{ "type": "bundle", "id": "bundle--5a044feb-cda0-4844-b5f0-2214950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:57.000Z", "modified": "2017-11-09T20:57:57.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a044feb-cda0-4844-b5f0-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:57.000Z", "modified": "2017-11-09T20:57:57.000Z", "name": "M2M - Locky 2017-11-03 : Affid=3, offline, \".asasin\" : \"Scanned image from MX-2600N\" - \"20171103_123456.doc\"", "published": "2017-11-09T20:59:17Z", "object_refs": [ "indicator--5a044fec-f524-41fc-8865-75a9950d210f", "indicator--5a044fed-6f00-4baa-b022-4cfd950d210f", "indicator--5a044fed-2e84-4587-a638-4751950d210f", "observed-data--5a044fed-7894-4890-a0a2-991b950d210f", "network-traffic--5a044fed-7894-4890-a0a2-991b950d210f", "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f", "indicator--5a044fed-b0d4-4426-937d-43b4950d210f", "indicator--5a044fee-a7b0-4069-bf11-cda3950d210f", "indicator--5a044ff7-7674-4d8c-9596-2214950d210f", "indicator--5a044ff8-f574-49a0-afe2-4976950d210f", "observed-data--5a044ff8-d9f8-495b-a11d-4d06950d210f", "network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f", "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f", "indicator--5a044ff8-9090-4be9-986a-75a9950d210f", "indicator--5a044ff8-4fd0-4326-908a-4829950d210f", "indicator--5a044ff9-3154-45cf-9bd2-991b950d210f", "indicator--5a044ff9-2db4-4df3-8004-4582950d210f", "observed-data--5a044ff9-f2a0-4dac-b725-717b950d210f", "network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f", "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f", "indicator--5a044ffa-f278-4e4a-baec-cda3950d210f", "indicator--5a044ffa-6388-4155-959f-45d7950d210f", "observed-data--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "indicator--5a044ffa-8784-424a-9f41-cd7d950d210f", "indicator--5a044ffa-6a70-4f12-86ee-cdb1950d210f", "indicator--5a045019-b49c-4ab1-af1e-4bcf950d210f", "indicator--5a045019-5050-44ec-bbe5-717b950d210f", "observed-data--5a04501a-67f4-411f-86ae-cda3950d210f", "network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f", "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f", "indicator--5a04501a-1e60-42f3-877a-416e950d210f", "indicator--5a04501a-f530-4544-8853-42a4950d210f", "observed-data--5a04501b-6870-42ac-91f8-47bc950d210f", "network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f", "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f", "indicator--5a04501b-9bc0-43f0-a2d2-cd7d950d210f", "indicator--5a04501b-b5e4-48f9-a097-cdb1950d210f", "observed-data--5a04501c-5960-4c09-a66b-2214950d210f", "network-traffic--5a04501c-5960-4c09-a66b-2214950d210f", "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f", "indicator--5a04501c-9940-4606-ab46-4b38950d210f", "indicator--5a04501c-af58-4df0-9f87-cdb4950d210f", "observed-data--5a04501d-2d3c-42b1-a945-cd35950d210f", "network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f", "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f", "indicator--5a04501d-fe00-4fcb-bb88-45ff950d210f", "indicator--5a04501d-9d98-4447-b8d7-cc6f950d210f", "observed-data--5a04501d-9f10-423d-b00b-75a9950d210f", "network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f", "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f", "indicator--5a04501e-6e10-4c26-9d36-4bfc950d210f", "indicator--5a04501e-6d70-4cb2-aa7e-cdab950d210f", "observed-data--5a04501e-e6f8-44ce-96c8-4f95950d210f", "network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f", "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f", "indicator--5a04501e-8ff0-4078-bc2e-991b950d210f", "indicator--5a04501f-8b24-490c-861c-48d9950d210f", "indicator--5a04c147-52f0-4649-a1bc-4c0202de0b81", "indicator--5a04c147-a0d0-4cd1-aeb0-4e7602de0b81", "observed-data--5a04c147-2bf4-4e41-afaf-49be02de0b81", "url--5a04c147-2bf4-4e41-afaf-49be02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:malicious-code=\"ransomware\"", "misp-galaxy:ransomware=\"Locky\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fec-f524-41fc-8865-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[file:hashes.MD5 = '1f608125c16f3396000f6ec9d929d6c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fed-6f00-4baa-b022-4cfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[url:value = 'http://336.linux1.testsider.dk/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fed-2e84-4587-a638-4751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[domain-name:value = '336.linux1.testsider.dk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044fed-7894-4890-a0a2-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "first_observed": "2017-11-09T20:57:42Z", "last_observed": "2017-11-09T20:57:42Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044fed-7894-4890-a0a2-991b950d210f", "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044fed-7894-4890-a0a2-991b950d210f", "dst_ref": "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f", "value": "77.243.131.16" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fed-b0d4-4426-937d-43b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[url:value = 'http://betadesign.es/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044fee-a7b0-4069-bf11-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[domain-name:value = 'betadesign.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff7-7674-4d8c-9596-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[url:value = 'http://comercialarques.es/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff8-f574-49a0-afe2-4976950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[domain-name:value = 'comercialarques.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ff8-d9f8-495b-a11d-4d06950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "first_observed": "2017-11-09T20:57:42Z", "last_observed": "2017-11-09T20:57:42Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f", "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f", "dst_ref": "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f", "value": "31.47.74.202" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff8-9090-4be9-986a-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[url:value = 'http://deltaled.es/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff8-4fd0-4326-908a-4829950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[domain-name:value = 'deltaled.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff9-3154-45cf-9bd2-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[url:value = 'http://testbxc.u-host.ru/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ff9-2db4-4df3-8004-4582950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "pattern": "[domain-name:value = 'testbxc.u-host.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ff9-f2a0-4dac-b725-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:42.000Z", "modified": "2017-11-09T20:57:42.000Z", "first_observed": "2017-11-09T20:57:42Z", "last_observed": "2017-11-09T20:57:42Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f", "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f", "dst_ref": "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f", "value": "212.220.124.233" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ffa-f278-4e4a-baec-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://unbescheiden.net/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ffa-6388-4155-959f-45d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'unbescheiden.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "dst_ref": "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "value": "212.223.152.138" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ffa-8784-424a-9f41-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://watchez.biz/lbMld6sGda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a044ffa-6a70-4f12-86ee-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'watchez.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045019-b49c-4ab1-af1e-4bcf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://pabxconsultants.co.za/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a045019-5050-44ec-bbe5-717b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'pabxconsultants.co.za']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501a-67f4-411f-86ae-cda3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f", "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f", "dst_ref": "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f", "value": "41.72.154.151" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501a-1e60-42f3-877a-416e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://san-syo.co.jp/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501a-f530-4544-8853-42a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'san-syo.co.jp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501b-6870-42ac-91f8-47bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f", "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f", "dst_ref": "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f", "value": "219.94.169.237" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501b-9bc0-43f0-a2d2-cd7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://saranville.com/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501b-b5e4-48f9-a097-cdb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'saranville.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501c-5960-4c09-a66b-2214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501c-5960-4c09-a66b-2214950d210f", "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501c-5960-4c09-a66b-2214950d210f", "dst_ref": "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f", "value": "27.254.148.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501c-9940-4606-ab46-4b38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://pwmsteel.com/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501c-af58-4df0-9f87-cdb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'pwmsteel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501d-2d3c-42b1-a945-cd35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f", "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f", "dst_ref": "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f", "value": "50.21.229.37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501d-fe00-4fcb-bb88-45ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://visualindesign.be/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501d-9d98-4447-b8d7-cc6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'visualindesign.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501d-9f10-423d-b00b-75a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f", "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f", "dst_ref": "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f", "value": "5.135.178.149" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501e-6e10-4c26-9d36-4bfc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://twonkygames.com/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501e-6d70-4cb2-aa7e-cdab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'twonkygames.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04501e-e6f8-44ce-96c8-4f95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f", "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f", "dst_ref": "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f", "value": "85.25.242.138" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501e-8ff0-4078-bc2e-991b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[url:value = 'http://evengrollighromsof.net/p66/dhYtebv3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04501f-8b24-490c-861c-48d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "pattern": "[domain-name:value = 'evengrollighromsof.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04c147-52f0-4649-a1bc-4c0202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "description": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9", "pattern": "[file:hashes.SHA256 = '73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a04c147-a0d0-4cd1-aeb0-4e7602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "description": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9", "pattern": "[file:hashes.SHA1 = '1fd9f901ab7f51a542e455b51e6442040d3fa39c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-09T20:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a04c147-2bf4-4e41-afaf-49be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-09T20:57:43.000Z", "modified": "2017-11-09T20:57:43.000Z", "first_observed": "2017-11-09T20:57:43Z", "last_observed": "2017-11-09T20:57:43Z", "number_observed": 1, "object_refs": [ "url--5a04c147-2bf4-4e41-afaf-49be02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a04c147-2bf4-4e41-afaf-49be02de0b81", "value": "https://www.virustotal.com/file/73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0/analysis/1510056897/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }