{ "type": "bundle", "id": "bundle--5a26b911-af14-4c92-86a9-446c950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:16.000Z", "modified": "2017-12-06T10:01:16.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a26b911-af14-4c92-86a9-446c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T10:01:16.000Z", "modified": "2017-12-06T10:01:16.000Z", "name": "M2M - \"..doc\" 2017-12-05 : 'Message from \"G10PR0123456.MYCOMPANY.COM\"' - \"20171205123.zip\"", "published": "2017-12-06T10:01:22Z", "object_refs": [ "indicator--5a26b912-ec3c-4497-a03d-4bfa950d210f", "indicator--5a26b913-90cc-4e93-b967-46b4950d210f", "indicator--5a26b913-96e4-4366-a195-4699950d210f", "observed-data--5a26b913-3aec-4155-ae75-4cb6950d210f", "network-traffic--5a26b913-3aec-4155-ae75-4cb6950d210f", "ipv4-addr--5a26b913-3aec-4155-ae75-4cb6950d210f", "indicator--5a26b914-d9a0-4056-bb9a-4d7c950d210f", "indicator--5a26b915-b5a4-486b-99fa-49c6950d210f", "observed-data--5a26b915-9680-4889-9755-41a3950d210f", "network-traffic--5a26b915-9680-4889-9755-41a3950d210f", "ipv4-addr--5a26b915-9680-4889-9755-41a3950d210f", "indicator--5a26b915-adb0-40c4-8a3f-4d90950d210f", "indicator--5a26b915-4f90-4288-997d-46a7950d210f", "observed-data--5a26b915-2bac-4d10-aa7c-4c05950d210f", "network-traffic--5a26b915-2bac-4d10-aa7c-4c05950d210f", "ipv4-addr--5a26b915-2bac-4d10-aa7c-4c05950d210f", "indicator--5a26b916-5040-4ea8-8df8-4b09950d210f", "indicator--5a26b916-d638-4d8b-9c2e-c53a950d210f", "observed-data--5a26b916-c440-458b-b20a-4594950d210f", "network-traffic--5a26b916-c440-458b-b20a-4594950d210f", "ipv4-addr--5a26b916-c440-458b-b20a-4594950d210f", "indicator--5a26b916-a12c-4778-8f24-4368950d210f", "indicator--5a26b917-2868-4050-9e9a-4969950d210f", "observed-data--5a26b917-fe94-4156-8ec9-4984950d210f", "network-traffic--5a26b917-fe94-4156-8ec9-4984950d210f", "ipv4-addr--5a26b917-fe94-4156-8ec9-4984950d210f", "indicator--5a26b918-9010-44f5-95b5-4320950d210f", "indicator--5a26b918-93c0-48c3-a334-49db950d210f", "observed-data--5a26b918-4224-4a53-aba2-45c8950d210f", "network-traffic--5a26b918-4224-4a53-aba2-45c8950d210f", "ipv4-addr--5a26b918-4224-4a53-aba2-45c8950d210f", "indicator--5a26b918-79bc-414c-9849-4be4950d210f", "indicator--5a26b918-6394-4304-97b1-41fe950d210f", "observed-data--5a26b919-e41c-4571-8a6f-4d26950d210f", "network-traffic--5a26b919-e41c-4571-8a6f-4d26950d210f", "ipv4-addr--5a26b919-e41c-4571-8a6f-4d26950d210f", "indicator--5a26b919-bf74-40e1-93a9-4a4b950d210f", "indicator--5a26b919-5e30-4dba-b258-4bf6950d210f", "observed-data--5a26b919-5870-49ba-b32b-44d0950d210f", "network-traffic--5a26b919-5870-49ba-b32b-44d0950d210f", "ipv4-addr--5a26b919-5870-49ba-b32b-44d0950d210f", "indicator--5a27bf7d-f440-42a7-bad7-553702de0b81", "indicator--5a27bf7d-bdfc-400d-a524-553702de0b81", "observed-data--5a27bf7d-6474-47d7-84b8-553702de0b81", "url--5a27bf7d-6474-47d7-84b8-553702de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Fake Globe Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b912-ec3c-4497-a03d-4bfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "pattern": "[file:hashes.MD5 = '5da21af74810e3655bcbbe40660f21b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b913-90cc-4e93-b967-46b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "pattern": "[domain-name:value = 'g10pr0123456.mycompany.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b913-96e4-4366-a195-4699950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "pattern": "[domain-name:value = 'mycompany.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b913-3aec-4155-ae75-4cb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "first_observed": "2017-12-06T09:59:23Z", "last_observed": "2017-12-06T09:59:23Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b913-3aec-4155-ae75-4cb6950d210f", "ipv4-addr--5a26b913-3aec-4155-ae75-4cb6950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b913-3aec-4155-ae75-4cb6950d210f", "dst_ref": "ipv4-addr--5a26b913-3aec-4155-ae75-4cb6950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b913-3aec-4155-ae75-4cb6950d210f", "value": "52.5.196.34" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b914-d9a0-4056-bb9a-4d7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "pattern": "[url:value = 'http://hofgrund.de/hudgy356']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b915-b5a4-486b-99fa-49c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "pattern": "[domain-name:value = 'hofgrund.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b915-9680-4889-9755-41a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:23.000Z", "modified": "2017-12-06T09:59:23.000Z", "first_observed": "2017-12-06T09:59:23Z", "last_observed": "2017-12-06T09:59:23Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b915-9680-4889-9755-41a3950d210f", "ipv4-addr--5a26b915-9680-4889-9755-41a3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b915-9680-4889-9755-41a3950d210f", "dst_ref": "ipv4-addr--5a26b915-9680-4889-9755-41a3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b915-9680-4889-9755-41a3950d210f", "value": "78.111.75.239" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b915-adb0-40c4-8a3f-4d90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[url:value = 'http://horoskoperstellung.com/hudgy358']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b915-4f90-4288-997d-46a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[domain-name:value = 'horoskoperstellung.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b915-2bac-4d10-aa7c-4c05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "first_observed": "2017-12-06T09:59:24Z", "last_observed": "2017-12-06T09:59:24Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b915-2bac-4d10-aa7c-4c05950d210f", "ipv4-addr--5a26b915-2bac-4d10-aa7c-4c05950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b915-2bac-4d10-aa7c-4c05950d210f", "dst_ref": "ipv4-addr--5a26b915-2bac-4d10-aa7c-4c05950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b915-2bac-4d10-aa7c-4c05950d210f", "value": "213.203.202.31" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b916-5040-4ea8-8df8-4b09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[url:value = 'http://hosting-jw.de/hudgy356']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b916-d638-4d8b-9c2e-c53a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[domain-name:value = 'hosting-jw.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b916-c440-458b-b20a-4594950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "first_observed": "2017-12-06T09:59:24Z", "last_observed": "2017-12-06T09:59:24Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b916-c440-458b-b20a-4594950d210f", "ipv4-addr--5a26b916-c440-458b-b20a-4594950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b916-c440-458b-b20a-4594950d210f", "dst_ref": "ipv4-addr--5a26b916-c440-458b-b20a-4594950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b916-c440-458b-b20a-4594950d210f", "value": "85.214.130.145" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b916-a12c-4778-8f24-4368950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[url:value = 'http://primeassociatesinc.com/hudgy356']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b917-2868-4050-9e9a-4969950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[domain-name:value = 'primeassociatesinc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b917-fe94-4156-8ec9-4984950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "first_observed": "2017-12-06T09:59:24Z", "last_observed": "2017-12-06T09:59:24Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b917-fe94-4156-8ec9-4984950d210f", "ipv4-addr--5a26b917-fe94-4156-8ec9-4984950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b917-fe94-4156-8ec9-4984950d210f", "dst_ref": "ipv4-addr--5a26b917-fe94-4156-8ec9-4984950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b917-fe94-4156-8ec9-4984950d210f", "value": "209.54.51.32" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b918-9010-44f5-95b5-4320950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:24.000Z", "modified": "2017-12-06T09:59:24.000Z", "pattern": "[url:value = 'http://rorymartin8.info/hudgy356']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b918-93c0-48c3-a334-49db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "pattern": "[domain-name:value = 'rorymartin8.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b918-4224-4a53-aba2-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "first_observed": "2017-12-06T09:59:25Z", "last_observed": "2017-12-06T09:59:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b918-4224-4a53-aba2-45c8950d210f", "ipv4-addr--5a26b918-4224-4a53-aba2-45c8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b918-4224-4a53-aba2-45c8950d210f", "dst_ref": "ipv4-addr--5a26b918-4224-4a53-aba2-45c8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b918-4224-4a53-aba2-45c8950d210f", "value": "192.185.193.214" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b918-79bc-414c-9849-4be4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "pattern": "[url:value = 'https://ugf57wl6uexcj7fu.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b918-6394-4304-97b1-41fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "pattern": "[domain-name:value = 'ugf57wl6uexcj7fu.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b919-e41c-4571-8a6f-4d26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "first_observed": "2017-12-06T09:59:25Z", "last_observed": "2017-12-06T09:59:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b919-e41c-4571-8a6f-4d26950d210f", "ipv4-addr--5a26b919-e41c-4571-8a6f-4d26950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b919-e41c-4571-8a6f-4d26950d210f", "dst_ref": "ipv4-addr--5a26b919-e41c-4571-8a6f-4d26950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b919-e41c-4571-8a6f-4d26950d210f", "value": "103.198.0.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b919-bf74-40e1-93a9-4a4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "pattern": "[url:value = 'http://summi.space/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a26b919-5e30-4dba-b258-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "pattern": "[domain-name:value = 'summi.space']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a26b919-5870-49ba-b32b-44d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "first_observed": "2017-12-06T09:59:25Z", "last_observed": "2017-12-06T09:59:25Z", "number_observed": 1, "object_refs": [ "network-traffic--5a26b919-5870-49ba-b32b-44d0950d210f", "ipv4-addr--5a26b919-5870-49ba-b32b-44d0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a26b919-5870-49ba-b32b-44d0950d210f", "dst_ref": "ipv4-addr--5a26b919-5870-49ba-b32b-44d0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a26b919-5870-49ba-b32b-44d0950d210f", "value": "198.23.241.227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a27bf7d-f440-42a7-bad7-553702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "description": "- Xchecked via VT: 5da21af74810e3655bcbbe40660f21b8", "pattern": "[file:hashes.SHA256 = 'c0ce6c2f03e3174d347eb2136a230883a725fcd5179221f61435ea709a2ba81f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a27bf7d-bdfc-400d-a524-553702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "description": "- Xchecked via VT: 5da21af74810e3655bcbbe40660f21b8", "pattern": "[file:hashes.SHA1 = '60d60dff0d3af3b564e43bc87ef5a63ff6146da7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-06T09:59:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a27bf7d-6474-47d7-84b8-553702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-06T09:59:25.000Z", "modified": "2017-12-06T09:59:25.000Z", "first_observed": "2017-12-06T09:59:25Z", "last_observed": "2017-12-06T09:59:25Z", "number_observed": 1, "object_refs": [ "url--5a27bf7d-6474-47d7-84b8-553702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a27bf7d-6474-47d7-84b8-553702de0b81", "value": "https://www.virustotal.com/file/c0ce6c2f03e3174d347eb2136a230883a725fcd5179221f61435ea709a2ba81f/analysis/1512549209/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }