{ "type": "bundle", "id": "bundle--59c28fd3-6c10-44dd-b40d-46f5950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:59.000Z", "modified": "2017-09-21T12:49:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59c28fd3-6c10-44dd-b40d-46f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:59.000Z", "modified": "2017-09-21T12:49:59.000Z", "name": "M2M - Locky 2017-09-19 : Affid=3, offline, \".ykcol\" : \"HERBALIFE Order Number: 6N01001234\" - \"6N01001234_1.7z\"", "published": "2017-09-25T11:46:13Z", "object_refs": [ "indicator--59c28fd3-8ba4-43a7-9788-466a950d210f", "indicator--59c28fd4-bb34-41d4-8cad-4cb1950d210f", "indicator--59c28fd4-41fc-4142-9754-43f9950d210f", "observed-data--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "indicator--59c28fd5-fe78-47ad-b1bf-4bc5950d210f", "indicator--59c28fd5-febc-402b-8871-4f83950d210f", "observed-data--59c28fd5-42dc-484a-81e5-792e950d210f", "network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f", "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f", "indicator--59c28fd6-59ac-4244-8684-44b9950d210f", "indicator--59c28fd6-46bc-494d-a2aa-4156950d210f", "observed-data--59c28fd6-a4d4-442e-a8de-4425950d210f", "network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f", "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f", "indicator--59c28fd6-73ec-446f-b8f9-4d2b950d210f", "indicator--59c28fd6-ef6c-40ed-81df-4e5c950d210f", "observed-data--59c28fd8-a7dc-4549-a64e-4461950d210f", "network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f", "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f", "indicator--59c28fd8-6c4c-4811-a395-4ee8950d210f", "indicator--59c28fd8-01e8-4676-b4d8-4147950d210f", "observed-data--59c28fd9-33b0-4265-9005-4016950d210f", "network-traffic--59c28fd9-33b0-4265-9005-4016950d210f", "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f", "indicator--59c28fd9-be7c-4cb1-be22-44b8950d210f", "indicator--59c28fd9-7124-4825-8594-79d3950d210f", "observed-data--59c28fd9-ad38-4ab2-8311-43e5950d210f", "network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f", "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f", "indicator--59c28fd9-cf9c-4fcb-adb9-4e96950d210f", "indicator--59c28fda-a638-4d40-b7e3-46fe950d210f", "observed-data--59c28fda-8eb8-43be-b992-4087950d210f", "network-traffic--59c28fda-8eb8-43be-b992-4087950d210f", "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f", "indicator--59c28fda-ebf4-4157-afbc-472e950d210f", "indicator--59c28fda-16b8-4c50-9b74-4294950d210f", "observed-data--59c28fda-c080-4286-b46d-4ea9950d210f", "network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f", "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f", "indicator--59c28fdb-37a8-47f5-b617-4306950d210f", "indicator--59c28fdb-d628-4a04-8b8f-4ec3950d210f", "observed-data--59c28fdb-f510-45c5-b667-47d8950d210f", "network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f", "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f", "indicator--59c28fdb-cecc-4077-aa9a-48dd950d210f", "indicator--59c28fdc-4dd8-47cb-8b8e-4096950d210f", "observed-data--59c28fdc-ee24-4582-b8d6-41e4950d210f", "network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f", "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f", "indicator--59c28fdc-4a3c-442f-a1c9-4d9f950d210f", "indicator--59c28fdc-0a6c-4d38-afb5-4823950d210f", "observed-data--59c28fdd-9334-4001-b567-400f950d210f", "network-traffic--59c28fdd-9334-4001-b567-400f950d210f", "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f", "indicator--59c28fdd-4bcc-4cd8-8828-4bcb950d210f", "indicator--59c28fdd-5608-4b60-9b00-79d3950d210f", "observed-data--59c28fde-27b4-4b97-816b-4465950d210f", "network-traffic--59c28fde-27b4-4b97-816b-4465950d210f", "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f", "indicator--59c28fde-e510-434b-b2db-44e0950d210f", "indicator--59c28fde-3ba8-4491-ac76-43b2950d210f", "observed-data--59c28fde-a200-4fb2-9abf-4c35950d210f", "network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f", "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f", "indicator--59c28fdf-db5c-497d-872a-4206950d210f", "indicator--59c28fdf-f044-4445-98a4-4db9950d210f", "observed-data--59c28fdf-766c-4c52-aaa1-482d950d210f", "network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f", "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f", "indicator--59c28fdf-106c-435e-b859-4738950d210f", "indicator--59c28fdf-a3fc-4d7a-a25d-47bd950d210f", "observed-data--59c28fe0-4f58-45dd-9831-47e3950d210f", "network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f", "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f", "indicator--59c28fe0-1dac-430b-9928-43e9950d210f", "indicator--59c28fe0-3b24-4da5-8804-4f60950d210f", "observed-data--59c28fe1-7084-4a60-87c1-4997950d210f", "network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f", "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f", "indicator--59c28fe1-a2e0-4973-9b30-4dff950d210f", "indicator--59c28fe1-94e8-462c-8c7a-414b950d210f", "observed-data--59c28fe2-d2d0-48ef-bad8-4170950d210f", "network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f", "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f", "indicator--59c28fe2-a7ec-4706-8796-4c56950d210f", "indicator--59c28fe2-4760-4551-b578-4ba3950d210f", "observed-data--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "indicator--59c28fe3-bbd0-4544-9e02-4fa7950d210f", "indicator--59c28fe4-461c-43e1-999a-49e2950d210f", "indicator--59c28fe4-0830-4425-afd3-4341950d210f", "indicator--59c3b558-f720-4aee-b3c6-4d9902de0b81", "indicator--59c3b558-c50c-4248-a6ff-4bdc02de0b81", "observed-data--59c3b558-7b00-4f56-a40b-4c0202de0b81", "url--59c3b558-7b00-4f56-a40b-4c0202de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd3-8ba4-43a7-9788-466a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[file:hashes.MD5 = 'bab4aa0cb4904865dc247c8e78fd0eca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd4-bb34-41d4-8cad-4cb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://arsmakina.org/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd4-41fc-4142-9754-43f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'arsmakina.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "dst_ref": "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "value": "77.245.149.146" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd5-fe78-47ad-b1bf-4bc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://asiaresearchcenter.org/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd5-febc-402b-8871-4f83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'asiaresearchcenter.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd5-42dc-484a-81e5-792e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f", "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f", "dst_ref": "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f", "value": "68.168.111.133" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd6-59ac-4244-8684-44b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://bnphealthcare.com/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd6-46bc-494d-a2aa-4156950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'bnphealthcare.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd6-a4d4-442e-a8de-4425950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f", "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f", "dst_ref": "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f", "value": "202.169.44.152" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd6-73ec-446f-b8f9-4d2b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://conxibit.com/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd6-ef6c-40ed-81df-4e5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'conxibit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd8-a7dc-4549-a64e-4461950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f", "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f", "dst_ref": "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f", "value": "175.107.146.17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd8-6c4c-4811-a395-4ee8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://cxwebdesign.de/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd8-01e8-4676-b4d8-4147950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'cxwebdesign.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd9-33b0-4265-9005-4016950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd9-33b0-4265-9005-4016950d210f", "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd9-33b0-4265-9005-4016950d210f", "dst_ref": "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f", "value": "88.99.175.38" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd9-be7c-4cb1-be22-44b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://diakoniestation-winnenden.de/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd9-7124-4825-8594-79d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'diakoniestation-winnenden.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fd9-ad38-4ab2-8311-43e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f", "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f", "dst_ref": "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f", "value": "213.185.88.41" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fd9-cf9c-4fcb-adb9-4e96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://download.justowin.it/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fda-a638-4d40-b7e3-46fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'download.justowin.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fda-8eb8-43be-b992-4087950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fda-8eb8-43be-b992-4087950d210f", "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fda-8eb8-43be-b992-4087950d210f", "dst_ref": "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f", "value": "95.110.225.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fda-ebf4-4157-afbc-472e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://ecofloraholland.nl/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fda-16b8-4c50-9b74-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'ecofloraholland.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fda-c080-4286-b46d-4ea9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f", "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f", "dst_ref": "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f", "value": "195.160.216.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdb-37a8-47f5-b617-4306950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://felixsolis.mobi/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdb-d628-4a04-8b8f-4ec3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'felixsolis.mobi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fdb-f510-45c5-b667-47d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f", "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f", "dst_ref": "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f", "value": "5.2.27.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdb-cecc-4077-aa9a-48dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://foodbikers.ch/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdc-4dd8-47cb-8b8e-4096950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'foodbikers.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fdc-ee24-4582-b8d6-41e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f", "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f", "dst_ref": "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f", "value": "83.169.23.101" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdc-4a3c-442f-a1c9-4d9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://g-peer.at/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdc-0a6c-4d38-afb5-4823950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'g-peer.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fdd-9334-4001-b567-400f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fdd-9334-4001-b567-400f950d210f", "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fdd-9334-4001-b567-400f950d210f", "dst_ref": "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f", "value": "217.172.186.114" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdd-4bcc-4cd8-8828-4bcb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://gui-design.de/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdd-5608-4b60-9b00-79d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'gui-design.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fde-27b4-4b97-816b-4465950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fde-27b4-4b97-816b-4465950d210f", "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fde-27b4-4b97-816b-4465950d210f", "dst_ref": "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f", "value": "92.51.181.237" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fde-e510-434b-b2db-44e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://highpressurewelding.co.uk/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fde-3ba8-4491-ac76-43b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'highpressurewelding.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fde-a200-4fb2-9abf-4c35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f", "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f", "dst_ref": "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f", "value": "91.192.195.51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdf-db5c-497d-872a-4206950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://housecafe-essen.de/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdf-f044-4445-98a4-4db9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'housecafe-essen.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fdf-766c-4c52-aaa1-482d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f", "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f", "dst_ref": "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f", "value": "178.77.96.238" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdf-106c-435e-b859-4738950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://isiquest1.com/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fdf-a3fc-4d7a-a25d-47bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[domain-name:value = 'isiquest1.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fe0-4f58-45dd-9831-47e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f", "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f", "dst_ref": "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f", "value": "178.33.107.201" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe0-1dac-430b-9928-43e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "pattern": "[url:value = 'http://secureleads.com/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe0-3b24-4da5-8804-4f60950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[domain-name:value = 'secureleads.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fe1-7084-4a60-87c1-4997950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "first_observed": "2017-09-21T12:49:27Z", "last_observed": "2017-09-21T12:49:27Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f", "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f", "dst_ref": "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f", "value": "72.32.221.251" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe1-a2e0-4973-9b30-4dff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[url:value = 'http://teracom.co.id/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe1-94e8-462c-8c7a-414b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[domain-name:value = 'teracom.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fe2-d2d0-48ef-bad8-4170950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "first_observed": "2017-09-21T12:49:27Z", "last_observed": "2017-09-21T12:49:27Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f", "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f", "dst_ref": "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f", "value": "202.169.44.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe2-a7ec-4706-8796-4c56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[url:value = 'http://ycgrp.jp/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe2-4760-4551-b578-4ba3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[domain-name:value = 'ycgrp.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "first_observed": "2017-09-21T12:49:27Z", "last_observed": "2017-09-21T12:49:27Z", "number_observed": 1, "object_refs": [ "network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "dst_ref": "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f", "value": "180.222.186.87" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe3-bbd0-4544-9e02-4fa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[url:value = 'http://zionbrand.su/p66/JGHldb03m']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe4-461c-43e1-999a-49e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[domain-name:value = 'zionbrand.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c28fe4-0830-4425-afd3-4341950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:27.000Z", "modified": "2017-09-21T12:49:27.000Z", "pattern": "[domain-name:value = 'hrbl.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c3b558-f720-4aee-b3c6-4d9902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "description": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca", "pattern": "[file:hashes.SHA256 = '43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59c3b558-c50c-4248-a6ff-4bdc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "description": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca", "pattern": "[file:hashes.SHA1 = '3a2cc64eb0060a0ba7251b723b33441431705d2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-21T12:49:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59c3b558-7b00-4f56-a40b-4c0202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-21T12:49:28.000Z", "modified": "2017-09-21T12:49:28.000Z", "first_observed": "2017-09-21T12:49:28Z", "last_observed": "2017-09-21T12:49:28Z", "number_observed": 1, "object_refs": [ "url--59c3b558-7b00-4f56-a40b-4c0202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59c3b558-7b00-4f56-a40b-4c0202de0b81", "value": "https://www.virustotal.com/file/43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca/analysis/1505860831/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }