{ "type": "bundle", "id": "bundle--5a26b77f-6250-4b25-bd53-4496950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T16:05:48.000Z", "modified": "2018-01-18T16:05:48.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a26b77f-6250-4b25-bd53-4496950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T16:05:48.000Z", "modified": "2018-01-18T16:05:48.000Z", "name": "M2M - \"..doc\" 2017-12-01 : \"12_Invoice_3456\" - \"I_4321.7z\"", "published": "2018-01-18T16:05:55Z", "object_refs": [ "indicator--5a26b77f-77bc-4bb8-9acb-c53a950d210f", "indicator--5a26b780-e510-47d8-9eb2-4b54950d210f", "indicator--5a26b780-33f0-45b9-b2d7-4ff4950d210f", "observed-data--5a26b780-52c8-4195-aa36-4f6f950d210f", "network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f", "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f", "indicator--5a26b781-7aac-46e3-9172-44e5950d210f", "indicator--5a26b781-7508-4345-b3a5-4bd5950d210f", "observed-data--5a26b781-19a4-4ff4-8ac5-4449950d210f", "network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f", "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f", "indicator--5a26b781-37c0-4b67-b809-464c950d210f", "indicator--5a26b782-6298-48fc-add7-44b5950d210f", "observed-data--5a26b782-a45c-40d9-9f13-4f3d950d210f", "network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f", "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f", "indicator--5a26b782-f970-4a2d-b75f-493c950d210f", "indicator--5a26b782-6088-4119-bfec-4d40950d210f", "observed-data--5a26b783-177c-4761-87f4-403b950d210f", "network-traffic--5a26b783-177c-4761-87f4-403b950d210f", "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f", "indicator--5a26b783-1048-4e2f-8cab-4a8d950d210f", "indicator--5a26b784-2874-4587-87b2-4cb8950d210f", "observed-data--5a26b785-3c40-48e3-8143-4914950d210f", "network-traffic--5a26b785-3c40-48e3-8143-4914950d210f", "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f", "indicator--5a26b785-9dd0-4ce1-a4be-49b5950d210f", "indicator--5a26b785-62f0-465d-a4ab-4500950d210f", "observed-data--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "indicator--5a26b786-9368-42d7-b2f8-422a950d210f", "indicator--5a26b786-df34-4f97-a2b0-4275950d210f", "observed-data--5a26b786-9034-4407-b0db-451a950d210f", "network-traffic--5a26b786-9034-4407-b0db-451a950d210f", "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f", "indicator--5a26b786-8848-4631-bcd0-441c950d210f", "indicator--5a26b786-4850-4c23-9063-43b6950d210f", "observed-data--5a26b787-1538-4c8d-84f2-c53a950d210f", "network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f", "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f", "indicator--5a26b787-c7cc-48db-8e01-43e8950d210f", "indicator--5a26b787-c770-45cd-afb6-4ef8950d210f", "observed-data--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "indicator--5a26b788-d4e8-4705-913c-4760950d210f", "indicator--5a26b788-602c-4e92-b6ef-479b950d210f", "observed-data--5a26b788-5750-423c-b531-4d17950d210f", "network-traffic--5a26b788-5750-423c-b531-4d17950d210f", "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f", "indicator--5a26b788-d7c8-4dee-b871-4b51950d210f", "indicator--5a26b789-c144-4196-818c-44e0950d210f", "observed-data--5a26b789-fa10-4394-9152-439d950d210f", "network-traffic--5a26b789-fa10-4394-9152-439d950d210f", "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f", "indicator--5a26b789-ba7c-464c-b162-4b96950d210f", "indicator--5a26b789-b28c-4742-85c1-4e2d950d210f", "observed-data--5a26b78a-b580-40eb-9968-47cf950d210f", "network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f", "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f", "indicator--5a27bffc-2cf0-4653-b04f-bbba02de0b81", "indicator--5a27bffc-35b4-441b-973f-bbba02de0b81", "observed-data--5a27bffc-4818-41fc-8ec6-bbba02de0b81", "url--5a27bffc-4818-41fc-8ec6-bbba02de0b81", "indicator--5a60bda5-58ec-4ead-bd34-4dc6950d210f", "indicator--5a60bd4c-7658-4aee-8dfb-409c950d210f", "indicator--5a60bd62-bbac-42dc-8c5d-4164950d210f", "indicator--5a60bdd4-af20-4e80-83dc-478a950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Fake Globe Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b77f-77bc-4bb8-9acb-c53a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "pattern": "[file:hashes.MD5 = '06c82e99dc35ab88f2db7868d30012a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b780-e510-47d8-9eb2-4b54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "pattern": "[url:value = 'http://basedow-bilder.de/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b780-33f0-45b9-b2d7-4ff4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "pattern": "[domain-name:value = 'basedow-bilder.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b780-52c8-4195-aa36-4f6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "first_observed": "2017-12-06T10:01:31Z", "last_observed": "2017-12-06T10:01:31Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f", "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f", "dst_ref": "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f", "value": "194.116.187.130" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b781-7aac-46e3-9172-44e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "pattern": "[url:value = 'http://centralbaptistchurchnj.org/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b781-7508-4345-b3a5-4bd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:31.000Z", "modified": "2017-12-06T10:01:31.000Z", "pattern": "[domain-name:value = 'centralbaptistchurchnj.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b781-19a4-4ff4-8ac5-4449950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f", "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f", "dst_ref": "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f", "value": "68.171.62.42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b781-37c0-4b67-b809-464c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://highlandfamily.org/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b782-6298-48fc-add7-44b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'highlandfamily.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b782-a45c-40d9-9f13-4f3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f", "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f", "dst_ref": "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f", "value": "98.124.252.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b782-f970-4a2d-b75f-493c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://motifahsap.com/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b782-6088-4119-bfec-4d40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'motifahsap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b783-177c-4761-87f4-403b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b783-177c-4761-87f4-403b950d210f", "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b783-177c-4761-87f4-403b950d210f", "dst_ref": "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f", "value": "188.132.180.113" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b783-1048-4e2f-8cab-4a8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://pdj.co.id/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b784-2874-4587-87b2-4cb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'pdj.co.id']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b785-3c40-48e3-8143-4914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b785-3c40-48e3-8143-4914950d210f", "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b785-3c40-48e3-8143-4914950d210f", "dst_ref": "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f", "value": "202.169.44.166" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b785-9dd0-4ce1-a4be-49b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://pragmaticinquiry.org/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b785-62f0-465d-a4ab-4500950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'pragmaticinquiry.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "dst_ref": "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f", "value": "98.124.252.145" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b786-9368-42d7-b2f8-422a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://schwellenwertdaten.de/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b786-df34-4f97-a2b0-4275950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'schwellenwertdaten.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b786-9034-4407-b0db-451a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b786-9034-4407-b0db-451a950d210f", "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b786-9034-4407-b0db-451a950d210f", "dst_ref": "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f", "value": "178.77.75.77" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b786-8848-4631-bcd0-441c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://shamanic-extracts.biz/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b786-4850-4c23-9063-43b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'shamanic-extracts.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b787-1538-4c8d-84f2-c53a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f", "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f", "dst_ref": "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f", "value": "62.212.154.98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b787-c7cc-48db-8e01-43e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://team-bobcat.org/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b787-c770-45cd-afb6-4ef8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'team-bobcat.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "dst_ref": "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f", "value": "212.224.65.254" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b788-d4e8-4705-913c-4760950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://troyriser.com/UYTd46732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b788-602c-4e92-b6ef-479b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'troyriser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b788-5750-423c-b531-4d17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b788-5750-423c-b531-4d17950d210f", "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b788-5750-423c-b531-4d17950d210f", "dst_ref": "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f", "value": "98.124.251.167" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b788-d7c8-4dee-b871-4b51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'https://n224ezvhg4sgyamb.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b789-c144-4196-818c-44e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'n224ezvhg4sgyamb.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b789-fa10-4394-9152-439d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b789-fa10-4394-9152-439d950d210f", "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b789-fa10-4394-9152-439d950d210f", "dst_ref": "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f", "value": "188.166.203.69" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b789-ba7c-464c-b162-4b96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[url:value = 'http://summi.space/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b789-b28c-4742-85c1-4e2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "pattern": "[domain-name:value = 'summi.space']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b78a-b580-40eb-9968-47cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f", "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f", "dst_ref": "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f", "value": "198.23.241.227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a27bffc-2cf0-4653-b04f-bbba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "description": "- Xchecked via VT: 06c82e99dc35ab88f2db7868d30012a8", "pattern": "[file:hashes.SHA256 = 'e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a27bffc-35b4-441b-973f-bbba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "description": "- Xchecked via VT: 06c82e99dc35ab88f2db7868d30012a8", "pattern": "[file:hashes.SHA1 = '4bcba41741021833e193e721f4461645ab7fdb43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T10:01:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a27bffc-4818-41fc-8ec6-bbba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:32.000Z", "modified": "2017-12-06T10:01:32.000Z", "first_observed": "2017-12-06T10:01:32Z", "last_observed": "2017-12-06T10:01:32Z", "number_observed": 1, "object_refs": [ "url--5a27bffc-4818-41fc-8ec6-bbba02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a27bffc-4818-41fc-8ec6-bbba02de0b81", "value": "https://www.virustotal.com/file/e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2/analysis/1512435065/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a60bda5-58ec-4ead-bd34-4dc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T15:30:45.000Z", "modified": "2018-01-18T15:30:45.000Z", "description": "Found in file: scan_17.01.doc", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.176.221.146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T15:30:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a60bd4c-7658-4aee-8dfb-409c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T15:29:16.000Z", "modified": "2018-01-18T15:29:16.000Z", "pattern": "[file:hashes.MD5 = '5c3d35bd9282f61e414319d9d98c80b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T15:29:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a60bd62-bbac-42dc-8c5d-4164950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T15:29:38.000Z", "modified": "2018-01-18T15:29:38.000Z", "pattern": "[file:hashes.MD5 = 'b9f2699fc826f8109b12a17c1283ac3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T15:29:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a60bdd4-af20-4e80-83dc-478a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-18T15:31:32.000Z", "modified": "2018-01-18T15:31:32.000Z", "description": "Found in file: scan_17.01.doc", "pattern": "[url:value = 'http://185.176.221.146/download/s/gtz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T15:31:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }