{ "type": "bundle", "id": "bundle--57d6b9d9-5b3c-4d03-b7a7-4ed2950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:23.000Z", "modified": "2016-09-12T14:24:23.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57d6b9d9-5b3c-4d03-b7a7-4ed2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:23.000Z", "modified": "2016-09-12T14:24:23.000Z", "name": "Malspam 2016-09-12 (.js in .zip) - campaign: \"Budget report\"", "published": "2016-09-12T14:24:45Z", "object_refs": [ "indicator--57d6ba95-b054-40cb-9951-443d950d210f", "indicator--57d6ba96-4ca8-47e7-84a9-482f950d210f", "indicator--57d6ba96-57e8-445e-a8e6-4f58950d210f", "indicator--57d6ba96-e180-4ced-ba82-474a950d210f", "indicator--57d6ba96-d440-450a-80fb-411f950d210f", "indicator--57d6ba96-a088-45b3-9315-4c3f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba95-b054-40cb-9951-443d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:21.000Z", "modified": "2016-09-12T14:24:21.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.106.223']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba96-4ca8-47e7-84a9-482f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:22.000Z", "modified": "2016-09-12T14:24:22.000Z", "description": "download location", "pattern": "[url:value = 'http://lookbookinghotels.ws/a9sgrrak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba96-57e8-445e-a8e6-4f58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:22.000Z", "modified": "2016-09-12T14:24:22.000Z", "description": "download location", "pattern": "[url:value = 'http://trybttr.ws/h71qizc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba96-e180-4ced-ba82-474a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:22.000Z", "modified": "2016-09-12T14:24:22.000Z", "description": "download location", "pattern": "[domain-name:value = 'lookbookinghotels.ws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba96-d440-450a-80fb-411f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:22.000Z", "modified": "2016-09-12T14:24:22.000Z", "description": "download location", "pattern": "[domain-name:value = 'trybttr.ws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d6ba96-a088-45b3-9315-4c3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-12T14:24:22.000Z", "modified": "2016-09-12T14:24:22.000Z", "description": "download location", "pattern": "[domain-name:value = 'one4four1.ws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-12T14:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }