misp-circl-feed/feeds/circl/misp/57c98935-5fdc-4632-8d61-4af1950d210f.json

1463 lines
No EOL
59 KiB
JSON

{
"type": "bundle",
"id": "bundle--57c98935-5fdc-4632-8d61-4af1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:19:09.000Z",
"modified": "2016-09-02T14:19:09.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57c98935-5fdc-4632-8d61-4af1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:19:09.000Z",
"modified": "2016-09-02T14:19:09.000Z",
"name": "Malspam 2016-09-02 (.wsf in .zip) - campaign: \"icloud.com\"",
"published": "2016-09-02T14:27:52Z",
"object_refs": [
"indicator--57c98962-0d54-459c-b73e-498d950d210f",
"indicator--57c98962-9c7c-4888-8247-4419950d210f",
"indicator--57c98962-89f0-4326-9b06-423d950d210f",
"indicator--57c98962-0c8c-4911-9da8-49b7950d210f",
"indicator--57c98962-a3e4-4864-a9fd-4b8d950d210f",
"indicator--57c98963-1f34-4863-a731-451a950d210f",
"indicator--57c98963-636c-4380-a1e5-4a1f950d210f",
"indicator--57c98963-0254-422a-a43c-4371950d210f",
"indicator--57c98963-c8dc-4613-af7f-4834950d210f",
"indicator--57c98963-6e60-4fe9-990c-4b5b950d210f",
"indicator--57c98963-3194-4def-b08d-47bb950d210f",
"indicator--57c98964-dc18-4325-bf2a-42bb950d210f",
"indicator--57c98964-6764-4cf9-87cb-4af9950d210f",
"indicator--57c98964-93a4-4203-9e74-4d3d950d210f",
"indicator--57c98964-bba8-4929-a25a-4fd3950d210f",
"indicator--57c98964-d658-4f68-a144-44e3950d210f",
"indicator--57c98965-e9b0-4109-88d5-44e4950d210f",
"indicator--57c98965-0bb4-427d-aeef-48c9950d210f",
"indicator--57c98965-471c-4160-af0f-4faa950d210f",
"indicator--57c98965-0e20-4e46-a417-420b950d210f",
"indicator--57c98965-6528-41e1-b562-459b950d210f",
"indicator--57c98965-b430-446f-a749-4b37950d210f",
"indicator--57c98966-50c4-488c-a117-4e9e950d210f",
"indicator--57c98966-6534-4374-8db5-4700950d210f",
"indicator--57c98966-b028-4dd8-ac22-4c21950d210f",
"indicator--57c98966-0b74-4a47-8e53-418a950d210f",
"indicator--57c98966-ea60-4262-964b-478a950d210f",
"indicator--57c98966-3774-4844-87e7-4a8a950d210f",
"indicator--57c98967-b614-443f-9ad6-4271950d210f",
"indicator--57c98967-517c-497c-9079-4196950d210f",
"indicator--57c98967-3638-4989-a360-49d4950d210f",
"indicator--57c98967-f2d0-4a6f-92ec-4501950d210f",
"indicator--57c98967-b054-41d1-97fe-4df8950d210f",
"indicator--57c98968-ce9c-4cff-b3ed-40fd950d210f",
"indicator--57c98968-b7fc-4e47-ab6d-45e0950d210f",
"indicator--57c98968-1364-4f77-95d2-4d1a950d210f",
"indicator--57c98968-3aec-48e3-bd68-41b3950d210f",
"indicator--57c98968-9348-483d-8530-4441950d210f",
"indicator--57c98969-8b48-47a4-a000-41ec950d210f",
"indicator--57c98969-d9e4-44cb-ba1e-4a32950d210f",
"indicator--57c98969-182c-410c-82c6-4520950d210f",
"indicator--57c98969-9b28-4bb1-92c3-4595950d210f",
"indicator--57c98969-c6b8-47f5-9c95-4537950d210f",
"indicator--57c98969-1528-4420-9409-45df950d210f",
"indicator--57c9896a-966c-4791-b0e9-4b0b950d210f",
"indicator--57c9896a-6784-4018-b994-4d84950d210f",
"indicator--57c9896a-3530-44d8-b839-4f51950d210f",
"indicator--57c9896a-eb38-45a3-9c25-414d950d210f",
"indicator--57c9896a-7118-40b0-8862-4832950d210f",
"indicator--57c9896a-63c4-4fe7-b6fc-44b1950d210f",
"indicator--57c9896b-c4a0-493d-b281-4db9950d210f",
"indicator--57c9896b-6988-4222-8159-45cb950d210f",
"indicator--57c9896b-f710-4d07-8ffe-4952950d210f",
"indicator--57c9896b-a7cc-4fa6-879e-423d950d210f",
"indicator--57c9896b-2c10-47c2-a32c-4e11950d210f",
"indicator--57c9896c-3f1c-46bf-aafb-4b78950d210f",
"x-misp-attribute--57c98a5d-0edc-416c-b424-4da5950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98962-0d54-459c-b73e-498d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:58.000Z",
"modified": "2016-09-02T14:14:58.000Z",
"description": "download location",
"pattern": "[url:value = 'http://danzig.vtrbandaancha.net/djaokpj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98962-9c7c-4888-8247-4419950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:58.000Z",
"modified": "2016-09-02T14:14:58.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'danzig.vtrbandaancha.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98962-89f0-4326-9b06-423d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:58.000Z",
"modified": "2016-09-02T14:14:58.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.83.4.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98962-0c8c-4911-9da8-49b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:58.000Z",
"modified": "2016-09-02T14:14:58.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.rioual.com/dfduyax']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98962-a3e4-4864-a9fd-4b8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:58.000Z",
"modified": "2016-09-02T14:14:58.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.rioual.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-1f34-4863-a731-451a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-636c-4380-a1e5-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.bavaria-wein.de/kyisute']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-0254-422a-a43c-4371950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.bavaria-wein.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-c8dc-4613-af7f-4834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.199.0.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-6e60-4fe9-990c-4b5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.malicioso.net/ulndads']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98963-3194-4def-b08d-47bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:14:59.000Z",
"modified": "2016-09-02T14:14:59.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.malicioso.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98964-dc18-4325-bf2a-42bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:00.000Z",
"modified": "2016-09-02T14:15:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.42.230.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98964-6764-4cf9-87cb-4af9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:00.000Z",
"modified": "2016-09-02T14:15:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://imex.atspace.com/sxqtddp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98964-93a4-4203-9e74-4d3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:00.000Z",
"modified": "2016-09-02T14:15:00.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'imex.atspace.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98964-bba8-4929-a25a-4fd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:00.000Z",
"modified": "2016-09-02T14:15:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.197.131.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98964-d658-4f68-a144-44e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:00.000Z",
"modified": "2016-09-02T14:15:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.meallservice.it/mulccfi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-e9b0-4109-88d5-44e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.meallservice.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-0bb4-427d-aeef-48c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-471c-4160-af0f-4faa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.empolio.com/bgfxwqs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-0e20-4e46-a417-420b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.empolio.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-6528-41e1-b562-459b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.204.1.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98965-b430-446f-a749-4b37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:01.000Z",
"modified": "2016-09-02T14:15:01.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.association-julescatoire.fr/vdrnlnt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-50c4-488c-a117-4e9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.association-julescatoire.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-6534-4374-8db5-4700950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.184.47.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-b028-4dd8-ac22-4c21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[url:value = 'http://e-gmp.home.ro/ierssce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-0b74-4a47-8e53-418a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'e-gmp.home.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-ea60-4262-964b-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98966-3774-4844-87e7-4a8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:02.000Z",
"modified": "2016-09-02T14:15:02.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.fenit.net/elckuqa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98967-b614-443f-9ad6-4271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:03.000Z",
"modified": "2016-09-02T14:15:03.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.fenit.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98967-517c-497c-9079-4196950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:03.000Z",
"modified": "2016-09-02T14:15:03.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.caminettilcd.it/ikpjqqt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98967-3638-4989-a360-49d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:03.000Z",
"modified": "2016-09-02T14:15:03.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.caminettilcd.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98967-f2d0-4a6f-92ec-4501950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:03.000Z",
"modified": "2016-09-02T14:15:03.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.215.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98967-b054-41d1-97fe-4df8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:03.000Z",
"modified": "2016-09-02T14:15:03.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.coseincredibili.it/gugpcpb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98968-ce9c-4cff-b3ed-40fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.coseincredibili.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98968-b7fc-4e47-ab6d-45e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.mussystems.net/rhygtpe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98968-1364-4f77-95d2-4d1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.mussystems.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98968-3aec-48e3-bd68-41b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.238.0.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98968-9348-483d-8530-4441950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[url:value = 'http://158.195.68.10/porirue']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-8b48-47a4-a000-41ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:04.000Z",
"modified": "2016-09-02T14:15:04.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.195.68.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-d9e4-44cb-ba1e-4a32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:05.000Z",
"modified": "2016-09-02T14:15:05.000Z",
"description": "download location",
"pattern": "[url:value = 'http://dcqoutlet.es/vcxyssl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-182c-410c-82c6-4520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:05.000Z",
"modified": "2016-09-02T14:15:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dcqoutlet.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-9b28-4bb1-92c3-4595950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:05.000Z",
"modified": "2016-09-02T14:15:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.0.11.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-c6b8-47f5-9c95-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:05.000Z",
"modified": "2016-09-02T14:15:05.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.dallaglio-nordin.com/cjkgjtl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c98969-1528-4420-9409-45df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:05.000Z",
"modified": "2016-09-02T14:15:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.dallaglio-nordin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-966c-4791-b0e9-4b0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.alanmorgan.plus.com/yqjytxx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-6784-4018-b994-4d84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.alanmorgan.plus.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-3530-44d8-b839-4f51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.159.9.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-eb38-45a3-9c25-414d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[url:value = 'http://tpllaw.com/ctuphuv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-7118-40b0-8862-4832950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'tpllaw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896a-63c4-4fe7-b6fc-44b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:06.000Z",
"modified": "2016-09-02T14:15:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.87.186.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896b-c4a0-493d-b281-4db9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.archiviestoria.it/waotorf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896b-6988-4222-8159-45cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.archiviestoria.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896b-f710-4d07-8ffe-4952950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[url:value = 'http://maxshoppppsr.biz/js/vf3gt4b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896b-a7cc-4fa6-879e-423d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'maxshoppppsr.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896b-2c10-47c2-a32c-4e11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.138.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c9896c-3f1c-46bf-aafb-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:15:07.000Z",
"modified": "2016-09-02T14:15:07.000Z",
"description": "download location",
"pattern": "[url:value = 'http://maxshoppppsr.biz/js/y54g3tr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-02T14:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57c98a5d-0edc-416c-b424-4da5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-02T14:19:09.000Z",
"modified": "2016-09-02T14:19:09.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "email address",
"x_misp_type": "text",
"x_misp_value": "[NAME]_[NUMBER]@icloud.com"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}