{ "type": "bundle", "id": "bundle--59245845-a0f8-4198-af28-3ddc950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:54.000Z", "modified": "2017-05-23T15:42:54.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59245845-a0f8-4198-af28-3ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:54.000Z", "modified": "2017-05-23T15:42:54.000Z", "name": "Jaff 2017-05-23 : \"Invoice\" - \"12-3456.pdf\"", "context": "suspicious-activity", "object_refs": [ "indicator--5924587a-0b9c-48fb-b11e-3dd2950d210f", "indicator--5924587d-ef80-472a-af91-c159950d210f", "indicator--5924587e-5394-4d5d-b0ff-c155950d210f", "indicator--59245877-05fc-4ca9-a2e2-c154950d210f", "indicator--59245879-ede0-4aff-976a-6bfa950d210f", "indicator--59245876-1f10-415a-8b19-c150950d210f", "indicator--59245875-8278-4a28-8a8b-180d950d210f", "indicator--59245873-a7b8-4d3c-a6ca-c14e950d210f", "indicator--59245868-51c8-4999-b464-6b79950d210f", "indicator--59245869-8088-41ef-8c1c-c159950d210f", "indicator--5924586c-0de0-4e2c-9a87-c155950d210f", "indicator--5924586d-c514-44bf-94be-47aa950d210f", "indicator--5924586e-ed8c-4299-a339-c156950d210f", "indicator--59245871-9f24-47d2-a997-6a00950d210f", "indicator--59245872-0214-46ae-8ee2-3ddc950d210f", "indicator--59245867-c5fc-4f7a-a4dd-4edc950d210f", "indicator--59245865-8a24-4a71-9a49-6bfa950d210f", "indicator--59245864-18d0-4bcb-866a-c153950d210f", "indicator--5924585f-e5a0-4d78-b3d8-9198950d210f", "indicator--59245860-f040-4963-8767-c154950d210f", "indicator--59245862-0ec0-44c0-bee5-69b6950d210f", "indicator--5924585b-f78c-4383-905d-c150950d210f", "indicator--5924585d-56a8-45ea-9207-c152950d210f", "indicator--59245854-c880-48d8-a7bf-6a00950d210f", "indicator--59245856-a60c-4840-9ab1-4a90950d210f", "indicator--59245857-8200-4219-80b8-3ddc950d210f", "indicator--59245858-b4f0-4b6e-91a9-c14e950d210f", "indicator--59245859-e634-4c50-b89f-180d950d210f", "indicator--59245853-7f40-4f2f-ade7-4466950d210f", "indicator--59245852-3f8c-42bb-b2bc-c155950d210f", "indicator--5924584c-07c4-4cc2-b97d-4697950d210f", "indicator--5924584e-5c40-44ee-b672-3dd2950d210f", "indicator--5924584f-2660-49b1-9ac2-6b79950d210f", "indicator--59245850-3258-431d-9335-c159950d210f", "indicator--5924584a-3650-479b-bdbd-6bfa950d210f", "indicator--59245847-c804-4809-9661-4aab950d210f", "indicator--59245848-5a10-4a4c-acbc-9198950d210f", "indicator--59245849-020c-4b91-bda5-69b6950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924587a-0b9c-48fb-b11e-3dd2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:50.000Z", "modified": "2017-05-23T15:42:50.000Z", "pattern": "[url:value = 'http://maximusstafastoriesticks.info/a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924587d-ef80-472a-af91-c159950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:52.000Z", "modified": "2017-05-23T15:42:52.000Z", "pattern": "[domain-name:value = 'maximusstafastoriesticks.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924587e-5394-4d5d-b0ff-c155950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:54.000Z", "modified": "2017-05-23T15:42:54.000Z", "description": "maximusstafastoriesticks.info", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.109.147.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245877-05fc-4ca9-a2e2-c154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:47.000Z", "modified": "2017-05-23T15:42:47.000Z", "pattern": "[domain-name:value = 'williams-fitness.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245879-ede0-4aff-976a-6bfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:49.000Z", "modified": "2017-05-23T15:42:49.000Z", "description": "williams-fitness.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.44.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245876-1f10-415a-8b19-c150950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:46.000Z", "modified": "2017-05-23T15:42:46.000Z", "pattern": "[url:value = 'http://williams-fitness.com/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245875-8278-4a28-8a8b-180d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:45.000Z", "modified": "2017-05-23T15:42:45.000Z", "description": "uslugitransportowe-warszawa.pl", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.68.249.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245873-a7b8-4d3c-a6ca-c14e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:43.000Z", "modified": "2017-05-23T15:42:43.000Z", "pattern": "[domain-name:value = 'uslugitransportowe-warszawa.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245868-51c8-4999-b464-6b79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:32.000Z", "modified": "2017-05-23T15:42:32.000Z", "pattern": "[url:value = 'http://oliverkuo.com.au/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245869-8088-41ef-8c1c-c159950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:33.000Z", "modified": "2017-05-23T15:42:33.000Z", "pattern": "[domain-name:value = 'oliverkuo.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924586c-0de0-4e2c-9a87-c155950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:36.000Z", "modified": "2017-05-23T15:42:36.000Z", "description": "oliverkuo.com.au", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.54.86.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924586d-c514-44bf-94be-47aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:37.000Z", "modified": "2017-05-23T15:42:37.000Z", "pattern": "[url:value = 'http://pcflame.com.au/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924586e-ed8c-4299-a339-c156950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:38.000Z", "modified": "2017-05-23T15:42:38.000Z", "pattern": "[domain-name:value = 'pcflame.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245871-9f24-47d2-a997-6a00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:41.000Z", "modified": "2017-05-23T15:42:41.000Z", "description": "pcflame.com.au", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.9.170.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245872-0214-46ae-8ee2-3ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:42.000Z", "modified": "2017-05-23T15:42:42.000Z", "pattern": "[url:value = 'http://uslugitransportowe-warszawa.pl/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245867-c5fc-4f7a-a4dd-4edc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:31.000Z", "modified": "2017-05-23T15:42:31.000Z", "description": "minnessotaswordfishh.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.165.236.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245865-8a24-4a71-9a49-6bfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:29.000Z", "modified": "2017-05-23T15:42:29.000Z", "pattern": "[domain-name:value = 'minnessotaswordfishh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245864-18d0-4bcb-866a-c153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:28.000Z", "modified": "2017-05-23T15:42:28.000Z", "pattern": "[url:value = 'http://minnessotaswordfishh.com/af/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924585f-e5a0-4d78-b3d8-9198950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:23.000Z", "modified": "2017-05-23T15:42:23.000Z", "pattern": "[url:value = 'http://khaosoklake.com/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245860-f040-4963-8767-c154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:24.000Z", "modified": "2017-05-23T15:42:24.000Z", "pattern": "[domain-name:value = 'khaosoklake.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245862-0ec0-44c0-bee5-69b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:26.000Z", "modified": "2017-05-23T15:42:26.000Z", "description": "khaosoklake.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.104.168.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924585b-f78c-4383-905d-c150950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:19.000Z", "modified": "2017-05-23T15:42:19.000Z", "pattern": "[domain-name:value = 'fjjslyw.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924585d-56a8-45ea-9207-c152950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:21.000Z", "modified": "2017-05-23T15:42:21.000Z", "description": "fjjslyw.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.169.81.126']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245854-c880-48d8-a7bf-6a00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:12.000Z", "modified": "2017-05-23T15:42:12.000Z", "description": "dota2wiki.ir", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.14.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245856-a60c-4840-9ab1-4a90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:14.000Z", "modified": "2017-05-23T15:42:14.000Z", "pattern": "[url:value = 'http://elateplaza.com/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245857-8200-4219-80b8-3ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:15.000Z", "modified": "2017-05-23T15:42:15.000Z", "pattern": "[domain-name:value = 'elateplaza.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245858-b4f0-4b6e-91a9-c14e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:16.000Z", "modified": "2017-05-23T15:42:16.000Z", "description": "elateplaza.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.23.97.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245859-e634-4c50-b89f-180d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:17.000Z", "modified": "2017-05-23T15:42:17.000Z", "pattern": "[url:value = 'http://fjjslyw.com/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245853-7f40-4f2f-ade7-4466950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:11.000Z", "modified": "2017-05-23T15:42:11.000Z", "pattern": "[domain-name:value = 'dota2wiki.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245852-3f8c-42bb-b2bc-c155950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:10.000Z", "modified": "2017-05-23T15:42:10.000Z", "pattern": "[url:value = 'http://dota2wiki.ir/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924584c-07c4-4cc2-b97d-4697950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:04.000Z", "modified": "2017-05-23T15:42:04.000Z", "description": "abcenglishclub.com", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '100.42.56.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924584e-5c40-44ee-b672-3dd2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:06.000Z", "modified": "2017-05-23T15:42:06.000Z", "pattern": "[url:value = 'http://david-faber.de/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924584f-2660-49b1-9ac2-6b79950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:07.000Z", "modified": "2017-05-23T15:42:07.000Z", "pattern": "[domain-name:value = 'david-faber.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245850-3258-431d-9335-c159950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:08.000Z", "modified": "2017-05-23T15:42:08.000Z", "description": "david-faber.de", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5924584a-3650-479b-bdbd-6bfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:02.000Z", "modified": "2017-05-23T15:42:02.000Z", "pattern": "[domain-name:value = 'abcenglishclub.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245847-c804-4809-9661-4aab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:41:59.000Z", "modified": "2017-05-23T15:41:59.000Z", "pattern": "[file:hashes.MD5 = 'a538307d7bc458726a344523aa947010']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245848-5a10-4a4c-acbc-9198950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:00.000Z", "modified": "2017-05-23T15:42:00.000Z", "pattern": "[file:hashes.MD5 = '56185d85038547ec352a0f39396a37a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59245849-020c-4b91-bda5-69b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-23T15:42:01.000Z", "modified": "2017-05-23T15:42:01.000Z", "pattern": "[url:value = 'http://abcenglishclub.com/fgJds2U']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-23T15:42:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }