{ "type": "bundle", "id": "bundle--593133d6-46f4-49e7-b1f6-422f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:59.000Z", "modified": "2017-06-02T15:15:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--593133d6-46f4-49e7-b1f6-422f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:59.000Z", "modified": "2017-06-02T15:15:59.000Z", "name": "M2M - Malspam --> 62909008.pdf", "published": "2017-06-02T15:16:05Z", "object_refs": [ "indicator--593133d9-f10c-47f0-a215-4bff950d210f", "indicator--593133db-da10-411f-814e-442e950d210f", "indicator--593133dc-15f0-48a2-84cd-4792950d210f", "indicator--593133de-20e4-4e43-92c2-43b1950d210f", "indicator--593133e0-04a8-4f13-ac42-4543950d210f", "observed-data--593133e2-d0cc-4f61-ab71-4abe950d210f", "network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f", "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f", "indicator--593133e4-5d7c-46e7-8453-416c950d210f", "indicator--593133e6-4204-45e9-8211-41cb950d210f", "observed-data--593133e8-cb64-4d9f-8706-454a950d210f", "network-traffic--593133e8-cb64-4d9f-8706-454a950d210f", "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f", "indicator--593133e9-a094-4b37-ad39-4957950d210f", "indicator--593133eb-8198-4f5e-b0da-4fd8950d210f", "observed-data--593133ee-dbac-4350-9bcb-49a7950d210f", "network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f", "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f", "indicator--593133f0-bfa8-417a-a021-4249950d210f", "indicator--593133f1-7774-407a-b893-4d97950d210f", "observed-data--593133f5-62a0-423b-bc36-4a56950d210f", "network-traffic--593133f5-62a0-423b-bc36-4a56950d210f", "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f", "indicator--593133f6-42b8-48ad-8929-41af950d210f", "indicator--593133f8-9674-43f5-ba2f-470c950d210f", "observed-data--593133fa-3c50-4981-8b74-47f4950d210f", "network-traffic--593133fa-3c50-4981-8b74-47f4950d210f", "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f", "indicator--593133fc-c6f4-404c-a4c3-46b0950d210f", "indicator--593133fe-8118-4284-aada-4945950d210f", "observed-data--593133ff-58ec-41df-a867-4991950d210f", "network-traffic--593133ff-58ec-41df-a867-4991950d210f", "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f", "indicator--59313400-05d0-4a96-b874-40f1950d210f", "indicator--59313402-bd54-44e5-aca2-47a4950d210f", "observed-data--59313404-77c8-4f47-aba2-4825950d210f", "network-traffic--59313404-77c8-4f47-aba2-4825950d210f", "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f", "indicator--59313406-d784-45ad-86fb-4b21950d210f", "indicator--59313408-7f80-410e-8f3c-4a45950d210f", "observed-data--59313409-f2a0-40de-9df1-4ffb950d210f", "network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f", "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f", "indicator--5931340b-da7c-4806-857a-4335950d210f", "indicator--5931340e-d1fc-4b27-8190-42a8950d210f", "observed-data--59313410-47dc-468a-bbd3-4978950d210f", "network-traffic--59313410-47dc-468a-bbd3-4978950d210f", "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f", "indicator--59313412-87ec-48dc-94fc-4205950d210f", "indicator--59313413-5c38-4e69-b62f-4367950d210f", "observed-data--59313414-19a4-4996-88ef-4f11950d210f", "network-traffic--59313414-19a4-4996-88ef-4f11950d210f", "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f", "indicator--59313416-3fbc-41ab-a6c4-4359950d210f", "indicator--59313417-036c-4a04-8a39-44f4950d210f", "observed-data--59313418-a344-41c0-b999-4a0d950d210f", "network-traffic--59313418-a344-41c0-b999-4a0d950d210f", "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f", "indicator--59313419-8f00-435b-94e5-4224950d210f", "indicator--5931341a-0d84-4991-bfdb-4556950d210f", "observed-data--5931341b-a2a8-46ef-b913-487a950d210f", "network-traffic--5931341b-a2a8-46ef-b913-487a950d210f", "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f", "indicator--5931341c-690c-445b-8817-48d4950d210f", "indicator--5931341d-5bd4-465f-ab05-4ae9950d210f", "indicator--59313420-b6cc-4c18-a737-4b85950d210f", "indicator--59313421-7d30-4bdd-9172-4bf7950d210f", "observed-data--59313422-a36c-426d-8470-40d3950d210f", "network-traffic--59313422-a36c-426d-8470-40d3950d210f", "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f", "indicator--59313424-8b8c-4677-ab56-4fc7950d210f", "indicator--59313425-9418-4f28-9425-4492950d210f", "observed-data--59313426-0db8-4df6-91fc-422d950d210f", "network-traffic--59313426-0db8-4df6-91fc-422d950d210f", "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f", "indicator--59313427-fb94-4e62-844b-4217950d210f", "indicator--59313428-d794-4b27-a4d3-4157950d210f", "observed-data--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "indicator--5931342b-b158-48b4-ba22-4a0f950d210f", "indicator--5931342c-9d24-4760-acb9-4eff950d210f", "observed-data--5931342e-7540-4cb7-a564-4218950d210f", "network-traffic--5931342e-7540-4cb7-a564-4218950d210f", "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f", "indicator--59313674-52fc-497a-86fb-41ca02de0b81", "indicator--59313675-b4d0-4572-b11d-4fa402de0b81", "observed-data--59313676-7ad4-4820-8384-467b02de0b81", "url--59313676-7ad4-4820-8384-467b02de0b81", "indicator--59313678-1068-434e-9974-42f502de0b81", "indicator--59313679-bcac-4e4d-a696-4cfa02de0b81", "observed-data--5931367a-5b9c-4764-9fda-4ddd02de0b81", "url--5931367a-5b9c-4764-9fda-4ddd02de0b81", "indicator--5931367b-b318-4acd-aa54-461b02de0b81", "indicator--5931367c-5748-4dd8-b3e7-488d02de0b81", "observed-data--5931367d-75b0-46ab-befa-41e302de0b81", "url--5931367d-75b0-46ab-befa-41e302de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133d9-f10c-47f0-a215-4bff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[file:hashes.MD5 = 'e364235c573d3b60a5f56a124b325da0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133db-da10-411f-814e-442e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[file:hashes.MD5 = '04a20327fc3a5d98c41e0096452bf9e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133dc-15f0-48a2-84cd-4792950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[file:hashes.MD5 = '603befc50bfcc0a214eacf473ec6baec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133de-20e4-4e43-92c2-43b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://benefeet.org/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133e0-04a8-4f13-ac42-4543950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'benefeet.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133e2-d0cc-4f61-ab71-4abe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f", "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f", "dst_ref": "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f", "value": "76.74.128.210" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133e4-5d7c-46e7-8453-416c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://dsopro.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133e6-4204-45e9-8211-41cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'dsopro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133e8-cb64-4d9f-8706-454a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133e8-cb64-4d9f-8706-454a950d210f", "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133e8-cb64-4d9f-8706-454a950d210f", "dst_ref": "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f", "value": "35.166.221.246" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133e9-a094-4b37-ad39-4957950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://eselink.com.my/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133eb-8198-4f5e-b0da-4fd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'eselink.com.my']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133ee-dbac-4350-9bcb-49a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f", "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f", "dst_ref": "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f", "value": "124.150.140.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133f0-bfa8-417a-a021-4249950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://e-snhv.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133f1-7774-407a-b893-4d97950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'e-snhv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133f5-62a0-423b-bc36-4a56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133f5-62a0-423b-bc36-4a56950d210f", "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133f5-62a0-423b-bc36-4a56950d210f", "dst_ref": "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f", "value": "61.106.62.37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133f6-42b8-48ad-8929-41af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://fabriquekorea.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133f8-9674-43f5-ba2f-470c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'fabriquekorea.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133fa-3c50-4981-8b74-47f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133fa-3c50-4981-8b74-47f4950d210f", "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133fa-3c50-4981-8b74-47f4950d210f", "dst_ref": "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f", "value": "211.174.62.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133fc-c6f4-404c-a4c3-46b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://katoconsulting.ro/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593133fe-8118-4284-aada-4945950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'katoconsulting.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593133ff-58ec-41df-a867-4991950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--593133ff-58ec-41df-a867-4991950d210f", "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593133ff-58ec-41df-a867-4991950d210f", "dst_ref": "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f", "value": "87.229.112.11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313400-05d0-4a96-b874-40f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://newserniggrofg.net/af/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313402-bd54-44e5-aca2-47a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'newserniggrofg.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313404-77c8-4f47-aba2-4825950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313404-77c8-4f47-aba2-4825950d210f", "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313404-77c8-4f47-aba2-4825950d210f", "dst_ref": "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f", "value": "185.195.24.85" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313406-d784-45ad-86fb-4b21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://orhangazitur.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313408-7f80-410e-8f3c-4a45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'orhangazitur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313409-f2a0-40de-9df1-4ffb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f", "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f", "dst_ref": "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f", "value": "109.232.220.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931340b-da7c-4806-857a-4335950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://paradigmenergycorp.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931340e-d1fc-4b27-8190-42a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'paradigmenergycorp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313410-47dc-468a-bbd3-4978950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313410-47dc-468a-bbd3-4978950d210f", "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313410-47dc-468a-bbd3-4978950d210f", "dst_ref": "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f", "value": "107.180.40.126" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313412-87ec-48dc-94fc-4205950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://poltec.com.au/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313413-5c38-4e69-b62f-4367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'poltec.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313414-19a4-4996-88ef-4f11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313414-19a4-4996-88ef-4f11950d210f", "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313414-19a4-4996-88ef-4f11950d210f", "dst_ref": "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f", "value": "27.54.86.236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313416-3fbc-41ab-a6c4-4359950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://praktikum-marketing.de/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313417-036c-4a04-8a39-44f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'praktikum-marketing.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313418-a344-41c0-b999-4a0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313418-a344-41c0-b999-4a0d950d210f", "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313418-a344-41c0-b999-4a0d950d210f", "dst_ref": "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f", "value": "76.74.235.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313419-8f00-435b-94e5-4224950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://pw-shop.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931341a-0d84-4991-bfdb-4556950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'pw-shop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5931341b-a2a8-46ef-b913-487a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5931341b-a2a8-46ef-b913-487a950d210f", "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5931341b-a2a8-46ef-b913-487a950d210f", "dst_ref": "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f", "value": "93.170.136.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931341c-690c-445b-8817-48d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://resevesssetornument.com/af/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931341d-5bd4-465f-ab05-4ae9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'resevesssetornument.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313420-b6cc-4c18-a737-4b85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://tasfirin-ustasi.net/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313421-7d30-4bdd-9172-4bf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'tasfirin-ustasi.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313422-a36c-426d-8470-40d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313422-a36c-426d-8470-40d3950d210f", "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313422-a36c-426d-8470-40d3950d210f", "dst_ref": "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f", "value": "95.173.189.38" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313424-8b8c-4677-ab56-4fc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://theexcelconsultant.com/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313425-9418-4f28-9425-4492950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'theexcelconsultant.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313426-0db8-4df6-91fc-422d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59313426-0db8-4df6-91fc-422d950d210f", "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59313426-0db8-4df6-91fc-422d950d210f", "dst_ref": "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f", "value": "65.39.193.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313427-fb94-4e62-844b-4217950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://vigs.mx/7rvmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313428-d794-4b27-a4d3-4157950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'vigs.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "dst_ref": "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f", "value": "192.185.48.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931342b-b158-48b4-ba22-4a0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[url:value = 'http://whoisfoxxrobiouy.net/a5/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931342c-9d24-4760-acb9-4eff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:56:13.000Z", "modified": "2017-06-02T09:56:13.000Z", "pattern": "[domain-name:value = 'whoisfoxxrobiouy.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5931342e-7540-4cb7-a564-4218950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T15:15:25.000Z", "modified": "2017-06-02T15:15:25.000Z", "first_observed": "2017-06-02T15:15:25Z", "last_observed": "2017-06-02T15:15:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5931342e-7540-4cb7-a564-4218950d210f", "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5931342e-7540-4cb7-a564-4218950d210f", "dst_ref": "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f", "value": "5.101.66.85" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313674-52fc-497a-86fb-41ca02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:08.000Z", "modified": "2017-06-02T09:57:08.000Z", "description": "- Xchecked via VT: e364235c573d3b60a5f56a124b325da0", "pattern": "[file:hashes.SHA256 = '98f0f68feb0495de61add43c717ccb462fbe46bc977bb295c688bd4511272b55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313675-b4d0-4572-b11d-4fa402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:09.000Z", "modified": "2017-06-02T09:57:09.000Z", "description": "- Xchecked via VT: e364235c573d3b60a5f56a124b325da0", "pattern": "[file:hashes.SHA1 = 'fdcf6a75156d3ecae169ceadb6a89d06f9e00410']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59313676-7ad4-4820-8384-467b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:10.000Z", "modified": "2017-06-02T09:57:10.000Z", "first_observed": "2017-06-02T09:57:10Z", "last_observed": "2017-06-02T09:57:10Z", "number_observed": 1, "object_refs": [ "url--59313676-7ad4-4820-8384-467b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59313676-7ad4-4820-8384-467b02de0b81", "value": "https://www.virustotal.com/file/98f0f68feb0495de61add43c717ccb462fbe46bc977bb295c688bd4511272b55/analysis/1496390071/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313678-1068-434e-9974-42f502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:12.000Z", "modified": "2017-06-02T09:57:12.000Z", "description": "- Xchecked via VT: 04a20327fc3a5d98c41e0096452bf9e6", "pattern": "[file:hashes.SHA256 = '824901dd0b1660f00c3406cb888118c8a10f66e3258b5020f7ea289434618b13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59313679-bcac-4e4d-a696-4cfa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:13.000Z", "modified": "2017-06-02T09:57:13.000Z", "description": "- Xchecked via VT: 04a20327fc3a5d98c41e0096452bf9e6", "pattern": "[file:hashes.SHA1 = 'ed69a648f6bce5e652d24fc7dd3f622b04acb98b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5931367a-5b9c-4764-9fda-4ddd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:14.000Z", "modified": "2017-06-02T09:57:14.000Z", "first_observed": "2017-06-02T09:57:14Z", "last_observed": "2017-06-02T09:57:14Z", "number_observed": 1, "object_refs": [ "url--5931367a-5b9c-4764-9fda-4ddd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5931367a-5b9c-4764-9fda-4ddd02de0b81", "value": "https://www.virustotal.com/file/824901dd0b1660f00c3406cb888118c8a10f66e3258b5020f7ea289434618b13/analysis/1496392189/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931367b-b318-4acd-aa54-461b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:15.000Z", "modified": "2017-06-02T09:57:15.000Z", "description": "- Xchecked via VT: 603befc50bfcc0a214eacf473ec6baec", "pattern": "[file:hashes.SHA256 = '312940e15c0251315fb2a8f2920d842fb61f54d5f4d0ce61b60420d972c3c978']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5931367c-5748-4dd8-b3e7-488d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:16.000Z", "modified": "2017-06-02T09:57:16.000Z", "description": "- Xchecked via VT: 603befc50bfcc0a214eacf473ec6baec", "pattern": "[file:hashes.SHA1 = '85a85eb1046aaffd6d4752b38d1a8b1eb3ec2581']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-02T09:57:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5931367d-75b0-46ab-befa-41e302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-02T09:57:17.000Z", "modified": "2017-06-02T09:57:17.000Z", "first_observed": "2017-06-02T09:57:17Z", "last_observed": "2017-06-02T09:57:17Z", "number_observed": 1, "object_refs": [ "url--5931367d-75b0-46ab-befa-41e302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5931367d-75b0-46ab-befa-41e302de0b81", "value": "https://www.virustotal.com/file/312940e15c0251315fb2a8f2920d842fb61f54d5f4d0ce61b60420d972c3c978/analysis/1496352757/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }