{ "type": "bundle", "id": "bundle--591bfe00-bb40-4958-9c33-4b87950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--591bfe00-bb40-4958-9c33-4b87950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "name": "2017-05-16 Malspam Emailing:#####.pdf.pdf", "published": "2017-05-17T09:54:20Z", "object_refs": [ "indicator--591bfe02-54c8-4081-9eb6-46b6950d210f", "indicator--591bfe03-adc4-4ce5-bb86-43a5950d210f", "indicator--591bfe05-ff30-4a45-876a-4830950d210f", "indicator--591bfe0c-d460-470e-bd52-4467950d210f", "indicator--591bfe11-d14c-4887-9658-4070950d210f", "indicator--591bfe13-72f4-4499-a85a-416a950d210f", "indicator--591bfe16-18a4-4ede-903f-4133950d210f", "indicator--591bfe17-9bd4-4ff2-b1c1-4ea9950d210f", "indicator--591bfe19-e020-4db4-9cad-4ae8950d210f", "indicator--591bfe1a-2d6c-44e7-92d3-4bdd950d210f", "indicator--591bfe1b-cd28-404a-9e7d-4a64950d210f", "indicator--591bfe1d-bc68-4561-a5ba-4487950d210f", "indicator--591bfe1e-8db0-4828-8108-4ad8950d210f", "indicator--591bfe20-3ae8-4ae8-89a1-4ddf950d210f", "indicator--591bfe22-4654-4e5c-8191-47a7950d210f", "indicator--591bfe24-ea94-4f94-8426-4ea9950d210f", "indicator--591bfe25-2cf0-4275-8049-4805950d210f", "indicator--591bfe28-f2ac-4224-9bf8-4fed950d210f", "indicator--591bfe29-8038-4e47-9d72-42e0950d210f", "indicator--591bfe2b-4f14-4986-8483-4c72950d210f", "indicator--591bfe2d-7b30-4b2a-80a8-44f2950d210f", "indicator--591bfe30-f1e8-488a-8bc3-41d7950d210f", "indicator--591bfe31-2330-40c6-9193-424b950d210f", "indicator--591bfe33-6f0c-42b5-946a-498e950d210f", "indicator--591bfe35-6e14-47aa-8a73-4f15950d210f", "indicator--591bfe37-6564-409d-8be2-4171950d210f", "indicator--591bfe39-400c-4697-8abd-419c950d210f", "indicator--591bfe3b-ae80-4bb7-9773-4695950d210f", "indicator--591bfe3d-0ba0-411c-a1a0-42bb950d210f", "indicator--591bfe3e-21c4-4931-ad61-4b5f950d210f", "indicator--591bfe40-91a0-4f35-bc04-4039950d210f", "indicator--591bfe42-a858-49f7-919f-4652950d210f", "indicator--591bfe44-4ed8-408f-9acc-44f3950d210f", "indicator--591bfe46-2450-420e-9128-4b75950d210f", "indicator--591bfe47-40e4-44df-b808-46e5950d210f", "indicator--591bfe49-55e8-46a4-9c75-41d3950d210f", "indicator--591bfe4c-66a0-4ce0-9a72-41e7950d210f", "indicator--591bfe52-4af8-4d57-9eae-465e950d210f", "indicator--591bfe5d-0d88-4ea4-a4ed-4947950d210f", "indicator--591bfe63-cb20-47ce-a80b-43fe950d210f", "indicator--591bfe65-d580-437c-9d4c-47a4950d210f", "indicator--591bfe68-ec58-4339-9497-4ded950d210f", "indicator--591bfe6a-8a28-43b1-b614-425b950d210f", "indicator--591bfe6c-9ce8-460b-8447-49ab950d210f", "indicator--591bfe6f-6638-49ac-a119-42b5950d210f", "indicator--591bfe71-0a2c-4d44-ad85-4895950d210f", "indicator--591bfe74-6118-44fd-bfcd-4692950d210f", "indicator--591bfe77-d260-4560-9695-4dad950d210f", "indicator--591bfe7a-3c94-4c5f-9130-496b950d210f", "indicator--591bfe7d-2e14-42cc-8b93-4a02950d210f", "indicator--591bfe80-f860-4ef4-a5ca-459a950d210f", "indicator--591bfe83-5834-43b1-81c3-4648950d210f", "indicator--591bfe85-e9d0-428b-94bd-4c24950d210f", "indicator--591bfe88-b8d0-485c-934e-46bc950d210f", "indicator--591bfe8c-45bc-4b73-a6e6-418b950d210f", "indicator--591bfe8f-96fc-4398-bb01-4758950d210f", "indicator--591bfe92-a0b8-4ecd-97ad-4b01950d210f", "indicator--591bfe96-ba3c-4e2e-9f26-4770950d210f", "indicator--591bfe99-218c-4d6d-959d-40fa950d210f", "indicator--591bfe9c-fcf0-4b94-bbdf-4b29950d210f", "indicator--591bfe9f-49b8-4d0b-8b17-4e23950d210f", "indicator--591bfea1-3334-4391-9635-4216950d210f", "indicator--591bfea4-60ec-47fa-8af9-4d73950d210f", "indicator--591bfea7-087c-46b3-ac68-4d05950d210f", "indicator--591bfeaa-1f28-4a27-8364-4064950d210f", "indicator--591bfead-fe88-4a9b-84e2-49ed950d210f", "indicator--591bfeb0-58fc-4fb1-a718-49e3950d210f", "indicator--591bfeb3-14e0-44f9-89f0-4859950d210f", "indicator--591bfeb7-29f4-48cb-9478-47f4950d210f", "indicator--591bfeba-b580-43b7-a60a-4006950d210f", "indicator--591bfebe-9588-4633-945f-498c950d210f", "indicator--591bfec0-ce18-489d-8b6c-4c34950d210f", "indicator--591bfec5-3a64-41e4-9fb9-4c77950d210f", "indicator--591bfec9-4e34-48d8-93de-453e950d210f", "indicator--591bfecc-74e8-41dc-9833-4bc7950d210f", "indicator--591bfecf-41d8-4b0d-b828-431f950d210f", "indicator--591bfed2-1fb4-4737-b18b-4acc950d210f", "indicator--591bfed5-5350-43b9-98df-41dc950d210f", "indicator--591bfed9-e324-4b84-828f-4144950d210f", "indicator--591bfedc-6628-4d71-a9b8-4d98950d210f", "indicator--591bfedf-ac4c-4768-8cf4-4199950d210f", "indicator--591bfee3-f80c-4c95-bbf7-4f26950d210f", "observed-data--591bfee6-1c58-4e3f-bbec-4447950d210f", "url--591bfee6-1c58-4e3f-bbec-4447950d210f", "observed-data--591bfeea-a974-4973-bd3c-42d1950d210f", "url--591bfeea-a974-4973-bd3c-42d1950d210f", "observed-data--591bfeed-33e8-4d35-a78c-4b21950d210f", "url--591bfeed-33e8-4d35-a78c-4b21950d210f", "indicator--591bfef1-2754-4821-8c2c-4ca7950d210f", "indicator--591bfefc-8c10-4cf4-8c48-4506950d210f", "indicator--591c0d3c-b1f8-4e53-8f19-44f302de0b81", "observed-data--591c0d3d-9c40-4330-bcef-4c3302de0b81", "url--591c0d3d-9c40-4330-bcef-4c3302de0b81", "indicator--591c0d3d-2f64-49f3-ab52-410002de0b81", "indicator--591c0d3d-4bcc-44ca-b954-4a1b02de0b81", "observed-data--591c0d3e-64c4-42e1-ad8e-4fc102de0b81", "url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81", "indicator--591c0d3e-f17c-474f-9197-435f02de0b81", "indicator--591c0d3f-e758-4e93-aa48-49da02de0b81", "observed-data--591c0d3f-c890-4251-a766-4e4202de0b81", "url--591c0d3f-c890-4251-a766-4e4202de0b81", "indicator--591c0d3f-be88-43f8-b93e-497202de0b81", "indicator--591c0d40-4c50-4293-b2d0-4a2602de0b81", "observed-data--591c0d40-301c-4005-ac84-477b02de0b81", "url--591c0d40-301c-4005-ac84-477b02de0b81", "indicator--591c0d41-f978-4e20-87a9-43eb02de0b81", "indicator--591c0d41-b4c8-4288-9d02-4cdb02de0b81", "observed-data--591c0d41-3bfc-4e79-b524-418b02de0b81", "url--591c0d41-3bfc-4e79-b524-418b02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe02-54c8-4081-9eb6-46b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.MD5 = 'ed8ed2f15cc120d56101f9278d2b7a90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe03-adc4-4ce5-bb86-43a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.MD5 = '3564428de04f35a9a9c7b1828d60edce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe05-ff30-4a45-876a-4830950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.MD5 = 'e79e31c6caee2d64b25588337e979eab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe0c-d460-470e-bd52-4467950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.MD5 = 'c2a760c6461449ac1d5a5538242bed11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe11-d14c-4887-9658-4070950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.MD5 = '2b2c0737949a56528b0834f642ff2635']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe13-72f4-4499-a85a-416a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[file:hashes.SHA256 = 'fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe16-18a4-4ede-903f-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://beautyandearth.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe17-9bd4-4ff2-b1c1-4ea9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'beautyandearth.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe19-e020-4db4-9cad-4ae8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "beautyandearth.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.167.156.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe1a-2d6c-44e7-92d3-4bdd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://biarritzru.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe1b-cd28-404a-9e7d-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'biarritzru.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe1d-bc68-4561-a5ba-4487950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "biarritzru.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.141.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe1e-8db0-4828-8108-4ad8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://bioferme.biz/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe20-3ae8-4ae8-89a1-4ddf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'bioferme.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe22-4654-4e5c-8191-47a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "bioferme.biz", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '219.118.71.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe24-ea94-4f94-8426-4ea9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://daweizhi.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe25-2cf0-4275-8049-4805950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'daweizhi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe28-f2ac-4224-9bf8-4fed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "daweizhi.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.29.111.183']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe29-8038-4e47-9d72-42e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://dodawanie.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe2b-4f14-4986-8483-4c72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'dodawanie.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe2d-7b30-4b2a-80a8-44f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "dodawanie.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.23.21.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe30-f1e8-488a-8bc3-41d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "dodawanie.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.23.21.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe31-2330-40c6-9193-424b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe33-6f0c-42b5-946a-498e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'herrossoidffr6644qa.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe35-6e14-47aa-8a73-4f15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "herrossoidffr6644qa.top", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.209.214.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe37-6564-409d-8be2-4171950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://jomoba35.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe39-400c-4697-8abd-419c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'jomoba35.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe3b-ae80-4bb7-9773-4695950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "jomoba35.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.239.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe3d-0ba0-411c-a1a0-42bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://joshcomeauxhair.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe3e-21c4-4931-ad61-4b5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'joshcomeauxhair.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe40-91a0-4f35-bc04-4039950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "joshcomeauxhair.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.13.247']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe42-a858-49f7-919f-4652950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://jsplast.ru/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe44-4ed8-408f-9acc-44f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'jsplast.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe46-2450-420e-9128-4b75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "jsplast.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.119.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe47-40e4-44df-b808-46e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://juvadent.de/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe49-55e8-46a4-9c75-41d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'juvadent.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe4c-66a0-4ce0-9a72-41e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "juvadent.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.143']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe52-4af8-4d57-9eae-465e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://opearl.net/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe5d-0d88-4ea4-a4ed-4947950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'opearl.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe63-cb20-47ce-a80b-43fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "opearl.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.76.230.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe65-d580-437c-9d4c-47a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://outdoor-sauerland.de/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe68-ec58-4339-9497-4ded950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'outdoor-sauerland.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe6a-8a28-43b1-b614-425b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "outdoor-sauerland.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.172']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe6c-9ce8-460b-8447-49ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://personalizar.net/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe6f-6638-49ac-a119-42b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'personalizar.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe71-0a2c-4d44-ad85-4895950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "personalizar.net", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe74-6118-44fd-bfcd-4692950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://playmindltd.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe77-d260-4560-9695-4dad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'playmindltd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe7a-3c94-4c5f-9130-496b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "playmindltd.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.63.135.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe7d-2e14-42cc-8b93-4a02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://reefclub.ru/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe80-f860-4ef4-a5ca-459a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'reefclub.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe83-5834-43b1-81c3-4648950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "reefclub.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.137.163.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe85-e9d0-428b-94bd-4c24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://ripasso.nl/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe88-b8d0-485c-934e-46bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'ripasso.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe8c-45bc-4b73-a6e6-418b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "ripasso.nl", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.70.4.32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe8f-96fc-4398-bb01-4758950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://sjffonrvcik45bd.info/af/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe92-a0b8-4ecd-97ad-4b01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'sjffonrvcik45bd.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe96-ba3c-4e2e-9f26-4770950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://tidytrend.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe99-218c-4d6d-959d-40fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'tidytrend.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe9c-fcf0-4b94-bbdf-4b29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "tidytrend.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.26.179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfe9f-49b8-4d0b-8b17-4e23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://titanmachinery.com.au/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfea1-3334-4391-9635-4216950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'titanmachinery.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfea4-60ec-47fa-8af9-4d73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "titanmachinery.com.au", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.0.99.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfea7-087c-46b3-ac68-4d05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://tomcarservice.it/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfeaa-1f28-4a27-8364-4064950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'tomcarservice.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfead-fe88-4a9b-84e2-49ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "tomcarservice.it", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.245.188.95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfeb0-58fc-4fb1-a718-49e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://valpit.ru/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfeb3-14e0-44f9-89f0-4859950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'valpit.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfeb7-29f4-48cb-9478-47f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "valpit.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.70.26.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfeba-b580-43b7-a60a-4006950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "valpit.ru", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.85.61.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfebe-9588-4633-945f-498c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://ventrust.ro/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfec0-ce18-489d-8b6c-4c34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'ventrust.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfec5-3a64-41e4-9fb9-4c77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "ventrust.ro", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.209.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfec9-4e34-48d8-93de-453e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://vipan-photography.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfecc-74e8-41dc-9833-4bc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'vipan-photography.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfecf-41d8-4b0d-b828-431f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "vipan-photography.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.65.115.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfed2-1fb4-4737-b18b-4acc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://wizbam.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfed5-5350-43b9-98df-41dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'wizbam.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfed9-e324-4b84-828f-4144950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "wizbam.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.48.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfedc-6628-4d71-a9b8-4d98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'http://eesiiuroffde445.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfedf-ac4c-4768-8cf4-4199950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[domain-name:value = 'eesiiuroffde445.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfee3-f80c-4c95-bbf7-4f26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "description": "eesiiuroffde445.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.107.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591bfee6-1c58-4e3f-bbec-4447950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "first_observed": "2017-05-17T08:42:59Z", "last_observed": "2017-05-17T08:42:59Z", "number_observed": 1, "object_refs": [ "url--591bfee6-1c58-4e3f-bbec-4447950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591bfee6-1c58-4e3f-bbec-4447950d210f", "value": "https://www.virustotal.com/en/file/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e/analysis/1494930087/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591bfeea-a974-4973-bd3c-42d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "first_observed": "2017-05-17T08:42:59Z", "last_observed": "2017-05-17T08:42:59Z", "number_observed": 1, "object_refs": [ "url--591bfeea-a974-4973-bd3c-42d1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591bfeea-a974-4973-bd3c-42d1950d210f", "value": "https://malwr.com/submission/status/MmY0ZTQ2ODQzZjNhNDlkNzkyZjJiNDUwZmUzMmRjMGY/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591bfeed-33e8-4d35-a78c-4b21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "first_observed": "2017-05-17T08:42:59Z", "last_observed": "2017-05-17T08:42:59Z", "number_observed": 1, "object_refs": [ "url--591bfeed-33e8-4d35-a78c-4b21950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591bfeed-33e8-4d35-a78c-4b21950d210f", "value": "https://www.hybrid-analysis.com/sample/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e?environmentId=100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfef1-2754-4821-8c2c-4ca7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'wizbam.com/Nbiyure3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591bfefc-8c10-4cf4-8c48-4506950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:42:59.000Z", "modified": "2017-05-17T08:42:59.000Z", "pattern": "[url:value = 'eesiiuroffde445.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:42:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3c-b1f8-4e53-8f19-44f302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:40.000Z", "modified": "2017-05-17T08:43:40.000Z", "description": "- Xchecked via VT: fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e", "pattern": "[file:hashes.SHA1 = '2c8ea5c1957ab9ccf4afd255aeea47f13e278814']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591c0d3d-9c40-4330-bcef-4c3302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:41.000Z", "modified": "2017-05-17T08:43:41.000Z", "first_observed": "2017-05-17T08:43:41Z", "last_observed": "2017-05-17T08:43:41Z", "number_observed": 1, "object_refs": [ "url--591c0d3d-9c40-4330-bcef-4c3302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591c0d3d-9c40-4330-bcef-4c3302de0b81", "value": "https://www.virustotal.com/file/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e/analysis/1494948925/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3d-2f64-49f3-ab52-410002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:41.000Z", "modified": "2017-05-17T08:43:41.000Z", "description": "- Xchecked via VT: c2a760c6461449ac1d5a5538242bed11", "pattern": "[file:hashes.SHA256 = '387812ee2820cbf49812b1b229b7d8721ee37296f7b6018332a56e30a99e1092']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3d-4bcc-44ca-b954-4a1b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:41.000Z", "modified": "2017-05-17T08:43:41.000Z", "description": "- Xchecked via VT: c2a760c6461449ac1d5a5538242bed11", "pattern": "[file:hashes.SHA1 = '59684c6261afc698c0f6a46658986f0268f4c5a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591c0d3e-64c4-42e1-ad8e-4fc102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:42.000Z", "modified": "2017-05-17T08:43:42.000Z", "first_observed": "2017-05-17T08:43:42Z", "last_observed": "2017-05-17T08:43:42Z", "number_observed": 1, "object_refs": [ "url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81", "value": "https://www.virustotal.com/file/387812ee2820cbf49812b1b229b7d8721ee37296f7b6018332a56e30a99e1092/analysis/1495000686/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3e-f17c-474f-9197-435f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:42.000Z", "modified": "2017-05-17T08:43:42.000Z", "description": "- Xchecked via VT: e79e31c6caee2d64b25588337e979eab", "pattern": "[file:hashes.SHA256 = 'aca726cb504599206e66823ff2863eb80c6a5f16ff71ca9fcdd907ad39b2d852']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3f-e758-4e93-aa48-49da02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:43.000Z", "modified": "2017-05-17T08:43:43.000Z", "description": "- Xchecked via VT: e79e31c6caee2d64b25588337e979eab", "pattern": "[file:hashes.SHA1 = 'f0105d132d880d602b37912d93abb712b2b281d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591c0d3f-c890-4251-a766-4e4202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:43.000Z", "modified": "2017-05-17T08:43:43.000Z", "first_observed": "2017-05-17T08:43:43Z", "last_observed": "2017-05-17T08:43:43Z", "number_observed": 1, "object_refs": [ "url--591c0d3f-c890-4251-a766-4e4202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591c0d3f-c890-4251-a766-4e4202de0b81", "value": "https://www.virustotal.com/file/aca726cb504599206e66823ff2863eb80c6a5f16ff71ca9fcdd907ad39b2d852/analysis/1494969979/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d3f-be88-43f8-b93e-497202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:43.000Z", "modified": "2017-05-17T08:43:43.000Z", "description": "- Xchecked via VT: 3564428de04f35a9a9c7b1828d60edce", "pattern": "[file:hashes.SHA256 = 'ae7f1496e098b24ed52f3796b2751e31300c1f414cdb9852ccb42dfdc261c98d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d40-4c50-4293-b2d0-4a2602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:44.000Z", "modified": "2017-05-17T08:43:44.000Z", "description": "- Xchecked via VT: 3564428de04f35a9a9c7b1828d60edce", "pattern": "[file:hashes.SHA1 = 'a081c02d29b46053c1db0d7ec09012e438e091dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591c0d40-301c-4005-ac84-477b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:44.000Z", "modified": "2017-05-17T08:43:44.000Z", "first_observed": "2017-05-17T08:43:44Z", "last_observed": "2017-05-17T08:43:44Z", "number_observed": 1, "object_refs": [ "url--591c0d40-301c-4005-ac84-477b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591c0d40-301c-4005-ac84-477b02de0b81", "value": "https://www.virustotal.com/file/ae7f1496e098b24ed52f3796b2751e31300c1f414cdb9852ccb42dfdc261c98d/analysis/1495008698/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d41-f978-4e20-87a9-43eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:45.000Z", "modified": "2017-05-17T08:43:45.000Z", "description": "- Xchecked via VT: ed8ed2f15cc120d56101f9278d2b7a90", "pattern": "[file:hashes.SHA256 = '04cdba9177bcb633604469e09c5d9348719706ea86f3cdd0aaaf5cb4c6b0dece']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--591c0d41-b4c8-4288-9d02-4cdb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:45.000Z", "modified": "2017-05-17T08:43:45.000Z", "description": "- Xchecked via VT: ed8ed2f15cc120d56101f9278d2b7a90", "pattern": "[file:hashes.SHA1 = 'c6bce7cb230669ce15ec0513e4769bf82f94f1f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-17T08:43:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--591c0d41-3bfc-4e79-b524-418b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-17T08:43:45.000Z", "modified": "2017-05-17T08:43:45.000Z", "first_observed": "2017-05-17T08:43:45Z", "last_observed": "2017-05-17T08:43:45Z", "number_observed": 1, "object_refs": [ "url--591c0d41-3bfc-4e79-b524-418b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--591c0d41-3bfc-4e79-b524-418b02de0b81", "value": "https://www.virustotal.com/file/04cdba9177bcb633604469e09c5d9348719706ea86f3cdd0aaaf5cb4c6b0dece/analysis/1494994547/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }