{ "type": "bundle", "id": "bundle--592c3332-d154-4767-a778-4338950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:42:01.000Z", "modified": "2017-05-29T14:42:01.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--592c3332-d154-4767-a778-4338950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:42:01.000Z", "modified": "2017-05-29T14:42:01.000Z", "name": "M2M - Fwd: ATLAS REPORT FOR 5577", "context": "suspicious-activity", "object_refs": [ "observed-data--592c3339-2f34-4c12-8a13-45d9950d210f", "network-traffic--592c3339-2f34-4c12-8a13-45d9950d210f", "ipv4-addr--592c3339-2f34-4c12-8a13-45d9950d210f", "observed-data--592c3338-5cc0-4c76-b4ee-4afb950d210f", "url--592c3338-5cc0-4c76-b4ee-4afb950d210f", "observed-data--592c3337-363c-4e4c-886e-4e67950d210f", "url--592c3337-363c-4e4c-886e-4e67950d210f", "observed-data--592c3338-6e6c-47cb-b228-414c950d210f", "network-traffic--592c3338-6e6c-47cb-b228-414c950d210f", "ipv4-addr--592c3338-6e6c-47cb-b228-414c950d210f", "observed-data--592c3336-68fc-46c0-9d98-430d950d210f", "network-traffic--592c3336-68fc-46c0-9d98-430d950d210f", "ipv4-addr--592c3336-68fc-46c0-9d98-430d950d210f", "observed-data--592c3335-15ac-4591-a390-419c950d210f", "network-traffic--592c3335-15ac-4591-a390-419c950d210f", "ipv4-addr--592c3335-15ac-4591-a390-419c950d210f", "observed-data--592c3336-e7a4-4f4b-b7c7-436b950d210f", "url--592c3336-e7a4-4f4b-b7c7-436b950d210f", "indicator--592c3333-b5dc-4034-9c79-4a64950d210f", "observed-data--592c3334-320c-40c5-a4f8-4676950d210f", "url--592c3334-320c-40c5-a4f8-4676950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3339-2f34-4c12-8a13-45d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:42:01.000Z", "modified": "2017-05-29T14:42:01.000Z", "first_observed": "2017-05-29T14:42:01Z", "last_observed": "2017-05-29T14:42:01Z", "number_observed": 1, "object_refs": [ "network-traffic--592c3339-2f34-4c12-8a13-45d9950d210f", "ipv4-addr--592c3339-2f34-4c12-8a13-45d9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592c3339-2f34-4c12-8a13-45d9950d210f", "dst_ref": "ipv4-addr--592c3339-2f34-4c12-8a13-45d9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592c3339-2f34-4c12-8a13-45d9950d210f", "value": "46.166.139.104" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3338-5cc0-4c76-b4ee-4afb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:42:00.000Z", "modified": "2017-05-29T14:42:00.000Z", "first_observed": "2017-05-29T14:42:00Z", "last_observed": "2017-05-29T14:42:00Z", "number_observed": 1, "object_refs": [ "url--592c3338-5cc0-4c76-b4ee-4afb950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--592c3338-5cc0-4c76-b4ee-4afb950d210f", "value": "46.166.139.104" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3337-363c-4e4c-886e-4e67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:59.000Z", "modified": "2017-05-29T14:41:59.000Z", "first_observed": "2017-05-29T14:41:59Z", "last_observed": "2017-05-29T14:41:59Z", "number_observed": 1, "object_refs": [ "url--592c3337-363c-4e4c-886e-4e67950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--592c3337-363c-4e4c-886e-4e67950d210f", "value": "94.242.246.36" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3338-6e6c-47cb-b228-414c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:42:00.000Z", "modified": "2017-05-29T14:42:00.000Z", "first_observed": "2017-05-29T14:42:00Z", "last_observed": "2017-05-29T14:42:00Z", "number_observed": 1, "object_refs": [ "network-traffic--592c3338-6e6c-47cb-b228-414c950d210f", "ipv4-addr--592c3338-6e6c-47cb-b228-414c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592c3338-6e6c-47cb-b228-414c950d210f", "dst_ref": "ipv4-addr--592c3338-6e6c-47cb-b228-414c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592c3338-6e6c-47cb-b228-414c950d210f", "value": "94.242.246.36" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3336-68fc-46c0-9d98-430d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:58.000Z", "modified": "2017-05-29T14:41:58.000Z", "first_observed": "2017-05-29T14:41:58Z", "last_observed": "2017-05-29T14:41:58Z", "number_observed": 1, "object_refs": [ "network-traffic--592c3336-68fc-46c0-9d98-430d950d210f", "ipv4-addr--592c3336-68fc-46c0-9d98-430d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592c3336-68fc-46c0-9d98-430d950d210f", "dst_ref": "ipv4-addr--592c3336-68fc-46c0-9d98-430d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592c3336-68fc-46c0-9d98-430d950d210f", "value": "94.242.246.23" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3335-15ac-4591-a390-419c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:57.000Z", "modified": "2017-05-29T14:41:57.000Z", "first_observed": "2017-05-29T14:41:57Z", "last_observed": "2017-05-29T14:41:57Z", "number_observed": 1, "object_refs": [ "network-traffic--592c3335-15ac-4591-a390-419c950d210f", "ipv4-addr--592c3335-15ac-4591-a390-419c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592c3335-15ac-4591-a390-419c950d210f", "dst_ref": "ipv4-addr--592c3335-15ac-4591-a390-419c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592c3335-15ac-4591-a390-419c950d210f", "value": "94.242.228.174" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3336-e7a4-4f4b-b7c7-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:58.000Z", "modified": "2017-05-29T14:41:58.000Z", "first_observed": "2017-05-29T14:41:58Z", "last_observed": "2017-05-29T14:41:58Z", "number_observed": 1, "object_refs": [ "url--592c3336-e7a4-4f4b-b7c7-436b950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--592c3336-e7a4-4f4b-b7c7-436b950d210f", "value": "94.242.246.23" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592c3333-b5dc-4034-9c79-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:55.000Z", "modified": "2017-05-29T14:41:55.000Z", "pattern": "[file:hashes.MD5 = '3f4aa230c277af59177c7875cca3e19a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T14:41:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592c3334-320c-40c5-a4f8-4676950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T14:41:56.000Z", "modified": "2017-05-29T14:41:56.000Z", "first_observed": "2017-05-29T14:41:56Z", "last_observed": "2017-05-29T14:41:56Z", "number_observed": 1, "object_refs": [ "url--592c3334-320c-40c5-a4f8-4676950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--592c3334-320c-40c5-a4f8-4676950d210f", "value": "94.242.228.174" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }