adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59d5e1fe-30f4-48ee-8b75-dabd950d210f.json

1725 lines
No EOL
69 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59d5e1fe-30f4-48ee-8b75-dabd950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:53.000Z",
"modified": "2017-10-05T20:02:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59d5e1fe-30f4-48ee-8b75-dabd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:53.000Z",
"modified": "2017-10-05T20:02:53.000Z",
"name": "M2M - Locky 2017-10-04 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"",
"published": "2017-10-05T20:04:36Z",
"object_refs": [
"indicator--59d5e1ff-14ec-4c2e-af15-fde6950d210f",
"indicator--59d5e1ff-35b8-452e-8a59-dabc950d210f",
"indicator--59d5e200-72bc-4be4-845b-dac1950d210f",
"observed-data--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"indicator--59d5e200-c904-4d26-a14a-fbfd950d210f",
"indicator--59d5e201-7554-4f1a-87b3-fef5950d210f",
"observed-data--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"indicator--59d5e201-138c-4b6c-bfc2-ff71950d210f",
"indicator--59d5e201-9f04-4736-b547-dac2950d210f",
"observed-data--59d5e202-8a4c-40ac-9090-fe89950d210f",
"network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f",
"ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f",
"indicator--59d5e202-7334-43d4-a597-fbfd950d210f",
"indicator--59d5e203-c0b4-474b-a9dc-fef5950d210f",
"observed-data--59d5e203-e81c-436c-bc98-fde6950d210f",
"network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f",
"ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f",
"indicator--59d5e203-c938-4918-b8a2-fdf1950d210f",
"indicator--59d5e203-431c-43d4-a5e4-dac2950d210f",
"observed-data--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"indicator--59d5e204-9c84-438a-9323-fe89950d210f",
"indicator--59d5e204-9d9c-4154-8275-dac0950d210f",
"observed-data--59d5e204-23b8-4130-a4e2-fef5950d210f",
"network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f",
"ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f",
"indicator--59d5e205-f9f8-409b-8413-dac5950d210f",
"indicator--59d5e205-089c-4e5b-94f4-fdf1950d210f",
"observed-data--59d5e205-9b08-4efc-b807-dac2950d210f",
"network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f",
"ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f",
"indicator--59d5e205-d2f4-4f9e-bbf8-dabc950d210f",
"indicator--59d5e206-e3cc-4bc9-97b6-ffb8950d210f",
"observed-data--59d5e206-d85c-4564-be18-fe89950d210f",
"network-traffic--59d5e206-d85c-4564-be18-fe89950d210f",
"ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f",
"indicator--59d5e206-cd48-4474-b418-fbfd950d210f",
"indicator--59d5e206-6a78-47f8-9548-fe8c950d210f",
"observed-data--59d5e207-387c-412b-bcb6-fde6950d210f",
"network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f",
"ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f",
"indicator--59d5e207-06cc-4fb5-af8f-dac2950d210f",
"indicator--59d5e207-8e0c-4b9f-80d6-dabe950d210f",
"observed-data--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"indicator--59d5e208-d24c-4ecf-b899-fe89950d210f",
"indicator--59d5e208-68e8-4bb5-bf1c-dac0950d210f",
"observed-data--59d5e208-190c-42b4-8fe0-fef5950d210f",
"network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f",
"ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f",
"indicator--59d5e208-b7d8-41b7-9484-dac5950d210f",
"indicator--59d5e209-c8ec-4057-95fb-fde6950d210f",
"observed-data--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"indicator--59d5e209-05b8-49c0-a801-ff71950d210f",
"indicator--59d5e20a-7988-4f1a-8c3b-ffb8950d210f",
"observed-data--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"indicator--59d5e20a-b0e8-453d-a487-dac0950d210f",
"indicator--59d5e20a-7474-4bed-846a-fef5950d210f",
"observed-data--59d5e20b-62e8-4915-b14c-dac5950d210f",
"network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f",
"ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f",
"indicator--59d5e20b-620c-41e7-a3f5-fbfd950d210f",
"indicator--59d5e20b-f750-4d5f-a622-dac2950d210f",
"observed-data--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"indicator--59d5e20c-c918-4c99-aa62-fe89950d210f",
"indicator--59d5e20c-1e10-42d7-9f10-dac0950d210f",
"observed-data--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"indicator--59d5e20d-5e60-4e7a-9491-fbfd950d210f",
"indicator--59d5e20d-b428-4c1b-98c1-fe67950d210f",
"observed-data--59d5e20d-d198-4e95-b652-ffb8950d210f",
"network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f",
"ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f",
"indicator--59d5e20e-33a4-4c61-86dd-dac3950d210f",
"indicator--59d5e20e-dea0-4ffe-ad8f-dac0950d210f",
"observed-data--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"indicator--59d5e20e-894c-4e6e-90f0-fbfd950d210f",
"indicator--59d5e20f-10ac-46ee-87c1-fe67950d210f",
"indicator--59d68fe4-18e0-4ff7-b97d-4df402de0b81",
"indicator--59d68fe4-0a98-4d25-8e28-4af602de0b81",
"observed-data--59d68fe4-462c-4725-92b5-47fd02de0b81",
"url--59d68fe4-462c-4725-92b5-47fd02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e1ff-14ec-4c2e-af15-fde6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[file:hashes.MD5 = '90f130611bdd7fe3c45cdf418f3ec006']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e1ff-35b8-452e-8a59-dabc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://artsidestudio.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e200-72bc-4be4-845b-dac1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'artsidestudio.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"dst_ref": "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e200-cde4-4ea7-9bd1-fe8c950d210f",
"value": "75.126.139.114"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e200-c904-4d26-a14a-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://baysanal.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e201-7554-4f1a-87b3-fef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'baysanal.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"dst_ref": "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e201-6ba4-45e6-b5d3-fde6950d210f",
"value": "185.19.95.61"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e201-138c-4b6c-bfc2-ff71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://computerserviceheerhugowaard.nl/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e201-9f04-4736-b547-dac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'computerserviceheerhugowaard.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e202-8a4c-40ac-9090-fe89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f",
"ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e202-8a4c-40ac-9090-fe89950d210f",
"dst_ref": "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e202-8a4c-40ac-9090-fe89950d210f",
"value": "94.75.202.60"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e202-7334-43d4-a597-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://foxcabinets.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e203-c0b4-474b-a9dc-fef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'foxcabinets.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e203-e81c-436c-bc98-fde6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f",
"ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e203-e81c-436c-bc98-fde6950d210f",
"dst_ref": "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e203-e81c-436c-bc98-fde6950d210f",
"value": "98.124.251.166"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e203-c938-4918-b8a2-fdf1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://lacadosmurcia.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e203-431c-43d4-a5e4-dac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'lacadosmurcia.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"dst_ref": "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e204-69dc-4cd1-99a9-dac1950d210f",
"value": "212.63.108.71"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e204-9c84-438a-9323-fe89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://laveentrading.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e204-9d9c-4154-8275-dac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'laveentrading.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e204-23b8-4130-a4e2-fef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f",
"ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e204-23b8-4130-a4e2-fef5950d210f",
"dst_ref": "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e204-23b8-4130-a4e2-fef5950d210f",
"value": "98.124.251.72"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e205-f9f8-409b-8413-dac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://littleblessingscotons.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e205-089c-4e5b-94f4-fdf1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'littleblessingscotons.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e205-9b08-4efc-b807-dac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f",
"ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e205-9b08-4efc-b807-dac2950d210f",
"dst_ref": "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e205-9b08-4efc-b807-dac2950d210f",
"value": "98.124.251.65"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e205-d2f4-4f9e-bbf8-dabc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://mautau.it/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e206-e3cc-4bc9-97b6-ffb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'mautau.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e206-d85c-4564-be18-fe89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e206-d85c-4564-be18-fe89950d210f",
"ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e206-d85c-4564-be18-fe89950d210f",
"dst_ref": "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e206-d85c-4564-be18-fe89950d210f",
"value": "89.96.90.14"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e206-cd48-4474-b418-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://mis4.zenfinancial.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e206-6a78-47f8-9548-fe8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'mis4.zenfinancial.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e207-387c-412b-bcb6-fde6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f",
"ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e207-387c-412b-bcb6-fde6950d210f",
"dst_ref": "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e207-387c-412b-bcb6-fde6950d210f",
"value": "66.135.55.8"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e207-06cc-4fb5-af8f-dac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://photobookexpress.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e207-8e0c-4b9f-80d6-dabe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'photobookexpress.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"dst_ref": "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e207-52c0-43c2-a7c4-ffb8950d210f",
"value": "98.124.252.132"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e208-d24c-4ecf-b899-fe89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://poslovnekomunikacije.si/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e208-68e8-4bb5-bf1c-dac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'poslovnekomunikacije.si']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e208-190c-42b4-8fe0-fef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"first_observed": "2017-10-05T20:02:43Z",
"last_observed": "2017-10-05T20:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f",
"ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e208-190c-42b4-8fe0-fef5950d210f",
"dst_ref": "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e208-190c-42b4-8fe0-fef5950d210f",
"value": "91.185.200.235"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e208-b7d8-41b7-9484-dac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[url:value = 'http://pspcny.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e209-c8ec-4057-95fb-fde6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:43.000Z",
"modified": "2017-10-05T20:02:43.000Z",
"pattern": "[domain-name:value = 'pspcny.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"dst_ref": "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e209-1eec-49b2-a2b3-fe67950d210f",
"value": "162.212.87.74"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e209-05b8-49c0-a801-ff71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://ragazzemessenger.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20a-7988-4f1a-8c3b-ffb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'ragazzemessenger.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"dst_ref": "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20a-a958-4b3c-90dc-dac1950d210f",
"value": "98.124.251.168"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20a-b0e8-453d-a487-dac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://timmah.users.whitehat.dk/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20a-7474-4bed-846a-fef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'timmah.users.whitehat.dk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20b-62e8-4915-b14c-dac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f",
"ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20b-62e8-4915-b14c-dac5950d210f",
"dst_ref": "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20b-62e8-4915-b14c-dac5950d210f",
"value": "91.221.196.222"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20b-620c-41e7-a3f5-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://trapiantivarese.org/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20b-f750-4d5f-a622-dac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'trapiantivarese.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"dst_ref": "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20b-98cc-44a0-8193-ffb8950d210f",
"value": "151.1.129.127"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20c-c918-4c99-aa62-fe89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://www.pizzelli.eu/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20c-1e10-42d7-9f10-dac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'www.pizzelli.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"dst_ref": "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20d-bf74-48a3-81ad-dac5950d210f",
"value": "62.149.140.180"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20d-5e60-4e7a-9491-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://www.rafaelgalindo.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20d-b428-4c1b-98c1-fe67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'www.rafaelgalindo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20d-d198-4e95-b652-ffb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f",
"ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20d-d198-4e95-b652-ffb8950d210f",
"dst_ref": "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20d-d198-4e95-b652-ffb8950d210f",
"value": "94.23.224.229"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20e-33a4-4c61-86dd-dac3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://www.traders-forum.com/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20e-dea0-4ffe-ad8f-dac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'www.traders-forum.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"dst_ref": "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d5e20e-54bc-4acc-94a9-fe8c950d210f",
"value": "62.149.140.55"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20e-894c-4e6e-90f0-fbfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[url:value = 'http://derainlay.info/p66/tfhytdrf56u']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d5e20f-10ac-46ee-87c1-fe67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"pattern": "[domain-name:value = 'derainlay.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d68fe4-18e0-4ff7-b97d-4df402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"description": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006",
"pattern": "[file:hashes.SHA256 = '8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d68fe4-0a98-4d25-8e28-4af602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"description": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006",
"pattern": "[file:hashes.SHA1 = '77e09f12c5385555203421ceb5bad44c6745ba12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-05T20:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d68fe4-462c-4725-92b5-47fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-05T20:02:44.000Z",
"modified": "2017-10-05T20:02:44.000Z",
"first_observed": "2017-10-05T20:02:44Z",
"last_observed": "2017-10-05T20:02:44Z",
"number_observed": 1,
"object_refs": [
"url--59d68fe4-462c-4725-92b5-47fd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59d68fe4-462c-4725-92b5-47fd02de0b81",
"value": "https://www.virustotal.com/file/8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199/analysis/1507190569/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink