://5.152.201.6:4331/humantangible']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f7d-4e9c-4555-a70c-415002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:32:45.000Z",
"modified": "2016-03-15T21:32:45.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://93.186.184.135:4243/eatlightas']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:32:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f99-ca78-4783-93a3-419f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:13.000Z",
"modified": "2016-03-15T21:33:13.000Z",
"description": "On port 643",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.89.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f99-4814-426d-99fc-40b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:13.000Z",
"modified": "2016-03-15T21:33:13.000Z",
"description": "On port 4113",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.192.1.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87f9a-2510-4bb9-8e43-42f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:14.000Z",
"modified": "2016-03-15T21:33:14.000Z",
"description": "On port 4843",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.117.242.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87fae-b260-44f9-a932-4d1602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:34.000Z",
"modified": "2016-03-15T21:33:34.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '154.66.148.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87fae-cd88-431e-8fa6-439a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:34.000Z",
"modified": "2016-03-15T21:33:34.000Z",
"description": "On port 444",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.183.20.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e87faf-71cc-46ee-a650-41de02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:33:35.000Z",
"modified": "2016-03-15T21:33:35.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.79.173.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-15T21:33:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e87fe6-60d4-4af7-9f3d-4f2502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:34:30.000Z",
"modified": "2016-03-15T21:34:30.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "comment",
"x_misp_value": "^https://ibank1\\.bib\\.barclays\\.com/logon/bibapplication.+LOGON\\.VALIDATE\\.SIGNED\r\n^https://entreprises\\.secure\\.societegenerale\\.fr/authent\\.html\r\n^https://www\\.labanquepostale\\.fr/grands-institutionnels\\.html\r\n^http://barclays\\.tenalps\\.com\r\n^https://shavar\\.services\\.mozilla\\.com/\r\n^https://urs\\.microsoft\\.com/\r\n^https://localhost.*/skypectoc/\r\n^http://.+/workbench/\r\n^https?://www\\.ce-g3-enligne\\.credit-agricole\\.fr/\r\n^https://entreprises\\.societegenerale\\.fr/\r\n^https://entreprises\\.certif\\.societegenerale\\.fr/authent\\.html\r\n^http://.+/MULTIVERSA\r\n^https://www\\.labanquepostale\\.fr/grandes-entreprises\\.html\r\n^https?://www\\.ca-paris\\.fr/\r\n^https://www\\.labanquepostale\\.fr/professionnels\\.html\r\n^https://professionnels\\.secure.societegenerale\\.fr/$\r\n^https://professionnels\\.societegenerale\\.fr/$\r\n^https://entreprises\\.bnpparibas\\.net/NSAccess\r\n^https://www2\\.bancopopular\\.es/\r\n^https://www\\.normand-g3-enligne\\.credit-agricole\\.fr/stb/\r\n^https?://www\\.net\\d+\\.caisse-epargne\\.fr/\r\n^https://www\\.anjou-maine-ediweb\\.credit-agricole\\.fr\r\n^https://statso\\.par\\.societegenerale\\.fr\r\n^https://.+\\.fr/stb/entreeBam\r\n^https?://particuliers\\.secure\\.societegenerale\\.fr\r\n^https://rib\\.ecobank\\.com/ecobankburkina/internet\r\n^https://ibank\\.humebank\\.com\\.au/mvp/signon/login\\.asp\r\n^https://cashmanagement\\.barclays\\.net/portalservices/forms/login\\.pser\\?TYPE.+cashmanagement\r\n^https://corporate\\.santander\\.co\\.uk/LOGSCU_NS_ENS/BtoChannelDriver\\.bto\r\n^https://corporate\\.santander\\.co\\.uk/(SCU_AUTHOR_ENS|SCU_PAYMNT_ENS)/\r\n^https://professionnels\\.secure\\.lcl\\.fr/outil/UAUT/Accueil/preRoutageLogin\r\n^https://secure1\\.entreprises\\.bnpparibas\\.net/sommaire/jsp/identification\\.jsp\r\n^https://www\\.caisse-epargne\\.fr/particuliers/normandie/accueil\\.aspx"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e8800c-8fb4-4d45-b4da-4d1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:35:08.000Z",
"modified": "2016-03-15T21:35:08.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "222\r\n196796"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}