{ "type": "bundle", "id": "bundle--59282a08-aec8-49e7-932a-45d3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:40.000Z", "modified": "2017-05-26T13:48:40.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59282a08-aec8-49e7-932a-45d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:40.000Z", "modified": "2017-05-26T13:48:40.000Z", "name": "Jaff 2017-05-26 : \"Scanned Image from a Xerox WorkCentre\" - \"Scan_0012_123456789.zip\"", "published": "2017-05-26T13:48:48Z", "object_refs": [ "indicator--59282a09-7dd4-445a-8555-424c950d210f", "indicator--59282a0a-8e08-4872-8704-432f950d210f", "indicator--59282a0c-47ac-4f58-8de7-4959950d210f", "indicator--59282a0c-dd14-493a-9bc5-4688950d210f", "observed-data--59282a0d-7bf4-439f-95bf-4082950d210f", "network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f", "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f", "indicator--59282a0e-9188-4a06-a98e-411e950d210f", "indicator--59282a0f-397c-4b05-9075-4c44950d210f", "observed-data--59282a10-b258-44bc-9da9-4ffc950d210f", "network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f", "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f", "indicator--59282a11-9070-49ce-ab6e-41d0950d210f", "indicator--59282a12-5f2c-4b10-9048-412e950d210f", "observed-data--59282a13-31b8-41c4-9512-4782950d210f", "network-traffic--59282a13-31b8-41c4-9512-4782950d210f", "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f", "indicator--59282a14-4a64-41ae-b3e7-487f950d210f", "indicator--59282a15-ab14-494b-9a05-4913950d210f", "observed-data--59282a15-9d74-4f6d-a2d3-4133950d210f", "network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f", "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f", "indicator--59282a16-f19c-4485-84b1-4640950d210f", "indicator--59282a17-5e20-4228-b43a-4b19950d210f", "observed-data--59282a19-d318-4db7-90a0-44f4950d210f", "network-traffic--59282a19-d318-4db7-90a0-44f4950d210f", "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f", "indicator--59282a1a-46bc-48cd-bb32-456f950d210f", "indicator--59282a1b-6340-4af5-8646-4267950d210f", "observed-data--59282a1d-13ac-4c10-a36b-423d950d210f", "network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f", "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f", "indicator--59282a1e-60d8-4eee-a1ee-4450950d210f", "indicator--59282a1f-4b1c-464a-b80f-47f2950d210f", "observed-data--59282a21-5688-4bbc-adb2-44a2950d210f", "network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f", "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f", "indicator--59282a21-d7e4-4524-bacb-4382950d210f", "indicator--59282a22-6a4c-4b4e-ae98-484c950d210f", "observed-data--59282a24-80ac-46b9-853a-4b5a950d210f", "network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f", "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f", "indicator--59282a24-d2bc-49c5-8def-4aed950d210f", "indicator--59282a25-6ddc-47b1-a5b8-4a28950d210f", "observed-data--59282a26-6f9c-49cb-8c0f-4d69950d210f", "network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f", "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f", "indicator--59282a27-facc-4a43-b42b-4bc8950d210f", "indicator--59282a27-a8b4-4fab-860b-46b0950d210f", "observed-data--59282a28-a288-439e-aff9-4137950d210f", "network-traffic--59282a28-a288-439e-aff9-4137950d210f", "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f", "indicator--59282a29-77e8-4a70-b084-466d950d210f", "indicator--59282a2a-e55c-47f4-9044-452f950d210f", "observed-data--59282a2b-7290-452d-a58c-49eb950d210f", "network-traffic--59282a2b-7290-452d-a58c-49eb950d210f", "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f", "indicator--59282a2c-34d8-4d9a-b750-4340950d210f", "indicator--59282a2d-794c-4cc5-ab19-493a950d210f", "observed-data--59282a2f-fdac-4630-bce3-40de950d210f", "network-traffic--59282a2f-fdac-4630-bce3-40de950d210f", "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f", "indicator--59282a30-7b88-40a9-8fa9-47d2950d210f", "indicator--59282a31-0e64-4e00-a9bc-4f7d950d210f", "observed-data--59282a32-9854-4402-a645-4ed2950d210f", "network-traffic--59282a32-9854-4402-a645-4ed2950d210f", "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f", "indicator--59282a32-36cc-4b99-86d2-4a15950d210f", "indicator--59282a33-b888-4322-a661-49b3950d210f", "observed-data--59282a34-3298-4f51-bc40-4356950d210f", "network-traffic--59282a34-3298-4f51-bc40-4356950d210f", "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f", "indicator--59282a35-9d84-4cbd-97f0-4add950d210f", "indicator--59282a35-16a0-4f69-afcd-4c5a950d210f", "observed-data--59282a38-4f38-41a2-a02b-4a08950d210f", "network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f", "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f", "indicator--59282a38-da10-4718-b142-4035950d210f", "indicator--59282a39-61cc-4a85-a560-4331950d210f", "observed-data--59282a3a-2578-4dfe-beb5-4011950d210f", "network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f", "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f", "indicator--59282a3b-5c34-492a-accc-4c3f950d210f", "indicator--59282a3c-7528-4b92-bd56-41f4950d210f", "observed-data--59282a3e-7e78-4d61-a42f-4b86950d210f", "network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f", "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f", "indicator--59282a3f-1ae4-4fcf-bf7f-498f950d210f", "indicator--59282a40-0b8c-4a97-b149-4a7f950d210f", "indicator--59282a41-e010-49b9-8b50-4495950d210f", "indicator--59282a41-6fec-4ac0-a04b-4178950d210f", "indicator--59282a47-d4c4-4c25-b0a4-4723950d210f", "indicator--59282a47-a674-4fc4-a581-4d5d950d210f", "observed-data--59282a49-9c80-41e4-93da-4474950d210f", "network-traffic--59282a49-9c80-41e4-93da-4474950d210f", "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f", "indicator--59282ed9-3cd8-4a48-b42a-406002de0b81", "indicator--59282ed9-ad38-4ac8-ae12-46e502de0b81", "observed-data--59282eda-d98c-43d0-8c94-442002de0b81", "url--59282eda-d98c-43d0-8c94-442002de0b81", "indicator--59282eda-fca4-4b2b-8583-444f02de0b81", "indicator--59282eda-05ac-46fe-882e-4c1202de0b81", "observed-data--59282edb-5dbc-4c23-9c2d-4fbd02de0b81", "url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Jaff\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a09-7dd4-445a-8555-424c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[file:hashes.MD5 = 'aace687d16706b05aa49c9b7fff7572b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a0a-8e08-4872-8704-432f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[file:hashes.MD5 = '6708cc80916e838a9bbed09c91854230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a0c-47ac-4f58-8de7-4959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://better57toiuydof.net/af/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a0c-dd14-493a-9bc5-4688950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'better57toiuydof.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a0d-7bf4-439f-95bf-4082950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f", "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f", "dst_ref": "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f", "value": "46.173.218.111" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a0e-9188-4a06-a98e-411e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://dsopro.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a0f-397c-4b05-9075-4c44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'dsopro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a10-b258-44bc-9da9-4ffc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f", "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f", "dst_ref": "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f", "value": "35.166.221.246" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a11-9070-49ce-ab6e-41d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://easy2.cn/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a12-5f2c-4b10-9048-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'easy2.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a13-31b8-41c4-9512-4782950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a13-31b8-41c4-9512-4782950d210f", "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a13-31b8-41c4-9512-4782950d210f", "dst_ref": "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f", "value": "47.89.53.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a14-4a64-41ae-b3e7-487f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://eisenerzgrube.de/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a15-ab14-494b-9a05-4913950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'eisenerzgrube.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a15-9d74-4f6d-a2d3-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f", "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f", "dst_ref": "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f", "value": "81.169.145.88" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a16-f19c-4485-84b1-4640950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://eselink.com.my/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a17-5e20-4228-b43a-4b19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'eselink.com.my']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a19-d318-4db7-90a0-44f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a19-d318-4db7-90a0-44f4950d210f", "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a19-d318-4db7-90a0-44f4950d210f", "dst_ref": "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f", "value": "124.150.140.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a1a-46bc-48cd-bb32-456f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://e-snhv.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a1b-6340-4af5-8646-4267950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'e-snhv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a1d-13ac-4c10-a36b-423d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f", "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f", "dst_ref": "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f", "value": "61.106.62.37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a1e-60d8-4eee-a1ee-4450950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://fabriquekorea.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a1f-4b1c-464a-b80f-47f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'fabriquekorea.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a21-5688-4bbc-adb2-44a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f", "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f", "dst_ref": "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f", "value": "211.174.62.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a21-d7e4-4524-bacb-4382950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://jinqiaonkyy.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a22-6a4c-4b4e-ae98-484c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'jinqiaonkyy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a24-80ac-46b9-853a-4b5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f", "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f", "dst_ref": "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f", "value": "162.251.21.215" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a24-d2bc-49c5-8def-4aed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://orhangazitur.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a25-6ddc-47b1-a5b8-4a28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'orhangazitur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a26-6f9c-49cb-8c0f-4d69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f", "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f", "dst_ref": "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f", "value": "109.232.220.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a27-facc-4a43-b42b-4bc8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://paradigmenergycorp.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a27-a8b4-4fab-860b-46b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'paradigmenergycorp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a28-a288-439e-aff9-4137950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a28-a288-439e-aff9-4137950d210f", "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a28-a288-439e-aff9-4137950d210f", "dst_ref": "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f", "value": "107.180.40.126" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a29-77e8-4a70-b084-466d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://poltec.com.au/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a2a-e55c-47f4-9044-452f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'poltec.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a2b-7290-452d-a58c-49eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a2b-7290-452d-a58c-49eb950d210f", "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a2b-7290-452d-a58c-49eb950d210f", "dst_ref": "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f", "value": "27.54.86.236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a2c-34d8-4d9a-b750-4340950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://praktikum-marketing.de/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a2d-794c-4cc5-ab19-493a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'praktikum-marketing.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a2f-fdac-4630-bce3-40de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a2f-fdac-4630-bce3-40de950d210f", "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a2f-fdac-4630-bce3-40de950d210f", "dst_ref": "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f", "value": "76.74.235.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a30-7b88-40a9-8fa9-47d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://pw-shop.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a31-0e64-4e00-a9bc-4f7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'pw-shop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a32-9854-4402-a645-4ed2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a32-9854-4402-a645-4ed2950d210f", "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a32-9854-4402-a645-4ed2950d210f", "dst_ref": "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f", "value": "93.170.136.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a32-36cc-4b99-86d2-4a15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://tasfirin-ustasi.net/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a33-b888-4322-a661-49b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'tasfirin-ustasi.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a34-3298-4f51-bc40-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a34-3298-4f51-bc40-4356950d210f", "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a34-3298-4f51-bc40-4356950d210f", "dst_ref": "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f", "value": "95.173.189.38" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a35-9d84-4cbd-97f0-4add950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://thanprints.com/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a35-16a0-4f69-afcd-4c5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'thanprints.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a38-4f38-41a2-a02b-4a08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f", "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f", "dst_ref": "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f", "value": "61.19.251.181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a38-da10-4718-b142-4035950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://trade-unite.ru/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a39-61cc-4a85-a560-4331950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'trade-unite.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a3a-2578-4dfe-beb5-4011950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f", "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f", "dst_ref": "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f", "value": "80.78.245.178" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a3b-5c34-492a-accc-4c3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://vigs.mx/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a3c-7528-4b92-bd56-41f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'vigs.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a3e-7e78-4d61-a42f-4b86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f", "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f", "dst_ref": "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f", "value": "192.185.48.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a3f-1ae4-4fcf-bf7f-498f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://www.buchenried.de/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a40-0b8c-4a97-b149-4a7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'www.buchenried.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a41-e010-49b9-8b50-4495950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://youtoolgrabeertorse.org/af/6gfh33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a41-6fec-4ac0-a04b-4178950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'youtoolgrabeertorse.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a47-d4c4-4c25-b0a4-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[url:value = 'http://comboratiogferrdto.com/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282a47-a674-4fc4-a581-4d5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:33:51.000Z", "modified": "2017-05-26T13:33:51.000Z", "pattern": "[domain-name:value = 'comboratiogferrdto.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282a49-9c80-41e4-93da-4474950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:48:00.000Z", "modified": "2017-05-26T13:48:00.000Z", "first_observed": "2017-05-26T13:48:00Z", "last_observed": "2017-05-26T13:48:00Z", "number_observed": 1, "object_refs": [ "network-traffic--59282a49-9c80-41e4-93da-4474950d210f", "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59282a49-9c80-41e4-93da-4474950d210f", "dst_ref": "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f", "value": "46.173.218.145" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282ed9-3cd8-4a48-b42a-406002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:17.000Z", "modified": "2017-05-26T13:34:17.000Z", "description": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230", "pattern": "[file:hashes.SHA256 = '375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282ed9-ad38-4ac8-ae12-46e502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:17.000Z", "modified": "2017-05-26T13:34:17.000Z", "description": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230", "pattern": "[file:hashes.SHA1 = 'd4b86429537c3b1d9e15e96a965166fc053efbd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:34:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282eda-d98c-43d0-8c94-442002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:17.000Z", "modified": "2017-05-26T13:34:17.000Z", "first_observed": "2017-05-26T13:34:17Z", "last_observed": "2017-05-26T13:34:17Z", "number_observed": 1, "object_refs": [ "url--59282eda-d98c-43d0-8c94-442002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59282eda-d98c-43d0-8c94-442002de0b81", "value": "https://www.virustotal.com/file/375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f/analysis/1495799038/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282eda-fca4-4b2b-8583-444f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:18.000Z", "modified": "2017-05-26T13:34:18.000Z", "description": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b", "pattern": "[file:hashes.SHA256 = '68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:34:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59282eda-05ac-46fe-882e-4c1202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:18.000Z", "modified": "2017-05-26T13:34:18.000Z", "description": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b", "pattern": "[file:hashes.SHA1 = '124e4c77e52026c2de1a88be302c00a6db4f936b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-26T13:34:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59282edb-5dbc-4c23-9c2d-4fbd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-26T13:34:19.000Z", "modified": "2017-05-26T13:34:19.000Z", "first_observed": "2017-05-26T13:34:19Z", "last_observed": "2017-05-26T13:34:19Z", "number_observed": 1, "object_refs": [ "url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81", "value": "https://www.virustotal.com/file/68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807/analysis/1495798709/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }