misp-circl-feed/feeds/circl/misp/57c821ca-f2ac-43e7-a2e4-4470950d210f.json

1646 lines
No EOL
66 KiB
JSON

{
"type": "bundle",
"id": "bundle--57c821ca-f2ac-43e7-a2e4-4470950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:49:10.000Z",
"modified": "2016-09-01T12:49:10.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57c821ca-f2ac-43e7-a2e4-4470950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:49:10.000Z",
"modified": "2016-09-01T12:49:10.000Z",
"name": "Malspam 2016-09-01 (.wsf in .zip) - campaign: \"Please find attached invoice no:\"",
"published": "2016-09-01T12:49:32Z",
"object_refs": [
"indicator--57c82253-68a8-47c1-8701-4549950d210f",
"indicator--57c82253-6c64-475c-94de-4f52950d210f",
"indicator--57c82253-4d3c-4803-ac3a-4c91950d210f",
"indicator--57c82254-b2a4-4c04-9b48-40dd950d210f",
"indicator--57c82254-580c-40dc-84ad-4742950d210f",
"indicator--57c82254-0e1c-450b-91b2-4118950d210f",
"indicator--57c82254-fa88-479d-a216-411b950d210f",
"indicator--57c82255-4f4c-494a-9bb8-4e24950d210f",
"indicator--57c82255-4c98-4521-b5e5-423b950d210f",
"indicator--57c82255-9990-46c3-8869-411e950d210f",
"indicator--57c82255-6e44-47d6-9cc8-4004950d210f",
"indicator--57c82255-4aa8-4635-92cb-4358950d210f",
"indicator--57c82256-c578-4239-be73-496f950d210f",
"indicator--57c82256-d614-44be-aaa5-48af950d210f",
"indicator--57c82256-163c-4973-bb93-4a8d950d210f",
"indicator--57c82256-9564-4207-ac52-4984950d210f",
"indicator--57c82257-1f60-4cc5-9164-4f6e950d210f",
"indicator--57c82257-9488-4661-aaad-418f950d210f",
"indicator--57c82257-3c44-4753-9623-41c1950d210f",
"indicator--57c82257-2070-43cd-9fe8-4aed950d210f",
"indicator--57c82257-ef10-46d1-bb6d-41fa950d210f",
"indicator--57c82258-c98c-4f75-a4a5-4337950d210f",
"indicator--57c82258-4bbc-4b38-b53f-4ba4950d210f",
"indicator--57c82258-c9ec-415c-9e3a-4e81950d210f",
"indicator--57c82258-5198-45ec-9f0f-473f950d210f",
"indicator--57c82259-4f38-4b93-bd59-41b6950d210f",
"indicator--57c82259-c1e8-4a69-b12c-4f5c950d210f",
"indicator--57c82259-10cc-4310-8341-4e98950d210f",
"indicator--57c82259-0a50-479b-828f-4ad8950d210f",
"indicator--57c82259-fc84-4326-9804-4513950d210f",
"indicator--57c8225a-1c80-453e-93d2-4c98950d210f",
"indicator--57c8225a-37b8-48fa-8fd7-4c01950d210f",
"indicator--57c8225a-b8f0-43f5-acbb-46bb950d210f",
"indicator--57c8225a-01d4-4358-90ca-4d40950d210f",
"indicator--57c8225b-fde8-4552-8fef-447e950d210f",
"indicator--57c8225b-bdb0-4afe-952e-47ec950d210f",
"indicator--57c8225b-8868-429d-b583-4800950d210f",
"indicator--57c8225b-7c50-4057-b606-4879950d210f",
"indicator--57c8225b-4328-4690-940d-47e7950d210f",
"indicator--57c8225c-ee18-4738-91b5-4036950d210f",
"indicator--57c8225c-2f40-4cbe-9091-4d10950d210f",
"indicator--57c8225c-4220-4ace-906c-43ce950d210f",
"indicator--57c8225c-dbbc-4b2d-95d7-48d1950d210f",
"indicator--57c8225d-2778-42bc-95e4-4bb7950d210f",
"indicator--57c8225d-1bcc-4362-9ea5-47c8950d210f",
"indicator--57c8225d-bed0-4e86-9455-47f8950d210f",
"indicator--57c8225d-483c-4a9e-ac43-4b3d950d210f",
"indicator--57c8225d-c0c0-44c7-8adf-4d95950d210f",
"indicator--57c8225e-0c88-4a11-800d-443e950d210f",
"indicator--57c8225e-0888-4a67-a4f5-4a29950d210f",
"indicator--57c8225e-2244-4921-9411-4ac6950d210f",
"indicator--57c8225e-6818-4541-b16d-4b3c950d210f",
"indicator--57c8225f-2fe8-4bc1-883e-47e9950d210f",
"indicator--57c8225f-f6b8-4fa6-83af-430a950d210f",
"indicator--57c8225f-2bbc-48ca-926b-4ed4950d210f",
"indicator--57c8225f-a6b0-4663-9f84-4ff5950d210f",
"indicator--57c82260-3dd8-46fd-9f9a-49ae950d210f",
"indicator--57c82260-6060-4f5a-b726-4249950d210f",
"indicator--57c82260-dd84-4e8d-a4f2-4748950d210f",
"indicator--57c82260-8ae8-4089-bd3d-498f950d210f",
"indicator--57c82260-85a4-4f4c-88bb-4de9950d210f",
"indicator--57c82261-093c-449e-bab8-4077950d210f",
"indicator--57c82261-c61c-4c36-aa6f-408e950d210f",
"indicator--57c82314-bbf0-4c73-aca3-4d4b950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82253-68a8-47c1-8701-4549950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:42:59.000Z",
"modified": "2016-09-01T12:42:59.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'chal4.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:42:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82253-6c64-475c-94de-4f52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:42:59.000Z",
"modified": "2016-09-01T12:42:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.165.38.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:42:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82253-4d3c-4803-ac3a-4c91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:42:59.000Z",
"modified": "2016-09-01T12:42:59.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'abcbureautique.abc.perso.neuf.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:42:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82254-b2a4-4c04-9b48-40dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:00.000Z",
"modified": "2016-09-01T12:43:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.65.123.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82254-580c-40dc-84ad-4742950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:00.000Z",
"modified": "2016-09-01T12:43:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.valerypro.com/87hcrn33g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82254-0e1c-450b-91b2-4118950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:00.000Z",
"modified": "2016-09-01T12:43:00.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.valerypro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82254-fa88-479d-a216-411b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:00.000Z",
"modified": "2016-09-01T12:43:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82255-4f4c-494a-9bb8-4e24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:00.000Z",
"modified": "2016-09-01T12:43:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://pp4_09_10_2s.republika.pl/87hcrn33g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82255-4c98-4521-b5e5-423b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:01.000Z",
"modified": "2016-09-01T12:43:01.000Z",
"description": "download location",
"pattern": "[file:name = 'pp4_09_10_2s.republika.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82255-9990-46c3-8869-411e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:01.000Z",
"modified": "2016-09-01T12:43:01.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82255-6e44-47d6-9cc8-4004950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:01.000Z",
"modified": "2016-09-01T12:43:01.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'school3.50webs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82255-4aa8-4635-92cb-4358950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:01.000Z",
"modified": "2016-09-01T12:43:01.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.151.153.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82256-c578-4239-be73-496f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:02.000Z",
"modified": "2016-09-01T12:43:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.195.68.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82256-d614-44be-aaa5-48af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:02.000Z",
"modified": "2016-09-01T12:43:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'szkolagrojec.republika.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82256-163c-4973-bb93-4a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:02.000Z",
"modified": "2016-09-01T12:43:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'imperium.nazory.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82256-9564-4207-ac52-4984950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:02.000Z",
"modified": "2016-09-01T12:43:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.219.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82257-1f60-4cc5-9164-4f6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:03.000Z",
"modified": "2016-09-01T12:43:03.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.galaturs.com.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82257-9488-4661-aaad-418f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:03.000Z",
"modified": "2016-09-01T12:43:03.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.207.44.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82257-3c44-4753-9623-41c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:03.000Z",
"modified": "2016-09-01T12:43:03.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.idiomestarradellas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82257-2070-43cd-9fe8-4aed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:03.000Z",
"modified": "2016-09-01T12:43:03.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.42.230.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82257-ef10-46d1-bb6d-41fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:03.000Z",
"modified": "2016-09-01T12:43:03.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.infoteria.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82258-c98c-4f75-a4a5-4337950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:04.000Z",
"modified": "2016-09-01T12:43:04.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82258-4bbc-4b38-b53f-4ba4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:04.000Z",
"modified": "2016-09-01T12:43:04.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'srxrun.nobody.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82258-c9ec-415c-9e3a-4e81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:04.000Z",
"modified": "2016-09-01T12:43:04.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.140.42.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82258-5198-45ec-9f0f-473f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:04.000Z",
"modified": "2016-09-01T12:43:04.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'kissfm.rdsor.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82259-4f38-4b93-bd59-41b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:05.000Z",
"modified": "2016-09-01T12:43:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.231.238.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82259-c1e8-4a69-b12c-4f5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:05.000Z",
"modified": "2016-09-01T12:43:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.gebrvanorsouw.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82259-10cc-4310-8341-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:05.000Z",
"modified": "2016-09-01T12:43:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.250.4.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82259-0a50-479b-828f-4ad8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:05.000Z",
"modified": "2016-09-01T12:43:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.gunaldy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82259-fc84-4326-9804-4513950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:05.000Z",
"modified": "2016-09-01T12:43:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.22.4.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225a-1c80-453e-93d2-4c98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:06.000Z",
"modified": "2016-09-01T12:43:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.termoalbiate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225a-37b8-48fa-8fd7-4c01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:06.000Z",
"modified": "2016-09-01T12:43:06.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.agridiving.net/87hcrn33g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225a-b8f0-43f5-acbb-46bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:06.000Z",
"modified": "2016-09-01T12:43:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.agridiving.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225a-01d4-4358-90ca-4d40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:06.000Z",
"modified": "2016-09-01T12:43:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.238.0.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225b-fde8-4552-8fef-447e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:07.000Z",
"modified": "2016-09-01T12:43:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'olivier.coroenne.perso.sfr.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225b-bdb0-4afe-952e-47ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:07.000Z",
"modified": "2016-09-01T12:43:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dcqoutlet.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225b-8868-429d-b583-4800950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:07.000Z",
"modified": "2016-09-01T12:43:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.0.11.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225b-7c50-4057-b606-4879950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:07.000Z",
"modified": "2016-09-01T12:43:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'kawasima0506.web.fc2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225b-4328-4690-940d-47e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:07.000Z",
"modified": "2016-09-01T12:43:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225c-ee18-4738-91b5-4036950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:08.000Z",
"modified": "2016-09-01T12:43:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'sac360.web.fc2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225c-2f40-4cbe-9091-4d10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:08.000Z",
"modified": "2016-09-01T12:43:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225c-4220-4ace-906c-43ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:08.000Z",
"modified": "2016-09-01T12:43:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.carloabati.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225c-dbbc-4b2d-95d7-48d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:08.000Z",
"modified": "2016-09-01T12:43:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.archiviestoria.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225d-2778-42bc-95e4-4bb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:09.000Z",
"modified": "2016-09-01T12:43:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'branchjp.web.fc2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225d-1bcc-4362-9ea5-47c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:09.000Z",
"modified": "2016-09-01T12:43:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225d-bed0-4e86-9455-47f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:09.000Z",
"modified": "2016-09-01T12:43:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'rodewelshcobs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225d-483c-4a9e-ac43-4b3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:09.000Z",
"modified": "2016-09-01T12:43:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225d-c0c0-44c7-8adf-4d95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:09.000Z",
"modified": "2016-09-01T12:43:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'reklamnibannery.wz.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225e-0c88-4a11-800d-443e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:10.000Z",
"modified": "2016-09-01T12:43:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.219.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225e-0888-4a67-a4f5-4a29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:10.000Z",
"modified": "2016-09-01T12:43:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'nevrincea.50webs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225e-2244-4921-9411-4ac6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:10.000Z",
"modified": "2016-09-01T12:43:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225e-6818-4541-b16d-4b3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:10.000Z",
"modified": "2016-09-01T12:43:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.cmg-ingegneria.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225f-2fe8-4bc1-883e-47e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:11.000Z",
"modified": "2016-09-01T12:43:11.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'forum.sandalcraft.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225f-f6b8-4fa6-83af-430a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:11.000Z",
"modified": "2016-09-01T12:43:11.000Z",
"description": "download location",
"pattern": "[url:value = 'http://postaldigitalrs.com.br/87hcrn33g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225f-2bbc-48ca-926b-4ed4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:11.000Z",
"modified": "2016-09-01T12:43:11.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'postaldigitalrs.com.br']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c8225f-a6b0-4663-9f84-4ff5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:11.000Z",
"modified": "2016-09-01T12:43:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.45.193.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82260-3dd8-46fd-9f9a-49ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:12.000Z",
"modified": "2016-09-01T12:43:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dashman.web.fc2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82260-6060-4f5a-b726-4249950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:12.000Z",
"modified": "2016-09-01T12:43:12.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82260-dd84-4e8d-a4f2-4748950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:12.000Z",
"modified": "2016-09-01T12:43:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'rhanwid.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82260-8ae8-4089-bd3d-498f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:12.000Z",
"modified": "2016-09-01T12:43:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'wccf.huuryuu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82260-85a4-4f4c-88bb-4de9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:12.000Z",
"modified": "2016-09-01T12:43:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.courtesyweb.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82261-093c-449e-bab8-4077950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:13.000Z",
"modified": "2016-09-01T12:43:13.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'hotcarshhhs6632.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82261-c61c-4c36-aa6f-408e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:43:13.000Z",
"modified": "2016-09-01T12:43:13.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.106.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:43:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c82314-bbf0-4c73-aca3-4d4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-01T12:46:12.000Z",
"modified": "2016-09-01T12:46:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.coseincredibili.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-01T12:46:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}