adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59281443-312c-4b77-aef7-447d950d210f.json

2250 lines
No EOL
89 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59281443-312c-4b77-aef7-447d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:35.000Z",
"modified": "2017-05-26T13:46:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59281443-312c-4b77-aef7-447d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:35.000Z",
"modified": "2017-05-26T13:46:35.000Z",
"name": "Jaff 2017-05-25 : \"Payment Receipt 1234\" - \"1234.pdf\"",
"published": "2017-05-26T13:46:53Z",
"object_refs": [
"indicator--59281446-b440-4a1f-bbe1-4564950d210f",
"indicator--59281448-5fb0-4cb5-8947-44ea950d210f",
"indicator--5928144a-5368-4e33-9a4c-4090950d210f",
"indicator--5928144b-e848-4515-93fc-4242950d210f",
"observed-data--5928144c-050c-439e-a4a2-4225950d210f",
"network-traffic--5928144c-050c-439e-a4a2-4225950d210f",
"ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f",
"indicator--5928144c-b160-4179-94a7-450e950d210f",
"indicator--5928144d-2364-40f8-bd8a-419a950d210f",
"observed-data--5928144f-d4b0-4902-9e5b-416a950d210f",
"network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f",
"ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f",
"indicator--59281451-6310-4b31-8b46-495e950d210f",
"indicator--59281452-c164-4d7a-996e-4478950d210f",
"observed-data--59281454-3bcc-42e1-adfc-4345950d210f",
"network-traffic--59281454-3bcc-42e1-adfc-4345950d210f",
"ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f",
"indicator--59281455-57ac-4700-a036-49e8950d210f",
"indicator--59281456-bc98-4998-b24f-48ef950d210f",
"observed-data--59281457-9e0c-48fb-b518-4cbd950d210f",
"network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f",
"ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f",
"indicator--59281458-a294-4496-b8fa-417c950d210f",
"indicator--59281459-c67c-4581-84a8-4c22950d210f",
"observed-data--5928145c-29ec-4e88-ab66-42a8950d210f",
"network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f",
"ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f",
"indicator--5928145d-1898-4496-ae26-4d72950d210f",
"indicator--5928145f-24d4-42dc-9a8b-4930950d210f",
"observed-data--59281460-0f30-465b-91e7-46b5950d210f",
"network-traffic--59281460-0f30-465b-91e7-46b5950d210f",
"ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f",
"indicator--59281461-8144-4204-b00e-4c44950d210f",
"indicator--59281463-aac4-46e9-9f4f-4124950d210f",
"observed-data--59281463-ae54-4c10-a75a-494c950d210f",
"network-traffic--59281463-ae54-4c10-a75a-494c950d210f",
"ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f",
"indicator--59281464-431c-40b2-9ffb-44fd950d210f",
"indicator--59281465-a28c-4c77-8f28-4b41950d210f",
"observed-data--59281466-6c50-4c9e-8a4a-4043950d210f",
"network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f",
"ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f",
"indicator--59281467-9ed0-492a-adb2-46e5950d210f",
"indicator--59281468-2890-4110-a2eb-43ec950d210f",
"observed-data--5928146a-214c-44dd-96a6-4048950d210f",
"network-traffic--5928146a-214c-44dd-96a6-4048950d210f",
"ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f",
"indicator--5928146b-2d3c-43c6-8111-4a64950d210f",
"indicator--5928146c-10ec-4dd7-8ea4-4028950d210f",
"observed-data--5928146d-0604-4b71-bb95-4f36950d210f",
"network-traffic--5928146d-0604-4b71-bb95-4f36950d210f",
"ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f",
"indicator--5928146e-6c10-44d2-b095-4d63950d210f",
"indicator--5928146f-0d24-4a49-a4cd-4184950d210f",
"observed-data--59281470-4050-4f7e-b23d-476b950d210f",
"network-traffic--59281470-4050-4f7e-b23d-476b950d210f",
"ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f",
"indicator--59281471-8b70-4816-bf67-48d9950d210f",
"indicator--59281472-c81c-435b-b039-426a950d210f",
"observed-data--59281473-c478-4690-850f-4daa950d210f",
"network-traffic--59281473-c478-4690-850f-4daa950d210f",
"ipv4-addr--59281473-c478-4690-850f-4daa950d210f",
"indicator--59281474-9950-4a03-b0f3-44de950d210f",
"indicator--59281475-790c-4e0d-b640-4edd950d210f",
"observed-data--59281476-a230-41af-bdeb-4e59950d210f",
"network-traffic--59281476-a230-41af-bdeb-4e59950d210f",
"ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f",
"indicator--59281477-d734-4382-9133-4ec4950d210f",
"indicator--59281478-c9a0-4b5d-9d6c-4ce7950d210f",
"observed-data--59281479-0744-419f-b39f-4367950d210f",
"network-traffic--59281479-0744-419f-b39f-4367950d210f",
"ipv4-addr--59281479-0744-419f-b39f-4367950d210f",
"indicator--5928147a-035c-4f27-8493-44b4950d210f",
"indicator--5928147a-8038-4e54-a86c-468c950d210f",
"observed-data--5928147b-871c-4e2b-9651-4438950d210f",
"network-traffic--5928147b-871c-4e2b-9651-4438950d210f",
"ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f",
"indicator--5928147c-7938-4b38-afeb-4108950d210f",
"indicator--5928147d-4644-4d6d-bd52-46c6950d210f",
"observed-data--5928147e-8b08-44e7-93cb-421e950d210f",
"network-traffic--5928147e-8b08-44e7-93cb-421e950d210f",
"ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f",
"indicator--5928147f-1e48-47fd-84c6-49bb950d210f",
"indicator--59281480-946c-4499-a3a5-448c950d210f",
"observed-data--59281481-58c4-4762-9d00-4d1a950d210f",
"network-traffic--59281481-58c4-4762-9d00-4d1a950d210f",
"ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f",
"indicator--59281482-83f4-493e-9db3-4f29950d210f",
"indicator--59281483-47f0-475b-9773-4065950d210f",
"observed-data--59281484-7858-4442-9586-4f6b950d210f",
"network-traffic--59281484-7858-4442-9586-4f6b950d210f",
"ipv4-addr--59281484-7858-4442-9586-4f6b950d210f",
"indicator--59281485-61c4-4a98-a73e-4dce950d210f",
"indicator--59281486-aa6c-4587-9614-4e62950d210f",
"observed-data--59281488-da70-4ec5-8893-425b950d210f",
"network-traffic--59281488-da70-4ec5-8893-425b950d210f",
"ipv4-addr--59281488-da70-4ec5-8893-425b950d210f",
"indicator--59281488-86cc-49a5-b908-41dc950d210f",
"indicator--59281489-afa8-4910-a727-4706950d210f",
"observed-data--5928148a-2608-4290-a255-4f20950d210f",
"network-traffic--5928148a-2608-4290-a255-4f20950d210f",
"ipv4-addr--5928148a-2608-4290-a255-4f20950d210f",
"indicator--5928148b-4b58-4318-aa1a-4f12950d210f",
"indicator--5928148c-8448-4df1-9df9-4623950d210f",
"observed-data--5928148e-dcac-472d-9c86-4322950d210f",
"network-traffic--5928148e-dcac-472d-9c86-4322950d210f",
"ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f",
"indicator--5928148f-ffc8-4e76-8906-4ab2950d210f",
"indicator--59281491-4698-485f-96d8-47c8950d210f",
"observed-data--59281492-b0b0-4364-8dbf-40a5950d210f",
"network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f",
"ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f",
"indicator--59281493-f744-40ba-8f5d-48cc950d210f",
"indicator--59281493-a0b4-442d-8d58-409c950d210f",
"indicator--59281495-7340-4d49-b253-48d1950d210f",
"indicator--59281496-7040-40fa-8e43-4eb5950d210f",
"observed-data--59281497-6810-44b9-bcb2-492b950d210f",
"network-traffic--59281497-6810-44b9-bcb2-492b950d210f",
"ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f",
"indicator--59282b6e-5a14-46b0-9569-4a0302de0b81",
"indicator--59282b6e-e194-42d5-8536-433302de0b81",
"observed-data--59282b6f-8ff8-43ed-bb33-411202de0b81",
"url--59282b6f-8ff8-43ed-bb33-411202de0b81",
"indicator--59282b6f-044c-47c0-b2fe-4bfc02de0b81",
"indicator--59282b70-5fd4-4cae-bdc9-4cce02de0b81",
"observed-data--59282b70-91c4-446f-92de-47e802de0b81",
"url--59282b70-91c4-446f-92de-47e802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Jaff\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281446-b440-4a1f-bbe1-4564950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[file:hashes.MD5 = '9585bc2d5d63b189bf8455d2e05cfb5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281448-5fb0-4cb5-8947-44ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[file:hashes.MD5 = 'fc8c82354bbc40f2662d577863c6b20f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928144a-5368-4e33-9a4c-4090950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://benimkecim.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928144b-e848-4515-93fc-4242950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'benimkecim.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928144c-050c-439e-a4a2-4225950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928144c-050c-439e-a4a2-4225950d210f",
"ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928144c-050c-439e-a4a2-4225950d210f",
"dst_ref": "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928144c-050c-439e-a4a2-4225950d210f",
"value": "95.173.189.215"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928144c-b160-4179-94a7-450e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://better57toiuydof.net/af/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928144d-2364-40f8-bd8a-419a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'better57toiuydof.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928144f-d4b0-4902-9e5b-416a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f",
"ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928144f-d4b0-4902-9e5b-416a950d210f",
"dst_ref": "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928144f-d4b0-4902-9e5b-416a950d210f",
"value": "46.173.218.111"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281451-6310-4b31-8b46-495e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://bionorica.md/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281452-c164-4d7a-996e-4478950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'bionorica.md']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281454-3bcc-42e1-adfc-4345950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281454-3bcc-42e1-adfc-4345950d210f",
"ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281454-3bcc-42e1-adfc-4345950d210f",
"dst_ref": "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281454-3bcc-42e1-adfc-4345950d210f",
"value": "176.223.209.7"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281455-57ac-4700-a036-49e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://blackstoneconsultants.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281456-bc98-4998-b24f-48ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'blackstoneconsultants.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281457-9e0c-48fb-b518-4cbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f",
"ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281457-9e0c-48fb-b518-4cbd950d210f",
"dst_ref": "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281457-9e0c-48fb-b518-4cbd950d210f",
"value": "192.124.249.6"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281458-a294-4496-b8fa-417c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://danthegreat.athost.net/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281459-c67c-4581-84a8-4c22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'danthegreat.athost.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928145c-29ec-4e88-ab66-42a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f",
"ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928145c-29ec-4e88-ab66-42a8950d210f",
"dst_ref": "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928145c-29ec-4e88-ab66-42a8950d210f",
"value": "88.198.4.251"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928145d-1898-4496-ae26-4d72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://derossigroup.it/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928145f-24d4-42dc-9a8b-4930950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'derossigroup.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281460-0f30-465b-91e7-46b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281460-0f30-465b-91e7-46b5950d210f",
"ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281460-0f30-465b-91e7-46b5950d210f",
"dst_ref": "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281460-0f30-465b-91e7-46b5950d210f",
"value": "195.130.247.50"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281461-8144-4204-b00e-4c44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://dianagaertner.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281463-aac4-46e9-9f4f-4124950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'dianagaertner.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281463-ae54-4c10-a75a-494c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281463-ae54-4c10-a75a-494c950d210f",
"ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281463-ae54-4c10-a75a-494c950d210f",
"dst_ref": "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281463-ae54-4c10-a75a-494c950d210f",
"value": "81.169.145.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281464-431c-40b2-9ffb-44fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://dreamybean.de/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281465-a28c-4c77-8f28-4b41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'dreamybean.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281466-6c50-4c9e-8a4a-4043950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f",
"ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281466-6c50-4c9e-8a4a-4043950d210f",
"dst_ref": "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281466-6c50-4c9e-8a4a-4043950d210f",
"value": "81.169.145.160"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281467-9ed0-492a-adb2-46e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://duktigaflickor.se/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281468-2890-4110-a2eb-43ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'duktigaflickor.se']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928146a-214c-44dd-96a6-4048950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928146a-214c-44dd-96a6-4048950d210f",
"ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928146a-214c-44dd-96a6-4048950d210f",
"dst_ref": "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928146a-214c-44dd-96a6-4048950d210f",
"value": "46.30.213.61"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928146b-2d3c-43c6-8111-4a64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://enseling-gmbh.de/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928146c-10ec-4dd7-8ea4-4028950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'enseling-gmbh.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928146d-0604-4b71-bb95-4f36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928146d-0604-4b71-bb95-4f36950d210f",
"ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928146d-0604-4b71-bb95-4f36950d210f",
"dst_ref": "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928146d-0604-4b71-bb95-4f36950d210f",
"value": "81.169.145.162"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928146e-6c10-44d2-b095-4d63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://enzler-elektro.ch/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928146f-0d24-4a49-a4cd-4184950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'enzler-elektro.ch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281470-4050-4f7e-b23d-476b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281470-4050-4f7e-b23d-476b950d210f",
"ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281470-4050-4f7e-b23d-476b950d210f",
"dst_ref": "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281470-4050-4f7e-b23d-476b950d210f",
"value": "80.86.198.13"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281471-8b70-4816-bf67-48d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://facecapsule.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281472-c81c-435b-b039-426a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'facecapsule.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281473-c478-4690-850f-4daa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281473-c478-4690-850f-4daa950d210f",
"ipv4-addr--59281473-c478-4690-850f-4daa950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281473-c478-4690-850f-4daa950d210f",
"dst_ref": "ipv4-addr--59281473-c478-4690-850f-4daa950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281473-c478-4690-850f-4daa950d210f",
"value": "70.35.121.121"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281474-9950-4a03-b0f3-44de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://holidayhops.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281475-790c-4e0d-b640-4edd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'holidayhops.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281476-a230-41af-bdeb-4e59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281476-a230-41af-bdeb-4e59950d210f",
"ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281476-a230-41af-bdeb-4e59950d210f",
"dst_ref": "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281476-a230-41af-bdeb-4e59950d210f",
"value": "166.62.29.125"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281477-d734-4382-9133-4ec4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://hunter.cz/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281478-c9a0-4b5d-9d6c-4ce7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'hunter.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281479-0744-419f-b39f-4367950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281479-0744-419f-b39f-4367950d210f",
"ipv4-addr--59281479-0744-419f-b39f-4367950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281479-0744-419f-b39f-4367950d210f",
"dst_ref": "ipv4-addr--59281479-0744-419f-b39f-4367950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281479-0744-419f-b39f-4367950d210f",
"value": "83.167.255.182"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928147a-035c-4f27-8493-44b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://operadorapuma.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928147a-8038-4e54-a86c-468c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'operadorapuma.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928147b-871c-4e2b-9651-4438950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928147b-871c-4e2b-9651-4438950d210f",
"ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928147b-871c-4e2b-9651-4438950d210f",
"dst_ref": "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928147b-871c-4e2b-9651-4438950d210f",
"value": "192.124.249.2"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928147c-7938-4b38-afeb-4108950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://orchideus.cz/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928147d-4644-4d6d-bd52-46c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'orchideus.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928147e-8b08-44e7-93cb-421e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928147e-8b08-44e7-93cb-421e950d210f",
"ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928147e-8b08-44e7-93cb-421e950d210f",
"dst_ref": "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928147e-8b08-44e7-93cb-421e950d210f",
"value": "81.31.42.12"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928147f-1e48-47fd-84c6-49bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://pepmata.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281480-946c-4499-a3a5-448c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'pepmata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281481-58c4-4762-9d00-4d1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:45:49.000Z",
"modified": "2017-05-26T13:45:49.000Z",
"first_observed": "2017-05-26T13:45:49Z",
"last_observed": "2017-05-26T13:45:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281481-58c4-4762-9d00-4d1a950d210f",
"ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281481-58c4-4762-9d00-4d1a950d210f",
"dst_ref": "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281481-58c4-4762-9d00-4d1a950d210f",
"value": "160.153.129.221"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281482-83f4-493e-9db3-4f29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://pixshoot.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281483-47f0-475b-9773-4065950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'pixshoot.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281484-7858-4442-9586-4f6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281484-7858-4442-9586-4f6b950d210f",
"ipv4-addr--59281484-7858-4442-9586-4f6b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281484-7858-4442-9586-4f6b950d210f",
"dst_ref": "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281484-7858-4442-9586-4f6b950d210f",
"value": "104.156.51.239"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281485-61c4-4a98-a73e-4dce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://rejtjel.hu/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281486-aa6c-4587-9614-4e62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'rejtjel.hu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281488-da70-4ec5-8893-425b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281488-da70-4ec5-8893-425b950d210f",
"ipv4-addr--59281488-da70-4ec5-8893-425b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281488-da70-4ec5-8893-425b950d210f",
"dst_ref": "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281488-da70-4ec5-8893-425b950d210f",
"value": "91.82.226.140"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281488-86cc-49a5-b908-41dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://tropicalcoffeebreak.com/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281489-afa8-4910-a727-4706950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'tropicalcoffeebreak.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928148a-2608-4290-a255-4f20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928148a-2608-4290-a255-4f20950d210f",
"ipv4-addr--5928148a-2608-4290-a255-4f20950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928148a-2608-4290-a255-4f20950d210f",
"dst_ref": "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928148a-2608-4290-a255-4f20950d210f",
"value": "162.144.143.109"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928148b-4b58-4318-aa1a-4f12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://vipmarketing.co.il/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928148c-8448-4df1-9df9-4623950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'vipmarketing.co.il']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5928148e-dcac-472d-9c86-4322950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5928148e-dcac-472d-9c86-4322950d210f",
"ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5928148e-dcac-472d-9c86-4322950d210f",
"dst_ref": "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5928148e-dcac-472d-9c86-4322950d210f",
"value": "81.218.71.217"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5928148f-ffc8-4e76-8906-4ab2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://vsflot.ru/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281491-4698-485f-96d8-47c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'vsflot.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281492-b0b0-4364-8dbf-40a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f",
"ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281492-b0b0-4364-8dbf-40a5950d210f",
"dst_ref": "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281492-b0b0-4364-8dbf-40a5950d210f",
"value": "81.177.135.191"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281493-f744-40ba-8f5d-48cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://youtoolgrabeertorse.org/af/TrfHn4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281493-a0b4-442d-8d58-409c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'youtoolgrabeertorse.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281495-7340-4d49-b253-48d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[url:value = 'http://dorobratiohdtyszxwk.com/a5/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59281496-7040-40fa-8e43-4eb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:12.000Z",
"modified": "2017-05-26T13:19:12.000Z",
"pattern": "[domain-name:value = 'dorobratiohdtyszxwk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59281497-6810-44b9-bcb2-492b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:46:20.000Z",
"modified": "2017-05-26T13:46:20.000Z",
"first_observed": "2017-05-26T13:46:20Z",
"last_observed": "2017-05-26T13:46:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59281497-6810-44b9-bcb2-492b950d210f",
"ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59281497-6810-44b9-bcb2-492b950d210f",
"dst_ref": "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59281497-6810-44b9-bcb2-492b950d210f",
"value": "34.225.214.20"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59282b6e-5a14-46b0-9569-4a0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:42.000Z",
"modified": "2017-05-26T13:19:42.000Z",
"description": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f",
"pattern": "[file:hashes.SHA256 = '2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59282b6e-e194-42d5-8536-433302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:42.000Z",
"modified": "2017-05-26T13:19:42.000Z",
"description": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f",
"pattern": "[file:hashes.SHA1 = '27f095ac614baa7db8bcd1f5737cdefd8b0bb1ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59282b6f-8ff8-43ed-bb33-411202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:43.000Z",
"modified": "2017-05-26T13:19:43.000Z",
"first_observed": "2017-05-26T13:19:43Z",
"last_observed": "2017-05-26T13:19:43Z",
"number_observed": 1,
"object_refs": [
"url--59282b6f-8ff8-43ed-bb33-411202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59282b6f-8ff8-43ed-bb33-411202de0b81",
"value": "https://www.virustotal.com/file/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569/analysis/1495782707/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59282b6f-044c-47c0-b2fe-4bfc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:43.000Z",
"modified": "2017-05-26T13:19:43.000Z",
"description": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e",
"pattern": "[file:hashes.SHA256 = 'ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59282b70-5fd4-4cae-bdc9-4cce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:44.000Z",
"modified": "2017-05-26T13:19:44.000Z",
"description": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e",
"pattern": "[file:hashes.SHA1 = '09fcafdc65429b55087227f8942e787e10e1b73c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-26T13:19:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59282b70-91c4-446f-92de-47e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-26T13:19:44.000Z",
"modified": "2017-05-26T13:19:44.000Z",
"first_observed": "2017-05-26T13:19:44Z",
"last_observed": "2017-05-26T13:19:44Z",
"number_observed": 1,
"object_refs": [
"url--59282b70-91c4-446f-92de-47e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59282b70-91c4-446f-92de-47e802de0b81",
"value": "https://www.virustotal.com/file/ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd/analysis/1495772587/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink