{ "type": "bundle", "id": "bundle--59cbb4ef-1310-4e85-8432-4879950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:32.000Z", "modified": "2017-09-27T15:08:32.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59cbb4ef-1310-4e85-8432-4879950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:32.000Z", "modified": "2017-09-27T15:08:32.000Z", "name": "M2M - Locky 2017-09-27 : Affid=3, offline, \".ykcol\" :\n \"INVOICE\" - \"A1234-5678901234.7z\"", "published": "2017-09-27T15:08:39Z", "object_refs": [ "indicator--59cbb4f0-9360-42b7-89f0-4e4d950d210f", "indicator--59cbb4f0-94d4-4d80-97dc-483b950d210f", "indicator--59cbb4f0-0470-4ae8-b4fc-48a3950d210f", "observed-data--59cbb4f0-cde8-4b39-8644-4100950d210f", "network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f", "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f", "indicator--59cbb4f1-8188-45f0-aea0-4e7e950d210f", "indicator--59cbb4f1-5658-4600-a2a6-41d3950d210f", "observed-data--59cbb4f1-1814-458c-b287-4c34950d210f", "network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f", "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f", "indicator--59cbb4f1-20bc-4c0a-80ad-4b1a950d210f", "indicator--59cbb4f2-26e4-473e-86f7-4c43950d210f", "observed-data--59cbb4f2-be64-4bc7-9900-47b4950d210f", "network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f", "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f", "indicator--59cbb4f2-9538-4a7f-9702-43cd950d210f", "indicator--59cbb4f2-6cdc-4b4d-ab07-4a69950d210f", "observed-data--59cbb4f3-b870-4ed0-8795-4f83950d210f", "network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f", "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f", "indicator--59cbb4f3-6d80-4d64-9ed7-477e950d210f", "indicator--59cbb4f3-7200-4366-8a34-4451950d210f", "observed-data--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "indicator--59cbb4f4-9bc0-4d8d-87e0-4e35950d210f", "indicator--59cbb4f4-48f4-4831-8425-4002950d210f", "observed-data--59cbb4f5-9eac-443e-a25d-4559950d210f", "network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f", "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f", "indicator--59cbb4f5-9064-4234-8935-4ef4950d210f", "indicator--59cbb4f6-99fc-44df-a68f-4cff950d210f", "observed-data--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "indicator--59cbb4f7-c704-4cc1-ab59-4df1950d210f", "indicator--59cbb4f7-7c7c-4e02-a1ba-4c31950d210f", "observed-data--59cbb4f8-ff10-4930-a4ac-4594950d210f", "network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f", "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f", "indicator--59cbb4f8-cb68-4cf5-bb8f-4957950d210f", "indicator--59cbb4f8-6d68-4271-aef6-42c5950d210f", "observed-data--59cbb4f8-1df8-4e94-afc5-4578950d210f", "network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f", "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f", "indicator--59cbb4f9-2bc8-4333-bb4c-45cd950d210f", "indicator--59cbb4f9-25d4-4f72-b829-4330950d210f", "observed-data--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "indicator--59cbb4fa-1920-49e6-b481-431e950d210f", "indicator--59cbb4fa-bd10-4757-9330-4f90950d210f", "observed-data--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "indicator--59cbb4fa-9dd4-45b0-99a5-4ed0950d210f", "indicator--59cbb4fb-77dc-4c59-8e1a-4d82950d210f", "observed-data--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "indicator--59cbb4fb-9508-432d-9df0-468b950d210f", "indicator--59cbb4fb-c3e0-4165-be84-45af950d210f", "observed-data--59cbb4fd-21c4-4520-8ead-4271950d210f", "network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f", "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f", "indicator--59cbb4fe-3bf8-456e-9ac4-4c25950d210f", "indicator--59cbb4fe-a1b0-4ad8-8864-4493950d210f", "observed-data--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "indicator--59cbb4ff-7ec8-4220-8b38-4548950d210f", "indicator--59cbb4ff-32d8-462f-90f7-4b6e950d210f", "indicator--59cbbeea-0cd8-4013-bd2d-190802de0b81", "indicator--59cbbeea-83d4-47e2-b522-190802de0b81", "observed-data--59cbbeea-6980-4c6c-b680-190802de0b81", "url--59cbbeea-6980-4c6c-b680-190802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f0-9360-42b7-89f0-4e4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[file:hashes.MD5 = '1c1a6b70b5e2b13c019d5cbdf0f12738']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f0-94d4-4d80-97dc-483b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://antwerpvillas.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f0-0470-4ae8-b4fc-48a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'antwerpvillas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f0-cde8-4b39-8644-4100950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f", "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f", "dst_ref": "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f", "value": "78.40.96.174" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f1-8188-45f0-aea0-4e7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://apethorpevillage.co.uk/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f1-5658-4600-a2a6-41d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'apethorpevillage.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f1-1814-458c-b287-4c34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f", "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f", "dst_ref": "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f", "value": "88.150.140.239" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f1-20bc-4c0a-80ad-4b1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://asi-automazioni.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f2-26e4-473e-86f7-4c43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'asi-automazioni.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f2-be64-4bc7-9900-47b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f", "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f", "dst_ref": "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f", "value": "5.135.180.43" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f2-9538-4a7f-9702-43cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://freevillemusic.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f2-6cdc-4b4d-ab07-4a69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'freevillemusic.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f3-b870-4ed0-8795-4f83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f", "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f", "dst_ref": "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f", "value": "66.84.8.235" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f3-6d80-4d64-9ed7-477e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://galeona.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f3-7200-4366-8a34-4451950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'galeona.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "dst_ref": "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "value": "212.89.16.142" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f4-9bc0-4d8d-87e0-4e35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://gdrural.com.au/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f4-48f4-4831-8425-4002950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'gdrural.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f5-9eac-443e-a25d-4559950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f", "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f", "dst_ref": "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f", "value": "113.20.6.89" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f5-9064-4234-8935-4ef4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[url:value = 'http://geocean.co.id/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f6-99fc-44df-a68f-4cff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "pattern": "[domain-name:value = 'geocean.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "dst_ref": "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "value": "202.169.44.143" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f7-c704-4cc1-ab59-4df1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://gilgroup.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f7-7c7c-4e02-a1ba-4c31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'gilgroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f8-ff10-4930-a4ac-4594950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f", "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f", "dst_ref": "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f", "value": "216.185.44.105" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f8-cb68-4cf5-bb8f-4957950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://giraudnet.co.uk/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f8-6d68-4271-aef6-42c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'giraudnet.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f8-1df8-4e94-afc5-4578950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f", "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f", "dst_ref": "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f", "value": "188.165.73.129" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f9-2bc8-4333-bb4c-45cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://glostrap.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4f9-25d4-4f72-b829-4330950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'glostrap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "dst_ref": "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f", "value": "216.114.192.21" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fa-1920-49e6-b481-431e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://graficasicarpearanjuez.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fa-bd10-4757-9330-4f90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'graficasicarpearanjuez.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "dst_ref": "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "value": "185.18.197.109" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fa-9dd4-45b0-99a5-4ed0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://granado.es/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fb-77dc-4c59-8e1a-4d82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'granado.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "dst_ref": "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f", "value": "37.247.122.30" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fb-9508-432d-9df0-468b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://hkcel.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fb-c3e0-4165-be84-45af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'hkcel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4fd-21c4-4520-8ead-4271950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f", "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f", "dst_ref": "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f", "value": "202.181.132.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fe-3bf8-456e-9ac4-4c25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://hmbre.com/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4fe-a1b0-4ad8-8864-4493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'hmbre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "first_observed": "2017-09-27T15:08:25Z", "last_observed": "2017-09-27T15:08:25Z", "number_observed": 1, "object_refs": [ "network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "dst_ref": "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f", "value": "69.27.177.4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4ff-7ec8-4220-8b38-4548950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[url:value = 'http://poemsan.info/p66/niugufvt4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbb4ff-32d8-462f-90f7-4b6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:25.000Z", "modified": "2017-09-27T15:08:25.000Z", "pattern": "[domain-name:value = 'poemsan.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbbeea-0cd8-4013-bd2d-190802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "description": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738", "pattern": "[file:hashes.SHA256 = 'e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59cbbeea-83d4-47e2-b522-190802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "description": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738", "pattern": "[file:hashes.SHA1 = 'd21b9d5ca7327bb1ca57aaf8752e7764a3334fe8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-27T15:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59cbbeea-6980-4c6c-b680-190802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-27T15:08:26.000Z", "modified": "2017-09-27T15:08:26.000Z", "first_observed": "2017-09-27T15:08:26Z", "last_observed": "2017-09-27T15:08:26Z", "number_observed": 1, "object_refs": [ "url--59cbbeea-6980-4c6c-b680-190802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59cbbeea-6980-4c6c-b680-190802de0b81", "value": "https://www.virustotal.com/file/e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4/analysis/1506520270/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }