misp-circl-feed/feeds/circl/misp/57205b50-c19c-4411-ae0e-4414950d210f.json

2152 lines
No EOL
92 KiB
JSON

{
"type": "bundle",
"id": "bundle--57205b50-c19c-4411-ae0e-4414950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:48.000Z",
"modified": "2016-04-27T06:32:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57205b50-c19c-4411-ae0e-4414950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:48.000Z",
"modified": "2016-04-27T06:32:48.000Z",
"name": "OSINT - Malware Campaign Using Google Docs Intercepted, Thousands of Users Affected",
"published": "2016-04-27T06:33:22Z",
"object_refs": [
"observed-data--57205b6f-c7b4-41ee-8106-4c9d950d210f",
"url--57205b6f-c7b4-41ee-8106-4c9d950d210f",
"indicator--57205bac-01ac-4e84-ae00-4fee950d210f",
"indicator--57205bac-2254-455c-aa7c-471a950d210f",
"indicator--57205bac-c15c-4a44-8959-4aa1950d210f",
"indicator--57205bad-8330-433b-ab79-4f70950d210f",
"indicator--57205bad-daa0-4453-9005-4f2a950d210f",
"indicator--57205bd7-ffec-455c-87b9-4073950d210f",
"indicator--57205bd7-cc08-4eed-aa4a-4576950d210f",
"indicator--57205bd8-0054-484f-8d00-4b6a950d210f",
"indicator--57205bd8-0524-47ca-b34d-44ba950d210f",
"indicator--57205bd8-8554-4dc0-a3c6-4347950d210f",
"indicator--57205bd9-5b08-421f-8063-4972950d210f",
"indicator--57205bd9-d1b4-4bbe-a480-468f950d210f",
"indicator--57205bda-46ec-49bb-96c1-462c950d210f",
"indicator--57205bda-74e4-44d3-b55b-45cc950d210f",
"indicator--57205bda-e268-49af-8607-4903950d210f",
"indicator--57205c21-023c-481a-afda-4114950d210f",
"indicator--57205c22-a168-4167-9a7e-4fa8950d210f",
"indicator--57205c22-1398-4cbd-9ac3-4d00950d210f",
"indicator--57205c22-233c-4985-b975-4a9d950d210f",
"indicator--57205c23-31d0-4046-b5ad-407d950d210f",
"indicator--57205c23-3620-4a83-a688-4ccc950d210f",
"indicator--57205c24-da7c-4484-af22-462d950d210f",
"indicator--57205c24-b574-4ed2-92ba-478a950d210f",
"indicator--57205c25-5c68-4b45-8315-4ffe950d210f",
"indicator--57205c25-3b24-4f3e-a00b-4561950d210f",
"indicator--57205c25-f728-401e-8b9c-44c2950d210f",
"indicator--57205c26-4810-4a03-b0e9-4742950d210f",
"indicator--57205c26-3344-4069-9bc3-4aa0950d210f",
"indicator--57205c27-189c-4dc4-9eda-47c9950d210f",
"indicator--57205c27-4dd0-48db-9bd7-4067950d210f",
"indicator--57205c28-4920-4b79-ba19-45c8950d210f",
"indicator--57205c28-da34-43a2-a251-4803950d210f",
"indicator--57205c29-f698-4d8a-8091-458a950d210f",
"indicator--57205c29-5e94-4235-9d4b-42c3950d210f",
"indicator--57205c29-cfa0-4029-bef1-4309950d210f",
"indicator--57205c2a-e428-48ae-996e-40ba950d210f",
"indicator--57205c2a-834c-42fd-be1a-4eff950d210f",
"indicator--57205c2b-4940-40ae-8a69-43cd950d210f",
"indicator--57205c2b-8fb8-4043-810e-4ac4950d210f",
"indicator--57205c2c-6da4-4afb-a957-47f7950d210f",
"indicator--57205c2c-d7bc-41fe-968a-421c950d210f",
"indicator--57205c2c-985c-4924-8599-47a3950d210f",
"indicator--57205c2d-6140-4a0b-a246-449a950d210f",
"indicator--57205c2d-ef20-47f6-b090-4dd5950d210f",
"indicator--57205c2e-f4c0-4073-b330-4f74950d210f",
"indicator--57205c2e-2e70-4277-a3fa-4fd2950d210f",
"indicator--57205c2f-2098-407f-94de-417c950d210f",
"indicator--57205c2f-dfc4-4dbf-8d0a-4e3d950d210f",
"indicator--57205c2f-a484-4078-80e0-4168950d210f",
"indicator--57205c30-6fb0-4205-b015-41f8950d210f",
"indicator--57205c30-5020-4fea-af7c-4832950d210f",
"indicator--57205c31-baac-464a-b87e-4386950d210f",
"indicator--57205c31-a74c-4ada-9b62-4645950d210f",
"indicator--57205c32-c28c-429c-9d14-4a39950d210f",
"indicator--57205c32-5a00-4a19-a073-40e0950d210f",
"indicator--57205c32-95ec-4196-b201-433e950d210f",
"indicator--57205c33-1df4-4ee4-9d38-48b9950d210f",
"indicator--57205c33-c1bc-420f-a1f5-4e0d950d210f",
"indicator--57205c34-f7dc-4e0e-8fcb-47e2950d210f",
"indicator--57205c34-3ef8-403e-86d4-4464950d210f",
"indicator--57205c35-d224-42db-8751-4254950d210f",
"indicator--57205c35-36d4-4ce6-8027-4567950d210f",
"indicator--57205c35-f1fc-429d-876a-4213950d210f",
"indicator--57205c36-b78c-4b94-8122-48d2950d210f",
"indicator--57205cec-06ac-4da2-bddc-495a950d210f",
"indicator--57205ced-af5c-4f92-a38b-4098950d210f",
"indicator--57205ced-e3f0-4316-90c4-4e57950d210f",
"indicator--57205cee-5bc4-46c8-9b51-47c6950d210f",
"indicator--57205d11-9314-4d11-8dac-454202de0b81",
"indicator--57205d11-f4a8-45c5-9395-4eed02de0b81",
"observed-data--57205d11-2f34-4150-bef4-4f8102de0b81",
"url--57205d11-2f34-4150-bef4-4f8102de0b81",
"indicator--57205d12-9f80-432a-b9de-4f5f02de0b81",
"indicator--57205d12-82bc-49ad-a42e-4c0e02de0b81",
"observed-data--57205d13-6748-4b8a-a367-446e02de0b81",
"url--57205d13-6748-4b8a-a367-446e02de0b81",
"indicator--57205d13-4448-43bd-b7a4-4d2c02de0b81",
"indicator--57205d13-4c60-417f-903b-4ac702de0b81",
"observed-data--57205d14-485c-48ba-b8f2-4eab02de0b81",
"url--57205d14-485c-48ba-b8f2-4eab02de0b81",
"indicator--57205d14-3510-4769-979c-485d02de0b81",
"indicator--57205d15-b7bc-4b31-b7de-434d02de0b81",
"observed-data--57205d15-feb0-439b-a6d9-4b2202de0b81",
"url--57205d15-feb0-439b-a6d9-4b2202de0b81",
"indicator--57205d15-a5ec-4e07-8c09-49fb02de0b81",
"indicator--57205d16-af14-4474-bd1b-4ed302de0b81",
"observed-data--57205d16-6e60-4f83-b2f9-4b2502de0b81",
"url--57205d16-6e60-4f83-b2f9-4b2502de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205b6f-c7b4-41ee-8106-4c9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:25:51.000Z",
"modified": "2016-04-27T06:25:51.000Z",
"first_observed": "2016-04-27T06:25:51Z",
"last_observed": "2016-04-27T06:25:51Z",
"number_observed": 1,
"object_refs": [
"url--57205b6f-c7b4-41ee-8106-4c9d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205b6f-c7b4-41ee-8106-4c9d950d210f",
"value": "http://ddanchev.blogspot.com/2016/04/google-docs-malware-serving-campaign.htm"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bac-01ac-4e84-ae00-4fee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:26:52.000Z",
"modified": "2016-04-27T06:26:52.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
"pattern": "[file:hashes.MD5 = '495f05d7ebca1022da2cdd1700aeac39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bac-2254-455c-aa7c-471a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:26:52.000Z",
"modified": "2016-04-27T06:26:52.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
"pattern": "[file:hashes.MD5 = '68abd8a3a8c18c59f638e50ab0c386a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bac-c15c-4a44-8959-4aa1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:26:52.000Z",
"modified": "2016-04-27T06:26:52.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
"pattern": "[file:hashes.MD5 = '65b4bdba2d3b3e92b8b96d7d9ba7f88e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bad-8330-433b-ab79-4f70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:26:53.000Z",
"modified": "2016-04-27T06:26:53.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
"pattern": "[file:hashes.MD5 = '64b5c6b20e2d758a008812df99a5958e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bad-daa0-4453-9005-4f2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:26:53.000Z",
"modified": "2016-04-27T06:26:53.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
"pattern": "[file:hashes.MD5 = 'a0869b751e4a0bf27685f2f8677f9c62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:26:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd7-ffec-455c-87b9-4073950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:35.000Z",
"modified": "2016-04-27T06:27:35.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[url:value = 'http://smartoptionsinc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd7-cc08-4eed-aa4a-4576950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:35.000Z",
"modified": "2016-04-27T06:27:35.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.70.228.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd8-0054-484f-8d00-4b6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:36.000Z",
"modified": "2016-04-27T06:27:36.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[url:value = 'http://ppc.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd8-0524-47ca-b34d-44ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:36.000Z",
"modified": "2016-04-27T06:27:36.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.80.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd8-8554-4dc0-a3c6-4347950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:36.000Z",
"modified": "2016-04-27T06:27:36.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[url:value = 'http://apps.identrust.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd9-5b08-421f-8063-4972950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:37.000Z",
"modified": "2016-04-27T06:27:37.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.35.177.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bd9-d1b4-4bbe-a480-468f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:37.000Z",
"modified": "2016-04-27T06:27:37.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[url:value = 'http://cargol.cat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bda-46ec-49bb-96c1-462c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:38.000Z",
"modified": "2016-04-27T06:27:38.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.149.7.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bda-74e4-44d3-b55b-45cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:38.000Z",
"modified": "2016-04-27T06:27:38.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[url:value = 'http://bikeceuta.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205bda-e268-49af-8607-4903950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:27:38.000Z",
"modified": "2016-04-27T06:27:38.000Z",
"description": "Once executed the sample phones back to the following C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.142.215.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:27:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c21-023c-481a-afda-4114950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:49.000Z",
"modified": "2016-04-27T06:28:49.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://barbedosgroup.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c22-a168-4167-9a7e-4fa8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:50.000Z",
"modified": "2016-04-27T06:28:50.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://brutalforce.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c22-1398-4cbd-9ac3-4d00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:50.000Z",
"modified": "2016-04-27T06:28:50.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://christophar-hacker.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c22-233c-4985-b975-4a9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:50.000Z",
"modified": "2016-04-27T06:28:50.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://moto-przestrzen.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c23-31d0-4046-b5ad-407d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:51.000Z",
"modified": "2016-04-27T06:28:51.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://eturva.y0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c23-3620-4a83-a688-4ccc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:51.000Z",
"modified": "2016-04-27T06:28:51.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://lingirlie.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c24-da7c-4484-af22-462d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:52.000Z",
"modified": "2016-04-27T06:28:52.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://ogladajmecz.com.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c24-b574-4ed2-92ba-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:52.000Z",
"modified": "2016-04-27T06:28:52.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://oriflamekonkurs2l16.c0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c25-5c68-4b45-8315-4ffe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:53.000Z",
"modified": "2016-04-27T06:28:53.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://umeblowani.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c25-3b24-4f3e-a00b-4561950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:53.000Z",
"modified": "2016-04-27T06:28:53.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://webadminvalidation.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c25-f728-401e-8b9c-44c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:53.000Z",
"modified": "2016-04-27T06:28:53.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://adamr.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c26-4810-4a03-b0e9-4742950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:54.000Z",
"modified": "2016-04-27T06:28:54.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://alea.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c26-3344-4069-9bc3-4aa0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:54.000Z",
"modified": "2016-04-27T06:28:54.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://artbymachonis.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c27-189c-4dc4-9eda-47c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:55.000Z",
"modified": "2016-04-27T06:28:55.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://beqwqgdu.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c27-4dd0-48db-9bd7-4067950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:55.000Z",
"modified": "2016-04-27T06:28:55.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://bleachonline.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c28-4920-4b79-ba19-45c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:56.000Z",
"modified": "2016-04-27T06:28:56.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://facebook-profile-natalia9320.j.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c28-da34-43a2-a251-4803950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:56.000Z",
"modified": "2016-04-27T06:28:56.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://fllrev1978.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c29-f698-4d8a-8091-458a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:57.000Z",
"modified": "2016-04-27T06:28:57.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://gotowesms.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c29-5e94-4235-9d4b-42c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:57.000Z",
"modified": "2016-04-27T06:28:57.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://kbvdfuh.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c29-cfa0-4029-bef1-4309950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:57.000Z",
"modified": "2016-04-27T06:28:57.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://maplka1977.c0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2a-e428-48ae-996e-40ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:58.000Z",
"modified": "2016-04-27T06:28:58.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://nagrobkiartek.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2a-834c-42fd-be1a-4eff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:58.000Z",
"modified": "2016-04-27T06:28:58.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://nyzusbojpxnl.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2b-4940-40ae-8a69-43cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:59.000Z",
"modified": "2016-04-27T06:28:59.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://okilh1973.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2b-8fb8-4043-810e-4ac4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:28:59.000Z",
"modified": "2016-04-27T06:28:59.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://pucusej.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:28:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2c-6da4-4afb-a957-47f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:00.000Z",
"modified": "2016-04-27T06:29:00.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://sajtom.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2c-d7bc-41fe-968a-421c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:00.000Z",
"modified": "2016-04-27T06:29:00.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://tarnowiec.net.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2c-985c-4924-8599-47a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:00.000Z",
"modified": "2016-04-27T06:29:00.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://techtell.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2d-6140-4a0b-a246-449a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:01.000Z",
"modified": "2016-04-27T06:29:01.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://testujemypl.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2d-ef20-47f6-b090-4dd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:01.000Z",
"modified": "2016-04-27T06:29:01.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://lawendowawyspa.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2e-f4c0-4073-b330-4f74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:02.000Z",
"modified": "2016-04-27T06:29:02.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://younglean.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2e-2e70-4277-a3fa-4fd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:02.000Z",
"modified": "2016-04-27T06:29:02.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://delegaturaszczecin.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2f-2098-407f-94de-417c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:03.000Z",
"modified": "2016-04-27T06:29:03.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://metzmoerex.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2f-dfc4-4dbf-8d0a-4e3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:03.000Z",
"modified": "2016-04-27T06:29:03.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://kmpk.c0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c2f-a484-4078-80e0-4168950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:03.000Z",
"modified": "2016-04-27T06:29:03.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://500plus.c0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c30-6fb0-4205-b015-41f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:04.000Z",
"modified": "2016-04-27T06:29:04.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://erxhxrrb1981.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c30-5020-4fea-af7c-4832950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:04.000Z",
"modified": "2016-04-27T06:29:04.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://exztwsl.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c31-baac-464a-b87e-4386950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:05.000Z",
"modified": "2016-04-27T06:29:05.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://fafrvfa.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c31-a74c-4ada-9b62-4645950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:05.000Z",
"modified": "2016-04-27T06:29:05.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://fastandfurios.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c32-c28c-429c-9d14-4a39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:06.000Z",
"modified": "2016-04-27T06:29:06.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://filmonline.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c32-5a00-4a19-a073-40e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:06.000Z",
"modified": "2016-04-27T06:29:06.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://fragcraft.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c32-95ec-4196-b201-433e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:06.000Z",
"modified": "2016-04-27T06:29:06.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://fryzjer.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c33-1df4-4ee4-9d38-48b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:07.000Z",
"modified": "2016-04-27T06:29:07.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://hgedkom1973.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c33-c1bc-420f-a1f5-4e0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:07.000Z",
"modified": "2016-04-27T06:29:07.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://luyfiv1972.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c34-f7dc-4e0e-8fcb-47e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:08.000Z",
"modified": "2016-04-27T06:29:08.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://oliviasekulska.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c34-3ef8-403e-86d4-4464950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:08.000Z",
"modified": "2016-04-27T06:29:08.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://opziwr-zamosc.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c35-d224-42db-8751-4254950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:09.000Z",
"modified": "2016-04-27T06:29:09.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://ostro.ga']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c35-36d4-4ce6-8027-4567950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:09.000Z",
"modified": "2016-04-27T06:29:09.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://rodzina500plus.c0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c35-f1fc-429d-876a-4213950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:09.000Z",
"modified": "2016-04-27T06:29:09.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://roknasilowni.tk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205c36-b78c-4b94-8122-48d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:29:10.000Z",
"modified": "2016-04-27T06:29:10.000Z",
"description": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
"pattern": "[url:value = 'http://vfqqgr1971.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205cec-06ac-4da2-bddc-495a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:12.000Z",
"modified": "2016-04-27T06:32:12.000Z",
"description": "Sample malicious URL hosting location",
"pattern": "[url:value = 'http://ecku.cba.pl/js/bin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205ced-af5c-4f92-a38b-4098950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:13.000Z",
"modified": "2016-04-27T06:32:13.000Z",
"description": "Sample malicious URL hosting location",
"pattern": "[url:value = 'http://mondeodoslubu.cba.pl/js/bin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205ced-e3f0-4316-90c4-4e57950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:13.000Z",
"modified": "2016-04-27T06:32:13.000Z",
"description": "Sample malicious URL hosting location",
"pattern": "[url:value = 'http://piotrkochanski.cba.pl/js/bin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205cee-5bc4-46c8-9b51-47c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:14.000Z",
"modified": "2016-04-27T06:32:14.000Z",
"description": "Sample malicious URL hosting location",
"pattern": "[url:value = 'http://szczuczynsp.cba.pl/122/091.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d11-9314-4d11-8dac-454202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:49.000Z",
"modified": "2016-04-27T06:32:49.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62",
"pattern": "[file:hashes.SHA256 = '34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d11-f4a8-45c5-9395-4eed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:49.000Z",
"modified": "2016-04-27T06:32:49.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62",
"pattern": "[file:hashes.SHA1 = '3b5417b1a045e382658fcf6c4d46b79265ab0d61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205d11-2f34-4150-bef4-4f8102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:49.000Z",
"modified": "2016-04-27T06:32:49.000Z",
"first_observed": "2016-04-27T06:32:49Z",
"last_observed": "2016-04-27T06:32:49Z",
"number_observed": 1,
"object_refs": [
"url--57205d11-2f34-4150-bef4-4f8102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205d11-2f34-4150-bef4-4f8102de0b81",
"value": "https://www.virustotal.com/file/34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07/analysis/1459233130/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d12-9f80-432a-b9de-4f5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:50.000Z",
"modified": "2016-04-27T06:32:50.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e",
"pattern": "[file:hashes.SHA256 = '1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d12-82bc-49ad-a42e-4c0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:50.000Z",
"modified": "2016-04-27T06:32:50.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e",
"pattern": "[file:hashes.SHA1 = 'ae1caf7ed76f4f412ff5c469cd61379d911a1da6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205d13-6748-4b8a-a367-446e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:51.000Z",
"modified": "2016-04-27T06:32:51.000Z",
"first_observed": "2016-04-27T06:32:51Z",
"last_observed": "2016-04-27T06:32:51Z",
"number_observed": 1,
"object_refs": [
"url--57205d13-6748-4b8a-a367-446e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205d13-6748-4b8a-a367-446e02de0b81",
"value": "https://www.virustotal.com/file/1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d/analysis/1460771233/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d13-4448-43bd-b7a4-4d2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:51.000Z",
"modified": "2016-04-27T06:32:51.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e",
"pattern": "[file:hashes.SHA256 = '16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d13-4c60-417f-903b-4ac702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:51.000Z",
"modified": "2016-04-27T06:32:51.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e",
"pattern": "[file:hashes.SHA1 = 'dc2f8e277d45446077e6891bec2530317d8dbbfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205d14-485c-48ba-b8f2-4eab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:52.000Z",
"modified": "2016-04-27T06:32:52.000Z",
"first_observed": "2016-04-27T06:32:52Z",
"last_observed": "2016-04-27T06:32:52Z",
"number_observed": 1,
"object_refs": [
"url--57205d14-485c-48ba-b8f2-4eab02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205d14-485c-48ba-b8f2-4eab02de0b81",
"value": "https://www.virustotal.com/file/16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d/analysis/1460857119/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d14-3510-4769-979c-485d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:52.000Z",
"modified": "2016-04-27T06:32:52.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4",
"pattern": "[file:hashes.SHA256 = '8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d15-b7bc-4b31-b7de-434d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:53.000Z",
"modified": "2016-04-27T06:32:53.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4",
"pattern": "[file:hashes.SHA1 = '9cf70b8ba95e606e7e3fff44230c4d014688396e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205d15-feb0-439b-a6d9-4b2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:53.000Z",
"modified": "2016-04-27T06:32:53.000Z",
"first_observed": "2016-04-27T06:32:53Z",
"last_observed": "2016-04-27T06:32:53Z",
"number_observed": 1,
"object_refs": [
"url--57205d15-feb0-439b-a6d9-4b2202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205d15-feb0-439b-a6d9-4b2202de0b81",
"value": "https://www.virustotal.com/file/8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7/analysis/1460972860/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d15-a5ec-4e07-8c09-49fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:53.000Z",
"modified": "2016-04-27T06:32:53.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39",
"pattern": "[file:hashes.SHA256 = 'c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57205d16-af14-4474-bd1b-4ed302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:54.000Z",
"modified": "2016-04-27T06:32:54.000Z",
"description": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39",
"pattern": "[file:hashes.SHA1 = 'f476d4197ec7c59b1ecb25362f00a8fb2f4c93b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-27T06:32:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57205d16-6e60-4f83-b2f9-4b2502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-27T06:32:54.000Z",
"modified": "2016-04-27T06:32:54.000Z",
"first_observed": "2016-04-27T06:32:54Z",
"last_observed": "2016-04-27T06:32:54Z",
"number_observed": 1,
"object_refs": [
"url--57205d16-6e60-4f83-b2f9-4b2502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57205d16-6e60-4f83-b2f9-4b2502de0b81",
"value": "https://www.virustotal.com/file/c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36/analysis/1461280641/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}