misp-circl-feed/feeds/circl/misp/59ccca18-b2fc-4249-8c20-49fd950d210f.json

1411 lines
No EOL
56 KiB
JSON

{
"type": "bundle",
"id": "bundle--59ccca18-b2fc-4249-8c20-49fd950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59ccca18-b2fc-4249-8c20-49fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"name": "M2M - Locky 2017-09-27 : Affid=3, offline, \".ykcol\" : \"Scanned image from MX-2600N\" - \"20170927_123456.7z\"",
"published": "2017-09-29T13:07:45Z",
"object_refs": [
"indicator--59ccca19-e7bc-41aa-9755-4c55950d210f",
"indicator--59ccca19-27c0-4fc9-9f41-431c950d210f",
"indicator--59ccca19-8a44-4121-add6-4253950d210f",
"observed-data--59ccca1a-d7e4-49ed-acde-458f950d210f",
"network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f",
"ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f",
"indicator--59ccca1a-a4ec-425d-ba06-4df4950d210f",
"indicator--59ccca1a-1acc-407f-9206-494e950d210f",
"observed-data--59ccca1a-cebc-4657-8a62-4f08950d210f",
"network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f",
"ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f",
"indicator--59ccca1b-ea74-4440-948d-4571950d210f",
"indicator--59ccca1b-3d50-48a7-9547-4883950d210f",
"observed-data--59ccca1b-6730-41ef-8202-4ae9950d210f",
"network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f",
"ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f",
"indicator--59ccca1b-0e20-4e60-bcc8-4415950d210f",
"indicator--59ccca1b-d1d4-4761-9bf5-4445950d210f",
"observed-data--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"indicator--59ccca1c-0710-4e8f-b78c-4c92950d210f",
"indicator--59ccca1c-97b8-4e9d-92da-4f34950d210f",
"observed-data--59ccca1d-ea74-403f-b883-437f950d210f",
"network-traffic--59ccca1d-ea74-403f-b883-437f950d210f",
"ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f",
"indicator--59ccca1d-f3f8-4ee6-9cc2-4432950d210f",
"indicator--59ccca1d-9b40-453c-9325-4e49950d210f",
"observed-data--59ccca1e-223c-4e44-b453-4943950d210f",
"network-traffic--59ccca1e-223c-4e44-b453-4943950d210f",
"ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f",
"indicator--59ccca1e-c54c-4133-9680-45cf950d210f",
"indicator--59ccca1e-4f58-45c4-9326-438d950d210f",
"observed-data--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"indicator--59ccca1e-ddd0-4582-a51b-4a5a950d210f",
"indicator--59ccca1f-44d4-48eb-9d44-4324950d210f",
"observed-data--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"indicator--59ccca1f-45c8-44e2-8f41-47e5950d210f",
"indicator--59ccca1f-4d24-4ef7-94c8-4335950d210f",
"observed-data--59ccca20-77bc-416e-b2fd-4d97950d210f",
"network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f",
"ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f",
"indicator--59ccca20-212c-45c8-acb9-4700950d210f",
"indicator--59ccca20-8980-4ca3-bce4-45ca950d210f",
"observed-data--59ccca20-1994-481e-8e48-4aeb950d210f",
"network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f",
"ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f",
"indicator--59ccca21-2844-410b-8bf2-407b950d210f",
"indicator--59ccca21-e85c-492e-82c4-43e4950d210f",
"observed-data--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"indicator--59ccca21-35c4-4dd1-a121-4e86950d210f",
"indicator--59ccca22-9bcc-49b0-95df-47f2950d210f",
"observed-data--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"indicator--59ccca22-c564-4462-b7f1-4373950d210f",
"indicator--59ccca22-eb8c-43f9-a006-475b950d210f",
"observed-data--59ccca23-21ac-4fc4-9b53-4120950d210f",
"network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f",
"ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f",
"indicator--59ccca23-a6e8-4ebb-b50b-44e5950d210f",
"indicator--59ccca23-09f8-4cfc-85f2-4103950d210f",
"indicator--59ccca41-3204-4881-8aaa-4fab950d210f",
"indicator--59ccca41-c0a4-4f8f-acc8-4136950d210f",
"observed-data--59ccca41-c174-40af-828b-4973950d210f",
"network-traffic--59ccca41-c174-40af-828b-4973950d210f",
"ipv4-addr--59ccca41-c174-40af-828b-4973950d210f",
"indicator--59ccca48-59a0-42a3-b65a-4c1d02de0b81",
"indicator--59ccca48-578c-4e68-a971-4d7a02de0b81",
"observed-data--59ccca48-de94-482b-9489-4baf02de0b81",
"url--59ccca48-de94-482b-9489-4baf02de0b81",
"observed-data--59ce45a1-3ff8-4e6a-a052-79d102de0b81",
"url--59ce45a1-3ff8-4e6a-a052-79d102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca19-e7bc-41aa-9755-4c55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[file:hashes.MD5 = 'dd4d46b9612efc391469bba8553358b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca19-27c0-4fc9-9f41-431c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://aeaccting.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca19-8a44-4121-add6-4253950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'aeaccting.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1a-d7e4-49ed-acde-458f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f",
"ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1a-d7e4-49ed-acde-458f950d210f",
"dst_ref": "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1a-d7e4-49ed-acde-458f950d210f",
"value": "208.67.23.166"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1a-a4ec-425d-ba06-4df4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://asecontrids.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1a-1acc-407f-9206-494e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'asecontrids.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1a-cebc-4657-8a62-4f08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f",
"ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1a-cebc-4657-8a62-4f08950d210f",
"dst_ref": "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1a-cebc-4657-8a62-4f08950d210f",
"value": "107.190.129.218"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1b-ea74-4440-948d-4571950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://ashapeforlife.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1b-3d50-48a7-9547-4883950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'ashapeforlife.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1b-6730-41ef-8202-4ae9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f",
"ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1b-6730-41ef-8202-4ae9950d210f",
"dst_ref": "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1b-6730-41ef-8202-4ae9950d210f",
"value": "198.46.85.238"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1b-0e20-4e60-bcc8-4415950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://ashtontan.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1b-d1d4-4761-9bf5-4445950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'ashtontan.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"dst_ref": "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1c-9b44-45fc-a8f5-49c1950d210f",
"value": "103.6.198.208"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1c-0710-4e8f-b78c-4c92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://avsaroglubisiklet.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1c-97b8-4e9d-92da-4f34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'avsaroglubisiklet.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1d-ea74-403f-b883-437f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1d-ea74-403f-b883-437f950d210f",
"ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1d-ea74-403f-b883-437f950d210f",
"dst_ref": "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1d-ea74-403f-b883-437f950d210f",
"value": "188.132.232.70"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1d-f3f8-4ee6-9cc2-4432950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://bhs-news.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1d-9b40-453c-9325-4e49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'bhs-news.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1e-223c-4e44-b453-4943950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1e-223c-4e44-b453-4943950d210f",
"ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1e-223c-4e44-b453-4943950d210f",
"dst_ref": "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1e-223c-4e44-b453-4943950d210f",
"value": "50.28.39.131"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1e-c54c-4133-9680-45cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://borcom.de/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1e-4f58-45c4-9326-438d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'borcom.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"dst_ref": "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1e-8be0-4430-86cb-4b8c950d210f",
"value": "83.220.144.30"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1e-ddd0-4582-a51b-4a5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[url:value = 'http://bosphorustekneleri.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1f-44d4-48eb-9d44-4324950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"pattern": "[domain-name:value = 'bosphorustekneleri.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"dst_ref": "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca1f-e198-4f18-87a8-4bd7950d210f",
"value": "209.140.18.67"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1f-45c8-44e2-8f41-47e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://consultingfranquean.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca1f-4d24-4ef7-94c8-4335950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'consultingfranquean.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca20-77bc-416e-b2fd-4d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f",
"ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca20-77bc-416e-b2fd-4d97950d210f",
"dst_ref": "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca20-77bc-416e-b2fd-4d97950d210f",
"value": "151.80.184.39"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca20-212c-45c8-acb9-4700950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://cortaestanciapolanco.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca20-8980-4ca3-bce4-45ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'cortaestanciapolanco.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca20-1994-481e-8e48-4aeb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f",
"ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca20-1994-481e-8e48-4aeb950d210f",
"dst_ref": "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca20-1994-481e-8e48-4aeb950d210f",
"value": "63.247.141.99"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca21-2844-410b-8bf2-407b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://crna-macka.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca21-e85c-492e-82c4-43e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'crna-macka.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"dst_ref": "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca21-cf98-48b4-8d2f-41e0950d210f",
"value": "212.72.103.166"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca21-35c4-4dd1-a121-4e86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://dic-astra.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca22-9bcc-49b0-95df-47f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'dic-astra.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"dst_ref": "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca22-a5f0-4b5d-a304-4d8a950d210f",
"value": "138.201.161.139"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca22-c564-4462-b7f1-4373950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://gug-gummi.com/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca22-eb8c-43f9-a006-475b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'gug-gummi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca23-21ac-4fc4-9b53-4120950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f",
"ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca23-21ac-4fc4-9b53-4120950d210f",
"dst_ref": "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca23-21ac-4fc4-9b53-4120950d210f",
"value": "78.138.88.232"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca23-a6e8-4ebb-b50b-44e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://poemsan.info/p66/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca23-09f8-4cfc-85f2-4103950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'poemsan.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca41-3204-4881-8aaa-4fab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[url:value = 'http://www.fasching-hallbergmoos.de/d8743fgh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca41-c0a4-4f8f-acc8-4136950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"pattern": "[domain-name:value = 'www.fasching-hallbergmoos.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca41-c174-40af-828b-4973950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ccca41-c174-40af-828b-4973950d210f",
"ipv4-addr--59ccca41-c174-40af-828b-4973950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ccca41-c174-40af-828b-4973950d210f",
"dst_ref": "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ccca41-c174-40af-828b-4973950d210f",
"value": "78.138.88.40"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca48-59a0-42a3-b65a-4c1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"description": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6",
"pattern": "[file:hashes.SHA256 = '3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ccca48-578c-4e68-a971-4d7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"description": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6",
"pattern": "[file:hashes.SHA1 = 'b83fa30809ca80e981546cf1bae8f3f9a9cca206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ccca48-de94-482b-9489-4baf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:44.000Z",
"modified": "2017-09-29T13:07:44.000Z",
"first_observed": "2017-09-29T13:07:44Z",
"last_observed": "2017-09-29T13:07:44Z",
"number_observed": 1,
"object_refs": [
"url--59ccca48-de94-482b-9489-4baf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59ccca48-de94-482b-9489-4baf02de0b81",
"value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506591639/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce45a1-3ff8-4e6a-a052-79d102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:07:45.000Z",
"modified": "2017-09-29T13:07:45.000Z",
"first_observed": "2017-09-29T13:07:45Z",
"last_observed": "2017-09-29T13:07:45Z",
"number_observed": 1,
"object_refs": [
"url--59ce45a1-3ff8-4e6a-a052-79d102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59ce45a1-3ff8-4e6a-a052-79d102de0b81",
"value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506685598/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}