{ "type": "bundle", "id": "bundle--593a4041-f17c-4fdc-bc58-46b3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:46:02.000Z", "modified": "2017-06-09T06:46:02.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--593a4041-f17c-4fdc-bc58-46b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:46:02.000Z", "modified": "2017-06-09T06:46:02.000Z", "name": "M2M - Trickbot 2017-06-07 : \"mac1\" : \"12_Invoice_3456\" - \"001_4321.pdf\"", "published": "2017-06-09T06:46:17Z", "object_refs": [ "indicator--593a4041-6ff0-4da4-a9a2-4723950d210f", "indicator--593a4042-0aa4-48f1-8162-42b4950d210f", "indicator--593a4042-c34c-4e1e-b880-4d33950d210f", "indicator--593a4043-1b80-40dd-b2d7-8a4b950d210f", "observed-data--593a4043-87c4-44c0-993f-415a950d210f", "network-traffic--593a4043-87c4-44c0-993f-415a950d210f", "ipv4-addr--593a4043-87c4-44c0-993f-415a950d210f", "indicator--593a4044-9a2c-4f18-bf0a-4877950d210f", "indicator--593a4045-eb58-4cda-b988-475e950d210f", "observed-data--593a4046-1ec0-4ea7-a012-46e6950d210f", "network-traffic--593a4046-1ec0-4ea7-a012-46e6950d210f", "ipv4-addr--593a4046-1ec0-4ea7-a012-46e6950d210f", "indicator--593a4046-fc50-40c2-8be2-42a3950d210f", "indicator--593a4047-b840-4779-97d7-4066950d210f", "observed-data--593a4048-95f0-4370-a255-43fc950d210f", "network-traffic--593a4048-95f0-4370-a255-43fc950d210f", "ipv4-addr--593a4048-95f0-4370-a255-43fc950d210f", "indicator--593a4048-b4dc-498f-8061-4309950d210f", "indicator--593a4049-6634-469a-a424-46e2950d210f", "observed-data--593a4049-97fc-44b5-b26a-4a0a950d210f", "network-traffic--593a4049-97fc-44b5-b26a-4a0a950d210f", "ipv4-addr--593a4049-97fc-44b5-b26a-4a0a950d210f", "indicator--593a404a-729c-4ab0-ab82-4ae9950d210f", "indicator--593a404a-63ac-409c-aa8e-4863950d210f", "observed-data--593a404c-fc94-40df-ab5d-4281950d210f", "network-traffic--593a404c-fc94-40df-ab5d-4281950d210f", "ipv4-addr--593a404c-fc94-40df-ab5d-4281950d210f", "indicator--593a404c-1dd8-4e72-bd3e-47d2950d210f", "indicator--593a404d-9fd8-4f8f-b883-8bcc950d210f", "observed-data--593a404e-b578-40de-b7cb-4855950d210f", "network-traffic--593a404e-b578-40de-b7cb-4855950d210f", "ipv4-addr--593a404e-b578-40de-b7cb-4855950d210f", "indicator--593a404e-5214-4f41-bcc3-4327950d210f", "indicator--593a404f-ca64-4df3-a19b-4596950d210f", "observed-data--593a4050-6db4-42f6-b01d-409c950d210f", "network-traffic--593a4050-6db4-42f6-b01d-409c950d210f", "ipv4-addr--593a4050-6db4-42f6-b01d-409c950d210f", "indicator--593a4050-ea24-4f2c-8e3f-4c73950d210f", "indicator--593a4051-2c88-4a9e-bf85-4643950d210f", "observed-data--593a4051-bf94-4f05-bca9-41a7950d210f", "network-traffic--593a4051-bf94-4f05-bca9-41a7950d210f", "ipv4-addr--593a4051-bf94-4f05-bca9-41a7950d210f", "indicator--593a4052-9120-432e-b2e5-452e950d210f", "indicator--593a4052-4870-41ea-a6bc-46e6950d210f", "observed-data--593a4054-a7d8-438d-814b-4926950d210f", "network-traffic--593a4054-a7d8-438d-814b-4926950d210f", "ipv4-addr--593a4054-a7d8-438d-814b-4926950d210f", "indicator--593a4054-5c40-4038-94e6-4728950d210f", "indicator--593a4055-bcd8-4840-ac40-41f8950d210f", "observed-data--593a4056-d4c8-4836-bf07-4c6a950d210f", "network-traffic--593a4056-d4c8-4836-bf07-4c6a950d210f", "ipv4-addr--593a4056-d4c8-4836-bf07-4c6a950d210f", "indicator--593a4056-6b00-4ffc-a61f-4dca950d210f", "indicator--593a4057-8d14-44a9-80e6-405d950d210f", "observed-data--593a4059-2ce0-4f72-8e10-4f8c950d210f", "network-traffic--593a4059-2ce0-4f72-8e10-4f8c950d210f", "ipv4-addr--593a4059-2ce0-4f72-8e10-4f8c950d210f", "indicator--593a405a-8170-42fd-a00d-8bcc950d210f", "indicator--593a405b-4540-4032-bcc4-423b950d210f", "observed-data--593a405b-1518-4bc5-af7a-4510950d210f", "network-traffic--593a405b-1518-4bc5-af7a-4510950d210f", "ipv4-addr--593a405b-1518-4bc5-af7a-4510950d210f", "indicator--593a405c-9964-4a46-9924-4ecb950d210f", "indicator--593a405c-95e8-4c70-a705-8a4b950d210f", "observed-data--593a405d-1110-441e-b3b1-4a8e950d210f", "network-traffic--593a405d-1110-441e-b3b1-4a8e950d210f", "ipv4-addr--593a405d-1110-441e-b3b1-4a8e950d210f", "indicator--593a405d-df28-4286-bf13-445b950d210f", "indicator--593a405e-4ad8-460e-9e16-44e0950d210f", "observed-data--593a405e-d630-4953-b1f2-4eda950d210f", "network-traffic--593a405e-d630-4953-b1f2-4eda950d210f", "ipv4-addr--593a405e-d630-4953-b1f2-4eda950d210f", "indicator--593a405f-e86c-43cf-b94a-46e6950d210f", "indicator--593a405f-cee0-4701-82d6-4728950d210f", "observed-data--593a4060-d8f8-4821-b8e2-4c9c950d210f", "network-traffic--593a4060-d8f8-4821-b8e2-4c9c950d210f", "ipv4-addr--593a4060-d8f8-4821-b8e2-4c9c950d210f", "indicator--593a4061-bf98-441d-aee8-47c8950d210f", "indicator--593a4061-1b8c-40fd-a9a3-4f01950d210f", "observed-data--593a4062-e83c-4bb0-b81d-4c42950d210f", "network-traffic--593a4062-e83c-4bb0-b81d-4c42950d210f", "ipv4-addr--593a4062-e83c-4bb0-b81d-4c42950d210f", "indicator--593a4063-6a6c-48ed-8298-4014950d210f", "indicator--593a4064-6e34-4654-9000-8bcc950d210f", "observed-data--593a4064-0500-438c-909f-4d8f950d210f", "network-traffic--593a4064-0500-438c-909f-4d8f950d210f", "ipv4-addr--593a4064-0500-438c-909f-4d8f950d210f", "indicator--593a4065-0a44-4297-b770-45e4950d210f", "indicator--593a4065-d118-43f1-bd99-4d66950d210f", "observed-data--593a4066-ada8-4db2-8000-8a4b950d210f", "network-traffic--593a4066-ada8-4db2-8000-8a4b950d210f", "ipv4-addr--593a4066-ada8-4db2-8000-8a4b950d210f", "indicator--593a4066-5ff0-4155-b1b8-4a78950d210f", "indicator--593a4067-4d44-42a9-9aa4-4474950d210f", "observed-data--593a4068-3f7c-4903-b95e-4f32950d210f", "network-traffic--593a4068-3f7c-4903-b95e-4f32950d210f", "ipv4-addr--593a4068-3f7c-4903-b95e-4f32950d210f", "indicator--593a4068-e0ec-4664-9ada-48fd950d210f", "indicator--593a4069-f57c-4d9c-bbfb-46e6950d210f", "observed-data--593a4069-38f4-4e65-95e9-4728950d210f", "network-traffic--593a4069-38f4-4e65-95e9-4728950d210f", "ipv4-addr--593a4069-38f4-4e65-95e9-4728950d210f", "indicator--593a406a-e98c-48af-8a47-49aa950d210f", "indicator--593a406b-3998-4d9d-8044-4bee950d210f", "observed-data--593a406b-dc34-4ddc-aa09-4ff3950d210f", "network-traffic--593a406b-dc34-4ddc-aa09-4ff3950d210f", "ipv4-addr--593a406b-dc34-4ddc-aa09-4ff3950d210f", "indicator--593a406c-68f8-40b7-854c-4b8b950d210f", "indicator--593a406d-c740-4f8f-bedb-8a4b950d210f", "observed-data--593a406e-0b9c-4b65-a928-465a950d210f", "network-traffic--593a406e-0b9c-4b65-a928-465a950d210f", "ipv4-addr--593a406e-0b9c-4b65-a928-465a950d210f", "indicator--593a406e-0e28-4531-94f8-44f6950d210f", "indicator--593a406f-6ee4-4e7e-9ae8-4728950d210f", "observed-data--593a4070-59c8-4aa3-92e7-4fae950d210f", "network-traffic--593a4070-59c8-4aa3-92e7-4fae950d210f", "ipv4-addr--593a4070-59c8-4aa3-92e7-4fae950d210f", "indicator--593a4071-8ed0-49a7-9568-472b950d210f", "indicator--593a4071-20dc-42e8-ad0a-8bcc950d210f", "observed-data--593a4072-4b28-442e-924b-4dff950d210f", "network-traffic--593a4072-4b28-442e-924b-4dff950d210f", "ipv4-addr--593a4072-4b28-442e-924b-4dff950d210f", "indicator--593a4072-fcbc-4d64-a87b-4f1e950d210f", "indicator--593a4073-df80-42a0-a597-4509950d210f", "observed-data--593a4074-ea84-4902-aa25-4a19950d210f", "network-traffic--593a4074-ea84-4902-aa25-4a19950d210f", "ipv4-addr--593a4074-ea84-4902-aa25-4a19950d210f", "indicator--593a4074-832c-40d1-b779-4888950d210f", "indicator--593a4074-978c-4808-8104-42d3950d210f", "observed-data--593a4075-634c-4d76-9962-467c950d210f", "network-traffic--593a4075-634c-4d76-9962-467c950d210f", "ipv4-addr--593a4075-634c-4d76-9962-467c950d210f", "indicator--593a4076-cfe0-42af-a159-4728950d210f", "indicator--593a4076-3d88-4c6b-b3b9-44c7950d210f", "observed-data--593a4077-6210-4164-839f-4d2f950d210f", "network-traffic--593a4077-6210-4164-839f-4d2f950d210f", "ipv4-addr--593a4077-6210-4164-839f-4d2f950d210f", "indicator--593a4077-0948-4d74-afcc-4656950d210f", "indicator--593a4078-d0ac-4b60-9285-458a950d210f", "observed-data--593a4079-693c-4bba-9550-4865950d210f", "network-traffic--593a4079-693c-4bba-9550-4865950d210f", "ipv4-addr--593a4079-693c-4bba-9550-4865950d210f", "indicator--593a407a-d020-4c2d-b14b-46e6950d210f", "indicator--593a407a-b348-4f1d-9908-41d9950d210f", "observed-data--593a407b-e75c-45f2-a67a-432b950d210f", "network-traffic--593a407b-e75c-45f2-a67a-432b950d210f", "ipv4-addr--593a407b-e75c-45f2-a67a-432b950d210f", "indicator--593a407c-b068-4869-8fc2-43a9950d210f", "indicator--593a407c-1a10-41a7-8efa-4a6f950d210f", "observed-data--593a4084-8398-4a55-8198-4228950d210f", "url--593a4084-8398-4a55-8198-4228950d210f", "observed-data--593a4084-7e2c-4274-9791-42c0950d210f", "network-traffic--593a4084-7e2c-4274-9791-42c0950d210f", "ipv4-addr--593a4084-7e2c-4274-9791-42c0950d210f", "observed-data--593a4085-2bd0-4c6f-a237-4e08950d210f", "url--593a4085-2bd0-4c6f-a237-4e08950d210f", "observed-data--593a4085-f9ec-47b0-9f33-4045950d210f", "network-traffic--593a4085-f9ec-47b0-9f33-4045950d210f", "ipv4-addr--593a4085-f9ec-47b0-9f33-4045950d210f", "observed-data--593a4086-31d8-4c4d-8677-48f9950d210f", "url--593a4086-31d8-4c4d-8677-48f9950d210f", "observed-data--593a4086-5978-41f1-a5ad-4a84950d210f", "network-traffic--593a4086-5978-41f1-a5ad-4a84950d210f", "ipv4-addr--593a4086-5978-41f1-a5ad-4a84950d210f", "observed-data--593a4087-9220-49cb-8687-4dec950d210f", "url--593a4087-9220-49cb-8687-4dec950d210f", "observed-data--593a4087-0794-49c2-899f-421c950d210f", "network-traffic--593a4087-0794-49c2-899f-421c950d210f", "ipv4-addr--593a4087-0794-49c2-899f-421c950d210f", "observed-data--593a4088-1548-4ed7-aefd-4306950d210f", "url--593a4088-1548-4ed7-aefd-4306950d210f", "observed-data--593a4088-6b60-4676-8ca8-481f950d210f", "network-traffic--593a4088-6b60-4676-8ca8-481f950d210f", "ipv4-addr--593a4088-6b60-4676-8ca8-481f950d210f", "observed-data--593a4089-98a0-4902-9e1a-496e950d210f", "url--593a4089-98a0-4902-9e1a-496e950d210f", "observed-data--593a4089-51c0-4014-bb8a-487a950d210f", "network-traffic--593a4089-51c0-4014-bb8a-487a950d210f", "ipv4-addr--593a4089-51c0-4014-bb8a-487a950d210f", "observed-data--593a408a-a178-4b03-8d22-4aa1950d210f", "url--593a408a-a178-4b03-8d22-4aa1950d210f", "observed-data--593a408a-b58c-46bf-8a77-4aeb950d210f", "network-traffic--593a408a-b58c-46bf-8a77-4aeb950d210f", "ipv4-addr--593a408a-b58c-46bf-8a77-4aeb950d210f", "observed-data--593a408b-43ec-4c32-8ccf-436f950d210f", "url--593a408b-43ec-4c32-8ccf-436f950d210f", "observed-data--593a408b-03d8-4e3f-951f-40ab950d210f", "network-traffic--593a408b-03d8-4e3f-951f-40ab950d210f", "ipv4-addr--593a408b-03d8-4e3f-951f-40ab950d210f", "observed-data--593a408c-a0c0-4e0d-8065-4d07950d210f", "url--593a408c-a0c0-4e0d-8065-4d07950d210f", "observed-data--593a408c-58a4-4c15-aff4-44c1950d210f", "network-traffic--593a408c-58a4-4c15-aff4-44c1950d210f", "ipv4-addr--593a408c-58a4-4c15-aff4-44c1950d210f", "observed-data--593a408d-cab4-4ef1-8268-48e5950d210f", "url--593a408d-cab4-4ef1-8268-48e5950d210f", "observed-data--593a408d-8530-4d03-bee0-4719950d210f", "network-traffic--593a408d-8530-4d03-bee0-4719950d210f", "ipv4-addr--593a408d-8530-4d03-bee0-4719950d210f", "observed-data--593a408e-5cdc-4a56-bf3f-45ee950d210f", "url--593a408e-5cdc-4a56-bf3f-45ee950d210f", "observed-data--593a408e-0efc-462c-bc09-4322950d210f", "network-traffic--593a408e-0efc-462c-bc09-4322950d210f", "ipv4-addr--593a408e-0efc-462c-bc09-4322950d210f", "observed-data--593a408f-ac40-41b2-80e0-8a4b950d210f", "url--593a408f-ac40-41b2-80e0-8a4b950d210f", "observed-data--593a4090-1864-4d27-9b7c-4728950d210f", "network-traffic--593a4090-1864-4d27-9b7c-4728950d210f", "ipv4-addr--593a4090-1864-4d27-9b7c-4728950d210f", "observed-data--593a4090-66dc-4988-8621-49b8950d210f", "url--593a4090-66dc-4988-8621-49b8950d210f", "observed-data--593a4091-27f8-49bd-a956-4f3b950d210f", "network-traffic--593a4091-27f8-49bd-a956-4f3b950d210f", "ipv4-addr--593a4091-27f8-49bd-a956-4f3b950d210f", "observed-data--593a4091-9f64-4733-b49d-4bcc950d210f", "url--593a4091-9f64-4733-b49d-4bcc950d210f", "observed-data--593a4092-1d04-4597-b962-8bcc950d210f", "network-traffic--593a4092-1d04-4597-b962-8bcc950d210f", "ipv4-addr--593a4092-1d04-4597-b962-8bcc950d210f", "observed-data--593a4092-aa28-447a-98ba-8a4b950d210f", "url--593a4092-aa28-447a-98ba-8a4b950d210f", "observed-data--593a4093-e5a8-4b1c-baf3-42e4950d210f", "network-traffic--593a4093-e5a8-4b1c-baf3-42e4950d210f", "ipv4-addr--593a4093-e5a8-4b1c-baf3-42e4950d210f", "observed-data--593a4093-43e4-4808-94be-41b4950d210f", "url--593a4093-43e4-4808-94be-41b4950d210f", "observed-data--593a4094-fbf8-41b7-a9fe-40cd950d210f", "network-traffic--593a4094-fbf8-41b7-a9fe-40cd950d210f", "ipv4-addr--593a4094-fbf8-41b7-a9fe-40cd950d210f", "observed-data--593a4095-2310-4ad8-8f3f-48a6950d210f", "url--593a4095-2310-4ad8-8f3f-48a6950d210f", "observed-data--593a4095-de94-475c-af06-4117950d210f", "network-traffic--593a4095-de94-475c-af06-4117950d210f", "ipv4-addr--593a4095-de94-475c-af06-4117950d210f", "observed-data--593a4096-2d98-4153-9b5e-4719950d210f", "url--593a4096-2d98-4153-9b5e-4719950d210f", "observed-data--593a4096-5ed4-402d-a52e-485f950d210f", "network-traffic--593a4096-5ed4-402d-a52e-485f950d210f", "ipv4-addr--593a4096-5ed4-402d-a52e-485f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4041-6ff0-4da4-a9a2-4723950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:21.000Z", "modified": "2017-06-09T06:29:21.000Z", "pattern": "[file:hashes.MD5 = 'a4644ad54e4ff86a4a3479927857ac29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4042-0aa4-48f1-8162-42b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:22.000Z", "modified": "2017-06-09T06:29:22.000Z", "pattern": "[file:hashes.MD5 = '9c6cecc960bfd950b64699b2fee1a723']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4042-c34c-4e1e-b880-4d33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:22.000Z", "modified": "2017-06-09T06:29:22.000Z", "pattern": "[url:value = 'http://1time.nl/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4043-1b80-40dd-b2d7-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:23.000Z", "modified": "2017-06-09T06:29:23.000Z", "pattern": "[domain-name:value = '1time.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4043-87c4-44c0-993f-415a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:23.000Z", "modified": "2017-06-09T06:29:23.000Z", "first_observed": "2017-06-09T06:29:23Z", "last_observed": "2017-06-09T06:29:23Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4043-87c4-44c0-993f-415a950d210f", "ipv4-addr--593a4043-87c4-44c0-993f-415a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4043-87c4-44c0-993f-415a950d210f", "dst_ref": "ipv4-addr--593a4043-87c4-44c0-993f-415a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4043-87c4-44c0-993f-415a950d210f", "value": "213.247.45.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4044-9a2c-4f18-bf0a-4877950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:24.000Z", "modified": "2017-06-09T06:29:24.000Z", "pattern": "[url:value = 'http://adproautomation.in/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4045-eb58-4cda-b988-475e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:25.000Z", "modified": "2017-06-09T06:29:25.000Z", "pattern": "[domain-name:value = 'adproautomation.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4046-1ec0-4ea7-a012-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:26.000Z", "modified": "2017-06-09T06:29:26.000Z", "first_observed": "2017-06-09T06:29:26Z", "last_observed": "2017-06-09T06:29:26Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4046-1ec0-4ea7-a012-46e6950d210f", "ipv4-addr--593a4046-1ec0-4ea7-a012-46e6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4046-1ec0-4ea7-a012-46e6950d210f", "dst_ref": "ipv4-addr--593a4046-1ec0-4ea7-a012-46e6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4046-1ec0-4ea7-a012-46e6950d210f", "value": "144.76.167.44" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4046-fc50-40c2-8be2-42a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:26.000Z", "modified": "2017-06-09T06:29:26.000Z", "pattern": "[url:value = 'http://aolongkeji.cn/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4047-b840-4779-97d7-4066950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:27.000Z", "modified": "2017-06-09T06:29:27.000Z", "pattern": "[domain-name:value = 'aolongkeji.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4048-95f0-4370-a255-43fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:28.000Z", "modified": "2017-06-09T06:29:28.000Z", "first_observed": "2017-06-09T06:29:28Z", "last_observed": "2017-06-09T06:29:28Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4048-95f0-4370-a255-43fc950d210f", "ipv4-addr--593a4048-95f0-4370-a255-43fc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4048-95f0-4370-a255-43fc950d210f", "dst_ref": "ipv4-addr--593a4048-95f0-4370-a255-43fc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4048-95f0-4370-a255-43fc950d210f", "value": "114.215.241.221" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4048-b4dc-498f-8061-4309950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:28.000Z", "modified": "2017-06-09T06:29:28.000Z", "pattern": "[url:value = 'http://beursgays.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4049-6634-469a-a424-46e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:29.000Z", "modified": "2017-06-09T06:29:29.000Z", "pattern": "[domain-name:value = 'beursgays.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4049-97fc-44b5-b26a-4a0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:29.000Z", "modified": "2017-06-09T06:29:29.000Z", "first_observed": "2017-06-09T06:29:29Z", "last_observed": "2017-06-09T06:29:29Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4049-97fc-44b5-b26a-4a0a950d210f", "ipv4-addr--593a4049-97fc-44b5-b26a-4a0a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4049-97fc-44b5-b26a-4a0a950d210f", "dst_ref": "ipv4-addr--593a4049-97fc-44b5-b26a-4a0a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4049-97fc-44b5-b26a-4a0a950d210f", "value": "178.237.37.40" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404a-729c-4ab0-ab82-4ae9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:30.000Z", "modified": "2017-06-09T06:29:30.000Z", "pattern": "[url:value = 'http://camberwellroofing.com.au/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404a-63ac-409c-aa8e-4863950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:30.000Z", "modified": "2017-06-09T06:29:30.000Z", "pattern": "[domain-name:value = 'camberwellroofing.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a404c-fc94-40df-ab5d-4281950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:32.000Z", "modified": "2017-06-09T06:29:32.000Z", "first_observed": "2017-06-09T06:29:32Z", "last_observed": "2017-06-09T06:29:32Z", "number_observed": 1, "object_refs": [ "network-traffic--593a404c-fc94-40df-ab5d-4281950d210f", "ipv4-addr--593a404c-fc94-40df-ab5d-4281950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a404c-fc94-40df-ab5d-4281950d210f", "dst_ref": "ipv4-addr--593a404c-fc94-40df-ab5d-4281950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a404c-fc94-40df-ab5d-4281950d210f", "value": "27.131.109.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404c-1dd8-4e72-bd3e-47d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:32.000Z", "modified": "2017-06-09T06:29:32.000Z", "pattern": "[url:value = 'http://caperlea.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404d-9fd8-4f8f-b883-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:33.000Z", "modified": "2017-06-09T06:29:33.000Z", "pattern": "[domain-name:value = 'caperlea.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a404e-b578-40de-b7cb-4855950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:34.000Z", "modified": "2017-06-09T06:29:34.000Z", "first_observed": "2017-06-09T06:29:34Z", "last_observed": "2017-06-09T06:29:34Z", "number_observed": 1, "object_refs": [ "network-traffic--593a404e-b578-40de-b7cb-4855950d210f", "ipv4-addr--593a404e-b578-40de-b7cb-4855950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a404e-b578-40de-b7cb-4855950d210f", "dst_ref": "ipv4-addr--593a404e-b578-40de-b7cb-4855950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a404e-b578-40de-b7cb-4855950d210f", "value": "69.49.96.13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404e-5214-4f41-bcc3-4327950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:34.000Z", "modified": "2017-06-09T06:29:34.000Z", "pattern": "[url:value = 'http://castvinyl.ru/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a404f-ca64-4df3-a19b-4596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:35.000Z", "modified": "2017-06-09T06:29:35.000Z", "pattern": "[domain-name:value = 'castvinyl.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4050-6db4-42f6-b01d-409c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:36.000Z", "modified": "2017-06-09T06:29:36.000Z", "first_observed": "2017-06-09T06:29:36Z", "last_observed": "2017-06-09T06:29:36Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4050-6db4-42f6-b01d-409c950d210f", "ipv4-addr--593a4050-6db4-42f6-b01d-409c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4050-6db4-42f6-b01d-409c950d210f", "dst_ref": "ipv4-addr--593a4050-6db4-42f6-b01d-409c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4050-6db4-42f6-b01d-409c950d210f", "value": "89.111.176.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4050-ea24-4f2c-8e3f-4c73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:36.000Z", "modified": "2017-06-09T06:29:36.000Z", "pattern": "[url:value = 'http://choralia.net/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4051-2c88-4a9e-bf85-4643950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:37.000Z", "modified": "2017-06-09T06:29:37.000Z", "pattern": "[domain-name:value = 'choralia.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4051-bf94-4f05-bca9-41a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:37.000Z", "modified": "2017-06-09T06:29:37.000Z", "first_observed": "2017-06-09T06:29:37Z", "last_observed": "2017-06-09T06:29:37Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4051-bf94-4f05-bca9-41a7950d210f", "ipv4-addr--593a4051-bf94-4f05-bca9-41a7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4051-bf94-4f05-bca9-41a7950d210f", "dst_ref": "ipv4-addr--593a4051-bf94-4f05-bca9-41a7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4051-bf94-4f05-bca9-41a7950d210f", "value": "216.172.169.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4052-9120-432e-b2e5-452e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:38.000Z", "modified": "2017-06-09T06:29:38.000Z", "pattern": "[url:value = 'http://chqm168.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4052-4870-41ea-a6bc-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:38.000Z", "modified": "2017-06-09T06:29:38.000Z", "pattern": "[domain-name:value = 'chqm168.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4054-a7d8-438d-814b-4926950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:40.000Z", "modified": "2017-06-09T06:29:40.000Z", "first_observed": "2017-06-09T06:29:40Z", "last_observed": "2017-06-09T06:29:40Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4054-a7d8-438d-814b-4926950d210f", "ipv4-addr--593a4054-a7d8-438d-814b-4926950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4054-a7d8-438d-814b-4926950d210f", "dst_ref": "ipv4-addr--593a4054-a7d8-438d-814b-4926950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4054-a7d8-438d-814b-4926950d210f", "value": "69.165.66.179" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4054-5c40-4038-94e6-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:40.000Z", "modified": "2017-06-09T06:29:40.000Z", "pattern": "[url:value = 'http://codeclinics.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4055-bcd8-4840-ac40-41f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:41.000Z", "modified": "2017-06-09T06:29:41.000Z", "pattern": "[domain-name:value = 'codeclinics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4056-d4c8-4836-bf07-4c6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:42.000Z", "modified": "2017-06-09T06:29:42.000Z", "first_observed": "2017-06-09T06:29:42Z", "last_observed": "2017-06-09T06:29:42Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4056-d4c8-4836-bf07-4c6a950d210f", "ipv4-addr--593a4056-d4c8-4836-bf07-4c6a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4056-d4c8-4836-bf07-4c6a950d210f", "dst_ref": "ipv4-addr--593a4056-d4c8-4836-bf07-4c6a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4056-d4c8-4836-bf07-4c6a950d210f", "value": "111.118.212.208" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4056-6b00-4ffc-a61f-4dca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:42.000Z", "modified": "2017-06-09T06:29:42.000Z", "pattern": "[url:value = 'http://essentialnulidtro.com/af/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4057-8d14-44a9-80e6-405d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:43.000Z", "modified": "2017-06-09T06:29:43.000Z", "pattern": "[domain-name:value = 'essentialnulidtro.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4059-2ce0-4f72-8e10-4f8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:45.000Z", "modified": "2017-06-09T06:29:45.000Z", "first_observed": "2017-06-09T06:29:45Z", "last_observed": "2017-06-09T06:29:45Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4059-2ce0-4f72-8e10-4f8c950d210f", "ipv4-addr--593a4059-2ce0-4f72-8e10-4f8c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4059-2ce0-4f72-8e10-4f8c950d210f", "dst_ref": "ipv4-addr--593a4059-2ce0-4f72-8e10-4f8c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4059-2ce0-4f72-8e10-4f8c950d210f", "value": "119.28.85.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405a-8170-42fd-a00d-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:46.000Z", "modified": "2017-06-09T06:29:46.000Z", "pattern": "[url:value = 'http://luxcasa.pt/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405b-4540-4032-bcc4-423b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:47.000Z", "modified": "2017-06-09T06:29:47.000Z", "pattern": "[domain-name:value = 'luxcasa.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a405b-1518-4bc5-af7a-4510950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:47.000Z", "modified": "2017-06-09T06:29:47.000Z", "first_observed": "2017-06-09T06:29:47Z", "last_observed": "2017-06-09T06:29:47Z", "number_observed": 1, "object_refs": [ "network-traffic--593a405b-1518-4bc5-af7a-4510950d210f", "ipv4-addr--593a405b-1518-4bc5-af7a-4510950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a405b-1518-4bc5-af7a-4510950d210f", "dst_ref": "ipv4-addr--593a405b-1518-4bc5-af7a-4510950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a405b-1518-4bc5-af7a-4510950d210f", "value": "109.71.43.177" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405c-9964-4a46-9924-4ecb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:48.000Z", "modified": "2017-06-09T06:29:48.000Z", "pattern": "[url:value = 'http://manish-choudhary.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405c-95e8-4c70-a705-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:48.000Z", "modified": "2017-06-09T06:29:48.000Z", "pattern": "[domain-name:value = 'manish-choudhary.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a405d-1110-441e-b3b1-4a8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:49.000Z", "modified": "2017-06-09T06:29:49.000Z", "first_observed": "2017-06-09T06:29:49Z", "last_observed": "2017-06-09T06:29:49Z", "number_observed": 1, "object_refs": [ "network-traffic--593a405d-1110-441e-b3b1-4a8e950d210f", "ipv4-addr--593a405d-1110-441e-b3b1-4a8e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a405d-1110-441e-b3b1-4a8e950d210f", "dst_ref": "ipv4-addr--593a405d-1110-441e-b3b1-4a8e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a405d-1110-441e-b3b1-4a8e950d210f", "value": "208.91.198.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405d-df28-4286-bf13-445b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:49.000Z", "modified": "2017-06-09T06:29:49.000Z", "pattern": "[url:value = 'http://martos.pt/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405e-4ad8-460e-9e16-44e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:50.000Z", "modified": "2017-06-09T06:29:50.000Z", "pattern": "[domain-name:value = 'martos.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a405e-d630-4953-b1f2-4eda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:50.000Z", "modified": "2017-06-09T06:29:50.000Z", "first_observed": "2017-06-09T06:29:50Z", "last_observed": "2017-06-09T06:29:50Z", "number_observed": 1, "object_refs": [ "network-traffic--593a405e-d630-4953-b1f2-4eda950d210f", "ipv4-addr--593a405e-d630-4953-b1f2-4eda950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a405e-d630-4953-b1f2-4eda950d210f", "dst_ref": "ipv4-addr--593a405e-d630-4953-b1f2-4eda950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a405e-d630-4953-b1f2-4eda950d210f", "value": "91.198.47.86" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405f-e86c-43cf-b94a-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:51.000Z", "modified": "2017-06-09T06:29:51.000Z", "pattern": "[url:value = 'http://micolon.de/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a405f-cee0-4701-82d6-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:51.000Z", "modified": "2017-06-09T06:29:51.000Z", "pattern": "[domain-name:value = 'micolon.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4060-d8f8-4821-b8e2-4c9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:52.000Z", "modified": "2017-06-09T06:29:52.000Z", "first_observed": "2017-06-09T06:29:52Z", "last_observed": "2017-06-09T06:29:52Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4060-d8f8-4821-b8e2-4c9c950d210f", "ipv4-addr--593a4060-d8f8-4821-b8e2-4c9c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4060-d8f8-4821-b8e2-4c9c950d210f", "dst_ref": "ipv4-addr--593a4060-d8f8-4821-b8e2-4c9c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4060-d8f8-4821-b8e2-4c9c950d210f", "value": "81.169.145.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4061-bf98-441d-aee8-47c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:53.000Z", "modified": "2017-06-09T06:29:53.000Z", "pattern": "[url:value = 'http://muldefischer.de/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4061-1b8c-40fd-a9a3-4f01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:53.000Z", "modified": "2017-06-09T06:29:53.000Z", "pattern": "[domain-name:value = 'muldefischer.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4062-e83c-4bb0-b81d-4c42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:54.000Z", "modified": "2017-06-09T06:29:54.000Z", "first_observed": "2017-06-09T06:29:54Z", "last_observed": "2017-06-09T06:29:54Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4062-e83c-4bb0-b81d-4c42950d210f", "ipv4-addr--593a4062-e83c-4bb0-b81d-4c42950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4062-e83c-4bb0-b81d-4c42950d210f", "dst_ref": "ipv4-addr--593a4062-e83c-4bb0-b81d-4c42950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4062-e83c-4bb0-b81d-4c42950d210f", "value": "81.169.145.170" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4063-6a6c-48ed-8298-4014950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:55.000Z", "modified": "2017-06-09T06:29:55.000Z", "pattern": "[url:value = 'http://musee-champollion.fr/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4064-6e34-4654-9000-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:56.000Z", "modified": "2017-06-09T06:29:56.000Z", "pattern": "[domain-name:value = 'musee-champollion.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4064-0500-438c-909f-4d8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:56.000Z", "modified": "2017-06-09T06:29:56.000Z", "first_observed": "2017-06-09T06:29:56Z", "last_observed": "2017-06-09T06:29:56Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4064-0500-438c-909f-4d8f950d210f", "ipv4-addr--593a4064-0500-438c-909f-4d8f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4064-0500-438c-909f-4d8f950d210f", "dst_ref": "ipv4-addr--593a4064-0500-438c-909f-4d8f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4064-0500-438c-909f-4d8f950d210f", "value": "195.5.208.205" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4065-0a44-4297-b770-45e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:57.000Z", "modified": "2017-06-09T06:29:57.000Z", "pattern": "[url:value = 'http://mybutterhalf.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4065-d118-43f1-bd99-4d66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:57.000Z", "modified": "2017-06-09T06:29:57.000Z", "pattern": "[domain-name:value = 'mybutterhalf.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4066-ada8-4db2-8000-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:58.000Z", "modified": "2017-06-09T06:29:58.000Z", "first_observed": "2017-06-09T06:29:58Z", "last_observed": "2017-06-09T06:29:58Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4066-ada8-4db2-8000-8a4b950d210f", "ipv4-addr--593a4066-ada8-4db2-8000-8a4b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4066-ada8-4db2-8000-8a4b950d210f", "dst_ref": "ipv4-addr--593a4066-ada8-4db2-8000-8a4b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4066-ada8-4db2-8000-8a4b950d210f", "value": "208.91.198.170" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4066-5ff0-4155-b1b8-4a78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:58.000Z", "modified": "2017-06-09T06:29:58.000Z", "pattern": "[url:value = 'http://mytraveltrip.in/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4067-4d44-42a9-9aa4-4474950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:29:59.000Z", "modified": "2017-06-09T06:29:59.000Z", "pattern": "[domain-name:value = 'mytraveltrip.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:29:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4068-3f7c-4903-b95e-4f32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:00.000Z", "modified": "2017-06-09T06:30:00.000Z", "first_observed": "2017-06-09T06:30:00Z", "last_observed": "2017-06-09T06:30:00Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4068-3f7c-4903-b95e-4f32950d210f", "ipv4-addr--593a4068-3f7c-4903-b95e-4f32950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4068-3f7c-4903-b95e-4f32950d210f", "dst_ref": "ipv4-addr--593a4068-3f7c-4903-b95e-4f32950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4068-3f7c-4903-b95e-4f32950d210f", "value": "103.21.59.24" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4068-e0ec-4664-9ada-48fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:00.000Z", "modified": "2017-06-09T06:30:00.000Z", "pattern": "[url:value = 'http://saheser.net/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4069-f57c-4d9c-bbfb-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:01.000Z", "modified": "2017-06-09T06:30:01.000Z", "pattern": "[domain-name:value = 'saheser.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4069-38f4-4e65-95e9-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:01.000Z", "modified": "2017-06-09T06:30:01.000Z", "first_observed": "2017-06-09T06:30:01Z", "last_observed": "2017-06-09T06:30:01Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4069-38f4-4e65-95e9-4728950d210f", "ipv4-addr--593a4069-38f4-4e65-95e9-4728950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4069-38f4-4e65-95e9-4728950d210f", "dst_ref": "ipv4-addr--593a4069-38f4-4e65-95e9-4728950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4069-38f4-4e65-95e9-4728950d210f", "value": "176.53.85.89" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406a-e98c-48af-8a47-49aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:02.000Z", "modified": "2017-06-09T06:30:02.000Z", "pattern": "[url:value = 'http://sanftes-reiten.de/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406b-3998-4d9d-8044-4bee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:03.000Z", "modified": "2017-06-09T06:30:03.000Z", "pattern": "[domain-name:value = 'sanftes-reiten.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a406b-dc34-4ddc-aa09-4ff3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:03.000Z", "modified": "2017-06-09T06:30:03.000Z", "first_observed": "2017-06-09T06:30:03Z", "last_observed": "2017-06-09T06:30:03Z", "number_observed": 1, "object_refs": [ "network-traffic--593a406b-dc34-4ddc-aa09-4ff3950d210f", "ipv4-addr--593a406b-dc34-4ddc-aa09-4ff3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a406b-dc34-4ddc-aa09-4ff3950d210f", "dst_ref": "ipv4-addr--593a406b-dc34-4ddc-aa09-4ff3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a406b-dc34-4ddc-aa09-4ff3950d210f", "value": "81.169.145.77" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406c-68f8-40b7-854c-4b8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:04.000Z", "modified": "2017-06-09T06:30:04.000Z", "pattern": "[url:value = 'http://shopf3.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406d-c740-4f8f-bedb-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:05.000Z", "modified": "2017-06-09T06:30:05.000Z", "pattern": "[domain-name:value = 'shopf3.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a406e-0b9c-4b65-a928-465a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:06.000Z", "modified": "2017-06-09T06:30:06.000Z", "first_observed": "2017-06-09T06:30:06Z", "last_observed": "2017-06-09T06:30:06Z", "number_observed": 1, "object_refs": [ "network-traffic--593a406e-0b9c-4b65-a928-465a950d210f", "ipv4-addr--593a406e-0b9c-4b65-a928-465a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a406e-0b9c-4b65-a928-465a950d210f", "dst_ref": "ipv4-addr--593a406e-0b9c-4b65-a928-465a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a406e-0b9c-4b65-a928-465a950d210f", "value": "160.153.42.132" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406e-0e28-4531-94f8-44f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:06.000Z", "modified": "2017-06-09T06:30:06.000Z", "pattern": "[url:value = 'http://shreekamothe.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a406f-6ee4-4e7e-9ae8-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:07.000Z", "modified": "2017-06-09T06:30:07.000Z", "pattern": "[domain-name:value = 'shreekamothe.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4070-59c8-4aa3-92e7-4fae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:08.000Z", "modified": "2017-06-09T06:30:08.000Z", "first_observed": "2017-06-09T06:30:08Z", "last_observed": "2017-06-09T06:30:08Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4070-59c8-4aa3-92e7-4fae950d210f", "ipv4-addr--593a4070-59c8-4aa3-92e7-4fae950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4070-59c8-4aa3-92e7-4fae950d210f", "dst_ref": "ipv4-addr--593a4070-59c8-4aa3-92e7-4fae950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4070-59c8-4aa3-92e7-4fae950d210f", "value": "199.79.62.205" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4071-8ed0-49a7-9568-472b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:09.000Z", "modified": "2017-06-09T06:30:09.000Z", "pattern": "[url:value = 'http://spocom.de/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4071-20dc-42e8-ad0a-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:09.000Z", "modified": "2017-06-09T06:30:09.000Z", "pattern": "[domain-name:value = 'spocom.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4072-4b28-442e-924b-4dff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:10.000Z", "modified": "2017-06-09T06:30:10.000Z", "first_observed": "2017-06-09T06:30:10Z", "last_observed": "2017-06-09T06:30:10Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4072-4b28-442e-924b-4dff950d210f", "ipv4-addr--593a4072-4b28-442e-924b-4dff950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4072-4b28-442e-924b-4dff950d210f", "dst_ref": "ipv4-addr--593a4072-4b28-442e-924b-4dff950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4072-4b28-442e-924b-4dff950d210f", "value": "81.169.145.71" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4072-fcbc-4d64-a87b-4f1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:10.000Z", "modified": "2017-06-09T06:30:10.000Z", "pattern": "[url:value = 'http://sumbermakmur.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4073-df80-42a0-a597-4509950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:11.000Z", "modified": "2017-06-09T06:30:11.000Z", "pattern": "[domain-name:value = 'sumbermakmur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4074-ea84-4902-aa25-4a19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:12.000Z", "modified": "2017-06-09T06:30:12.000Z", "first_observed": "2017-06-09T06:30:12Z", "last_observed": "2017-06-09T06:30:12Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4074-ea84-4902-aa25-4a19950d210f", "ipv4-addr--593a4074-ea84-4902-aa25-4a19950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4074-ea84-4902-aa25-4a19950d210f", "dst_ref": "ipv4-addr--593a4074-ea84-4902-aa25-4a19950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4074-ea84-4902-aa25-4a19950d210f", "value": "174.120.70.216" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4074-832c-40d1-b779-4888950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:12.000Z", "modified": "2017-06-09T06:30:12.000Z", "pattern": "[url:value = 'http://surgideals.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4074-978c-4808-8104-42d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:12.000Z", "modified": "2017-06-09T06:30:12.000Z", "pattern": "[domain-name:value = 'surgideals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4075-634c-4d76-9962-467c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:13.000Z", "modified": "2017-06-09T06:30:13.000Z", "first_observed": "2017-06-09T06:30:13Z", "last_observed": "2017-06-09T06:30:13Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4075-634c-4d76-9962-467c950d210f", "ipv4-addr--593a4075-634c-4d76-9962-467c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4075-634c-4d76-9962-467c950d210f", "dst_ref": "ipv4-addr--593a4075-634c-4d76-9962-467c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4075-634c-4d76-9962-467c950d210f", "value": "103.21.59.28" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4076-cfe0-42af-a159-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:14.000Z", "modified": "2017-06-09T06:30:14.000Z", "pattern": "[url:value = 'http://suskunst.dk/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4076-3d88-4c6b-b3b9-44c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:14.000Z", "modified": "2017-06-09T06:30:14.000Z", "pattern": "[domain-name:value = 'suskunst.dk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4077-6210-4164-839f-4d2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:15.000Z", "modified": "2017-06-09T06:30:15.000Z", "first_observed": "2017-06-09T06:30:15Z", "last_observed": "2017-06-09T06:30:15Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4077-6210-4164-839f-4d2f950d210f", "ipv4-addr--593a4077-6210-4164-839f-4d2f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4077-6210-4164-839f-4d2f950d210f", "dst_ref": "ipv4-addr--593a4077-6210-4164-839f-4d2f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4077-6210-4164-839f-4d2f950d210f", "value": "46.30.213.72" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4077-0948-4d74-afcc-4656950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:15.000Z", "modified": "2017-06-09T06:30:15.000Z", "pattern": "[url:value = 'http://sutek-industry.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a4078-d0ac-4b60-9285-458a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:16.000Z", "modified": "2017-06-09T06:30:16.000Z", "pattern": "[domain-name:value = 'sutek-industry.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4079-693c-4bba-9550-4865950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:17.000Z", "modified": "2017-06-09T06:30:17.000Z", "first_observed": "2017-06-09T06:30:17Z", "last_observed": "2017-06-09T06:30:17Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4079-693c-4bba-9550-4865950d210f", "ipv4-addr--593a4079-693c-4bba-9550-4865950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4079-693c-4bba-9550-4865950d210f", "dst_ref": "ipv4-addr--593a4079-693c-4bba-9550-4865950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4079-693c-4bba-9550-4865950d210f", "value": "209.99.16.217" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a407a-d020-4c2d-b14b-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:18.000Z", "modified": "2017-06-09T06:30:18.000Z", "pattern": "[url:value = 'http://svagin.dk/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a407a-b348-4f1d-9908-41d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:18.000Z", "modified": "2017-06-09T06:30:18.000Z", "pattern": "[domain-name:value = 'svagin.dk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a407b-e75c-45f2-a67a-432b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:19.000Z", "modified": "2017-06-09T06:30:19.000Z", "first_observed": "2017-06-09T06:30:19Z", "last_observed": "2017-06-09T06:30:19Z", "number_observed": 1, "object_refs": [ "network-traffic--593a407b-e75c-45f2-a67a-432b950d210f", "ipv4-addr--593a407b-e75c-45f2-a67a-432b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a407b-e75c-45f2-a67a-432b950d210f", "dst_ref": "ipv4-addr--593a407b-e75c-45f2-a67a-432b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a407b-e75c-45f2-a67a-432b950d210f", "value": "46.30.213.233" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a407c-b068-4869-8fc2-43a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:20.000Z", "modified": "2017-06-09T06:30:20.000Z", "pattern": "[url:value = 'http://xinding.com/7gyb3ds']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--593a407c-1a10-41a7-8efa-4a6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:20.000Z", "modified": "2017-06-09T06:30:20.000Z", "pattern": "[domain-name:value = 'xinding.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-09T06:30:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4084-8398-4a55-8198-4228950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:28.000Z", "modified": "2017-06-09T06:30:28.000Z", "first_observed": "2017-06-09T06:30:28Z", "last_observed": "2017-06-09T06:30:28Z", "number_observed": 1, "object_refs": [ "url--593a4084-8398-4a55-8198-4228950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4084-8398-4a55-8198-4228950d210f", "value": "147.135.144.28" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4084-7e2c-4274-9791-42c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:28.000Z", "modified": "2017-06-09T06:30:28.000Z", "first_observed": "2017-06-09T06:30:28Z", "last_observed": "2017-06-09T06:30:28Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4084-7e2c-4274-9791-42c0950d210f", "ipv4-addr--593a4084-7e2c-4274-9791-42c0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4084-7e2c-4274-9791-42c0950d210f", "dst_ref": "ipv4-addr--593a4084-7e2c-4274-9791-42c0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4084-7e2c-4274-9791-42c0950d210f", "value": "147.135.144.28" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4085-2bd0-4c6f-a237-4e08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:29.000Z", "modified": "2017-06-09T06:30:29.000Z", "first_observed": "2017-06-09T06:30:29Z", "last_observed": "2017-06-09T06:30:29Z", "number_observed": 1, "object_refs": [ "url--593a4085-2bd0-4c6f-a237-4e08950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4085-2bd0-4c6f-a237-4e08950d210f", "value": "176.121.213.31" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4085-f9ec-47b0-9f33-4045950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:29.000Z", "modified": "2017-06-09T06:30:29.000Z", "first_observed": "2017-06-09T06:30:29Z", "last_observed": "2017-06-09T06:30:29Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4085-f9ec-47b0-9f33-4045950d210f", "ipv4-addr--593a4085-f9ec-47b0-9f33-4045950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4085-f9ec-47b0-9f33-4045950d210f", "dst_ref": "ipv4-addr--593a4085-f9ec-47b0-9f33-4045950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4085-f9ec-47b0-9f33-4045950d210f", "value": "176.121.213.31" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4086-31d8-4c4d-8677-48f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:30.000Z", "modified": "2017-06-09T06:30:30.000Z", "first_observed": "2017-06-09T06:30:30Z", "last_observed": "2017-06-09T06:30:30Z", "number_observed": 1, "object_refs": [ "url--593a4086-31d8-4c4d-8677-48f9950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4086-31d8-4c4d-8677-48f9950d210f", "value": "185.86.150.185" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4086-5978-41f1-a5ad-4a84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:30.000Z", "modified": "2017-06-09T06:30:30.000Z", "first_observed": "2017-06-09T06:30:30Z", "last_observed": "2017-06-09T06:30:30Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4086-5978-41f1-a5ad-4a84950d210f", "ipv4-addr--593a4086-5978-41f1-a5ad-4a84950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4086-5978-41f1-a5ad-4a84950d210f", "dst_ref": "ipv4-addr--593a4086-5978-41f1-a5ad-4a84950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4086-5978-41f1-a5ad-4a84950d210f", "value": "185.86.150.185" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4087-9220-49cb-8687-4dec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:31.000Z", "modified": "2017-06-09T06:30:31.000Z", "first_observed": "2017-06-09T06:30:31Z", "last_observed": "2017-06-09T06:30:31Z", "number_observed": 1, "object_refs": [ "url--593a4087-9220-49cb-8687-4dec950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4087-9220-49cb-8687-4dec950d210f", "value": "193.0.140.177" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4087-0794-49c2-899f-421c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:31.000Z", "modified": "2017-06-09T06:30:31.000Z", "first_observed": "2017-06-09T06:30:31Z", "last_observed": "2017-06-09T06:30:31Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4087-0794-49c2-899f-421c950d210f", "ipv4-addr--593a4087-0794-49c2-899f-421c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4087-0794-49c2-899f-421c950d210f", "dst_ref": "ipv4-addr--593a4087-0794-49c2-899f-421c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4087-0794-49c2-899f-421c950d210f", "value": "193.0.140.177" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4088-1548-4ed7-aefd-4306950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:32.000Z", "modified": "2017-06-09T06:30:32.000Z", "first_observed": "2017-06-09T06:30:32Z", "last_observed": "2017-06-09T06:30:32Z", "number_observed": 1, "object_refs": [ "url--593a4088-1548-4ed7-aefd-4306950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4088-1548-4ed7-aefd-4306950d210f", "value": "194.87.102.6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4088-6b60-4676-8ca8-481f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:32.000Z", "modified": "2017-06-09T06:30:32.000Z", "first_observed": "2017-06-09T06:30:32Z", "last_observed": "2017-06-09T06:30:32Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4088-6b60-4676-8ca8-481f950d210f", "ipv4-addr--593a4088-6b60-4676-8ca8-481f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4088-6b60-4676-8ca8-481f950d210f", "dst_ref": "ipv4-addr--593a4088-6b60-4676-8ca8-481f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4088-6b60-4676-8ca8-481f950d210f", "value": "194.87.102.6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4089-98a0-4902-9e1a-496e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:33.000Z", "modified": "2017-06-09T06:30:33.000Z", "first_observed": "2017-06-09T06:30:33Z", "last_observed": "2017-06-09T06:30:33Z", "number_observed": 1, "object_refs": [ "url--593a4089-98a0-4902-9e1a-496e950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4089-98a0-4902-9e1a-496e950d210f", "value": "194.87.234.99" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4089-51c0-4014-bb8a-487a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:33.000Z", "modified": "2017-06-09T06:30:33.000Z", "first_observed": "2017-06-09T06:30:33Z", "last_observed": "2017-06-09T06:30:33Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4089-51c0-4014-bb8a-487a950d210f", "ipv4-addr--593a4089-51c0-4014-bb8a-487a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4089-51c0-4014-bb8a-487a950d210f", "dst_ref": "ipv4-addr--593a4089-51c0-4014-bb8a-487a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4089-51c0-4014-bb8a-487a950d210f", "value": "194.87.234.99" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408a-a178-4b03-8d22-4aa1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:34.000Z", "modified": "2017-06-09T06:30:34.000Z", "first_observed": "2017-06-09T06:30:34Z", "last_observed": "2017-06-09T06:30:34Z", "number_observed": 1, "object_refs": [ "url--593a408a-a178-4b03-8d22-4aa1950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408a-a178-4b03-8d22-4aa1950d210f", "value": "195.133.144.138" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408a-b58c-46bf-8a77-4aeb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:34.000Z", "modified": "2017-06-09T06:30:34.000Z", "first_observed": "2017-06-09T06:30:34Z", "last_observed": "2017-06-09T06:30:34Z", "number_observed": 1, "object_refs": [ "network-traffic--593a408a-b58c-46bf-8a77-4aeb950d210f", "ipv4-addr--593a408a-b58c-46bf-8a77-4aeb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a408a-b58c-46bf-8a77-4aeb950d210f", "dst_ref": "ipv4-addr--593a408a-b58c-46bf-8a77-4aeb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a408a-b58c-46bf-8a77-4aeb950d210f", "value": "195.133.144.138" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408b-43ec-4c32-8ccf-436f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:35.000Z", "modified": "2017-06-09T06:30:35.000Z", "first_observed": "2017-06-09T06:30:35Z", "last_observed": "2017-06-09T06:30:35Z", "number_observed": 1, "object_refs": [ "url--593a408b-43ec-4c32-8ccf-436f950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408b-43ec-4c32-8ccf-436f950d210f", "value": "195.2.252.152" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408b-03d8-4e3f-951f-40ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:35.000Z", "modified": "2017-06-09T06:30:35.000Z", "first_observed": "2017-06-09T06:30:35Z", "last_observed": "2017-06-09T06:30:35Z", "number_observed": 1, "object_refs": [ "network-traffic--593a408b-03d8-4e3f-951f-40ab950d210f", "ipv4-addr--593a408b-03d8-4e3f-951f-40ab950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a408b-03d8-4e3f-951f-40ab950d210f", "dst_ref": "ipv4-addr--593a408b-03d8-4e3f-951f-40ab950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a408b-03d8-4e3f-951f-40ab950d210f", "value": "195.2.252.152" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408c-a0c0-4e0d-8065-4d07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:36.000Z", "modified": "2017-06-09T06:30:36.000Z", "first_observed": "2017-06-09T06:30:36Z", "last_observed": "2017-06-09T06:30:36Z", "number_observed": 1, "object_refs": [ "url--593a408c-a0c0-4e0d-8065-4d07950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408c-a0c0-4e0d-8065-4d07950d210f", "value": "196.11.84.62" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408c-58a4-4c15-aff4-44c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:36.000Z", "modified": "2017-06-09T06:30:36.000Z", "first_observed": "2017-06-09T06:30:36Z", "last_observed": "2017-06-09T06:30:36Z", "number_observed": 1, "object_refs": [ "network-traffic--593a408c-58a4-4c15-aff4-44c1950d210f", "ipv4-addr--593a408c-58a4-4c15-aff4-44c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a408c-58a4-4c15-aff4-44c1950d210f", "dst_ref": "ipv4-addr--593a408c-58a4-4c15-aff4-44c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a408c-58a4-4c15-aff4-44c1950d210f", "value": "196.11.84.62" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408d-cab4-4ef1-8268-48e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:37.000Z", "modified": "2017-06-09T06:30:37.000Z", "first_observed": "2017-06-09T06:30:37Z", "last_observed": "2017-06-09T06:30:37Z", "number_observed": 1, "object_refs": [ "url--593a408d-cab4-4ef1-8268-48e5950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408d-cab4-4ef1-8268-48e5950d210f", "value": "212.24.110.154" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408d-8530-4d03-bee0-4719950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:37.000Z", "modified": "2017-06-09T06:30:37.000Z", "first_observed": "2017-06-09T06:30:37Z", "last_observed": "2017-06-09T06:30:37Z", "number_observed": 1, "object_refs": [ "network-traffic--593a408d-8530-4d03-bee0-4719950d210f", "ipv4-addr--593a408d-8530-4d03-bee0-4719950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a408d-8530-4d03-bee0-4719950d210f", "dst_ref": "ipv4-addr--593a408d-8530-4d03-bee0-4719950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a408d-8530-4d03-bee0-4719950d210f", "value": "212.24.110.154" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408e-5cdc-4a56-bf3f-45ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:38.000Z", "modified": "2017-06-09T06:30:38.000Z", "first_observed": "2017-06-09T06:30:38Z", "last_observed": "2017-06-09T06:30:38Z", "number_observed": 1, "object_refs": [ "url--593a408e-5cdc-4a56-bf3f-45ee950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408e-5cdc-4a56-bf3f-45ee950d210f", "value": "212.24.110.190" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408e-0efc-462c-bc09-4322950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:38.000Z", "modified": "2017-06-09T06:30:38.000Z", "first_observed": "2017-06-09T06:30:38Z", "last_observed": "2017-06-09T06:30:38Z", "number_observed": 1, "object_refs": [ "network-traffic--593a408e-0efc-462c-bc09-4322950d210f", "ipv4-addr--593a408e-0efc-462c-bc09-4322950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a408e-0efc-462c-bc09-4322950d210f", "dst_ref": "ipv4-addr--593a408e-0efc-462c-bc09-4322950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a408e-0efc-462c-bc09-4322950d210f", "value": "212.24.110.190" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a408f-ac40-41b2-80e0-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:39.000Z", "modified": "2017-06-09T06:30:39.000Z", "first_observed": "2017-06-09T06:30:39Z", "last_observed": "2017-06-09T06:30:39Z", "number_observed": 1, "object_refs": [ "url--593a408f-ac40-41b2-80e0-8a4b950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a408f-ac40-41b2-80e0-8a4b950d210f", "value": "37.59.158.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4090-1864-4d27-9b7c-4728950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:40.000Z", "modified": "2017-06-09T06:30:40.000Z", "first_observed": "2017-06-09T06:30:40Z", "last_observed": "2017-06-09T06:30:40Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4090-1864-4d27-9b7c-4728950d210f", "ipv4-addr--593a4090-1864-4d27-9b7c-4728950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4090-1864-4d27-9b7c-4728950d210f", "dst_ref": "ipv4-addr--593a4090-1864-4d27-9b7c-4728950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4090-1864-4d27-9b7c-4728950d210f", "value": "37.59.158.241" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4090-66dc-4988-8621-49b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:40.000Z", "modified": "2017-06-09T06:30:40.000Z", "first_observed": "2017-06-09T06:30:40Z", "last_observed": "2017-06-09T06:30:40Z", "number_observed": 1, "object_refs": [ "url--593a4090-66dc-4988-8621-49b8950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4090-66dc-4988-8621-49b8950d210f", "value": "5.45.64.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4091-27f8-49bd-a956-4f3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:41.000Z", "modified": "2017-06-09T06:30:41.000Z", "first_observed": "2017-06-09T06:30:41Z", "last_observed": "2017-06-09T06:30:41Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4091-27f8-49bd-a956-4f3b950d210f", "ipv4-addr--593a4091-27f8-49bd-a956-4f3b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4091-27f8-49bd-a956-4f3b950d210f", "dst_ref": "ipv4-addr--593a4091-27f8-49bd-a956-4f3b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4091-27f8-49bd-a956-4f3b950d210f", "value": "5.45.64.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4091-9f64-4733-b49d-4bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:41.000Z", "modified": "2017-06-09T06:30:41.000Z", "first_observed": "2017-06-09T06:30:41Z", "last_observed": "2017-06-09T06:30:41Z", "number_observed": 1, "object_refs": [ "url--593a4091-9f64-4733-b49d-4bcc950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4091-9f64-4733-b49d-4bcc950d210f", "value": "68.191.80.115" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4092-1d04-4597-b962-8bcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:42.000Z", "modified": "2017-06-09T06:30:42.000Z", "first_observed": "2017-06-09T06:30:42Z", "last_observed": "2017-06-09T06:30:42Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4092-1d04-4597-b962-8bcc950d210f", "ipv4-addr--593a4092-1d04-4597-b962-8bcc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4092-1d04-4597-b962-8bcc950d210f", "dst_ref": "ipv4-addr--593a4092-1d04-4597-b962-8bcc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4092-1d04-4597-b962-8bcc950d210f", "value": "68.191.80.115" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4092-aa28-447a-98ba-8a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:42.000Z", "modified": "2017-06-09T06:30:42.000Z", "first_observed": "2017-06-09T06:30:42Z", "last_observed": "2017-06-09T06:30:42Z", "number_observed": 1, "object_refs": [ "url--593a4092-aa28-447a-98ba-8a4b950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4092-aa28-447a-98ba-8a4b950d210f", "value": "76.8.104.213" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4093-e5a8-4b1c-baf3-42e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:43.000Z", "modified": "2017-06-09T06:30:43.000Z", "first_observed": "2017-06-09T06:30:43Z", "last_observed": "2017-06-09T06:30:43Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4093-e5a8-4b1c-baf3-42e4950d210f", "ipv4-addr--593a4093-e5a8-4b1c-baf3-42e4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4093-e5a8-4b1c-baf3-42e4950d210f", "dst_ref": "ipv4-addr--593a4093-e5a8-4b1c-baf3-42e4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4093-e5a8-4b1c-baf3-42e4950d210f", "value": "76.8.104.213" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4093-43e4-4808-94be-41b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:43.000Z", "modified": "2017-06-09T06:30:43.000Z", "first_observed": "2017-06-09T06:30:43Z", "last_observed": "2017-06-09T06:30:43Z", "number_observed": 1, "object_refs": [ "url--593a4093-43e4-4808-94be-41b4950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4093-43e4-4808-94be-41b4950d210f", "value": "89.231.13.18" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4094-fbf8-41b7-a9fe-40cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:44.000Z", "modified": "2017-06-09T06:30:44.000Z", "first_observed": "2017-06-09T06:30:44Z", "last_observed": "2017-06-09T06:30:44Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4094-fbf8-41b7-a9fe-40cd950d210f", "ipv4-addr--593a4094-fbf8-41b7-a9fe-40cd950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4094-fbf8-41b7-a9fe-40cd950d210f", "dst_ref": "ipv4-addr--593a4094-fbf8-41b7-a9fe-40cd950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4094-fbf8-41b7-a9fe-40cd950d210f", "value": "89.231.13.18" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4095-2310-4ad8-8f3f-48a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:45.000Z", "modified": "2017-06-09T06:30:45.000Z", "first_observed": "2017-06-09T06:30:45Z", "last_observed": "2017-06-09T06:30:45Z", "number_observed": 1, "object_refs": [ "url--593a4095-2310-4ad8-8f3f-48a6950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4095-2310-4ad8-8f3f-48a6950d210f", "value": "89.231.13.24" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4095-de94-475c-af06-4117950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:45.000Z", "modified": "2017-06-09T06:30:45.000Z", "first_observed": "2017-06-09T06:30:45Z", "last_observed": "2017-06-09T06:30:45Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4095-de94-475c-af06-4117950d210f", "ipv4-addr--593a4095-de94-475c-af06-4117950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4095-de94-475c-af06-4117950d210f", "dst_ref": "ipv4-addr--593a4095-de94-475c-af06-4117950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4095-de94-475c-af06-4117950d210f", "value": "89.231.13.24" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4096-2d98-4153-9b5e-4719950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:46.000Z", "modified": "2017-06-09T06:30:46.000Z", "first_observed": "2017-06-09T06:30:46Z", "last_observed": "2017-06-09T06:30:46Z", "number_observed": 1, "object_refs": [ "url--593a4096-2d98-4153-9b5e-4719950d210f" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--593a4096-2d98-4153-9b5e-4719950d210f", "value": "89.231.13.27" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--593a4096-5ed4-402d-a52e-485f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-09T06:30:46.000Z", "modified": "2017-06-09T06:30:46.000Z", "first_observed": "2017-06-09T06:30:46Z", "last_observed": "2017-06-09T06:30:46Z", "number_observed": 1, "object_refs": [ "network-traffic--593a4096-5ed4-402d-a52e-485f950d210f", "ipv4-addr--593a4096-5ed4-402d-a52e-485f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--593a4096-5ed4-402d-a52e-485f950d210f", "dst_ref": "ipv4-addr--593a4096-5ed4-402d-a52e-485f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--593a4096-5ed4-402d-a52e-485f950d210f", "value": "89.231.13.27" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }