misp-circl-feed/feeds/circl/misp/57c6ac4c-c60c-4f79-a38f-b666950d210f.json

1196 lines
No EOL
48 KiB
JSON

{
"type": "bundle",
"id": "bundle--57c6ac4c-c60c-4f79-a38f-b666950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:51.000Z",
"modified": "2016-08-31T10:10:51.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57c6ac4c-c60c-4f79-a38f-b666950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:51.000Z",
"modified": "2016-08-31T10:10:51.000Z",
"name": "Malspam 2016-08-31 (.wsf in .zip) - campaign: \"Image|Picture|Photos|Photo|Document\"",
"published": "2016-08-31T10:11:32Z",
"object_refs": [
"indicator--57c6acfc-da4c-44de-9f5a-b667950d210f",
"indicator--57c6acfd-09ec-4d5d-8716-b667950d210f",
"indicator--57c6acfd-5198-494d-8159-b667950d210f",
"indicator--57c6acfd-7a2c-4b14-a586-b667950d210f",
"indicator--57c6acfd-c484-422b-a86d-b667950d210f",
"indicator--57c6acfd-5910-4d48-9f0a-b667950d210f",
"indicator--57c6acfe-2f68-49c7-b4b8-b667950d210f",
"indicator--57c6acfe-f2f0-4ca5-a092-b667950d210f",
"indicator--57c6acfe-0cec-42d8-9f68-b667950d210f",
"indicator--57c6acfe-9af4-4d0a-bdba-b667950d210f",
"indicator--57c6acfe-1e60-47eb-9410-b667950d210f",
"indicator--57c6acff-06b8-46b9-b613-b667950d210f",
"indicator--57c6acff-2370-45f8-a45b-b667950d210f",
"indicator--57c6acff-4210-4f6b-b572-b667950d210f",
"indicator--57c6acff-ba08-485e-b062-b667950d210f",
"indicator--57c6acff-43b4-43f7-961b-b667950d210f",
"indicator--57c6acff-1218-44a4-b7c9-b667950d210f",
"indicator--57c6ad00-10ac-4cb9-b427-b667950d210f",
"indicator--57c6ad00-ee98-4ef6-b61c-b667950d210f",
"indicator--57c6ad00-42dc-46b7-b802-b667950d210f",
"indicator--57c6ad00-c128-45ab-af25-b667950d210f",
"indicator--57c6ad00-a2a8-43b6-a941-b667950d210f",
"indicator--57c6ad01-4c60-40c3-bc12-b667950d210f",
"indicator--57c6ad01-ab70-4333-a2b9-b667950d210f",
"indicator--57c6ad01-9be4-4bea-b194-b667950d210f",
"indicator--57c6ad01-4384-495e-8c51-b667950d210f",
"indicator--57c6ad01-f1a8-4997-9234-b667950d210f",
"indicator--57c6ad02-1244-4e95-9ff3-b667950d210f",
"indicator--57c6ad02-9a1c-448a-9f3c-b667950d210f",
"indicator--57c6ad02-5c30-4979-8643-b667950d210f",
"indicator--57c6ad02-e7a8-4556-9496-b667950d210f",
"indicator--57c6ad02-cefc-4e05-abb6-b667950d210f",
"indicator--57c6ad02-2dc4-49ec-a938-b667950d210f",
"indicator--57c6ad03-c744-4f83-a46c-b667950d210f",
"indicator--57c6ad03-f4d0-4def-9328-b667950d210f",
"indicator--57c6ad03-f80c-463d-8bd8-b667950d210f",
"indicator--57c6ad03-b260-4570-be2a-b667950d210f",
"indicator--57c6ad03-6538-457a-be18-b667950d210f",
"indicator--57c6ad04-3594-434b-b18a-b667950d210f",
"indicator--57c6ad04-d600-4d97-9c91-b667950d210f",
"indicator--57c6ad04-a7d4-4b7f-a697-b667950d210f",
"indicator--57c6ad04-391c-4faf-ab7a-b667950d210f",
"indicator--57c6ad04-0204-4aa3-a08f-b667950d210f",
"indicator--57c6ad05-3e14-4fdd-bb39-b667950d210f",
"indicator--57c6ad05-190c-46b6-a42e-b667950d210f",
"indicator--57c6ad05-26f0-4336-8ede-b667950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfc-da4c-44de-9f5a-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:04.000Z",
"modified": "2016-08-31T10:10:04.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'gastrohurt.neostrada.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfd-09ec-4d5d-8716-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:05.000Z",
"modified": "2016-08-31T10:10:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.97.216.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfd-5198-494d-8159-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:05.000Z",
"modified": "2016-08-31T10:10:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'alians-ekb.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfd-7a2c-4b14-a586-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:05.000Z",
"modified": "2016-08-31T10:10:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.12.197.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfd-c484-422b-a86d-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:05.000Z",
"modified": "2016-08-31T10:10:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'og-kaiserslautern-kft.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfd-5910-4d48-9f0a-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:05.000Z",
"modified": "2016-08-31T10:10:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.140.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfe-2f68-49c7-b4b8-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:06.000Z",
"modified": "2016-08-31T10:10:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'nihilismus.web.fc2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfe-f2f0-4ca5-a092-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:06.000Z",
"modified": "2016-08-31T10:10:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfe-0cec-42d8-9f68-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:06.000Z",
"modified": "2016-08-31T10:10:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'chwiladlaciebie.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfe-9af4-4d0a-bdba-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:06.000Z",
"modified": "2016-08-31T10:10:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acfe-1e60-47eb-9410-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:06.000Z",
"modified": "2016-08-31T10:10:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.peritiassicurativi.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-06b8-46b9-b613-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-2370-45f8-a45b-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[url:value = 'http://rmpst.republika.pl/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-4210-4f6b-b572-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'rmpst.republika.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-ba08-485e-b062-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-43b4-43f7-961b-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'arcziuuucity.y0.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6acff-1218-44a4-b7c9-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:07.000Z",
"modified": "2016-08-31T10:10:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.dapaluda.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad00-10ac-4cb9-b427-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:08.000Z",
"modified": "2016-08-31T10:10:08.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.lindenkapelle.de/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad00-ee98-4ef6-b61c-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:08.000Z",
"modified": "2016-08-31T10:10:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.lindenkapelle.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad00-42dc-46b7-b802-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:08.000Z",
"modified": "2016-08-31T10:10:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad00-c128-45ab-af25-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:08.000Z",
"modified": "2016-08-31T10:10:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.artx.strefa.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad00-a2a8-43b6-a941-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:08.000Z",
"modified": "2016-08-31T10:10:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.74.66.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad01-4c60-40c3-bc12-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:09.000Z",
"modified": "2016-08-31T10:10:09.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.hiederer.de/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad01-ab70-4333-a2b9-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:09.000Z",
"modified": "2016-08-31T10:10:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.hiederer.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad01-9be4-4bea-b194-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:09.000Z",
"modified": "2016-08-31T10:10:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad01-4384-495e-8c51-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:09.000Z",
"modified": "2016-08-31T10:10:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'wolffram.homepage.t-online.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad01-f1a8-4997-9234-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:09.000Z",
"modified": "2016-08-31T10:10:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-1244-4e95-9ff3-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.shanty-chor-neuengoers.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-9a1c-448a-9f3c-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'onlineportal-2012.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-5c30-4979-8643-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.254.51.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-e7a8-4556-9496-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[url:value = 'http://stanflorin10.go.ro/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-cefc-4e05-abb6-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'stanflorin10.go.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad02-2dc4-49ec-a938-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:10.000Z",
"modified": "2016-08-31T10:10:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad03-c744-4f83-a46c-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:11.000Z",
"modified": "2016-08-31T10:10:11.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.welt-weit.info/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad03-f4d0-4def-9328-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:11.000Z",
"modified": "2016-08-31T10:10:11.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.welt-weit.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad03-f80c-463d-8bd8-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:11.000Z",
"modified": "2016-08-31T10:10:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad03-b260-4570-be2a-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:11.000Z",
"modified": "2016-08-31T10:10:11.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.facturi.go.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad03-6538-457a-be18-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:11.000Z",
"modified": "2016-08-31T10:10:11.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'muellerfalk.homepage.t-online.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad04-3594-434b-b18a-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:12.000Z",
"modified": "2016-08-31T10:10:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.vilastefania.go.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad04-d600-4d97-9c91-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:12.000Z",
"modified": "2016-08-31T10:10:12.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.auret.at/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad04-a7d4-4b7f-a697-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:12.000Z",
"modified": "2016-08-31T10:10:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.auret.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad04-391c-4faf-ab7a-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:12.000Z",
"modified": "2016-08-31T10:10:12.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.116.84.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad04-0204-4aa3-a08f-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:12.000Z",
"modified": "2016-08-31T10:10:12.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.roboticapc.com/987nkjh8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad05-3e14-4fdd-bb39-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:13.000Z",
"modified": "2016-08-31T10:10:13.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.roboticapc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad05-190c-46b6-a42e-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:13.000Z",
"modified": "2016-08-31T10:10:13.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'lacomete52.perso.sfr.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c6ad05-26f0-4336-8ede-b667950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-31T10:10:13.000Z",
"modified": "2016-08-31T10:10:13.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.65.123.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-31T10:10:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}