misp-circl-feed/feeds/circl/stix-2.1/57c42744-662c-4f6e-bd21-7d2e950d210f.json

2048 lines
No EOL
83 KiB
JSON

{
"type": "bundle",
"id": "bundle--57c42744-662c-4f6e-bd21-7d2e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:46.000Z",
"modified": "2016-08-29T14:37:46.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57c42744-662c-4f6e-bd21-7d2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:46.000Z",
"modified": "2016-08-29T14:37:46.000Z",
"name": "Malspam 2016-08-29 (.wsf in .zip) - campaign: \"Please find attached invoice no\"",
"published": "2016-08-29T14:46:28Z",
"object_refs": [
"indicator--57c4279e-4610-4cd2-8c6d-46e2950d210f",
"indicator--57c4279f-0b20-43ea-9e2f-4106950d210f",
"indicator--57c4279f-23e8-49b3-b64c-4ed6950d210f",
"indicator--57c4279f-187c-4f7f-b55d-4131950d210f",
"indicator--57c4279f-2290-4ee7-a6f5-4835950d210f",
"indicator--57c427a0-48d0-4caa-a28e-4b0d950d210f",
"indicator--57c427a0-e320-4229-88c7-4d70950d210f",
"indicator--57c427a0-7f7c-4406-9b72-49f7950d210f",
"indicator--57c427a0-f0a4-489b-9fd1-46db950d210f",
"indicator--57c427a0-2d10-4118-876a-4c54950d210f",
"indicator--57c427a1-b558-4065-88cc-4534950d210f",
"indicator--57c427a1-cf64-4d01-8146-4ad0950d210f",
"indicator--57c427a1-9058-4b06-9c91-44d4950d210f",
"indicator--57c427a1-f39c-4123-bff1-4b2a950d210f",
"indicator--57c427a2-ec88-419f-b908-4215950d210f",
"indicator--57c427a2-e508-4546-a423-4bf7950d210f",
"indicator--57c427a2-17b8-4870-9092-4603950d210f",
"indicator--57c427a2-d624-4ba4-a5ba-4697950d210f",
"indicator--57c427a3-6bdc-49b6-bfb9-46f4950d210f",
"indicator--57c427a3-c1dc-4db7-9df2-421e950d210f",
"indicator--57c427a3-9e9c-47d8-86a4-4911950d210f",
"indicator--57c427a3-5bfc-4025-aea8-44c6950d210f",
"indicator--57c427a3-f170-4f85-ba3a-4d47950d210f",
"indicator--57c427a4-838c-48e1-9e0c-4a49950d210f",
"indicator--57c427a4-9524-4606-bfe5-488e950d210f",
"indicator--57c427a4-9a38-4fb6-8d67-4b25950d210f",
"indicator--57c427a4-7450-4c26-a969-4e08950d210f",
"indicator--57c427a4-4c00-4e74-91f5-4fec950d210f",
"indicator--57c427a5-16dc-4ac5-b200-4dcc950d210f",
"indicator--57c427a5-28b4-4fca-b83b-4f15950d210f",
"indicator--57c427a5-5898-43b7-a326-4674950d210f",
"indicator--57c427a5-fc80-40f8-b14b-46e2950d210f",
"indicator--57c427a6-acbc-4d5c-afb3-411e950d210f",
"indicator--57c427a6-5ffc-4762-a23f-488e950d210f",
"indicator--57c427a6-6c00-43a2-a60e-4d94950d210f",
"indicator--57c427a6-40d8-471f-b9f6-4ad8950d210f",
"indicator--57c427a6-5b5c-4cb9-a40d-479b950d210f",
"indicator--57c427a7-87f4-4084-8f6b-4dd7950d210f",
"indicator--57c427a7-5fdc-4288-b181-45a5950d210f",
"indicator--57c427a7-a7cc-425e-82b9-4b57950d210f",
"observed-data--57c4283d-96f0-4e00-a577-7a58950d210f",
"email-message--57c4283d-96f0-4e00-a577-7a58950d210f",
"indicator--57c448b2-9154-4569-a85b-7a54950d210f",
"indicator--57c448b2-a848-4efd-a7df-7a54950d210f",
"indicator--57c448b2-7e1c-4d66-b7ab-7a54950d210f",
"indicator--57c448b2-d3cc-4110-a171-7a54950d210f",
"indicator--57c448b2-f404-4c55-a026-7a54950d210f",
"indicator--57c448b3-181c-4107-91ab-7a54950d210f",
"indicator--57c448b3-edfc-4ff8-b00a-7a54950d210f",
"indicator--57c448b3-8ae8-4719-9e78-7a54950d210f",
"indicator--57c448b3-0d74-46ea-b0ff-7a54950d210f",
"indicator--57c448b3-0da8-451b-84d2-7a54950d210f",
"indicator--57c448b4-c5bc-4e34-ada4-7a54950d210f",
"indicator--57c448b4-02f4-40d5-b57a-7a54950d210f",
"indicator--57c448b4-97c4-4f65-9040-7a54950d210f",
"indicator--57c448b4-ac6c-41af-88eb-7a54950d210f",
"indicator--57c448b5-dc44-4f4c-9f96-7a54950d210f",
"indicator--57c448b5-1c80-49fb-8b80-7a54950d210f",
"indicator--57c448b5-98ac-47aa-a224-7a54950d210f",
"indicator--57c448b5-2024-4b77-8754-7a54950d210f",
"indicator--57c448b6-72d8-480f-8832-7a54950d210f",
"indicator--57c448b6-4e44-4ee8-91b0-7a54950d210f",
"indicator--57c448b6-0c9c-4e72-ae3b-7a54950d210f",
"indicator--57c448b6-0210-425a-920d-7a54950d210f",
"indicator--57c448b6-1668-4673-8c08-7a54950d210f",
"indicator--57c448b7-55c4-494e-bf7e-7a54950d210f",
"indicator--57c448b7-e0c0-4e37-9022-7a54950d210f",
"indicator--57c448b7-e928-4771-b7d9-7a54950d210f",
"indicator--57c448b7-f9d8-4db8-8bcf-7a54950d210f",
"indicator--57c448b8-18e0-44c4-b7f2-7a54950d210f",
"indicator--57c448b8-8f24-4887-ad9d-7a54950d210f",
"indicator--57c448b8-514c-484d-bf81-7a54950d210f",
"indicator--57c448b8-cb84-4cb9-a909-7a54950d210f",
"indicator--57c448b9-3b58-44a9-8746-7a54950d210f",
"indicator--57c448b9-7f7c-4f76-9335-7a54950d210f",
"indicator--57c448b9-faf8-41e3-aa93-7a54950d210f",
"indicator--57c448b9-3e80-4f21-9e53-7a54950d210f",
"indicator--57c448b9-ebdc-4902-8659-7a54950d210f",
"indicator--57c448ba-c980-48e1-8586-7a54950d210f",
"indicator--57c448ba-c04c-48b8-ad39-7a54950d210f",
"indicator--57c448ba-63b8-4f9d-ab76-7a54950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c4279e-4610-4cd2-8c6d-46e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:30.000Z",
"modified": "2016-08-29T12:16:30.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.dialektika.extra.hu/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c4279f-0b20-43ea-9e2f-4106950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:31.000Z",
"modified": "2016-08-29T12:16:31.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.dialektika.extra.hu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c4279f-23e8-49b3-b64c-4ed6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:31.000Z",
"modified": "2016-08-29T12:16:31.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.33.52.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c4279f-187c-4f7f-b55d-4131950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:31.000Z",
"modified": "2016-08-29T12:16:31.000Z",
"description": "download location",
"pattern": "[url:value = 'http://sektori.pp.fi/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c4279f-2290-4ee7-a6f5-4835950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:31.000Z",
"modified": "2016-08-29T12:16:31.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'sektori.pp.fi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a0-48d0-4caa-a28e-4b0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:32.000Z",
"modified": "2016-08-29T12:16:32.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.170.137.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a0-e320-4229-88c7-4d70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:32.000Z",
"modified": "2016-08-29T12:16:32.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.webcam-bild.de/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a0-7f7c-4406-9b72-49f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:32.000Z",
"modified": "2016-08-29T12:16:32.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.webcam-bild.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a0-f0a4-489b-9fd1-46db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:32.000Z",
"modified": "2016-08-29T12:16:32.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.132.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a0-2d10-4118-876a-4c54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:32.000Z",
"modified": "2016-08-29T12:16:32.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.saumi.jazztel.es/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a1-b558-4065-88cc-4534950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:33.000Z",
"modified": "2016-08-29T12:16:33.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.saumi.jazztel.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a1-cf64-4d01-8146-4ad0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:33.000Z",
"modified": "2016-08-29T12:16:33.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.14.3.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a1-9058-4b06-9c91-44d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:33.000Z",
"modified": "2016-08-29T12:16:33.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.agenziadini.it/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a1-f39c-4123-bff1-4b2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:33.000Z",
"modified": "2016-08-29T12:16:33.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.agenziadini.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a2-ec88-419f-b908-4215950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:34.000Z",
"modified": "2016-08-29T12:16:34.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a2-e508-4546-a423-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:34.000Z",
"modified": "2016-08-29T12:16:34.000Z",
"description": "download location",
"pattern": "[url:value = 'http://club.konjiki.jp/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a2-17b8-4870-9092-4603950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:34.000Z",
"modified": "2016-08-29T12:16:34.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'club.konjiki.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a2-d624-4ba4-a5ba-4697950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:34.000Z",
"modified": "2016-08-29T12:16:34.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.140.42.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a3-6bdc-49b6-bfb9-46f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:35.000Z",
"modified": "2016-08-29T12:16:35.000Z",
"description": "download location",
"pattern": "[url:value = 'http://ach-dziennik.cba.pl/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a3-c1dc-4db7-9df2-421e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:35.000Z",
"modified": "2016-08-29T12:16:35.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'ach-dziennik.cba.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a3-9e9c-47d8-86a4-4911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:35.000Z",
"modified": "2016-08-29T12:16:35.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a3-5bfc-4025-aea8-44c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:35.000Z",
"modified": "2016-08-29T12:16:35.000Z",
"description": "download location",
"pattern": "[url:value = 'http://bypetra.de/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a3-f170-4f85-ba3a-4d47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:35.000Z",
"modified": "2016-08-29T12:16:35.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'bypetra.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a4-838c-48e1-9e0c-4a49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:36.000Z",
"modified": "2016-08-29T12:16:36.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.40.179.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a4-9524-4606-bfe5-488e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:36.000Z",
"modified": "2016-08-29T12:16:36.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.bluedizioni.com/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a4-9a38-4fb6-8d67-4b25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:36.000Z",
"modified": "2016-08-29T12:16:36.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.bluedizioni.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a4-7450-4c26-a969-4e08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:36.000Z",
"modified": "2016-08-29T12:16:36.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.culturalheritagemanagement.org/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a4-4c00-4e74-91f5-4fec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:36.000Z",
"modified": "2016-08-29T12:16:36.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.culturalheritagemanagement.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a5-16dc-4ac5-b200-4dcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:37.000Z",
"modified": "2016-08-29T12:16:37.000Z",
"description": "download location",
"pattern": "[url:value = 'http://jamesm.co.uk/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a5-28b4-4fca-b83b-4f15950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:37.000Z",
"modified": "2016-08-29T12:16:37.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'jamesm.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a5-5898-43b7-a326-4674950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:37.000Z",
"modified": "2016-08-29T12:16:37.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.223.104.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a5-fc80-40f8-b14b-46e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:37.000Z",
"modified": "2016-08-29T12:16:37.000Z",
"description": "download location",
"pattern": "[url:value = 'http://conserpa.vtrbandaancha.net/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a6-acbc-4d5c-afb3-411e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:38.000Z",
"modified": "2016-08-29T12:16:38.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'conserpa.vtrbandaancha.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a6-5ffc-4762-a23f-488e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:38.000Z",
"modified": "2016-08-29T12:16:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.83.4.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a6-6c00-43a2-a60e-4d94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:38.000Z",
"modified": "2016-08-29T12:16:38.000Z",
"description": "download location",
"pattern": "[url:value = 'http://job.atspace.org/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a6-40d8-471f-b9f6-4ad8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:38.000Z",
"modified": "2016-08-29T12:16:38.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'job.atspace.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a6-5b5c-4cb9-a40d-479b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:38.000Z",
"modified": "2016-08-29T12:16:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.197.131.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a7-87f4-4084-8f6b-4dd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:39.000Z",
"modified": "2016-08-29T12:16:39.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.planet-intv.com/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a7-5fdc-4288-b181-45a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:39.000Z",
"modified": "2016-08-29T12:16:39.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.planet-intv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c427a7-a7cc-425e-82b9-4b57950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:16:39.000Z",
"modified": "2016-08-29T12:16:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.43.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T12:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57c4283d-96f0-4e00-a577-7a58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T12:19:09.000Z",
"modified": "2016-08-29T12:19:09.000Z",
"first_observed": "2016-08-29T12:19:09Z",
"last_observed": "2016-08-29T12:19:09Z",
"number_observed": 1,
"object_refs": [
"email-message--57c4283d-96f0-4e00-a577-7a58950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--57c4283d-96f0-4e00-a577-7a58950d210f",
"is_multipart": false,
"subject": "Please find attached invoice no"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b2-9154-4569-a85b-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:38.000Z",
"modified": "2016-08-29T14:37:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.1.159.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b2-a848-4efd-a7df-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:38.000Z",
"modified": "2016-08-29T14:37:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b2-7e1c-4d66-b7ab-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:38.000Z",
"modified": "2016-08-29T14:37:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.144.125.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b2-d3cc-4110-a171-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:38.000Z",
"modified": "2016-08-29T14:37:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.130.132.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b2-f404-4c55-a026-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:38.000Z",
"modified": "2016-08-29T14:37:38.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.215.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b3-181c-4107-91ab-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:39.000Z",
"modified": "2016-08-29T14:37:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.224.175.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b3-edfc-4ff8-b00a-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:39.000Z",
"modified": "2016-08-29T14:37:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b3-8ae8-4719-9e78-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:39.000Z",
"modified": "2016-08-29T14:37:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.87.186.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b3-0d74-46ea-b0ff-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:39.000Z",
"modified": "2016-08-29T14:37:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.22.207.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b3-0da8-451b-84d2-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:39.000Z",
"modified": "2016-08-29T14:37:39.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b4-c5bc-4e34-ada4-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:40.000Z",
"modified": "2016-08-29T14:37:40.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b4-02f4-40d5-b57a-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:40.000Z",
"modified": "2016-08-29T14:37:40.000Z",
"description": "download location",
"pattern": "[url:value = 'http://iesjaumei.edu.gva.es/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b4-97c4-4f65-9040-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:40.000Z",
"modified": "2016-08-29T14:37:40.000Z",
"description": "download location",
"pattern": "[url:value = 'http://immobilien1000.de/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b4-ac6c-41af-88eb-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:40.000Z",
"modified": "2016-08-29T14:37:40.000Z",
"description": "download location",
"pattern": "[url:value = 'http://lokum1985.republika.pl/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b5-dc44-4f4c-9f96-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:41.000Z",
"modified": "2016-08-29T14:37:41.000Z",
"description": "download location",
"pattern": "[url:value = 'http://spaceinn.co.jp/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b5-1c80-49fb-8b80-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:41.000Z",
"modified": "2016-08-29T14:37:41.000Z",
"description": "download location",
"pattern": "[url:value = 'http://vicariassicurazioni.it/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b5-98ac-47aa-a224-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:41.000Z",
"modified": "2016-08-29T14:37:41.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.agriturismoigirasoli.it/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b5-2024-4b77-8754-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:41.000Z",
"modified": "2016-08-29T14:37:41.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.dondana.com/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b6-72d8-480f-8832-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:42.000Z",
"modified": "2016-08-29T14:37:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.epikal.go.ro/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b6-4e44-4ee8-91b0-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:42.000Z",
"modified": "2016-08-29T14:37:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.fenit.net/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b6-0c9c-4e72-ae3b-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:42.000Z",
"modified": "2016-08-29T14:37:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.jan-wallner.de/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b6-0210-425a-920d-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:42.000Z",
"modified": "2016-08-29T14:37:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.kurtoskalacs.go.ro/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b6-1668-4673-8c08-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:42.000Z",
"modified": "2016-08-29T14:37:42.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.lagottoromagnolo.be/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b7-55c4-494e-bf7e-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:43.000Z",
"modified": "2016-08-29T14:37:43.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.qualityacoustic.comcastbiz.net/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b7-e0c0-4e37-9022-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:43.000Z",
"modified": "2016-08-29T14:37:43.000Z",
"description": "download location",
"pattern": "[url:value = 'http://xelagon.50webs.org/78yhuinFYs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b7-e928-4771-b7d9-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:43.000Z",
"modified": "2016-08-29T14:37:43.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'iesjaumei.edu.gva.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b7-f9d8-4db8-8bcf-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:43.000Z",
"modified": "2016-08-29T14:37:43.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'immobilien1000.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b8-18e0-44c4-b7f2-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:44.000Z",
"modified": "2016-08-29T14:37:44.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'lokum1985.republika.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b8-8f24-4887-ad9d-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:44.000Z",
"modified": "2016-08-29T14:37:44.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'spaceinn.co.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b8-514c-484d-bf81-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:44.000Z",
"modified": "2016-08-29T14:37:44.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'vicariassicurazioni.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b8-cb84-4cb9-a909-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:44.000Z",
"modified": "2016-08-29T14:37:44.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.agriturismoigirasoli.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b9-3b58-44a9-8746-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:45.000Z",
"modified": "2016-08-29T14:37:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.dondana.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b9-7f7c-4f76-9335-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:45.000Z",
"modified": "2016-08-29T14:37:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.epikal.go.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b9-faf8-41e3-aa93-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:45.000Z",
"modified": "2016-08-29T14:37:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.fenit.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b9-3e80-4f21-9e53-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:45.000Z",
"modified": "2016-08-29T14:37:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.jan-wallner.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448b9-ebdc-4902-8659-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:45.000Z",
"modified": "2016-08-29T14:37:45.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.kurtoskalacs.go.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448ba-c980-48e1-8586-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:46.000Z",
"modified": "2016-08-29T14:37:46.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.lagottoromagnolo.be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448ba-c04c-48b8-ad39-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:46.000Z",
"modified": "2016-08-29T14:37:46.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.qualityacoustic.comcastbiz.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57c448ba-63b8-4f9d-ab76-7a54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-29T14:37:46.000Z",
"modified": "2016-08-29T14:37:46.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'xelagon.50webs.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-29T14:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}