{ "type": "bundle", "id": "bundle--57c7d69f-2d14-4235-ad06-4b13950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:23:24.000Z", "modified": "2016-09-01T07:23:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c7d69f-2d14-4235-ad06-4b13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:23:24.000Z", "modified": "2016-09-01T07:23:24.000Z", "name": "Malspam 2016-09-01 (.hta in .zip) - campaign: \"Voice Message from Outside Caller\"", "published": "2016-09-01T08:58:58Z", "object_refs": [ "indicator--57c7d6c8-e150-40ec-b012-4f9f950d210f", "indicator--57c7d6c9-c628-4f11-9aab-4d0f950d210f", "indicator--57c7d6c9-e9b8-47f0-9852-457f950d210f", "indicator--57c7d6c9-94a4-4eea-b56c-480e950d210f", "indicator--57c7d6c9-04b0-4aae-adba-411f950d210f", "indicator--57c7d6c9-c22c-4af0-9166-46f7950d210f", "indicator--57c7d6ca-e414-4904-ac76-46ed950d210f", "indicator--57c7d6ca-0a30-4cec-af82-4740950d210f", "indicator--57c7d6ca-1568-4604-9614-4853950d210f", "indicator--57c7d6ca-fe30-4def-8e2d-42b5950d210f", "indicator--57c7d6ca-1e30-4637-8dcb-41b1950d210f", "indicator--57c7d6ca-46b4-49dc-92c0-44ac950d210f", "indicator--57c7d6cb-649c-496f-92e9-4b5e950d210f", "indicator--57c7d6cb-d054-4808-869a-4bc5950d210f", "indicator--57c7d6cb-2b38-4cad-897f-4779950d210f", "indicator--57c7d6cb-4954-485f-881f-41c7950d210f", "indicator--57c7d6cb-ca94-4e20-99a6-499e950d210f", "indicator--57c7d6cc-4de4-4a64-9de5-43dc950d210f", "indicator--57c7d6cc-cb60-4a81-aa15-4406950d210f", "indicator--57c7d6cc-965c-4006-8f2e-4da4950d210f", "indicator--57c7d6cc-fed8-4087-a538-4194950d210f", "indicator--57c7d6cc-7604-47c2-b5cb-413d950d210f", "indicator--57c7d6cd-e8f0-4add-8170-4663950d210f", "indicator--57c7d6cd-ec24-45e1-98cc-469a950d210f", "indicator--57c7d6cd-9df0-491d-8c14-40a2950d210f", "indicator--57c7d6cd-b22c-4204-930e-4812950d210f", "indicator--57c7d6cd-cd60-4924-858f-4509950d210f", "indicator--57c7d6ce-d67c-496a-bccb-422d950d210f", "indicator--57c7d6ce-c6f8-4c3e-986a-4c28950d210f", "indicator--57c7d6ce-d02c-4bd4-9988-4b40950d210f", "indicator--57c7d6ce-969c-40fe-bc73-41c1950d210f", "indicator--57c7d6ce-fd74-4a52-b7cf-4bcc950d210f", "indicator--57c7d6cf-2000-44f6-91f3-45dd950d210f", "indicator--57c7d6cf-bd38-48f0-a7ae-4294950d210f", "indicator--57c7d6cf-46e4-4006-8a9f-4eff950d210f", "indicator--57c7d6cf-b620-4fe7-aea3-4f97950d210f", "indicator--57c7d6d0-b4f4-47b9-9d89-490f950d210f", "indicator--57c7d6d0-f074-4a40-9e2d-442e950d210f", "indicator--57c7d6d0-7b2c-4e02-b02b-403a950d210f", "indicator--57c7d6d0-a0a0-45b7-9ace-40ad950d210f", "indicator--57c7d6d0-1a04-491a-a798-4abc950d210f", "indicator--57c7d6d1-31a0-4aae-98b8-4582950d210f", "indicator--57c7d6d1-6d14-4fe7-aafa-4a71950d210f", "indicator--57c7d6d1-df18-40ca-926d-4969950d210f", "indicator--57c7d6d1-ead0-480e-881f-486c950d210f", "indicator--57c7d6d1-6684-427d-ab4f-4d87950d210f", "indicator--57c7d6d2-6320-4b23-9d33-4e86950d210f", "indicator--57c7d6d2-558c-49c4-bd07-4787950d210f", "indicator--57c7d6d2-a85c-453f-a999-415f950d210f", "indicator--57c7d6d2-bf44-4ec1-8d64-44ea950d210f", "indicator--57c7d6d2-a598-45bd-b345-440b950d210f", "indicator--57c7d6d3-514c-4705-84da-4145950d210f", "indicator--57c7d6d3-76ec-42b8-8b93-42bc950d210f", "indicator--57c7d6d3-1060-41c6-8424-4a7d950d210f", "indicator--57c7d6d3-cb04-4755-ae89-49b5950d210f", "indicator--57c7d6d3-5150-494e-bde2-4841950d210f", "indicator--57c7d6d4-5b80-4e17-b261-446c950d210f", "indicator--57c7d6d4-f31c-45fc-826f-4de7950d210f", "indicator--57c7d6d4-8670-4a28-bf21-4695950d210f", "indicator--57c7d6d4-fd00-43ed-9be4-4b98950d210f", "indicator--57c7d6d5-b5cc-4245-be7d-46d3950d210f", "indicator--57c7d6d5-0154-4b01-af25-4ea5950d210f", "indicator--57c7d6d5-0828-4d8b-8a82-4ea5950d210f", "indicator--57c7d6d5-1db0-43c2-93cf-4bf0950d210f", "indicator--57c7d6d5-4a28-46ca-8b26-426f950d210f", "indicator--57c7d6d6-c600-4582-8ab4-466b950d210f", "indicator--57c7d6d6-f13c-425d-a310-4af0950d210f", "indicator--57c7d6d6-82d8-4677-bfda-449d950d210f", "indicator--57c7d6d6-2a10-404b-ad98-42eb950d210f", "indicator--57c7d6d6-69cc-412f-914b-49fb950d210f", "indicator--57c7d6d7-83dc-42ee-87da-452c950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c8-e150-40ec-b012-4f9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:40.000Z", "modified": "2016-09-01T07:20:40.000Z", "description": "download location", "pattern": "[url:value = 'http://www.john.edmunds.talktalk.net/cwjhfxb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c9-c628-4f11-9aab-4d0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:41.000Z", "modified": "2016-09-01T07:20:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.john.edmunds.talktalk.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c9-e9b8-47f0-9852-457f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:41.000Z", "modified": "2016-09-01T07:20:41.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.24.202.31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c9-94a4-4eea-b56c-480e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:41.000Z", "modified": "2016-09-01T07:20:41.000Z", "description": "download location", "pattern": "[url:value = 'http://www.btb-bike.de/psoexes']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c9-04b0-4aae-adba-411f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:41.000Z", "modified": "2016-09-01T07:20:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.btb-bike.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6c9-c22c-4af0-9166-46f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:41.000Z", "modified": "2016-09-01T07:20:41.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.143']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-e414-4904-ac76-46ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[url:value = 'http://foerschl.gmxhome.de/imnmicp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-0a30-4cec-af82-4740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[domain-name:value = 'foerschl.gmxhome.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-1568-4604-9614-4853950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.165.62.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-fe30-4def-8e2d-42b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[url:value = 'http://m-slova.web-box.ru/mglgyor']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-1e30-4637-8dcb-41b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[domain-name:value = 'm-slova.web-box.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ca-46b4-49dc-92c0-44ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:42.000Z", "modified": "2016-09-01T07:20:42.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.4.89.218']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cb-649c-496f-92e9-4b5e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:43.000Z", "modified": "2016-09-01T07:20:43.000Z", "description": "download location", "pattern": "[url:value = 'http://piisfashionpress.web.fc2.com/wpqeygr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cb-d054-4808-869a-4bc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:43.000Z", "modified": "2016-09-01T07:20:43.000Z", "description": "download location", "pattern": "[domain-name:value = 'piisfashionpress.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cb-2b38-4cad-897f-4779950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:43.000Z", "modified": "2016-09-01T07:20:43.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cb-4954-485f-881f-41c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:43.000Z", "modified": "2016-09-01T07:20:43.000Z", "description": "download location", "pattern": "[url:value = 'http://www.trade-centrum.eu/ibghgdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cb-ca94-4e20-99a6-499e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:43.000Z", "modified": "2016-09-01T07:20:43.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.trade-centrum.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cc-4de4-4a64-9de5-43dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:44.000Z", "modified": "2016-09-01T07:20:44.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.185.242.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cc-cb60-4a81-aa15-4406950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:44.000Z", "modified": "2016-09-01T07:20:44.000Z", "description": "download location", "pattern": "[url:value = 'http://ajedrezimprov.50webs.com/yfotxbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cc-965c-4006-8f2e-4da4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:44.000Z", "modified": "2016-09-01T07:20:44.000Z", "description": "download location", "pattern": "[domain-name:value = 'ajedrezimprov.50webs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cc-fed8-4087-a538-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:44.000Z", "modified": "2016-09-01T07:20:44.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cc-7604-47c2-b5cb-413d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:44.000Z", "modified": "2016-09-01T07:20:44.000Z", "description": "download location", "pattern": "[url:value = 'http://yggithuq.utawebhost.at/opdcrhh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cd-e8f0-4add-8170-4663950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:45.000Z", "modified": "2016-09-01T07:20:45.000Z", "description": "download location", "pattern": "[domain-name:value = 'yggithuq.utawebhost.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cd-ec24-45e1-98cc-469a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:45.000Z", "modified": "2016-09-01T07:20:45.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.248.63.109']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cd-9df0-491d-8c14-40a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:45.000Z", "modified": "2016-09-01T07:20:45.000Z", "description": "download location", "pattern": "[url:value = 'http://pennylanecupcakes.com.au/lfigasv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cd-b22c-4204-930e-4812950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:45.000Z", "modified": "2016-09-01T07:20:45.000Z", "description": "download location", "pattern": "[domain-name:value = 'pennylanecupcakes.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cd-cd60-4924-858f-4509950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:45.000Z", "modified": "2016-09-01T07:20:45.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.37.52.172']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ce-d67c-496a-bccb-422d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:46.000Z", "modified": "2016-09-01T07:20:46.000Z", "description": "download location", "pattern": "[url:value = 'http://fingermousedesign.co.uk/ctkvyio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ce-c6f8-4c3e-986a-4c28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:46.000Z", "modified": "2016-09-01T07:20:46.000Z", "description": "download location", "pattern": "[domain-name:value = 'fingermousedesign.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ce-d02c-4bd4-9988-4b40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:46.000Z", "modified": "2016-09-01T07:20:46.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.136.40.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ce-969c-40fe-bc73-41c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:46.000Z", "modified": "2016-09-01T07:20:46.000Z", "description": "download location", "pattern": "[url:value = 'http://209.41.183.242/adjxlax']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6ce-fd74-4a52-b7cf-4bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:46.000Z", "modified": "2016-09-01T07:20:46.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.41.183.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cf-2000-44f6-91f3-45dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:47.000Z", "modified": "2016-09-01T07:20:47.000Z", "description": "download location", "pattern": "[url:value = 'http://www.erretisnc.it/mucyerv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cf-bd38-48f0-a7ae-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:47.000Z", "modified": "2016-09-01T07:20:47.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.erretisnc.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cf-46e4-4006-8a9f-4eff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:47.000Z", "modified": "2016-09-01T07:20:47.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6cf-b620-4fe7-aea3-4f97950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:47.000Z", "modified": "2016-09-01T07:20:47.000Z", "description": "download location", "pattern": "[url:value = 'http://atomtyann.web.fc2.com/balewan']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d0-b4f4-47b9-9d89-490f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:48.000Z", "modified": "2016-09-01T07:20:48.000Z", "description": "download location", "pattern": "[domain-name:value = 'atomtyann.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d0-f074-4a40-9e2d-442e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:48.000Z", "modified": "2016-09-01T07:20:48.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d0-7b2c-4e02-b02b-403a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:48.000Z", "modified": "2016-09-01T07:20:48.000Z", "description": "download location", "pattern": "[url:value = 'http://www.dietmar-bernhard.de/rthvkws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d0-a0a0-45b7-9ace-40ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:48.000Z", "modified": "2016-09-01T07:20:48.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.dietmar-bernhard.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d0-1a04-491a-a798-4abc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:48.000Z", "modified": "2016-09-01T07:20:48.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.40.179.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d1-31a0-4aae-98b8-4582950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:49.000Z", "modified": "2016-09-01T07:20:49.000Z", "description": "download location", "pattern": "[url:value = 'http://www.en4x4.net/mtbtlvu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d1-6d14-4fe7-aafa-4a71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:49.000Z", "modified": "2016-09-01T07:20:49.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.en4x4.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d1-df18-40ca-926d-4969950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:49.000Z", "modified": "2016-09-01T07:20:49.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.238.0.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d1-ead0-480e-881f-486c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:49.000Z", "modified": "2016-09-01T07:20:49.000Z", "description": "download location", "pattern": "[url:value = 'http://news.oboyle.ro/wexunjy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d1-6684-427d-ab4f-4d87950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:49.000Z", "modified": "2016-09-01T07:20:49.000Z", "description": "download location", "pattern": "[domain-name:value = 'news.oboyle.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d2-6320-4b23-9d33-4e86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:50.000Z", "modified": "2016-09-01T07:20:50.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.238.218.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d2-558c-49c4-bd07-4787950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:50.000Z", "modified": "2016-09-01T07:20:50.000Z", "description": "download location", "pattern": "[url:value = 'http://portadeenrolar.ind.br/jtfinwo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d2-a85c-453f-a999-415f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:50.000Z", "modified": "2016-09-01T07:20:50.000Z", "description": "download location", "pattern": "[domain-name:value = 'portadeenrolar.ind.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d2-bf44-4ec1-8d64-44ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:50.000Z", "modified": "2016-09-01T07:20:50.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.202.126.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d2-a598-45bd-b345-440b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:50.000Z", "modified": "2016-09-01T07:20:50.000Z", "description": "download location", "pattern": "[url:value = 'http://matsumotokoichi.web.fc2.com/kwylrmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d3-514c-4705-84da-4145950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:51.000Z", "modified": "2016-09-01T07:20:51.000Z", "description": "download location", "pattern": "[domain-name:value = 'matsumotokoichi.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d3-76ec-42b8-8b93-42bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:51.000Z", "modified": "2016-09-01T07:20:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d3-1060-41c6-8424-4a7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:51.000Z", "modified": "2016-09-01T07:20:51.000Z", "description": "download location", "pattern": "[url:value = 'http://unimet.tmhandel.com/eeeunkr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d3-cb04-4755-ae89-49b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:51.000Z", "modified": "2016-09-01T07:20:51.000Z", "description": "download location", "pattern": "[domain-name:value = 'unimet.tmhandel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d3-5150-494e-bde2-4841950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:51.000Z", "modified": "2016-09-01T07:20:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.185.87.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d4-5b80-4e17-b261-446c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:52.000Z", "modified": "2016-09-01T07:20:52.000Z", "description": "download location", "pattern": "[url:value = 'http://josemedina.com/lqusgkq']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d4-f31c-45fc-826f-4de7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:52.000Z", "modified": "2016-09-01T07:20:52.000Z", "description": "download location", "pattern": "[domain-name:value = 'josemedina.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d4-8670-4a28-bf21-4695950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:52.000Z", "modified": "2016-09-01T07:20:52.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.110.144.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d4-fd00-43ed-9be4-4b98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:52.000Z", "modified": "2016-09-01T07:20:52.000Z", "description": "download location", "pattern": "[url:value = 'http://www.rioual.com/bddoxvg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d5-b5cc-4245-be7d-46d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:53.000Z", "modified": "2016-09-01T07:20:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.rioual.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d5-0154-4b01-af25-4ea5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:53.000Z", "modified": "2016-09-01T07:20:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d5-0828-4d8b-8a82-4ea5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:53.000Z", "modified": "2016-09-01T07:20:53.000Z", "description": "download location", "pattern": "[url:value = 'http://www.primaria-adamclisi.go.ro/ueeldwe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d5-1db0-43c2-93cf-4bf0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:53.000Z", "modified": "2016-09-01T07:20:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.primaria-adamclisi.go.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d5-4a28-46ca-8b26-426f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:53.000Z", "modified": "2016-09-01T07:20:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d6-c600-4582-8ab4-466b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[url:value = 'http://zse2.pl/clxcvja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d6-f13c-425d-a310-4af0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'zse2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d6-82d8-4677-bfda-449d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.157.100.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d6-2a10-404b-ad98-42eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[url:value = 'http://hotcarshhhs6632.com/js/76g78uf4sw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d6-69cc-412f-914b-49fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'hotcarshhhs6632.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c7d6d7-83dc-42ee-87da-452c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-01T07:20:54.000Z", "modified": "2016-09-01T07:20:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.106.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-01T07:20:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }