{ "type": "bundle", "id": "bundle--59f07791-b430-4a85-97c8-452d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:29.000Z", "modified": "2017-10-25T12:28:29.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--59f07791-b430-4a85-97c8-452d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:29.000Z", "modified": "2017-10-25T12:28:29.000Z", "name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-25\n : \"Invoice AZ123456\" - \"AZ123456.doc\"", "context": "suspicious-activity", "object_refs": [ "indicator--59f07792-fe9c-4c9f-b4e9-4b6c950d210f", "indicator--59f07792-3a08-4ee0-ac9f-42cf950d210f", "indicator--59f07792-bf10-498b-9298-4111950d210f", "indicator--59f07792-c3e0-44ae-a70d-44aa950d210f", "indicator--59f07793-a2cc-49df-97cd-414d950d210f", "observed-data--59f07794-1b28-4646-a73d-4009950d210f", "network-traffic--59f07794-1b28-4646-a73d-4009950d210f", "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f", "indicator--59f07794-f1c4-4743-961d-21ef950d210f", "indicator--59f07795-e734-4ac7-904d-45b7950d210f", "observed-data--59f07795-ceac-4673-ab11-4651950d210f", "network-traffic--59f07795-ceac-4673-ab11-4651950d210f", "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f", "indicator--59f07795-61b8-4cb8-bd1b-43fd950d210f", "indicator--59f07795-9c00-4d70-a466-42be950d210f", "observed-data--59f07796-110c-4703-aafc-48a5950d210f", "network-traffic--59f07796-110c-4703-aafc-48a5950d210f", "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f", "indicator--59f07796-0364-45d4-b527-2380950d210f", "indicator--59f07796-b748-4325-bb69-2277950d210f", "observed-data--59f07797-ad10-424a-8413-2177950d210f", "network-traffic--59f07797-ad10-424a-8413-2177950d210f", "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f", "indicator--59f07797-cfe8-4cbd-907e-45bf950d210f", "indicator--59f07797-b770-4afb-b7f9-498e950d210f", "observed-data--59f07798-45fc-4a4c-ba9c-46cc950d210f", "network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f", "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f", "indicator--59f07798-8018-4aa7-b1a1-2183950d210f", "indicator--59f07798-fcd0-402f-8a56-4bfc950d210f", "observed-data--59f07798-67ec-48f8-b2cd-4595950d210f", "network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f", "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f", "indicator--59f07799-9b98-41d1-8854-2367950d210f", "indicator--59f07799-48fc-44c1-9cd9-4eee950d210f", "observed-data--59f0779a-bdfc-4ac1-8a17-2177950d210f", "network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f", "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f", "indicator--59f0779a-90fc-4b14-99e9-21ef950d210f", "indicator--59f0779a-269c-4f5e-98c9-462d950d210f", "observed-data--59f0779b-f988-4beb-945d-45b7950d210f", "network-traffic--59f0779b-f988-4beb-945d-45b7950d210f", "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f", "indicator--59f0779c-46cc-4750-b97d-46a1950d210f", "indicator--59f0779c-0c18-42c8-bc72-4a3c950d210f", "observed-data--59f0779c-5870-4275-809e-2380950d210f", "network-traffic--59f0779c-5870-4275-809e-2380950d210f", "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f", "indicator--59f0779c-35c8-4180-af3e-4a67950d210f", "indicator--59f0779d-6158-4b65-9d71-4b8c950d210f", "observed-data--59f0779d-afa0-4947-afb7-21ef950d210f", "network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f", "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f", "observed-data--59f0779d-d8b4-43a2-808b-4917950d210f", "network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f", "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f", "observed-data--59f0779d-411c-452f-a3ca-4d27950d210f", "network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f", "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f", "observed-data--59f0779e-fc5c-4445-8582-2183950d210f", "network-traffic--59f0779e-fc5c-4445-8582-2183950d210f", "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f", "observed-data--59f0779e-c724-4c47-9401-4412950d210f", "network-traffic--59f0779e-c724-4c47-9401-4412950d210f", "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f", "observed-data--59f0779e-b658-46f6-8e54-42ee950d210f", "network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f", "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f", "observed-data--59f0779e-0598-4578-95e6-40f8950d210f", "network-traffic--59f0779e-0598-4578-95e6-40f8950d210f", "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f", "observed-data--59f0779f-7eec-467b-b695-2380950d210f", "network-traffic--59f0779f-7eec-467b-b695-2380950d210f", "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f", "observed-data--59f0779f-8760-45f1-9a38-4457950d210f", "network-traffic--59f0779f-8760-45f1-9a38-4457950d210f", "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f", "observed-data--59f0779f-0e88-4764-bd61-2177950d210f", "network-traffic--59f0779f-0e88-4764-bd61-2177950d210f", "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f", "observed-data--59f077a0-0b64-4c8a-842a-4bde950d210f", "network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f", "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f", "observed-data--59f077a0-66e0-46f7-a52a-4812950d210f", "network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f", "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f", "observed-data--59f077a0-16a0-4060-b7a2-4df0950d210f", "network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f", "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f", "observed-data--59f077a1-c0d8-4e2d-850e-2183950d210f", "network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f", "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f", "observed-data--59f077a1-d140-48eb-90df-42c2950d210f", "network-traffic--59f077a1-d140-48eb-90df-42c2950d210f", "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f", "observed-data--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "observed-data--59f077a2-65a0-4405-b1f6-2367950d210f", "network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f", "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f", "observed-data--59f077a2-64e8-47df-9409-4dd2950d210f", "network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f", "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f", "observed-data--59f077a2-3ca8-4cfb-b32a-2177950d210f", "network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f", "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f", "observed-data--59f077a3-7ca4-46f3-93d0-212d950d210f", "network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f", "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f", "observed-data--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "observed-data--59f077a3-ca40-492f-9714-404b950d210f", "network-traffic--59f077a3-ca40-492f-9714-404b950d210f", "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f", "observed-data--59f077a3-1110-4102-86a6-2183950d210f", "network-traffic--59f077a3-1110-4102-86a6-2183950d210f", "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f", "observed-data--59f077a4-1854-4870-9f57-48d8950d210f", "network-traffic--59f077a4-1854-4870-9f57-48d8950d210f", "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f", "observed-data--59f077a4-f2b8-4864-8e33-40ec950d210f", "network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f", "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f", "observed-data--59f077a5-774c-43af-96d2-2367950d210f", "network-traffic--59f077a5-774c-43af-96d2-2367950d210f", "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f", "observed-data--59f077a5-9904-4130-b43f-2380950d210f", "network-traffic--59f077a5-9904-4130-b43f-2380950d210f", "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f", "observed-data--59f077a5-0998-45ad-9756-4976950d210f", "network-traffic--59f077a5-0998-45ad-9756-4976950d210f", "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f", "observed-data--59f077a5-47d4-4184-954e-21ef950d210f", "network-traffic--59f077a5-47d4-4184-954e-21ef950d210f", "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f", "observed-data--59f077a6-5340-4f7b-b7ab-4b44950d210f", "network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f", "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f", "indicator--59f08367-7b90-4718-a7c6-49f102de0b81", "indicator--59f08367-dc14-4f94-a62d-440b02de0b81", "observed-data--59f08367-a400-41cd-8271-4ad002de0b81", "url--59f08367-a400-41cd-8271-4ad002de0b81", "indicator--59f08367-e5f0-4952-957b-458d02de0b81", "indicator--59f08367-e234-4f54-b04c-432502de0b81", "observed-data--59f08367-b0f8-41a1-97bf-4b6f02de0b81", "url--59f08367-b0f8-41a1-97bf-4b6f02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07792-fe9c-4c9f-b4e9-4b6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[file:hashes.MD5 = '2119cd6480863198437c021b8b3e6339']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07792-3a08-4ee0-ac9f-42cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[file:hashes.MD5 = '4bbfcc1fc86790fb51917c49ff35925c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07792-bf10-498b-9298-4111950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[file:hashes.MD5 = '1a500852b5e32a70d9f585884b23ab30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07792-c3e0-44ae-a70d-44aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://cirad.or.id/JHGxte633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07793-a2cc-49df-97cd-414d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'cirad.or.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07794-1b28-4646-a73d-4009950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07794-1b28-4646-a73d-4009950d210f", "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07794-1b28-4646-a73d-4009950d210f", "dst_ref": "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f", "value": "202.145.0.45" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07794-f1c4-4743-961d-21ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://deroeckrecycling.nl/JHGxte633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07795-e734-4ac7-904d-45b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'deroeckrecycling.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07795-ceac-4673-ab11-4651950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07795-ceac-4673-ab11-4651950d210f", "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07795-ceac-4673-ab11-4651950d210f", "dst_ref": "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f", "value": "94.126.70.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07795-61b8-4cb8-bd1b-43fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://dnhconsultores.com/JHGxte633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07795-9c00-4d70-a466-42be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'dnhconsultores.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07796-110c-4703-aafc-48a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07796-110c-4703-aafc-48a5950d210f", "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07796-110c-4703-aafc-48a5950d210f", "dst_ref": "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f", "value": "212.227.138.50" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07796-0364-45d4-b527-2380950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://clinicapaulocardozo.pt/cjiwgf87634']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07796-b748-4325-bb69-2277950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'clinicapaulocardozo.pt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07797-ad10-424a-8413-2177950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07797-ad10-424a-8413-2177950d210f", "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07797-ad10-424a-8413-2177950d210f", "dst_ref": "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f", "value": "80.172.241.42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07797-cfe8-4cbd-907e-45bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://comfortshow.net/cjiwgf87634']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07797-b770-4afb-b7f9-498e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'comfortshow.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07798-45fc-4a4c-ba9c-46cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f", "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f", "dst_ref": "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f", "value": "185.58.7.116" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07798-8018-4aa7-b1a1-2183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://colegiomayex.es/cjiwgf87634']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07798-fcd0-402f-8a56-4bfc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[domain-name:value = 'colegiomayex.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f07798-67ec-48f8-b2cd-4595950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "first_observed": "2017-10-25T12:28:22Z", "last_observed": "2017-10-25T12:28:22Z", "number_observed": 1, "object_refs": [ "network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f", "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f", "dst_ref": "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f", "value": "86.109.162.92" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07799-9b98-41d1-8854-2367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:22.000Z", "modified": "2017-10-25T12:28:22.000Z", "pattern": "[url:value = 'http://c2bychuchai.com/cjiwgf87634']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f07799-48fc-44c1-9cd9-4eee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[domain-name:value = 'c2bychuchai.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779a-bdfc-4ac1-8a17-2177950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f", "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f", "dst_ref": "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f", "value": "52.220.90.147" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779a-90fc-4b14-99e9-21ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[url:value = 'http://toundlefa.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779a-269c-4f5e-98c9-462d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[domain-name:value = 'toundlefa.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779b-f988-4beb-945d-45b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779b-f988-4beb-945d-45b7950d210f", "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779b-f988-4beb-945d-45b7950d210f", "dst_ref": "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f", "value": "34.236.147.16" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779c-46cc-4750-b97d-46a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[url:value = 'http://highlandfamily.org/JHui834.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779c-0c18-42c8-bc72-4a3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[domain-name:value = 'highlandfamily.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779c-5870-4275-809e-2380950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779c-5870-4275-809e-2380950d210f", "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779c-5870-4275-809e-2380950d210f", "dst_ref": "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f", "value": "98.124.252.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779c-35c8-4180-af3e-4a67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[url:value = 'http://givagarden.com/KJHg7643.enc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0779d-6158-4b65-9d71-4b8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "pattern": "[domain-name:value = 'givagarden.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779d-afa0-4947-afb7-21ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f", "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f", "dst_ref": "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f", "value": "93.186.244.43" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779d-d8b4-43a2-808b-4917950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f", "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f", "dst_ref": "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f", "value": "176.120.126.21" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779d-411c-452f-a3ca-4d27950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f", "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f", "dst_ref": "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f", "value": "156.17.92.161" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779e-fc5c-4445-8582-2183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779e-fc5c-4445-8582-2183950d210f", "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779e-fc5c-4445-8582-2183950d210f", "dst_ref": "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f", "value": "178.254.183.34" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779e-c724-4c47-9401-4412950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779e-c724-4c47-9401-4412950d210f", "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779e-c724-4c47-9401-4412950d210f", "dst_ref": "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f", "value": "178.254.183.13" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779e-b658-46f6-8e54-42ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f", "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f", "dst_ref": "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f", "value": "94.251.188.225" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779e-0598-4578-95e6-40f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779e-0598-4578-95e6-40f8950d210f", "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779e-0598-4578-95e6-40f8950d210f", "dst_ref": "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f", "value": "178.169.129.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779f-7eec-467b-b695-2380950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779f-7eec-467b-b695-2380950d210f", "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779f-7eec-467b-b695-2380950d210f", "dst_ref": "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f", "value": "188.120.249.181" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779f-8760-45f1-9a38-4457950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779f-8760-45f1-9a38-4457950d210f", "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779f-8760-45f1-9a38-4457950d210f", "dst_ref": "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f", "value": "62.109.9.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f0779f-0e88-4764-bd61-2177950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f0779f-0e88-4764-bd61-2177950d210f", "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f0779f-0e88-4764-bd61-2177950d210f", "dst_ref": "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f", "value": "185.34.52.193" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a0-0b64-4c8a-842a-4bde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f", "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f", "dst_ref": "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f", "value": "62.109.24.224" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a0-66e0-46f7-a52a-4812950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f", "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f", "dst_ref": "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f", "value": "82.146.59.195" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a0-16a0-4060-b7a2-4df0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f", "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f", "dst_ref": "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f", "value": "80.87.198.199" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a1-c0d8-4e2d-850e-2183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f", "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f", "dst_ref": "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f", "value": "62.109.26.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a1-d140-48eb-90df-42c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a1-d140-48eb-90df-42c2950d210f", "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a1-d140-48eb-90df-42c2950d210f", "dst_ref": "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f", "value": "194.87.234.254" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "dst_ref": "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f", "value": "194.87.236.14" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a2-65a0-4405-b1f6-2367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f", "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f", "dst_ref": "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f", "value": "188.120.249.77" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a2-64e8-47df-9409-4dd2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f", "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f", "dst_ref": "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f", "value": "188.120.249.119" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a2-3ca8-4cfb-b32a-2177950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f", "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f", "dst_ref": "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f", "value": "194.87.238.250" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a3-7ca4-46f3-93d0-212d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f", "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f", "dst_ref": "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f", "value": "195.133.146.221" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "dst_ref": "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f", "value": "194.87.102.114" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a3-ca40-492f-9714-404b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a3-ca40-492f-9714-404b950d210f", "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a3-ca40-492f-9714-404b950d210f", "dst_ref": "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f", "value": "185.80.128.122" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a3-1110-4102-86a6-2183950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a3-1110-4102-86a6-2183950d210f", "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a3-1110-4102-86a6-2183950d210f", "dst_ref": "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f", "value": "188.120.249.190" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a4-1854-4870-9f57-48d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a4-1854-4870-9f57-48d8950d210f", "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a4-1854-4870-9f57-48d8950d210f", "dst_ref": "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f", "value": "194.87.111.202" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a4-f2b8-4864-8e33-40ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f", "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f", "dst_ref": "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f", "value": "185.125.46.104" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a5-774c-43af-96d2-2367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a5-774c-43af-96d2-2367950d210f", "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a5-774c-43af-96d2-2367950d210f", "dst_ref": "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f", "value": "194.87.237.249" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a5-9904-4130-b43f-2380950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a5-9904-4130-b43f-2380950d210f", "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a5-9904-4130-b43f-2380950d210f", "dst_ref": "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f", "value": "62.109.29.243" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a5-0998-45ad-9756-4976950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a5-0998-45ad-9756-4976950d210f", "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a5-0998-45ad-9756-4976950d210f", "dst_ref": "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f", "value": "95.154.199.47" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a5-47d4-4184-954e-21ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a5-47d4-4184-954e-21ef950d210f", "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a5-47d4-4184-954e-21ef950d210f", "dst_ref": "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f", "value": "62.109.17.145" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f077a6-5340-4f7b-b7ab-4b44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f", "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f", "dst_ref": "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f", "value": "185.158.115.7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f08367-7b90-4718-a7c6-49f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "description": "- Xchecked via VT: 4bbfcc1fc86790fb51917c49ff35925c", "pattern": "[file:hashes.SHA256 = '2a4a09ddbaeb53d09a633d3a29c46d661c1504542ff342d4044d56a8f823ad7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f08367-dc14-4f94-a62d-440b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "description": "- Xchecked via VT: 4bbfcc1fc86790fb51917c49ff35925c", "pattern": "[file:hashes.SHA1 = 'ef3e48301e7b339b28ddc5436e4ec15b9726af82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f08367-a400-41cd-8271-4ad002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "url--59f08367-a400-41cd-8271-4ad002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59f08367-a400-41cd-8271-4ad002de0b81", "value": "https://www.virustotal.com/file/2a4a09ddbaeb53d09a633d3a29c46d661c1504542ff342d4044d56a8f823ad7e/analysis/1508932619/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f08367-e5f0-4952-957b-458d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "description": "- Xchecked via VT: 2119cd6480863198437c021b8b3e6339", "pattern": "[file:hashes.SHA256 = '798aa42748dcb1078824c2027cf6a0d151c14e945cb902382fcd9ae646bfa120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f08367-e234-4f54-b04c-432502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "description": "- Xchecked via VT: 2119cd6480863198437c021b8b3e6339", "pattern": "[file:hashes.SHA1 = '4356cedce0409b45348eda0c378783e7bf5ee781']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-10-25T12:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59f08367-b0f8-41a1-97bf-4b6f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-10-25T12:28:23.000Z", "modified": "2017-10-25T12:28:23.000Z", "first_observed": "2017-10-25T12:28:23Z", "last_observed": "2017-10-25T12:28:23Z", "number_observed": 1, "object_refs": [ "url--59f08367-b0f8-41a1-97bf-4b6f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59f08367-b0f8-41a1-97bf-4b6f02de0b81", "value": "https://www.virustotal.com/file/798aa42748dcb1078824c2027cf6a0d151c14e945cb902382fcd9ae646bfa120/analysis/1508932972/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }