diff --git a/resources/test/data.edn b/resources/test/data.edn
new file mode 100644
index 0000000..0d56b7b
--- /dev/null
+++ b/resources/test/data.edn
@@ -0,0 +1,5333 @@
+[
+[:mem/node-8700 :naga/first "hydrant-7f500ab39bcb87a54c5f9d6027b662f262ecd24227298813940ab7ec131da1b8"]
+[:mem/node-8700 :naga/contains "hydrant-7f500ab39bcb87a54c5f9d6027b662f262ecd24227298813940ab7ec131da1b8"]
+[:mem/node-8485 :value "bibrath.eu"]
+[:mem/node-8485 :type "domain"]
+[:mem/node-8569 :value "bibrath.eu"]
+[:mem/node-8569 :type "domain"]
+[:mem/node-8660 :value "bibrath.eu"]
+[:mem/node-8660 :type "domain"]
+[:mem/node-8140 :start_time #object[java.time.ZonedDateTime 0x556a6320 "2018-05-14T12:25:12Z"]]
+[:mem/node-8140 :end_time #object[java.time.ZonedDateTime 0x45375bdf "2018-05-14T12:25:12Z"]]
+[:mem/node-8168 :naga/first "hydrant-3e529d017659b3224b8b1775598920ef3109f43d70ab9b522578d2996e013520"]
+[:mem/node-8168 :naga/contains "hydrant-3e529d017659b3224b8b1775598920ef3109f43d70ab9b522578d2996e013520"]
+[:mem/node-8758 :naga/first "hydrant-f3a60c22e42d352008e5cc2f80b07e10ad6af644d1aafbdcdbdc0d4dedde4838"]
+[:mem/node-8758 :naga/contains "hydrant-f3a60c22e42d352008e5cc2f80b07e10ad6af644d1aafbdcdbdc0d4dedde4838"]
+[:mem/node-8742 :naga/first :mem/node-8743]
+[:mem/node-8742 :naga/contains :mem/node-8743]
+[:mem/node-8560 :naga/first :mem/node-8561]
+[:mem/node-8560 :naga/rest :mem/node-8564]
+[:mem/node-8621 :start_time #object[java.time.ZonedDateTime 0x3e8fe7db "2019-02-16T00:31:26Z"]]
+[:mem/node-8621 :end_time #object[java.time.ZonedDateTime 0x62e586a6 "2019-03-16T00:31:26Z"]]
+[:mem/node-9020 :naga/first "hydrant-53684006ce4e9ef02a092a264b3fe113978e2b4fc0b780e775cc67e8d7f92c1a"]
+[:mem/node-9020 :naga/contains "hydrant-53684006ce4e9ef02a092a264b3fe113978e2b4fc0b780e775cc67e8d7f92c1a"]
+[:mem/node-8971 :naga/first "hydrant-af600c170098617028ff00f8289d8659a93be919f99852448b04a198ca2fb926"]
+[:mem/node-8971 :naga/contains "hydrant-af600c170098617028ff00f8289d8659a93be919f99852448b04a198ca2fb926"]
+[:mem/node-9067 :start_time #object[java.time.ZonedDateTime 0x64908ab9 "2018-10-19T06:25:13Z"]]
+[:mem/node-9067 :end_time #object[java.time.ZonedDateTime 0x1b06dc57 "2018-10-19T06:25:13Z"]]
+[:mem/node-8368 :start_time #object[java.time.ZonedDateTime 0x5af641d3 "2019-04-01T00:31:21.990Z"]]
+[:mem/node-8368 :end_time #object[java.time.ZonedDateTime 0x14e83c9d "2019-05-01T00:31:21.990Z"]]
+[:mem/node-8329 :value "bibrath.eu"]
+[:mem/node-8329 :type "domain"]
+[:mem/node-8330 :naga/first "hydrant-6edeb42dd683aedd97d23ed2eefd28f6ca04c7127f44105034c58193ea739c22"]
+[:mem/node-8330 :naga/contains "hydrant-6edeb42dd683aedd97d23ed2eefd28f6ca04c7127f44105034c58193ea739c22"]
+[:mem/node-8612 :value "bibrath.eu"]
+[:mem/node-8612 :type "domain"]
+[:mem/node-8469 :value "bibrath.eu"]
+[:mem/node-8469 :type "domain"]
+[:mem/node-8808 :value "bibrath.eu"]
+[:mem/node-8808 :type "domain"]
+[:mem/node-8308 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8308 :schema_version "1.0.0"]
+[:mem/node-8308 :module-name "AMP Global Intel"]
+[:mem/node-8308 :naga/entity true]
+[:mem/node-8308 :observables :mem/node-8309]
+[:mem/node-8308 :type "sighting"]
+[:mem/node-8308 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8308 :external_ids :mem/node-8311]
+[:mem/node-8308 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8308 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a9a34a29-b99d-4625-9b6b-bfed895dc9d4"]
+[:mem/node-8308 :count 1]
+[:mem/node-8308 :tlp "green"]
+[:mem/node-8308 :db/ident :mem/node-8308]
+[:mem/node-8308 :confidence "High"]
+[:mem/node-8308 :observed_time :mem/node-8312]
+[:mem/node-8825 :naga/first "hydrant-2748a178da61d6bf479050a90232acad3419dfe035664202674a9684c2033a04"]
+[:mem/node-8825 :naga/contains "hydrant-2748a178da61d6bf479050a90232acad3419dfe035664202674a9684c2033a04"]
+[:mem/node-9000 :valid_time :mem/node-9001]
+[:mem/node-9000 :schema_version "1.0.8"]
+[:mem/node-9000 :module-name "AMP Global Intel"]
+[:mem/node-9000 :naga/entity true]
+[:mem/node-9000 :observable :mem/node-9002]
+[:mem/node-9000 :type "judgement"]
+[:mem/node-9000 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9000 :external_ids :mem/node-9003]
+[:mem/node-9000 :disposition 2]
+[:mem/node-9000 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9000 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9000 :disposition_name "Malicious"]
+[:mem/node-9000 :priority 90]
+[:mem/node-9000 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-51603845-5708-4a98-9698-9446fca0733b"]
+[:mem/node-9000 :severity "High"]
+[:mem/node-9000 :tlp "green"]
+[:mem/node-9000 :db/ident :mem/node-9000]
+[:mem/node-9000 :confidence "High"]
+[:mem/node-8275 :valid_time :mem/node-8276]
+[:mem/node-8275 :schema_version "1.0.8"]
+[:mem/node-8275 :module-name "AMP Global Intel"]
+[:mem/node-8275 :naga/entity true]
+[:mem/node-8275 :observable :mem/node-8277]
+[:mem/node-8275 :type "judgement"]
+[:mem/node-8275 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8275 :external_ids :mem/node-8278]
+[:mem/node-8275 :disposition 2]
+[:mem/node-8275 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8275 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8275 :disposition_name "Malicious"]
+[:mem/node-8275 :priority 90]
+[:mem/node-8275 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-7034a2f2-4c2d-4dd7-99bf-b88ce97536cc"]
+[:mem/node-8275 :severity "High"]
+[:mem/node-8275 :tlp "green"]
+[:mem/node-8275 :db/ident :mem/node-8275]
+[:mem/node-8275 :confidence "High"]
+[:mem/node-8157 :valid_time :mem/node-8158]
+[:mem/node-8157 :schema_version "1.0.8"]
+[:mem/node-8157 :module-name "AMP Global Intel"]
+[:mem/node-8157 :naga/entity true]
+[:mem/node-8157 :observable :mem/node-8159]
+[:mem/node-8157 :type "judgement"]
+[:mem/node-8157 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8157 :external_ids :mem/node-8160]
+[:mem/node-8157 :disposition 2]
+[:mem/node-8157 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8157 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8157 :disposition_name "Malicious"]
+[:mem/node-8157 :priority 90]
+[:mem/node-8157 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5fe6abf5-f426-4dd9-a997-50538fab2891"]
+[:mem/node-8157 :severity "High"]
+[:mem/node-8157 :tlp "green"]
+[:mem/node-8157 :db/ident :mem/node-8157]
+[:mem/node-8157 :confidence "High"]
+[:mem/node-8379 :naga/first "hydrant-9ff5b65a5ff4dbb346b9d94f85cc182211d3316c8c947988e9719fdda2931055"]
+[:mem/node-8379 :naga/contains "hydrant-9ff5b65a5ff4dbb346b9d94f85cc182211d3316c8c947988e9719fdda2931055"]
+[:mem/node-8570 :start_time #object[java.time.ZonedDateTime 0x744db9fb "2015-12-22T12:53:58Z"]]
+[:mem/node-8570 :end_time #object[java.time.ZonedDateTime 0x59043741 "2019-03-29T23:32:05Z"]]
+[:mem/node-8358 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8358 :schema_version "1.0.0"]
+[:mem/node-8358 :module-name "AMP Global Intel"]
+[:mem/node-8358 :naga/entity true]
+[:mem/node-8358 :observables :mem/node-8359]
+[:mem/node-8358 :type "sighting"]
+[:mem/node-8358 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8358 :external_ids :mem/node-8361]
+[:mem/node-8358 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8358 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-07b4d3b7-5685-4ed0-8353-4c3292aeddb8"]
+[:mem/node-8358 :count 1]
+[:mem/node-8358 :tlp "green"]
+[:mem/node-8358 :db/ident :mem/node-8358]
+[:mem/node-8358 :confidence "High"]
+[:mem/node-8358 :observed_time :mem/node-8362]
+[:mem/node-9056 :naga/first "hydrant-70fef35f21cff911e14cbeff82867a27c59d51d20d982be99a14ea1c85edce85"]
+[:mem/node-9056 :naga/contains "hydrant-70fef35f21cff911e14cbeff82867a27c59d51d20d982be99a14ea1c85edce85"]
+[:mem/node-8978 :start_time #object[java.time.ZonedDateTime 0x31940d6b "2019-03-09T00:31:20.766Z"]]
+[:mem/node-8978 :end_time #object[java.time.ZonedDateTime 0x64cdc310 "2019-04-08T00:31:20.766Z"]]
+[:mem/node-8733 :start_time #object[java.time.ZonedDateTime 0x7d563c13 "2019-03-16T00:31:25.274Z"]]
+[:mem/node-8733 :end_time #object[java.time.ZonedDateTime 0x510a2c7 "2019-04-15T00:31:25.274Z"]]
+[:mem/node-8766 :value "bibrath.eu"]
+[:mem/node-8766 :type "domain"]
+[:mem/node-8654 :naga/first :mem/node-8655]
+[:mem/node-8654 :naga/contains :mem/node-8655]
+[:mem/node-8897 :valid_time :mem/node-8899]
+[:mem/node-8897 :module-name "Umbrella"]
+[:mem/node-8897 :naga/entity true]
+[:mem/node-8897 :observable :mem/node-8898]
+[:mem/node-8897 :type "verdict"]
+[:mem/node-8897 :disposition 2]
+[:mem/node-8897 :disposition_name "Malicious"]
+[:mem/node-8897 :id "verdict::b961fc9e"]
+[:mem/node-8897 :db/ident :mem/node-8897]
+[:mem/node-8897 :judgement_id "transient:e2a6d875-c2be-44f3-991d-89456f6c1fa7"]
+[:mem/node-8806 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8806 :schema_version "1.0.0"]
+[:mem/node-8806 :module-name "AMP Global Intel"]
+[:mem/node-8806 :naga/entity true]
+[:mem/node-8806 :observables :mem/node-8807]
+[:mem/node-8806 :type "sighting"]
+[:mem/node-8806 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8806 :external_ids :mem/node-8809]
+[:mem/node-8806 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8806 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2bc60d8f-ab4e-478b-8ac9-440346cf328e"]
+[:mem/node-8806 :count 1]
+[:mem/node-8806 :tlp "green"]
+[:mem/node-8806 :db/ident :mem/node-8806]
+[:mem/node-8806 :confidence "High"]
+[:mem/node-8806 :observed_time :mem/node-8810]
+[:mem/node-8637 :start_time #object[java.time.ZonedDateTime 0x14fe085b "2018-04-19T12:25:12Z"]]
+[:mem/node-8637 :end_time #object[java.time.ZonedDateTime 0x1ea19c97 "2018-04-19T12:25:12Z"]]
+[:mem/node-8939 :naga/first "hydrant-2703974de088f72acce29154394c070a39483f6176155d276c0ee6091196dc9f"]
+[:mem/node-8939 :naga/contains "hydrant-2703974de088f72acce29154394c070a39483f6176155d276c0ee6091196dc9f"]
+[:mem/node-9023 :value "bibrath.eu"]
+[:mem/node-9023 :type "domain"]
+[:mem/node-8679 :start_time #object[java.time.ZonedDateTime 0x525b9df4 "2018-05-14T06:25:13Z"]]
+[:mem/node-8679 :end_time #object[java.time.ZonedDateTime 0x52dd1be2 "2018-05-14T06:25:13Z"]]
+[:mem/node-9051 :naga/first "hydrant-846731d5bdba2fba978f5e77a8c37a45079d3ae7c7244aa1b757574c8b745b1b"]
+[:mem/node-9051 :naga/contains "hydrant-846731d5bdba2fba978f5e77a8c37a45079d3ae7c7244aa1b757574c8b745b1b"]
+[:mem/node-8514 :naga/first "hydrant-47a7da4ba4e4d896e7604eb5c67898aa4b362c893bf0f50bdf97944a5c3c2818"]
+[:mem/node-8514 :naga/contains "hydrant-47a7da4ba4e4d896e7604eb5c67898aa4b362c893bf0f50bdf97944a5c3c2818"]
+[:mem/node-8165 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8165 :schema_version "1.0.4"]
+[:mem/node-8165 :module-name "AMP Global Intel"]
+[:mem/node-8165 :naga/entity true]
+[:mem/node-8165 :observables :mem/node-8166]
+[:mem/node-8165 :type "sighting"]
+[:mem/node-8165 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8165 :external_ids :mem/node-8168]
+[:mem/node-8165 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8165 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-d6617cb7-ba9f-48e4-9984-740e0e06df2f"]
+[:mem/node-8165 :count 1]
+[:mem/node-8165 :tlp "green"]
+[:mem/node-8165 :db/ident :mem/node-8165]
+[:mem/node-8165 :confidence "High"]
+[:mem/node-8165 :observed_time :mem/node-8169]
+[:mem/node-8484 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8484 :relation "Resolved_To"]
+[:mem/node-8484 :source :mem/node-8485]
+[:mem/node-8484 :related :mem/node-8486]
+[:mem/node-8690 :start_time #object[java.time.ZonedDateTime 0x36857d32 "2019-02-17T18:31:20Z"]]
+[:mem/node-8690 :end_time #object[java.time.ZonedDateTime 0x24520a51 "2019-03-17T18:31:20Z"]]
+[:mem/node-8776 :naga/first "hydrant-e2bcd8167a1acf524d65532843b4b62a7843830b249994c5bdbda6c3bdd7a0f0"]
+[:mem/node-8776 :naga/contains "hydrant-e2bcd8167a1acf524d65532843b4b62a7843830b249994c5bdbda6c3bdd7a0f0"]
+[:mem/node-8670 :start_time #object[java.time.ZonedDateTime 0x2ae88712 "2018-04-16T12:25:13Z"]]
+[:mem/node-8670 :end_time #object[java.time.ZonedDateTime 0x10508ba6 "2018-04-16T12:25:13Z"]]
+[:mem/node-8773 :valid_time :mem/node-8774]
+[:mem/node-8773 :schema_version "1.0.8"]
+[:mem/node-8773 :module-name "AMP Global Intel"]
+[:mem/node-8773 :naga/entity true]
+[:mem/node-8773 :observable :mem/node-8775]
+[:mem/node-8773 :type "judgement"]
+[:mem/node-8773 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8773 :external_ids :mem/node-8776]
+[:mem/node-8773 :disposition 2]
+[:mem/node-8773 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8773 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8773 :disposition_name "Malicious"]
+[:mem/node-8773 :priority 90]
+[:mem/node-8773 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-86731deb-0cb1-4b4c-9ae9-3bf41f3ec997"]
+[:mem/node-8773 :severity "High"]
+[:mem/node-8773 :tlp "green"]
+[:mem/node-8773 :db/ident :mem/node-8773]
+[:mem/node-8773 :confidence "High"]
+[:mem/node-8142 :naga/first :mem/node-8143]
+[:mem/node-8142 :naga/contains :mem/node-8143]
+[:mem/node-9031 :value "bibrath.eu"]
+[:mem/node-9031 :type "domain"]
+[:mem/node-8503 :valid_time :mem/node-8504]
+[:mem/node-8503 :schema_version "1.0.8"]
+[:mem/node-8503 :module-name "AMP Global Intel"]
+[:mem/node-8503 :naga/entity true]
+[:mem/node-8503 :observable :mem/node-8505]
+[:mem/node-8503 :type "judgement"]
+[:mem/node-8503 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8503 :external_ids :mem/node-8506]
+[:mem/node-8503 :disposition 2]
+[:mem/node-8503 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8503 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8503 :disposition_name "Malicious"]
+[:mem/node-8503 :priority 90]
+[:mem/node-8503 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-837ba9b6-08f3-45ea-b7bb-95dc7b7bc3e6"]
+[:mem/node-8503 :severity "High"]
+[:mem/node-8503 :tlp "green"]
+[:mem/node-8503 :db/ident :mem/node-8503]
+[:mem/node-8503 :confidence "High"]
+[:mem/node-8321 :start_time #object[java.time.ZonedDateTime 0xda11873 "2018-04-18T00:25:12Z"]]
+[:mem/node-8321 :end_time #object[java.time.ZonedDateTime 0x39159b14 "2018-04-18T00:25:12Z"]]
+[:mem/node-9001 :start_time #object[java.time.ZonedDateTime 0x57ab4b33 "2019-02-23T06:31:22Z"]]
+[:mem/node-9001 :end_time #object[java.time.ZonedDateTime 0x43b2e7db "2019-03-23T06:31:22Z"]]
+[:mem/node-8497 :naga/first "hydrant-fe0e265dd233840885c015dcaa9b0049ab5608ceb146a74793bee010bce379e2"]
+[:mem/node-8497 :naga/contains "hydrant-fe0e265dd233840885c015dcaa9b0049ab5608ceb146a74793bee010bce379e2"]
+[:mem/node-8736 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8736 :schema_version "1.0.4"]
+[:mem/node-8736 :module-name "AMP Global Intel"]
+[:mem/node-8736 :naga/entity true]
+[:mem/node-8736 :observables :mem/node-8737]
+[:mem/node-8736 :type "sighting"]
+[:mem/node-8736 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8736 :external_ids :mem/node-8739]
+[:mem/node-8736 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8736 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-575699a8-a95b-495b-b806-26f1a1da4548"]
+[:mem/node-8736 :count 1]
+[:mem/node-8736 :tlp "green"]
+[:mem/node-8736 :db/ident :mem/node-8736]
+[:mem/node-8736 :confidence "High"]
+[:mem/node-8736 :observed_time :mem/node-8740]
+[:mem/node-8576 :naga/first :mem/node-8577]
+[:mem/node-8576 :naga/contains :mem/node-8577]
+[:mem/node-8682 :value "bibrath.eu"]
+[:mem/node-8682 :type "domain"]
+[:mem/node-9054 :naga/first :mem/node-9055]
+[:mem/node-9054 :naga/contains :mem/node-9055]
+[:mem/node-8904 :valid_time :mem/node-8905]
+[:mem/node-8904 :schema_version "1.0.9"]
+[:mem/node-8904 :module-name "AMP Global Intel"]
+[:mem/node-8904 :naga/entity true]
+[:mem/node-8904 :observable :mem/node-8906]
+[:mem/node-8904 :type "judgement"]
+[:mem/node-8904 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8904 :external_ids :mem/node-8907]
+[:mem/node-8904 :disposition 2]
+[:mem/node-8904 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8904 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8904 :disposition_name "Malicious"]
+[:mem/node-8904 :priority 90]
+[:mem/node-8904 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-591b393b-c033-4269-8339-9bd726eb6bbb"]
+[:mem/node-8904 :severity "High"]
+[:mem/node-8904 :tlp "green"]
+[:mem/node-8904 :db/ident :mem/node-8904]
+[:mem/node-8904 :timestamp "2019-03-29T00:31:05.667Z"]
+[:mem/node-8904 :confidence "High"]
+[:mem/node-8892 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8892 :schema_version "1.0.0"]
+[:mem/node-8892 :module-name "AMP Global Intel"]
+[:mem/node-8892 :naga/entity true]
+[:mem/node-8892 :observables :mem/node-8893]
+[:mem/node-8892 :type "sighting"]
+[:mem/node-8892 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8892 :external_ids :mem/node-8895]
+[:mem/node-8892 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8892 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-de8b3cc4-8a82-4a19-b1fa-d5f76339be94"]
+[:mem/node-8892 :count 1]
+[:mem/node-8892 :tlp "green"]
+[:mem/node-8892 :db/ident :mem/node-8892]
+[:mem/node-8892 :confidence "High"]
+[:mem/node-8892 :observed_time :mem/node-8896]
+[:mem/node-8216 :start_time #object[java.time.ZonedDateTime 0x46d51d5e "2018-04-21T18:25:13Z"]]
+[:mem/node-8216 :end_time #object[java.time.ZonedDateTime 0x530df3ab "2018-04-21T18:25:13Z"]]
+[:mem/node-8346 :start_time #object[java.time.ZonedDateTime 0x5e72c82a "2019-03-10T00:31:09.541Z"]]
+[:mem/node-8346 :end_time #object[java.time.ZonedDateTime 0xaaa7000 "2019-04-09T00:31:09.541Z"]]
+[:mem/node-8693 :valid_time :mem/node-8694]
+[:mem/node-8693 :schema_version "1.0.8"]
+[:mem/node-8693 :module-name "AMP Global Intel"]
+[:mem/node-8693 :naga/entity true]
+[:mem/node-8693 :observable :mem/node-8695]
+[:mem/node-8693 :type "judgement"]
+[:mem/node-8693 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8693 :external_ids :mem/node-8696]
+[:mem/node-8693 :disposition 2]
+[:mem/node-8693 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8693 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8693 :disposition_name "Malicious"]
+[:mem/node-8693 :priority 90]
+[:mem/node-8693 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5d2a2686-7adc-492f-9fb0-1f94896e5990"]
+[:mem/node-8693 :severity "High"]
+[:mem/node-8693 :tlp "green"]
+[:mem/node-8693 :db/ident :mem/node-8693]
+[:mem/node-8693 :timestamp "2019-03-02T00:31:16.771Z"]
+[:mem/node-8693 :confidence "High"]
+[:mem/node-8585 :naga/first :mem/node-8586]
+[:mem/node-8585 :naga/contains :mem/node-8586]
+[:mem/node-8891 :naga/first "hydrant-ab65016d677d9ae66d1a3dbc3e99f772411837440e21af885bdd351bddd5db9f"]
+[:mem/node-8891 :naga/contains "hydrant-ab65016d677d9ae66d1a3dbc3e99f772411837440e21af885bdd351bddd5db9f"]
+[:mem/node-8438 :start_time #object[java.time.ZonedDateTime 0x64fba3e6 "2018-04-25T18:25:12Z"]]
+[:mem/node-8438 :end_time #object[java.time.ZonedDateTime 0x58d79479 "2018-04-25T18:25:12Z"]]
+[:mem/node-8696 :naga/first "hydrant-97a6fdba74d5f8b9cce06a5b04d817bf61d006f4e94dd4e2c3a042ac032eb6a4"]
+[:mem/node-8696 :naga/contains "hydrant-97a6fdba74d5f8b9cce06a5b04d817bf61d006f4e94dd4e2c3a042ac032eb6a4"]
+[:mem/node-8176 :value "bibrath.eu"]
+[:mem/node-8176 :type "domain"]
+[:mem/node-8982 :naga/first :mem/node-8983]
+[:mem/node-8982 :naga/contains :mem/node-8983]
+[:mem/node-8163 :value "bibrath.eu"]
+[:mem/node-8163 :type "domain"]
+[:mem/node-8743 :value "bibrath.eu"]
+[:mem/node-8743 :type "domain"]
+[:mem/node-8388 :naga/first "hydrant-ccbe55c2809e0da6f7070e81cfebd2eec585704134c5e6074a688e8373a19974"]
+[:mem/node-8388 :naga/contains "hydrant-ccbe55c2809e0da6f7070e81cfebd2eec585704134c5e6074a688e8373a19974"]
+[:mem/node-8148 :value "bibrath.eu"]
+[:mem/node-8148 :type "domain"]
+[:mem/node-8506 :naga/first "hydrant-67ea84bc91da32f57b6ca4a2a44b3a179f1388cbfcf014ec6a76fdf2982f2add"]
+[:mem/node-8506 :naga/contains "hydrant-67ea84bc91da32f57b6ca4a2a44b3a179f1388cbfcf014ec6a76fdf2982f2add"]
+[:mem/node-8398 :naga/first :mem/node-8399]
+[:mem/node-8398 :naga/contains :mem/node-8399]
+[:mem/node-8254 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8254 :schema_version "1.0.0"]
+[:mem/node-8254 :module-name "AMP Global Intel"]
+[:mem/node-8254 :naga/entity true]
+[:mem/node-8254 :observables :mem/node-8255]
+[:mem/node-8254 :type "sighting"]
+[:mem/node-8254 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8254 :external_ids :mem/node-8257]
+[:mem/node-8254 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8254 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-6580c478-fb3e-44d1-83e4-cb01afae15f0"]
+[:mem/node-8254 :count 1]
+[:mem/node-8254 :tlp "green"]
+[:mem/node-8254 :db/ident :mem/node-8254]
+[:mem/node-8254 :confidence "High"]
+[:mem/node-8254 :observed_time :mem/node-8258]
+[:mem/node-8488 :value "bibrath.eu"]
+[:mem/node-8488 :type "domain"]
+[:mem/node-8787 :start_time #object[java.time.ZonedDateTime 0x102c24d1 "2019-03-21T00:31:23.090Z"]]
+[:mem/node-8787 :end_time #object[java.time.ZonedDateTime 0x495f7ca4 "2019-04-20T00:31:23.090Z"]]
+[:mem/node-8403 :naga/first :mem/node-8404]
+[:mem/node-8403 :naga/contains :mem/node-8404]
+[:mem/node-8715 :valid_time :mem/node-8716]
+[:mem/node-8715 :schema_version "1.0.8"]
+[:mem/node-8715 :module-name "AMP Global Intel"]
+[:mem/node-8715 :naga/entity true]
+[:mem/node-8715 :observable :mem/node-8717]
+[:mem/node-8715 :type "judgement"]
+[:mem/node-8715 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8715 :external_ids :mem/node-8718]
+[:mem/node-8715 :disposition 2]
+[:mem/node-8715 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8715 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8715 :disposition_name "Malicious"]
+[:mem/node-8715 :priority 90]
+[:mem/node-8715 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-55b7b683-b0b2-48e9-aea3-4db2b34b2c2e"]
+[:mem/node-8715 :severity "High"]
+[:mem/node-8715 :tlp "green"]
+[:mem/node-8715 :db/ident :mem/node-8715]
+[:mem/node-8715 :timestamp "2019-03-07T00:31:26.259Z"]
+[:mem/node-8715 :confidence "High"]
+[:mem/node-8997 :start_time #object[java.time.ZonedDateTime 0x700202fa "2019-02-19T18:31:12Z"]]
+[:mem/node-8997 :end_time #object[java.time.ZonedDateTime 0x141234df "2019-03-19T18:31:12Z"]]
+[:mem/node-8740 :start_time #object[java.time.ZonedDateTime 0x65698020 "2018-10-08T12:25:14Z"]]
+[:mem/node-8740 :end_time #object[java.time.ZonedDateTime 0x57617a75 "2018-10-08T12:25:14Z"]]
+[:mem/node-8238 :value "bibrath.eu"]
+[:mem/node-8238 :type "domain"]
+[:mem/node-8159 :value "bibrath.eu"]
+[:mem/node-8159 :type "domain"]
+[:mem/node-8268 :valid_time :mem/node-8269]
+[:mem/node-8268 :schema_version "1.0.8"]
+[:mem/node-8268 :module-name "AMP Global Intel"]
+[:mem/node-8268 :naga/entity true]
+[:mem/node-8268 :observable :mem/node-8270]
+[:mem/node-8268 :type "judgement"]
+[:mem/node-8268 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8268 :external_ids :mem/node-8271]
+[:mem/node-8268 :disposition 2]
+[:mem/node-8268 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8268 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8268 :disposition_name "Malicious"]
+[:mem/node-8268 :priority 90]
+[:mem/node-8268 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-22644d6d-a44a-455d-a591-1da9c9e2ee02"]
+[:mem/node-8268 :severity "High"]
+[:mem/node-8268 :tlp "green"]
+[:mem/node-8268 :db/ident :mem/node-8268]
+[:mem/node-8268 :confidence "High"]
+[:mem/node-8193 :value "bibrath.eu"]
+[:mem/node-8193 :type "domain"]
+[:mem/node-9050 :value "bibrath.eu"]
+[:mem/node-9050 :type "domain"]
+[:mem/node-8113 :naga/first "hydrant-2c3eaf5994f0c5feddcc8584b0e080aa1538d091e63b2ab3f9eeeaeecb4bdc3d"]
+[:mem/node-8113 :naga/contains "hydrant-2c3eaf5994f0c5feddcc8584b0e080aa1538d091e63b2ab3f9eeeaeecb4bdc3d"]
+[:mem/node-8638 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8638 :schema_version "1.0.0"]
+[:mem/node-8638 :module-name "AMP Global Intel"]
+[:mem/node-8638 :naga/entity true]
+[:mem/node-8638 :observables :mem/node-8639]
+[:mem/node-8638 :type "sighting"]
+[:mem/node-8638 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8638 :external_ids :mem/node-8641]
+[:mem/node-8638 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8638 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2873fbed-3ced-4ac4-b882-22ae7cf0224e"]
+[:mem/node-8638 :count 1]
+[:mem/node-8638 :tlp "green"]
+[:mem/node-8638 :db/ident :mem/node-8638]
+[:mem/node-8638 :confidence "High"]
+[:mem/node-8638 :observed_time :mem/node-8642]
+[:mem/node-8436 :value "bibrath.eu"]
+[:mem/node-8436 :type "domain"]
+[:mem/node-8455 :naga/first "hydrant-ab8ffe1664d404a1bcf5c62214319a2545c827484ec64f64c66579431957110a"]
+[:mem/node-8455 :naga/contains "hydrant-ab8ffe1664d404a1bcf5c62214319a2545c827484ec64f64c66579431957110a"]
+[:mem/node-8382 :value "bibrath.eu"]
+[:mem/node-8382 :type "domain"]
+[:mem/node-8769 :valid_time :mem/node-8770]
+[:mem/node-8769 :schema_version "1.0.8"]
+[:mem/node-8769 :module-name "AMP Global Intel"]
+[:mem/node-8769 :naga/entity true]
+[:mem/node-8769 :observable :mem/node-8771]
+[:mem/node-8769 :type "judgement"]
+[:mem/node-8769 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8769 :external_ids :mem/node-8772]
+[:mem/node-8769 :disposition 2]
+[:mem/node-8769 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8769 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8769 :disposition_name "Malicious"]
+[:mem/node-8769 :priority 90]
+[:mem/node-8769 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-d7852a7c-ace9-472e-a7b7-4c2fabf8c1aa"]
+[:mem/node-8769 :severity "High"]
+[:mem/node-8769 :tlp "green"]
+[:mem/node-8769 :db/ident :mem/node-8769]
+[:mem/node-8769 :confidence "High"]
+[:mem/node-8313 :valid_time :mem/node-8314]
+[:mem/node-8313 :schema_version "1.0.9"]
+[:mem/node-8313 :module-name "AMP Global Intel"]
+[:mem/node-8313 :naga/entity true]
+[:mem/node-8313 :observable :mem/node-8315]
+[:mem/node-8313 :type "judgement"]
+[:mem/node-8313 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8313 :external_ids :mem/node-8316]
+[:mem/node-8313 :disposition 2]
+[:mem/node-8313 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8313 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8313 :disposition_name "Malicious"]
+[:mem/node-8313 :priority 90]
+[:mem/node-8313 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-493452ea-0b4b-4739-abdf-50f817ea85a5"]
+[:mem/node-8313 :severity "High"]
+[:mem/node-8313 :tlp "green"]
+[:mem/node-8313 :db/ident :mem/node-8313]
+[:mem/node-8313 :timestamp "2019-03-28T00:31:10.799Z"]
+[:mem/node-8313 :confidence "High"]
+[:mem/node-8428 :naga/first "hydrant-d9e7e00340cddd154cce5a1aab1a7f419887e87569cc527913b3b0bcabe55cc3"]
+[:mem/node-8428 :naga/contains "hydrant-d9e7e00340cddd154cce5a1aab1a7f419887e87569cc527913b3b0bcabe55cc3"]
+[:mem/node-8345 :valid_time :mem/node-8346]
+[:mem/node-8345 :schema_version "1.0.9"]
+[:mem/node-8345 :module-name "AMP Global Intel"]
+[:mem/node-8345 :naga/entity true]
+[:mem/node-8345 :observable :mem/node-8347]
+[:mem/node-8345 :type "judgement"]
+[:mem/node-8345 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8345 :external_ids :mem/node-8348]
+[:mem/node-8345 :disposition 2]
+[:mem/node-8345 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8345 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8345 :disposition_name "Malicious"]
+[:mem/node-8345 :priority 90]
+[:mem/node-8345 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e50a375e-f35d-4bfa-a048-e027ee1a9648"]
+[:mem/node-8345 :severity "High"]
+[:mem/node-8345 :tlp "green"]
+[:mem/node-8345 :db/ident :mem/node-8345]
+[:mem/node-8345 :timestamp "2019-03-10T00:31:09.541Z"]
+[:mem/node-8345 :confidence "High"]
+[:mem/node-8964 :naga/first :mem/node-8965]
+[:mem/node-8964 :naga/contains :mem/node-8965]
+[:mem/node-8207 :start_time #object[java.time.ZonedDateTime 0x3794b7b1 "2018-04-21T06:25:13Z"]]
+[:mem/node-8207 :end_time #object[java.time.ZonedDateTime 0x3225d950 "2018-04-21T06:25:13Z"]]
+[:mem/node-8324 :value "bibrath.eu"]
+[:mem/node-8324 :type "domain"]
+[:mem/node-8219 :value "bibrath.eu"]
+[:mem/node-8219 :type "domain"]
+[:mem/node-8189 :value "bibrath.eu"]
+[:mem/node-8189 :type "domain"]
+[:mem/node-8546 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.jpg"]
+[:mem/node-8546 :type "url"]
+[:mem/node-8805 :start_time #object[java.time.ZonedDateTime 0x1be427b4 "2018-04-24T06:25:13Z"]]
+[:mem/node-8805 :end_time #object[java.time.ZonedDateTime 0x470a446f "2018-04-24T06:25:13Z"]]
+[:mem/node-8252 :value "bibrath.eu"]
+[:mem/node-8252 :type "domain"]
+[:mem/node-8251 :start_time #object[java.time.ZonedDateTime 0x55315a00 "2019-02-22T12:31:07Z"]]
+[:mem/node-8251 :end_time #object[java.time.ZonedDateTime 0x4942e6af "2019-03-22T12:31:07Z"]]
+[:mem/node-8849 :naga/first "hydrant-8ca5e6d3debf9766098eb29ad264c4c9f981f0ff9aecec0578d3c61b8ceba0df"]
+[:mem/node-8849 :naga/contains "hydrant-8ca5e6d3debf9766098eb29ad264c4c9f981f0ff9aecec0578d3c61b8ceba0df"]
+[:mem/node-8182 :start_time #object[java.time.ZonedDateTime 0x73a1a1b4 "2018-10-07T00:25:17Z"]]
+[:mem/node-8182 :end_time #object[java.time.ZonedDateTime 0x669daa93 "2018-10-07T00:25:17Z"]]
+[:mem/node-8381 :naga/first :mem/node-8382]
+[:mem/node-8381 :naga/contains :mem/node-8382]
+[:mem/node-8960 :value "bibrath.eu"]
+[:mem/node-8960 :type "domain"]
+[:mem/node-8662 :valid_time :mem/node-8663]
+[:mem/node-8662 :schema_version "1.0.8"]
+[:mem/node-8662 :module-name "AMP Global Intel"]
+[:mem/node-8662 :naga/entity true]
+[:mem/node-8662 :observable :mem/node-8664]
+[:mem/node-8662 :type "judgement"]
+[:mem/node-8662 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8662 :external_ids :mem/node-8665]
+[:mem/node-8662 :disposition 2]
+[:mem/node-8662 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8662 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8662 :disposition_name "Malicious"]
+[:mem/node-8662 :priority 90]
+[:mem/node-8662 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-0eaacb40-40bd-4575-9f5c-e9d0b21ee477"]
+[:mem/node-8662 :severity "High"]
+[:mem/node-8662 :tlp "green"]
+[:mem/node-8662 :db/ident :mem/node-8662]
+[:mem/node-8662 :confidence "High"]
+[:mem/node-8296 :naga/first "hydrant-f24954f45975bea316036a5815cdf2490c2edc56184e1a9f969d7bc41b8d97c8"]
+[:mem/node-8296 :naga/contains "hydrant-f24954f45975bea316036a5815cdf2490c2edc56184e1a9f969d7bc41b8d97c8"]
+[:mem/node-8348 :naga/first "hydrant-63c53fd424804ed4a7900db228807e759466f3a443cba06f1edcb8b7e78fc88e"]
+[:mem/node-8348 :naga/contains "hydrant-63c53fd424804ed4a7900db228807e759466f3a443cba06f1edcb8b7e78fc88e"]
+[:mem/node-8800 :db/ident :mem/node-8800]
+[:mem/node-8800 :naga/entity true]
+[:mem/node-8800 :value "http://bibrath.eu/dgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8800 :type "url"]
+[:mem/node-8800 :id "5c3bcb78"]
+[:mem/node-8800 :deliberated true]
+[:mem/node-8800 "Contains" :mem/node-8524]
+[:mem/node-8800 "Observed_By" :mem/node-8531]
+[:mem/node-8517 :start_time #object[java.time.ZonedDateTime 0x39a30d1a "2019-02-17T12:31:04Z"]]
+[:mem/node-8517 :end_time #object[java.time.ZonedDateTime 0x670ae31f "2019-03-17T12:31:04Z"]]
+[:mem/node-8796 :valid_time :mem/node-8797]
+[:mem/node-8796 :schema_version "1.0.9"]
+[:mem/node-8796 :module-name "AMP Global Intel"]
+[:mem/node-8796 :naga/entity true]
+[:mem/node-8796 :observable :mem/node-8798]
+[:mem/node-8796 :type "judgement"]
+[:mem/node-8796 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8796 :external_ids :mem/node-8799]
+[:mem/node-8796 :disposition 2]
+[:mem/node-8796 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8796 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8796 :disposition_name "Malicious"]
+[:mem/node-8796 :priority 90]
+[:mem/node-8796 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-40ccfa53-8c1d-4b26-b831-ca8560ac5713"]
+[:mem/node-8796 :severity "High"]
+[:mem/node-8796 :tlp "green"]
+[:mem/node-8796 :db/ident :mem/node-8796]
+[:mem/node-8796 :timestamp "2019-03-22T00:31:23.407Z"]
+[:mem/node-8796 :confidence "High"]
+[:mem/node-8686 :start_time #object[java.time.ZonedDateTime 0x1958524b "2019-02-18T18:31:13Z"]]
+[:mem/node-8686 :end_time #object[java.time.ZonedDateTime 0x129aaac1 "2019-03-18T18:31:13Z"]]
+[:mem/node-8380 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8380 :schema_version "1.0.0"]
+[:mem/node-8380 :module-name "AMP Global Intel"]
+[:mem/node-8380 :naga/entity true]
+[:mem/node-8380 :observables :mem/node-8381]
+[:mem/node-8380 :type "sighting"]
+[:mem/node-8380 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8380 :external_ids :mem/node-8383]
+[:mem/node-8380 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8380 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5fef6794-6429-41a9-93b7-3bcdbd0a49e9"]
+[:mem/node-8380 :count 1]
+[:mem/node-8380 :tlp "green"]
+[:mem/node-8380 :db/ident :mem/node-8380]
+[:mem/node-8380 :confidence "High"]
+[:mem/node-8380 :observed_time :mem/node-8384]
+[:mem/node-9024 :naga/first "hydrant-388a1edd9e5b12874d5af50b77bfef3af7a897ff52aa23c8db50535cdd30b370"]
+[:mem/node-9024 :naga/contains "hydrant-388a1edd9e5b12874d5af50b77bfef3af7a897ff52aa23c8db50535cdd30b370"]
+[:mem/node-8889 :start_time #object[java.time.ZonedDateTime 0x3370be55 "2019-02-20T12:31:15Z"]]
+[:mem/node-8889 :end_time #object[java.time.ZonedDateTime 0x3d2b13f "2019-03-20T12:31:15Z"]]
+[:mem/node-8639 :naga/first :mem/node-8640]
+[:mem/node-8639 :naga/contains :mem/node-8640]
+[:mem/node-8543 :value "bibrath.eu"]
+[:mem/node-8543 :type "domain"]
+[:mem/node-8854 :naga/first "hydrant-7e5ea916d90ef79dde820d32260fe6e080dfd3db21ee80b9a62eb2aeb278cce2"]
+[:mem/node-8854 :naga/contains "hydrant-7e5ea916d90ef79dde820d32260fe6e080dfd3db21ee80b9a62eb2aeb278cce2"]
+[:mem/node-8475 :description "Classified as a Zeus C&C resource on the Abuse.ch Zeus Tracker Domain Watchlist"]
+[:mem/node-8475 :tags :mem/node-8476]
+[:mem/node-8475 :valid_time :mem/node-8479]
+[:mem/node-8475 :producer "Abuse.ch"]
+[:mem/node-8475 :schema_version "1.0.4"]
+[:mem/node-8475 :module-name "AMP Global Intel"]
+[:mem/node-8475 :naga/entity true]
+[:mem/node-8475 :type "indicator"]
+[:mem/node-8475 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8475 :external_ids :mem/node-8480]
+[:mem/node-8475 :short_description "Zeus C&C on Abuse.ch Zeus Tracker Domain Watchlist"]
+[:mem/node-8475 :title "Abuse.ch Zeus Tracker Domain Watchlist"]
+[:mem/node-8475 :indicator_type :mem/node-8481]
+[:mem/node-8475 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8475 :id "https://intel.amp.cisco.com:443/ctia/indicator/indicator-2011e7b6-9349-48fe-88b9-44fbbd882836"]
+[:mem/node-8475 :tlp "green"]
+[:mem/node-8475 :db/ident :mem/node-8475]
+[:mem/node-8475 :confidence "High"]
+[:mem/node-8658 :valid_time :mem/node-8659]
+[:mem/node-8658 :schema_version "1.0.9"]
+[:mem/node-8658 :module-name "AMP Global Intel"]
+[:mem/node-8658 :naga/entity true]
+[:mem/node-8658 :observable :mem/node-8660]
+[:mem/node-8658 :type "judgement"]
+[:mem/node-8658 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8658 :external_ids :mem/node-8661]
+[:mem/node-8658 :disposition 2]
+[:mem/node-8658 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8658 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8658 :disposition_name "Malicious"]
+[:mem/node-8658 :priority 90]
+[:mem/node-8658 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-7d7d3d5c-d75e-40bf-bba3-9e78d1cead72"]
+[:mem/node-8658 :severity "High"]
+[:mem/node-8658 :tlp "green"]
+[:mem/node-8658 :db/ident :mem/node-8658]
+[:mem/node-8658 :timestamp "2019-03-11T00:31:24.014Z"]
+[:mem/node-8658 :confidence "High"]
+[:mem/node-8184 :start_time #object[java.time.ZonedDateTime 0x58c36104 "2019-03-17T00:31:24.025Z"]]
+[:mem/node-8184 :end_time #object[java.time.ZonedDateTime 0x1fc8047f "2019-04-16T00:31:24.025Z"]]
+[:mem/node-8812 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8812 :schema_version "1.0.0"]
+[:mem/node-8812 :module-name "AMP Global Intel"]
+[:mem/node-8812 :naga/entity true]
+[:mem/node-8812 :observables :mem/node-8813]
+[:mem/node-8812 :type "sighting"]
+[:mem/node-8812 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8812 :external_ids :mem/node-8815]
+[:mem/node-8812 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8812 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-da870149-5f4d-4001-b536-6a5f7f545d45"]
+[:mem/node-8812 :count 1]
+[:mem/node-8812 :tlp "green"]
+[:mem/node-8812 :db/ident :mem/node-8812]
+[:mem/node-8812 :confidence "High"]
+[:mem/node-8812 :observed_time :mem/node-8816]
+[:mem/node-8539 :value "bibrath.eu"]
+[:mem/node-8539 :type "domain"]
+[:mem/node-8344 :naga/first "hydrant-5bcd53fe6c6437346ae668ef819120713422c2586159361b0b26f85629c2b90d"]
+[:mem/node-8344 :naga/contains "hydrant-5bcd53fe6c6437346ae668ef819120713422c2586159361b0b26f85629c2b90d"]
+[:mem/node-8421 :valid_time :mem/node-8422]
+[:mem/node-8421 :schema_version "1.0.8"]
+[:mem/node-8421 :module-name "AMP Global Intel"]
+[:mem/node-8421 :naga/entity true]
+[:mem/node-8421 :observable :mem/node-8423]
+[:mem/node-8421 :type "judgement"]
+[:mem/node-8421 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8421 :external_ids :mem/node-8424]
+[:mem/node-8421 :disposition 2]
+[:mem/node-8421 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8421 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8421 :disposition_name "Malicious"]
+[:mem/node-8421 :priority 90]
+[:mem/node-8421 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-dfc4e865-bfb9-4d03-b47b-f6c06e844273"]
+[:mem/node-8421 :severity "High"]
+[:mem/node-8421 :tlp "green"]
+[:mem/node-8421 :db/ident :mem/node-8421]
+[:mem/node-8421 :confidence "High"]
+[:mem/node-8884 :naga/first "Talos Intelligence"]
+[:mem/node-8884 :naga/rest :mem/node-8885]
+[:mem/node-8884 :naga/contains "Talos Intelligence"]
+[:mem/node-8884 :naga/contains "VirusTotal"]
+[:mem/node-8884 :naga/contains "Threat Grid - int"]
+[:mem/node-8884 :naga/contains "Threat Grid"]
+[:mem/node-8519 :naga/first "hydrant-6b467b29eb98ec0c63ce55ae1448c43ee8e3de671320c3ad1ed6b390e883a3cc"]
+[:mem/node-8519 :naga/contains "hydrant-6b467b29eb98ec0c63ce55ae1448c43ee8e3de671320c3ad1ed6b390e883a3cc"]
+[:mem/node-8300 :naga/first "hydrant-f021ecbbd14f9e50c7e541deaab74cd88f5dc35b62d23b8ad8242a00a5990772"]
+[:mem/node-8300 :naga/contains "hydrant-f021ecbbd14f9e50c7e541deaab74cd88f5dc35b62d23b8ad8242a00a5990772"]
+[:mem/node-8913 :naga/first :mem/node-8914]
+[:mem/node-8913 :naga/contains :mem/node-8914]
+[:mem/node-8141 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8141 :schema_version "1.0.0"]
+[:mem/node-8141 :module-name "AMP Global Intel"]
+[:mem/node-8141 :naga/entity true]
+[:mem/node-8141 :observables :mem/node-8142]
+[:mem/node-8141 :type "sighting"]
+[:mem/node-8141 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8141 :external_ids :mem/node-8144]
+[:mem/node-8141 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8141 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-249a2594-2842-465f-97f8-17e0adedc10a"]
+[:mem/node-8141 :count 1]
+[:mem/node-8141 :tlp "green"]
+[:mem/node-8141 :db/ident :mem/node-8141]
+[:mem/node-8141 :confidence "High"]
+[:mem/node-8141 :observed_time :mem/node-8145]
+[:mem/node-8821 :start_time #object[java.time.ZonedDateTime 0x29fc83c5 "2018-04-28T12:25:12Z"]]
+[:mem/node-8821 :end_time #object[java.time.ZonedDateTime 0x3fb1948c "2018-04-28T12:25:12Z"]]
+[:mem/node-8720 :db/ident :mem/node-8720]
+[:mem/node-8720 :naga/entity true]
+[:mem/node-8720 :type "verdict"]
+[:mem/node-8720 :disposition 2]
+[:mem/node-8720 :observable :mem/node-8721]
+[:mem/node-8720 :disposition_name "Malicious"]
+[:mem/node-8720 :valid_time :mem/node-8722]
+[:mem/node-8720 :id "verdict::9362e8c4"]
+[:mem/node-8720 :module-name "VirusTotal"]
+[:mem/node-8870 :start_time #object[java.time.ZonedDateTime 0x7c39193f "2019-03-27T00:31:15.914Z"]]
+[:mem/node-8870 :end_time #object[java.time.ZonedDateTime 0x230d013b "2019-04-26T00:31:15.914Z"]]
+[:mem/node-8427 :value "bibrath.eu"]
+[:mem/node-8427 :type "domain"]
+[:mem/node-8180 :value "bibrath.eu"]
+[:mem/node-8180 :type "domain"]
+[:mem/node-8248 :naga/first "hydrant-caed0f7b0065154cc0b51b38d8ba21cf010ea2d7e30b2b0e89fdac73e9235124"]
+[:mem/node-8248 :naga/contains "hydrant-caed0f7b0065154cc0b51b38d8ba21cf010ea2d7e30b2b0e89fdac73e9235124"]
+[:mem/node-8432 :naga/first "hydrant-2414c85fd3915d2f3d69a5f5f69a672de63572c93f38ced93e4a9a8d90db69f1"]
+[:mem/node-8432 :naga/contains "hydrant-2414c85fd3915d2f3d69a5f5f69a672de63572c93f38ced93e4a9a8d90db69f1"]
+[:mem/node-8249 :start_time #object[java.time.ZonedDateTime 0x6e225c34 "2018-10-14T12:25:15Z"]]
+[:mem/node-8249 :end_time #object[java.time.ZonedDateTime 0x5d84b088 "2018-10-14T12:25:15Z"]]
+[:mem/node-9065 :value "bibrath.eu"]
+[:mem/node-9065 :type "domain"]
+[:mem/node-9061 :naga/first "hydrant-702ecd072a7804e6876b5f90f302974bb9231dffafc2d368747893a76bfad455"]
+[:mem/node-9061 :naga/contains "hydrant-702ecd072a7804e6876b5f90f302974bb9231dffafc2d368747893a76bfad455"]
+[:mem/node-8788 :value "bibrath.eu"]
+[:mem/node-8788 :type "domain"]
+[:mem/node-8823 :naga/first :mem/node-8824]
+[:mem/node-8823 :naga/contains :mem/node-8824]
+[:mem/node-8367 :valid_time :mem/node-8368]
+[:mem/node-8367 :schema_version "1.0.9"]
+[:mem/node-8367 :module-name "AMP Global Intel"]
+[:mem/node-8367 :naga/entity true]
+[:mem/node-8367 :observable :mem/node-8369]
+[:mem/node-8367 :type "judgement"]
+[:mem/node-8367 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8367 :external_ids :mem/node-8370]
+[:mem/node-8367 :disposition 2]
+[:mem/node-8367 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8367 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8367 :disposition_name "Malicious"]
+[:mem/node-8367 :priority 90]
+[:mem/node-8367 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-d354202f-3c6d-4b1e-80d0-d5b04ac1c27f"]
+[:mem/node-8367 :severity "High"]
+[:mem/node-8367 :tlp "green"]
+[:mem/node-8367 :db/ident :mem/node-8367]
+[:mem/node-8367 :timestamp "2019-04-01T00:31:21.990Z"]
+[:mem/node-8367 :confidence "High"]
+[:mem/node-8269 :start_time #object[java.time.ZonedDateTime 0x69c0bae6 "2019-02-18T12:31:22Z"]]
+[:mem/node-8269 :end_time #object[java.time.ZonedDateTime 0x220f6a3c "2019-03-18T12:31:22Z"]]
+[:mem/node-8442 :naga/first "hydrant-c19ea0419952d5196964f330e6dc6ec15f503864855d336aeb34915d8e914b63"]
+[:mem/node-8442 :naga/contains "hydrant-c19ea0419952d5196964f330e6dc6ec15f503864855d336aeb34915d8e914b63"]
+[:mem/node-9037 :naga/first "hydrant-501ecb2ebaac14a064202458f14e4b7eaafc465af78044dcdf2d8e0542371f54"]
+[:mem/node-9037 :naga/contains "hydrant-501ecb2ebaac14a064202458f14e4b7eaafc465af78044dcdf2d8e0542371f54"]
+[:mem/node-8322 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8322 :schema_version "1.0.0"]
+[:mem/node-8322 :module-name "AMP Global Intel"]
+[:mem/node-8322 :naga/entity true]
+[:mem/node-8322 :observables :mem/node-8323]
+[:mem/node-8322 :type "sighting"]
+[:mem/node-8322 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8322 :external_ids :mem/node-8325]
+[:mem/node-8322 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8322 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-adb9e754-45ac-49fd-9879-12cdf40cbd01"]
+[:mem/node-8322 :count 1]
+[:mem/node-8322 :tlp "green"]
+[:mem/node-8322 :db/ident :mem/node-8322]
+[:mem/node-8322 :confidence "High"]
+[:mem/node-8322 :observed_time :mem/node-8326]
+[:mem/node-8480 :naga/first "hydrant-c8c7f8eeabedd3a72dff800184983f07fd2f2fdc085c6cb4745395c83cb903d1"]
+[:mem/node-8480 :naga/contains "hydrant-c8c7f8eeabedd3a72dff800184983f07fd2f2fdc085c6cb4745395c83cb903d1"]
+[:mem/node-8706 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8706 :schema_version "1.0.0"]
+[:mem/node-8706 :module-name "AMP Global Intel"]
+[:mem/node-8706 :naga/entity true]
+[:mem/node-8706 :observables :mem/node-8707]
+[:mem/node-8706 :type "sighting"]
+[:mem/node-8706 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8706 :external_ids :mem/node-8709]
+[:mem/node-8706 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8706 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-356399f7-895f-41bb-94fd-89a5c236fa7f"]
+[:mem/node-8706 :count 1]
+[:mem/node-8706 :tlp "green"]
+[:mem/node-8706 :db/ident :mem/node-8706]
+[:mem/node-8706 :confidence "High"]
+[:mem/node-8706 :observed_time :mem/node-8710]
+[:mem/node-8233 :value "bibrath.eu"]
+[:mem/node-8233 :type "domain"]
+[:mem/node-8327 :valid_time :mem/node-8328]
+[:mem/node-8327 :schema_version "1.0.9"]
+[:mem/node-8327 :module-name "AMP Global Intel"]
+[:mem/node-8327 :naga/entity true]
+[:mem/node-8327 :observable :mem/node-8329]
+[:mem/node-8327 :type "judgement"]
+[:mem/node-8327 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8327 :external_ids :mem/node-8330]
+[:mem/node-8327 :disposition 2]
+[:mem/node-8327 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8327 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8327 :disposition_name "Malicious"]
+[:mem/node-8327 :priority 90]
+[:mem/node-8327 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-bc7c84ea-9db5-420a-9ec9-ce56587691d2"]
+[:mem/node-8327 :severity "High"]
+[:mem/node-8327 :tlp "green"]
+[:mem/node-8327 :db/ident :mem/node-8327]
+[:mem/node-8327 :timestamp "2019-03-24T00:31:13.488Z"]
+[:mem/node-8327 :confidence "High"]
+[:mem/node-8582 :value "bibrath.eu"]
+[:mem/node-8582 :type "domain"]
+[:mem/node-8938 :value "bibrath.eu"]
+[:mem/node-8938 :type "domain"]
+[:mem/node-9058 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9058 :schema_version "1.0.0"]
+[:mem/node-9058 :module-name "AMP Global Intel"]
+[:mem/node-9058 :naga/entity true]
+[:mem/node-9058 :observables :mem/node-9059]
+[:mem/node-9058 :type "sighting"]
+[:mem/node-9058 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9058 :external_ids :mem/node-9061]
+[:mem/node-9058 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9058 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-6e657aad-1101-4c3d-b775-8b9bf036bb3f"]
+[:mem/node-9058 :count 1]
+[:mem/node-9058 :tlp "green"]
+[:mem/node-9058 :db/ident :mem/node-9058]
+[:mem/node-9058 :confidence "High"]
+[:mem/node-9058 :observed_time :mem/node-9062]
+[:mem/node-8816 :start_time #object[java.time.ZonedDateTime 0x5eb041b5 "2018-04-17T06:25:13Z"]]
+[:mem/node-8816 :end_time #object[java.time.ZonedDateTime 0x2648aa1b "2018-04-17T06:25:13Z"]]
+[:mem/node-8107 :start_time #object[java.time.ZonedDateTime 0x4a3333be "2019-02-12T18:31:34Z"]]
+[:mem/node-8107 :end_time #object[java.time.ZonedDateTime 0x13b4ee4e "2019-03-12T18:31:34Z"]]
+[:mem/node-8930 :naga/first "hydrant-d2bcbe12fa16aa6cbafb4c5deb68a4f792a93d97cae2c628cd287636db3f5dae"]
+[:mem/node-8930 :naga/contains "hydrant-d2bcbe12fa16aa6cbafb4c5deb68a4f792a93d97cae2c628cd287636db3f5dae"]
+[:mem/node-8373 :value "bibrath.eu"]
+[:mem/node-8373 :type "domain"]
+[:mem/node-8929 :value "bibrath.eu"]
+[:mem/node-8929 :type "domain"]
+[:mem/node-8952 :value "bibrath.eu"]
+[:mem/node-8952 :type "domain"]
+[:mem/node-8173 :naga/first "hydrant-3a9ba6718edeadeba185c62b63f7ef9fbaa4cc974f00350842d3bc5fcc55dd3c"]
+[:mem/node-8173 :naga/contains "hydrant-3a9ba6718edeadeba185c62b63f7ef9fbaa4cc974f00350842d3bc5fcc55dd3c"]
+[:mem/node-8704 :value "bibrath.eu"]
+[:mem/node-8704 :type "domain"]
+[:mem/node-8295 :value "bibrath.eu"]
+[:mem/node-8295 :type "domain"]
+[:mem/node-8490 :valid_time :mem/node-8491]
+[:mem/node-8490 :schema_version "1.0.8"]
+[:mem/node-8490 :module-name "AMP Global Intel"]
+[:mem/node-8490 :naga/entity true]
+[:mem/node-8490 :observable :mem/node-8492]
+[:mem/node-8490 :type "judgement"]
+[:mem/node-8490 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8490 :external_ids :mem/node-8493]
+[:mem/node-8490 :disposition 2]
+[:mem/node-8490 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8490 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8490 :disposition_name "Malicious"]
+[:mem/node-8490 :priority 90]
+[:mem/node-8490 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-afd8f4b9-b872-442e-bbd3-e0d52caf7b36"]
+[:mem/node-8490 :severity "High"]
+[:mem/node-8490 :tlp "green"]
+[:mem/node-8490 :db/ident :mem/node-8490]
+[:mem/node-8490 :confidence "High"]
+[:mem/node-8494 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8494 :schema_version "1.0.4"]
+[:mem/node-8494 :module-name "AMP Global Intel"]
+[:mem/node-8494 :naga/entity true]
+[:mem/node-8494 :observables :mem/node-8495]
+[:mem/node-8494 :type "sighting"]
+[:mem/node-8494 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8494 :external_ids :mem/node-8497]
+[:mem/node-8494 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8494 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-1ecd2565-7bcb-49d9-b375-1b40a9b1364b"]
+[:mem/node-8494 :count 1]
+[:mem/node-8494 :tlp "green"]
+[:mem/node-8494 :db/ident :mem/node-8494]
+[:mem/node-8494 :confidence "High"]
+[:mem/node-8494 :observed_time :mem/node-8498]
+[:mem/node-9027 :value "bibrath.eu"]
+[:mem/node-9027 :type "domain"]
+[:mem/node-8507 :valid_time :mem/node-8508]
+[:mem/node-8507 :schema_version "1.0.8"]
+[:mem/node-8507 :module-name "AMP Global Intel"]
+[:mem/node-8507 :naga/entity true]
+[:mem/node-8507 :observable :mem/node-8509]
+[:mem/node-8507 :type "judgement"]
+[:mem/node-8507 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8507 :external_ids :mem/node-8510]
+[:mem/node-8507 :disposition 2]
+[:mem/node-8507 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8507 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8507 :disposition_name "Malicious"]
+[:mem/node-8507 :priority 90]
+[:mem/node-8507 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5afd8b0d-f96d-4ceb-8a2d-aab32996b6d7"]
+[:mem/node-8507 :severity "High"]
+[:mem/node-8507 :tlp "green"]
+[:mem/node-8507 :db/ident :mem/node-8507]
+[:mem/node-8507 :confidence "High"]
+[:mem/node-8782 :naga/first :mem/node-8783]
+[:mem/node-8782 :naga/contains :mem/node-8783]
+[:mem/node-8215 :naga/first "hydrant-a73e1a0189ad474256ce2dee80652210c431525d3c32f06327c112185c985ada"]
+[:mem/node-8215 :naga/contains "hydrant-a73e1a0189ad474256ce2dee80652210c431525d3c32f06327c112185c985ada"]
+[:mem/node-8652 :start_time #object[java.time.ZonedDateTime 0x4f55a864 "2018-04-24T18:25:12Z"]]
+[:mem/node-8652 :end_time #object[java.time.ZonedDateTime 0x2c2edbe7 "2018-04-24T18:25:12Z"]]
+[:mem/node-8523 :naga/first "hydrant-1e55acc93e36781688e07ca355fd9fd77e447f7847ff7f3048339262783be054"]
+[:mem/node-8523 :naga/contains "hydrant-1e55acc93e36781688e07ca355fd9fd77e447f7847ff7f3048339262783be054"]
+[:mem/node-8400 :naga/first "hydrant-a7b62c447b45ce14e82584a951c0e45827a8d7f6f3e212d83b3cfdee829ea0ed"]
+[:mem/node-8400 :naga/contains "hydrant-a7b62c447b45ce14e82584a951c0e45827a8d7f6f3e212d83b3cfdee829ea0ed"]
+[:mem/node-8590 :start_time #object[java.time.ZonedDateTime 0x7f53a31f "2019-02-21T00:31:19Z"]]
+[:mem/node-8590 :end_time #object[java.time.ZonedDateTime 0x4ba1f425 "2019-03-21T00:31:19Z"]]
+[:mem/node-8988 :value "bibrath.eu"]
+[:mem/node-8988 :type "domain"]
+[:mem/node-8762 :value "bibrath.eu"]
+[:mem/node-8762 :type "domain"]
+[:mem/node-8602 :valid_time :mem/node-8603]
+[:mem/node-8602 :schema_version "1.0.9"]
+[:mem/node-8602 :module-name "AMP Global Intel"]
+[:mem/node-8602 :naga/entity true]
+[:mem/node-8602 :observable :mem/node-8604]
+[:mem/node-8602 :type "judgement"]
+[:mem/node-8602 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8602 :external_ids :mem/node-8605]
+[:mem/node-8602 :disposition 2]
+[:mem/node-8602 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8602 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8602 :disposition_name "Malicious"]
+[:mem/node-8602 :priority 90]
+[:mem/node-8602 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-c97ac10b-b854-467d-84f2-befb7845f442"]
+[:mem/node-8602 :severity "High"]
+[:mem/node-8602 :tlp "green"]
+[:mem/node-8602 :db/ident :mem/node-8602]
+[:mem/node-8602 :timestamp "2019-03-12T00:31:23.923Z"]
+[:mem/node-8602 :confidence "High"]
+[:mem/node-8916 :start_time #object[java.time.ZonedDateTime 0x29d563bd "2018-05-15T00:25:12Z"]]
+[:mem/node-8916 :end_time #object[java.time.ZonedDateTime 0x73fe7483 "2018-05-15T00:25:12Z"]]
+[:mem/node-9069 :start_time #object[java.time.ZonedDateTime 0x11577ab8 "2019-02-21T06:31:25Z"]]
+[:mem/node-9069 :end_time #object[java.time.ZonedDateTime 0x5513a46b "2019-03-21T06:31:25Z"]]
+[:mem/node-8619 :start_time #object[java.time.ZonedDateTime 0x5759edff "2018-04-22T00:25:11Z"]]
+[:mem/node-8619 :end_time #object[java.time.ZonedDateTime 0x5703c1fb "2018-04-22T00:25:11Z"]]
+[:mem/node-8941 :valid_time :mem/node-8942]
+[:mem/node-8941 :schema_version "1.0.8"]
+[:mem/node-8941 :module-name "AMP Global Intel"]
+[:mem/node-8941 :naga/entity true]
+[:mem/node-8941 :observable :mem/node-8943]
+[:mem/node-8941 :type "judgement"]
+[:mem/node-8941 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8941 :external_ids :mem/node-8944]
+[:mem/node-8941 :disposition 2]
+[:mem/node-8941 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8941 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8941 :disposition_name "Malicious"]
+[:mem/node-8941 :priority 90]
+[:mem/node-8941 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-34d6a1aa-5beb-48cb-b54b-210edc00e7c5"]
+[:mem/node-8941 :severity "High"]
+[:mem/node-8941 :tlp "green"]
+[:mem/node-8941 :db/ident :mem/node-8941]
+[:mem/node-8941 :confidence "High"]
+[:mem/node-9010 :start_time #object[java.time.ZonedDateTime 0x7d2be319 "2019-02-14T18:31:25Z"]]
+[:mem/node-9010 :end_time #object[java.time.ZonedDateTime 0x35d3202b "2019-03-14T18:31:25Z"]]
+[:mem/node-8263 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8263 :schema_version "1.0.4"]
+[:mem/node-8263 :module-name "AMP Global Intel"]
+[:mem/node-8263 :naga/entity true]
+[:mem/node-8263 :observables :mem/node-8264]
+[:mem/node-8263 :type "sighting"]
+[:mem/node-8263 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8263 :external_ids :mem/node-8266]
+[:mem/node-8263 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8263 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e7d79c8-28ac-407f-a650-ad17f6c8724a"]
+[:mem/node-8263 :count 1]
+[:mem/node-8263 :tlp "green"]
+[:mem/node-8263 :db/ident :mem/node-8263]
+[:mem/node-8263 :confidence "High"]
+[:mem/node-8263 :observed_time :mem/node-8267]
+[:mem/node-8178 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8178 :schema_version "1.0.4"]
+[:mem/node-8178 :module-name "AMP Global Intel"]
+[:mem/node-8178 :naga/entity true]
+[:mem/node-8178 :observables :mem/node-8179]
+[:mem/node-8178 :type "sighting"]
+[:mem/node-8178 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8178 :external_ids :mem/node-8181]
+[:mem/node-8178 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8178 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-b33e8e1e-de15-4996-9211-8134d3d1109d"]
+[:mem/node-8178 :count 1]
+[:mem/node-8178 :tlp "green"]
+[:mem/node-8178 :db/ident :mem/node-8178]
+[:mem/node-8178 :confidence "High"]
+[:mem/node-8178 :observed_time :mem/node-8182]
+[:mem/node-8970 :value "bibrath.eu"]
+[:mem/node-8970 :type "domain"]
+[:mem/node-8963 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8963 :schema_version "1.0.0"]
+[:mem/node-8963 :module-name "AMP Global Intel"]
+[:mem/node-8963 :naga/entity true]
+[:mem/node-8963 :observables :mem/node-8964]
+[:mem/node-8963 :type "sighting"]
+[:mem/node-8963 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8963 :external_ids :mem/node-8966]
+[:mem/node-8963 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8963 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-c1ff2c34-efad-437a-ace2-410920abbdd6"]
+[:mem/node-8963 :count 1]
+[:mem/node-8963 :tlp "green"]
+[:mem/node-8963 :db/ident :mem/node-8963]
+[:mem/node-8963 :confidence "High"]
+[:mem/node-8963 :observed_time :mem/node-8967]
+[:mem/node-8953 :naga/first "hydrant-29d2e6690c6e723e70306c350941b043d667459f4e89007ed7c47fdec4c0690b"]
+[:mem/node-8953 :naga/contains "hydrant-29d2e6690c6e723e70306c350941b043d667459f4e89007ed7c47fdec4c0690b"]
+[:mem/node-8777 :valid_time :mem/node-8778]
+[:mem/node-8777 :schema_version "1.0.8"]
+[:mem/node-8777 :module-name "AMP Global Intel"]
+[:mem/node-8777 :naga/entity true]
+[:mem/node-8777 :observable :mem/node-8779]
+[:mem/node-8777 :type "judgement"]
+[:mem/node-8777 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8777 :external_ids :mem/node-8780]
+[:mem/node-8777 :disposition 2]
+[:mem/node-8777 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8777 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8777 :disposition_name "Malicious"]
+[:mem/node-8777 :priority 90]
+[:mem/node-8777 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-1382116e-b398-4709-bec4-53274836a9d7"]
+[:mem/node-8777 :severity "High"]
+[:mem/node-8777 :tlp "green"]
+[:mem/node-8777 :db/ident :mem/node-8777]
+[:mem/node-8777 :confidence "High"]
+[:mem/node-8672 :start_time #object[java.time.ZonedDateTime 0x2dfd157b "2019-03-06T00:31:10.336Z"]]
+[:mem/node-8672 :end_time #object[java.time.ZonedDateTime 0x64381526 "2019-04-05T00:31:10.336Z"]]
+[:mem/node-9002 :value "bibrath.eu"]
+[:mem/node-9002 :type "domain"]
+[:mem/node-8734 :value "bibrath.eu"]
+[:mem/node-8734 :type "domain"]
+[:mem/node-8447 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8447 :schema_version "1.0.0"]
+[:mem/node-8447 :module-name "AMP Global Intel"]
+[:mem/node-8447 :naga/entity true]
+[:mem/node-8447 :observables :mem/node-8448]
+[:mem/node-8447 :type "sighting"]
+[:mem/node-8447 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8447 :external_ids :mem/node-8450]
+[:mem/node-8447 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8447 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2c6f96de-ee00-42b2-aa6b-8815e6983e1a"]
+[:mem/node-8447 :count 1]
+[:mem/node-8447 :tlp "green"]
+[:mem/node-8447 :db/ident :mem/node-8447]
+[:mem/node-8447 :confidence "High"]
+[:mem/node-8447 :observed_time :mem/node-8451]
+[:mem/node-8915 :naga/first "hydrant-2e37a215640c52b82621bf8c01980e4564966c43df97ebf952d55047c5e57d0f"]
+[:mem/node-8915 :naga/contains "hydrant-2e37a215640c52b82621bf8c01980e4564966c43df97ebf952d55047c5e57d0f"]
+[:mem/node-8456 :start_time #object[java.time.ZonedDateTime 0x46290193 "2018-04-20T06:25:13Z"]]
+[:mem/node-8456 :end_time #object[java.time.ZonedDateTime 0x6ad7a305 "2018-04-20T06:25:13Z"]]
+[:mem/node-8350 :start_time #object[java.time.ZonedDateTime 0x2fc435e9 "2019-03-05T00:31:04.841Z"]]
+[:mem/node-8350 :end_time #object[java.time.ZonedDateTime 0xbf18412 "2019-04-04T00:31:04.841Z"]]
+[:mem/node-8332 :naga/first :mem/node-8333]
+[:mem/node-8332 :naga/contains :mem/node-8333]
+[:mem/node-8936 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8936 :schema_version "1.0.0"]
+[:mem/node-8936 :module-name "AMP Global Intel"]
+[:mem/node-8936 :naga/entity true]
+[:mem/node-8936 :observables :mem/node-8937]
+[:mem/node-8936 :type "sighting"]
+[:mem/node-8936 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8936 :external_ids :mem/node-8939]
+[:mem/node-8936 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8936 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-00fa3f36-7fb0-47cb-a558-c2dcb9c8179f"]
+[:mem/node-8936 :count 1]
+[:mem/node-8936 :tlp "green"]
+[:mem/node-8936 :db/ident :mem/node-8936]
+[:mem/node-8936 :confidence "High"]
+[:mem/node-8936 :observed_time :mem/node-8940]
+[:mem/node-9008 :start_time #object[java.time.ZonedDateTime 0x5da2966 "2018-05-15T06:25:13Z"]]
+[:mem/node-9008 :end_time #object[java.time.ZonedDateTime 0x52c27d53 "2018-05-15T06:25:13Z"]]
+[:mem/node-8504 :start_time #object[java.time.ZonedDateTime 0x5ca7619f "2019-02-22T00:31:15Z"]]
+[:mem/node-8504 :end_time #object[java.time.ZonedDateTime 0x5b71af0d "2019-03-22T00:31:15Z"]]
+[:mem/node-8793 :value "bibrath.eu"]
+[:mem/node-8793 :type "domain"]
+[:mem/node-8923 :naga/first :mem/node-8924]
+[:mem/node-8923 :naga/contains :mem/node-8924]
+[:mem/node-8302 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8302 :schema_version "1.0.0"]
+[:mem/node-8302 :module-name "AMP Global Intel"]
+[:mem/node-8302 :naga/entity true]
+[:mem/node-8302 :observables :mem/node-8303]
+[:mem/node-8302 :type "sighting"]
+[:mem/node-8302 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8302 :external_ids :mem/node-8305]
+[:mem/node-8302 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8302 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-81e22040-3bc0-4d73-9e69-adee812c37fc"]
+[:mem/node-8302 :count 1]
+[:mem/node-8302 :tlp "green"]
+[:mem/node-8302 :db/ident :mem/node-8302]
+[:mem/node-8302 :confidence "High"]
+[:mem/node-8302 :observed_time :mem/node-8306]
+[:mem/node-8956 :value "bibrath.eu"]
+[:mem/node-8956 :type "domain"]
+[:mem/node-8342 :start_time #object[java.time.ZonedDateTime 0xfb42c1c "2019-02-12T06:31:13Z"]]
+[:mem/node-8342 :end_time #object[java.time.ZonedDateTime 0x4edde05c "2019-03-12T06:31:13Z"]]
+[:mem/node-8206 :naga/first "hydrant-16d2a790e7942d97b46e43a272ccdd8d9e874da6b5d20957928fbf8b48e713e4"]
+[:mem/node-8206 :naga/contains "hydrant-16d2a790e7942d97b46e43a272ccdd8d9e874da6b5d20957928fbf8b48e713e4"]
+[:mem/node-8597 :start_time #object[java.time.ZonedDateTime 0x2911db81 "2018-04-27T12:25:12Z"]]
+[:mem/node-8597 :end_time #object[java.time.ZonedDateTime 0x7fce1069 "2018-04-27T12:25:12Z"]]
+[:mem/node-8630 :value "bibrath.eu"]
+[:mem/node-8630 :type "domain"]
+[:mem/node-8645 :value "bibrath.eu"]
+[:mem/node-8645 :type "domain"]
+[:mem/node-8533 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8533 :relation "Contains"]
+[:mem/node-8533 :source :mem/node-8534]
+[:mem/node-8533 :related :mem/node-8535]
+[:mem/node-8510 :naga/first "hydrant-8c8492b51e237c3536411d581b2c7419e766b5160943cc7af4f1269aa6431167"]
+[:mem/node-8510 :naga/contains "hydrant-8c8492b51e237c3536411d581b2c7419e766b5160943cc7af4f1269aa6431167"]
+[:mem/node-8795 :start_time #object[java.time.ZonedDateTime 0x51b41740 "2018-04-29T12:25:12Z"]]
+[:mem/node-8795 :end_time #object[java.time.ZonedDateTime 0x70cac22a "2018-04-29T12:25:12Z"]]
+[:mem/node-8711 :valid_time :mem/node-8712]
+[:mem/node-8711 :schema_version "1.0.8"]
+[:mem/node-8711 :module-name "AMP Global Intel"]
+[:mem/node-8711 :naga/entity true]
+[:mem/node-8711 :observable :mem/node-8713]
+[:mem/node-8711 :type "judgement"]
+[:mem/node-8711 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8711 :external_ids :mem/node-8714]
+[:mem/node-8711 :disposition 2]
+[:mem/node-8711 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8711 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8711 :disposition_name "Malicious"]
+[:mem/node-8711 :priority 90]
+[:mem/node-8711 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-4c61651f-d24a-41a8-9f13-6a97fdadeff3"]
+[:mem/node-8711 :severity "High"]
+[:mem/node-8711 :tlp "green"]
+[:mem/node-8711 :db/ident :mem/node-8711]
+[:mem/node-8711 :confidence "High"]
+[:mem/node-8767 :naga/first "hydrant-4a87ebdee3ff72e9a521474768873ddc02b8879d696257e186f35b829089a20e"]
+[:mem/node-8767 :naga/contains "hydrant-4a87ebdee3ff72e9a521474768873ddc02b8879d696257e186f35b829089a20e"]
+[:mem/node-9019 :value "bibrath.eu"]
+[:mem/node-9019 :type "domain"]
+[:mem/node-8858 :naga/first "hydrant-f23d4437ab67f2774bddfff7e272201b626fc1b38c59d2475c8efa35cc3da2d6"]
+[:mem/node-8858 :naga/contains "hydrant-f23d4437ab67f2774bddfff7e272201b626fc1b38c59d2475c8efa35cc3da2d6"]
+[:mem/node-8985 :start_time #object[java.time.ZonedDateTime 0x57a0c261 "2018-05-01T12:25:12Z"]]
+[:mem/node-8985 :end_time #object[java.time.ZonedDateTime 0x5862dda4 "2018-05-01T12:25:12Z"]]
+[:mem/node-8954 :valid_time :mem/node-8955]
+[:mem/node-8954 :schema_version "1.0.8"]
+[:mem/node-8954 :module-name "AMP Global Intel"]
+[:mem/node-8954 :naga/entity true]
+[:mem/node-8954 :observable :mem/node-8956]
+[:mem/node-8954 :type "judgement"]
+[:mem/node-8954 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8954 :external_ids :mem/node-8957]
+[:mem/node-8954 :disposition 2]
+[:mem/node-8954 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8954 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8954 :disposition_name "Malicious"]
+[:mem/node-8954 :priority 90]
+[:mem/node-8954 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-89e60357-f077-4dab-bfd7-6b1c4ab56ed5"]
+[:mem/node-8954 :severity "High"]
+[:mem/node-8954 :tlp "green"]
+[:mem/node-8954 :db/ident :mem/node-8954]
+[:mem/node-8954 :confidence "High"]
+[:mem/node-8626 :value "bibrath.eu"]
+[:mem/node-8626 :type "domain"]
+[:mem/node-8530 :naga/first "Threat Grid"]
+[:mem/node-8747 :naga/first :mem/node-8748]
+[:mem/node-8747 :naga/contains :mem/node-8748]
+[:mem/node-8384 :start_time #object[java.time.ZonedDateTime 0x299ddfff "2018-04-16T18:25:12Z"]]
+[:mem/node-8384 :end_time #object[java.time.ZonedDateTime 0xfe09374 "2018-04-16T18:25:12Z"]]
+[:mem/node-8871 :value "bibrath.eu"]
+[:mem/node-8871 :type "domain"]
+[:mem/node-8167 :value "bibrath.eu"]
+[:mem/node-8167 :type "domain"]
+[:mem/node-8705 :naga/first "hydrant-d41acfc2c6013361349f69a89a6d92806da65f5a68b56b85fa0056dda66f08b3"]
+[:mem/node-8705 :naga/contains "hydrant-d41acfc2c6013361349f69a89a6d92806da65f5a68b56b85fa0056dda66f08b3"]
+[:mem/node-9004 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9004 :schema_version "1.0.0"]
+[:mem/node-9004 :module-name "AMP Global Intel"]
+[:mem/node-9004 :naga/entity true]
+[:mem/node-9004 :observables :mem/node-9005]
+[:mem/node-9004 :type "sighting"]
+[:mem/node-9004 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9004 :external_ids :mem/node-9007]
+[:mem/node-9004 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9004 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-7ab7d117-bf24-4c5a-b8fe-701936ac7265"]
+[:mem/node-9004 :count 1]
+[:mem/node-9004 :tlp "green"]
+[:mem/node-9004 :db/ident :mem/node-9004]
+[:mem/node-9004 :confidence "High"]
+[:mem/node-9004 :observed_time :mem/node-9008]
+[:mem/node-8335 :start_time #object[java.time.ZonedDateTime 0x5e02fb23 "2018-05-13T12:25:12Z"]]
+[:mem/node-8335 :end_time #object[java.time.ZonedDateTime 0x104392ba "2018-05-13T12:25:12Z"]]
+[:mem/node-8258 :start_time #object[java.time.ZonedDateTime 0x57e6d56a "2018-04-25T12:25:12Z"]]
+[:mem/node-8258 :end_time #object[java.time.ZonedDateTime 0x5c1687d1 "2018-04-25T12:25:12Z"]]
+[:mem/node-8983 :value "bibrath.eu"]
+[:mem/node-8983 :type "domain"]
+[:mem/node-9048 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9048 :schema_version "1.0.0"]
+[:mem/node-9048 :module-name "AMP Global Intel"]
+[:mem/node-9048 :naga/entity true]
+[:mem/node-9048 :observables :mem/node-9049]
+[:mem/node-9048 :type "sighting"]
+[:mem/node-9048 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9048 :external_ids :mem/node-9051]
+[:mem/node-9048 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9048 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-65c1f680-f7a9-4aba-874a-cef28768df28"]
+[:mem/node-9048 :count 1]
+[:mem/node-9048 :tlp "green"]
+[:mem/node-9048 :db/ident :mem/node-9048]
+[:mem/node-9048 :confidence "High"]
+[:mem/node-9048 :observed_time :mem/node-9052]
+[:mem/node-8394 :value "bibrath.eu"]
+[:mem/node-8394 :type "domain"]
+[:mem/node-8843 :start_time #object[java.time.ZonedDateTime 0x1504b493 "2019-02-20T18:31:10Z"]]
+[:mem/node-8843 :end_time #object[java.time.ZonedDateTime 0x19de32cb "2019-03-20T18:31:10Z"]]
+[:mem/node-8759 :start_time #object[java.time.ZonedDateTime 0x7872e91f "2018-04-30T00:25:12Z"]]
+[:mem/node-8759 :end_time #object[java.time.ZonedDateTime 0x10b2c1cf "2018-04-30T00:25:12Z"]]
+[:mem/node-8305 :naga/first "hydrant-8eb2acdd3acccb9717d712024e57f20f7cca987fd79cdb053c6c772e4c906a25"]
+[:mem/node-8305 :naga/contains "hydrant-8eb2acdd3acccb9717d712024e57f20f7cca987fd79cdb053c6c772e4c906a25"]
+[:mem/node-8299 :value "bibrath.eu"]
+[:mem/node-8299 :type "domain"]
+[:mem/node-8598 :valid_time :mem/node-8599]
+[:mem/node-8598 :schema_version "1.0.9"]
+[:mem/node-8598 :module-name "AMP Global Intel"]
+[:mem/node-8598 :naga/entity true]
+[:mem/node-8598 :observable :mem/node-8600]
+[:mem/node-8598 :type "judgement"]
+[:mem/node-8598 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8598 :external_ids :mem/node-8601]
+[:mem/node-8598 :disposition 2]
+[:mem/node-8598 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8598 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8598 :disposition_name "Malicious"]
+[:mem/node-8598 :priority 90]
+[:mem/node-8598 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-386bb672-b8c0-40c4-bdbe-6bb02efd54da"]
+[:mem/node-8598 :severity "High"]
+[:mem/node-8598 :tlp "green"]
+[:mem/node-8598 :db/ident :mem/node-8598]
+[:mem/node-8598 :timestamp "2019-03-25T00:31:13.258Z"]
+[:mem/node-8598 :confidence "High"]
+[:mem/node-8681 :naga/first :mem/node-8682]
+[:mem/node-8681 :naga/contains :mem/node-8682]
+[:mem/node-8844 :value "bibrath.eu"]
+[:mem/node-8844 :type "domain"]
+[:mem/node-8535 :value "bibrath.eu"]
+[:mem/node-8535 :type "domain"]
+[:mem/node-8694 :start_time #object[java.time.ZonedDateTime 0x20a25f66 "2019-03-02T00:31:16.771Z"]]
+[:mem/node-8694 :end_time #object[java.time.ZonedDateTime 0x488279d3 "2019-04-01T00:31:16.771Z"]]
+[:mem/node-8834 :value "bibrath.eu"]
+[:mem/node-8834 :type "domain"]
+[:mem/node-8950 :valid_time :mem/node-8951]
+[:mem/node-8950 :schema_version "1.0.8"]
+[:mem/node-8950 :module-name "AMP Global Intel"]
+[:mem/node-8950 :naga/entity true]
+[:mem/node-8950 :observable :mem/node-8952]
+[:mem/node-8950 :type "judgement"]
+[:mem/node-8950 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8950 :external_ids :mem/node-8953]
+[:mem/node-8950 :disposition 2]
+[:mem/node-8950 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8950 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8950 :disposition_name "Malicious"]
+[:mem/node-8950 :priority 90]
+[:mem/node-8950 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-52312610-8fea-43c0-ba4d-bbd5665d7f5d"]
+[:mem/node-8950 :severity "High"]
+[:mem/node-8950 :tlp "green"]
+[:mem/node-8950 :db/ident :mem/node-8950]
+[:mem/node-8950 :confidence "High"]
+[:mem/node-8466 :start_time #object[java.time.ZonedDateTime 0x27575bcd "2018-04-19T00:25:12Z"]]
+[:mem/node-8466 :end_time #object[java.time.ZonedDateTime 0x21ed4a51 "2018-04-19T00:25:12Z"]]
+[:mem/node-8351 :value "bibrath.eu"]
+[:mem/node-8351 :type "domain"]
+[:mem/node-8237 :naga/first :mem/node-8238]
+[:mem/node-8237 :naga/contains :mem/node-8238]
+[:mem/node-8210 :value "bibrath.eu"]
+[:mem/node-8210 :type "domain"]
+[:mem/node-9026 :start_time #object[java.time.ZonedDateTime 0x13866865 "2019-02-27T00:31:08.900Z"]]
+[:mem/node-9026 :end_time #object[java.time.ZonedDateTime 0x4891d727 "2019-03-29T00:31:08.900Z"]]
+[:mem/node-8650 :value "bibrath.eu"]
+[:mem/node-8650 :type "domain"]
+[:mem/node-8842 :valid_time :mem/node-8843]
+[:mem/node-8842 :schema_version "1.0.8"]
+[:mem/node-8842 :module-name "AMP Global Intel"]
+[:mem/node-8842 :naga/entity true]
+[:mem/node-8842 :observable :mem/node-8844]
+[:mem/node-8842 :type "judgement"]
+[:mem/node-8842 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8842 :external_ids :mem/node-8845]
+[:mem/node-8842 :disposition 2]
+[:mem/node-8842 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8842 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8842 :disposition_name "Malicious"]
+[:mem/node-8842 :priority 90]
+[:mem/node-8842 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-7b4c39f5-1a7c-4120-9b8e-4932460b4727"]
+[:mem/node-8842 :severity "High"]
+[:mem/node-8842 :tlp "green"]
+[:mem/node-8842 :db/ident :mem/node-8842]
+[:mem/node-8842 :confidence "High"]
+[:mem/node-8839 :value "bibrath.eu"]
+[:mem/node-8839 :type "domain"]
+[:mem/node-8326 :start_time #object[java.time.ZonedDateTime 0x550574cb "2018-05-07T00:25:12Z"]]
+[:mem/node-8326 :end_time #object[java.time.ZonedDateTime 0x1e7113f8 "2018-05-07T00:25:12Z"]]
+[:mem/node-8586 :value "bibrath.eu"]
+[:mem/node-8586 :type "domain"]
+[:mem/node-8371 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8371 :schema_version "1.0.4"]
+[:mem/node-8371 :module-name "AMP Global Intel"]
+[:mem/node-8371 :naga/entity true]
+[:mem/node-8371 :observables :mem/node-8372]
+[:mem/node-8371 :type "sighting"]
+[:mem/node-8371 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8371 :external_ids :mem/node-8374]
+[:mem/node-8371 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8371 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-dd440c61-e6cd-42b8-ae36-ac7bc1160a77"]
+[:mem/node-8371 :count 1]
+[:mem/node-8371 :tlp "green"]
+[:mem/node-8371 :db/ident :mem/node-8371]
+[:mem/node-8371 :confidence "High"]
+[:mem/node-8371 :observed_time :mem/node-8375]
+[:mem/node-8655 :value "bibrath.eu"]
+[:mem/node-8655 :type "domain"]
+[:mem/node-8760 :valid_time :mem/node-8761]
+[:mem/node-8760 :schema_version "1.0.9"]
+[:mem/node-8760 :module-name "AMP Global Intel"]
+[:mem/node-8760 :naga/entity true]
+[:mem/node-8760 :observable :mem/node-8762]
+[:mem/node-8760 :type "judgement"]
+[:mem/node-8760 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8760 :external_ids :mem/node-8763]
+[:mem/node-8760 :disposition 2]
+[:mem/node-8760 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8760 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8760 :disposition_name "Malicious"]
+[:mem/node-8760 :priority 90]
+[:mem/node-8760 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b0745877-e40f-4478-a1bb-f7eed1318fe3"]
+[:mem/node-8760 :severity "High"]
+[:mem/node-8760 :tlp "green"]
+[:mem/node-8760 :db/ident :mem/node-8760]
+[:mem/node-8760 :timestamp "2019-03-13T00:31:13.119Z"]
+[:mem/node-8760 :confidence "High"]
+[:mem/node-8391 :start_time #object[java.time.ZonedDateTime 0x3e149513 "2019-04-02T20:10:59.655Z"]]
+[:mem/node-8391 :end_time #object[java.time.ZonedDateTime 0x787a4519 "2019-05-02T20:10:59.655Z"]]
+[:mem/node-8414 :value "bibrath.eu"]
+[:mem/node-8414 :type "domain"]
+[:mem/node-8852 :start_time #object[java.time.ZonedDateTime 0x627d5f1 "2019-03-01T00:31:20.472Z"]]
+[:mem/node-8852 :end_time #object[java.time.ZonedDateTime 0x105fe81e "2019-03-31T00:31:20.472Z"]]
+[:mem/node-8527 :naga/first "AMP Global Intel"]
+[:mem/node-8527 :naga/rest :mem/node-8528]
+[:mem/node-8240 :start_time #object[java.time.ZonedDateTime 0xaf94b0b "2018-10-08T00:25:14Z"]]
+[:mem/node-8240 :end_time #object[java.time.ZonedDateTime 0x208185c0 "2018-10-08T00:25:14Z"]]
+[:mem/node-8150 :start_time #object[java.time.ZonedDateTime 0x1831447c "2018-05-10T00:25:12Z"]]
+[:mem/node-8150 :end_time #object[java.time.ZonedDateTime 0x7741507c "2018-05-10T00:25:12Z"]]
+[:mem/node-8468 :start_time #object[java.time.ZonedDateTime 0x37a0fc8c "2019-02-19T00:31:16Z"]]
+[:mem/node-8468 :end_time #object[java.time.ZonedDateTime 0x1ba3c03d "2019-03-19T00:31:16Z"]]
+[:mem/node-8198 :naga/first "hydrant-8cea6b7e18d6bfa51a21240a153fedbd06bdc1e649e53ab5eb6063305321e25a"]
+[:mem/node-8198 :naga/contains "hydrant-8cea6b7e18d6bfa51a21240a153fedbd06bdc1e649e53ab5eb6063305321e25a"]
+[:mem/node-8314 :start_time #object[java.time.ZonedDateTime 0x9a37591 "2019-03-28T00:31:10.799Z"]]
+[:mem/node-8314 :end_time #object[java.time.ZonedDateTime 0x749c0669 "2019-04-27T00:31:10.799Z"]]
+[:mem/node-8124 :start_time #object[java.time.ZonedDateTime 0x4468c0ea "2019-02-15T00:31:15Z"]]
+[:mem/node-8124 :end_time #object[java.time.ZonedDateTime 0x41cf4272 "2019-03-15T00:31:15Z"]]
+[:mem/node-8412 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8412 :schema_version "1.0.0"]
+[:mem/node-8412 :module-name "AMP Global Intel"]
+[:mem/node-8412 :naga/entity true]
+[:mem/node-8412 :observables :mem/node-8413]
+[:mem/node-8412 :type "sighting"]
+[:mem/node-8412 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8412 :external_ids :mem/node-8415]
+[:mem/node-8412 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8412 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-ac9c3684-5496-4d33-b698-db9723e32155"]
+[:mem/node-8412 :count 1]
+[:mem/node-8412 :tlp "green"]
+[:mem/node-8412 :db/ident :mem/node-8412]
+[:mem/node-8412 :confidence "High"]
+[:mem/node-8412 :observed_time :mem/node-8416]
+[:mem/node-8872 :naga/first "hydrant-3e9a9f11d897f8a06d49630b4855866dfd2d607fbe09fa8cc4be43e78cf20d0c"]
+[:mem/node-8872 :naga/contains "hydrant-3e9a9f11d897f8a06d49630b4855866dfd2d607fbe09fa8cc4be43e78cf20d0c"]
+[:mem/node-8824 :value "bibrath.eu"]
+[:mem/node-8824 :type "domain"]
+[:mem/node-8562 :value "http://bibrath.eu/"]
+[:mem/node-8562 :type "url"]
+[:mem/node-8409 :value "bibrath.eu"]
+[:mem/node-8409 :type "domain"]
+[:mem/node-9055 :value "bibrath.eu"]
+[:mem/node-9055 :type "domain"]
+[:mem/node-9025 :valid_time :mem/node-9026]
+[:mem/node-9025 :schema_version "1.0.8"]
+[:mem/node-9025 :module-name "AMP Global Intel"]
+[:mem/node-9025 :naga/entity true]
+[:mem/node-9025 :observable :mem/node-9027]
+[:mem/node-9025 :type "judgement"]
+[:mem/node-9025 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9025 :external_ids :mem/node-9028]
+[:mem/node-9025 :disposition 2]
+[:mem/node-9025 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9025 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9025 :disposition_name "Malicious"]
+[:mem/node-9025 :priority 90]
+[:mem/node-9025 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-66af2e01-fb7b-48f9-ab2f-659c2414e58d"]
+[:mem/node-9025 :severity "High"]
+[:mem/node-9025 :tlp "green"]
+[:mem/node-9025 :db/ident :mem/node-9025]
+[:mem/node-9025 :timestamp "2019-02-27T00:31:08.900Z"]
+[:mem/node-9025 :confidence "High"]
+[:mem/node-8565 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8565 :relation "Contains"]
+[:mem/node-8565 :source :mem/node-8566]
+[:mem/node-8565 :related :mem/node-8567]
+[:mem/node-8479 :start_time #object[java.time.ZonedDateTime 0x53d2b827 "2018-04-19T00:25:12Z"]]
+[:mem/node-8479 :end_time #object[java.time.ZonedDateTime 0x4769537a "2525-01-01T00:00Z"]]
+[:mem/node-8807 :naga/first :mem/node-8808]
+[:mem/node-8807 :naga/contains :mem/node-8808]
+[:mem/node-8702 :valid_time :mem/node-8703]
+[:mem/node-8702 :schema_version "1.0.9"]
+[:mem/node-8702 :module-name "AMP Global Intel"]
+[:mem/node-8702 :naga/entity true]
+[:mem/node-8702 :observable :mem/node-8704]
+[:mem/node-8702 :type "judgement"]
+[:mem/node-8702 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8702 :external_ids :mem/node-8705]
+[:mem/node-8702 :disposition 2]
+[:mem/node-8702 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8702 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8702 :disposition_name "Malicious"]
+[:mem/node-8702 :priority 90]
+[:mem/node-8702 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-6f9d0669-b539-4924-8072-1ccbbf3e2da6"]
+[:mem/node-8702 :severity "High"]
+[:mem/node-8702 :tlp "green"]
+[:mem/node-8702 :db/ident :mem/node-8702]
+[:mem/node-8702 :timestamp "2019-03-14T00:31:26.925Z"]
+[:mem/node-8702 :confidence "High"]
+[:mem/node-8181 :naga/first "hydrant-4f3a8460da292ea83319f905dff7f7ff9a017170da2d8aef803f6e9597897375"]
+[:mem/node-8181 :naga/contains "hydrant-4f3a8460da292ea83319f905dff7f7ff9a017170da2d8aef803f6e9597897375"]
+[:mem/node-8975 :naga/first "hydrant-d9924314a56f699d1600bb2ada305122a939cc86c51164a87ef3b257145e4ab1"]
+[:mem/node-8975 :naga/contains "hydrant-d9924314a56f699d1600bb2ada305122a939cc86c51164a87ef3b257145e4ab1"]
+[:mem/node-8643 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8643 :schema_version "1.0.0"]
+[:mem/node-8643 :module-name "AMP Global Intel"]
+[:mem/node-8643 :naga/entity true]
+[:mem/node-8643 :observables :mem/node-8644]
+[:mem/node-8643 :type "sighting"]
+[:mem/node-8643 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8643 :external_ids :mem/node-8646]
+[:mem/node-8643 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8643 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-b96883b0-7a97-4570-8ddb-853ec8573f38"]
+[:mem/node-8643 :count 1]
+[:mem/node-8643 :tlp "green"]
+[:mem/node-8643 :db/ident :mem/node-8643]
+[:mem/node-8643 :confidence "High"]
+[:mem/node-8643 :observed_time :mem/node-8647]
+[:mem/node-8097 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8097 :schema_version "1.0.0"]
+[:mem/node-8097 :module-name "AMP Global Intel"]
+[:mem/node-8097 :naga/entity true]
+[:mem/node-8097 :observables :mem/node-8098]
+[:mem/node-8097 :type "sighting"]
+[:mem/node-8097 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8097 :external_ids :mem/node-8100]
+[:mem/node-8097 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8097 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-91184cce-8b57-4af1-80fd-1e73908502d6"]
+[:mem/node-8097 :count 1]
+[:mem/node-8097 :tlp "green"]
+[:mem/node-8097 :db/ident :mem/node-8097]
+[:mem/node-8097 :confidence "High"]
+[:mem/node-8097 :observed_time :mem/node-8101]
+[:mem/node-8778 :start_time #object[java.time.ZonedDateTime 0x4504a4ed "2019-02-22T18:31:06Z"]]
+[:mem/node-8778 :end_time #object[java.time.ZonedDateTime 0x7ee3a2ed "2019-03-22T18:31:06Z"]]
+[:mem/node-9041 :value "bibrath.eu"]
+[:mem/node-9041 :type "domain"]
+[:mem/node-9035 :naga/first :mem/node-9036]
+[:mem/node-9035 :naga/contains :mem/node-9036]
+[:mem/node-8115 :valid_time :mem/node-8116]
+[:mem/node-8115 :schema_version "1.0.9"]
+[:mem/node-8115 :module-name "AMP Global Intel"]
+[:mem/node-8115 :naga/entity true]
+[:mem/node-8115 :observable :mem/node-8117]
+[:mem/node-8115 :type "judgement"]
+[:mem/node-8115 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8115 :external_ids :mem/node-8118]
+[:mem/node-8115 :disposition 2]
+[:mem/node-8115 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8115 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8115 :disposition_name "Malicious"]
+[:mem/node-8115 :priority 90]
+[:mem/node-8115 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e854c82d-4e14-4e94-b00e-9bdc54270769"]
+[:mem/node-8115 :severity "High"]
+[:mem/node-8115 :tlp "green"]
+[:mem/node-8115 :db/ident :mem/node-8115]
+[:mem/node-8115 :timestamp "2019-03-31T00:31:05.643Z"]
+[:mem/node-8115 :confidence "High"]
+[:mem/node-8500 :start_time #object[java.time.ZonedDateTime 0x38363e96 "2019-03-23T00:31:15.948Z"]]
+[:mem/node-8500 :end_time #object[java.time.ZonedDateTime 0x35c95869 "2019-04-22T00:31:15.948Z"]]
+[:mem/node-9063 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9063 :schema_version "1.0.4"]
+[:mem/node-9063 :module-name "AMP Global Intel"]
+[:mem/node-9063 :naga/entity true]
+[:mem/node-9063 :observables :mem/node-9064]
+[:mem/node-9063 :type "sighting"]
+[:mem/node-9063 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9063 :external_ids :mem/node-9066]
+[:mem/node-9063 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9063 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a9a009b0-f526-4cb1-8651-e73b0bd5a29d"]
+[:mem/node-9063 :count 1]
+[:mem/node-9063 :tlp "green"]
+[:mem/node-9063 :db/ident :mem/node-9063]
+[:mem/node-9063 :confidence "High"]
+[:mem/node-9063 :observed_time :mem/node-9067]
+[:mem/node-8981 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8981 :schema_version "1.0.0"]
+[:mem/node-8981 :module-name "AMP Global Intel"]
+[:mem/node-8981 :naga/entity true]
+[:mem/node-8981 :observables :mem/node-8982]
+[:mem/node-8981 :type "sighting"]
+[:mem/node-8981 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8981 :external_ids :mem/node-8984]
+[:mem/node-8981 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8981 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8697ebe-85ff-442e-8923-422d43c609dd"]
+[:mem/node-8981 :count 1]
+[:mem/node-8981 :tlp "green"]
+[:mem/node-8981 :db/ident :mem/node-8981]
+[:mem/node-8981 :confidence "High"]
+[:mem/node-8981 :observed_time :mem/node-8985]
+[:mem/node-8557 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8557 :relation "Contains"]
+[:mem/node-8557 :source :mem/node-8558]
+[:mem/node-8557 :related :mem/node-8559]
+[:mem/node-8474 :naga/first "hydrant-9a380191c2ba073f8bc991faad06f752d78ff0e42bd0c79c4a7b16a994ed585a"]
+[:mem/node-8474 :naga/contains "hydrant-9a380191c2ba073f8bc991faad06f752d78ff0e42bd0c79c4a7b16a994ed585a"]
+[:mem/node-8664 :value "bibrath.eu"]
+[:mem/node-8664 :type "domain"]
+[:mem/node-8411 :start_time #object[java.time.ZonedDateTime 0x558aa1f1 "2018-04-23T00:25:11Z"]]
+[:mem/node-8411 :end_time #object[java.time.ZonedDateTime 0x361d8567 "2018-04-23T00:25:11Z"]]
+[:mem/node-9039 :valid_time :mem/node-9040]
+[:mem/node-9039 :schema_version "1.0.9"]
+[:mem/node-9039 :module-name "AMP Global Intel"]
+[:mem/node-9039 :naga/entity true]
+[:mem/node-9039 :observable :mem/node-9041]
+[:mem/node-9039 :type "judgement"]
+[:mem/node-9039 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9039 :external_ids :mem/node-9042]
+[:mem/node-9039 :disposition 2]
+[:mem/node-9039 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9039 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9039 :disposition_name "Malicious"]
+[:mem/node-9039 :priority 90]
+[:mem/node-9039 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-d7e6eda6-7cb2-4600-929b-a52e44436697"]
+[:mem/node-9039 :severity "High"]
+[:mem/node-9039 :tlp "green"]
+[:mem/node-9039 :db/ident :mem/node-9039]
+[:mem/node-9039 :timestamp "2019-04-02T00:31:19.426Z"]
+[:mem/node-9039 :confidence "High"]
+[:mem/node-8137 :naga/first :mem/node-8138]
+[:mem/node-8137 :naga/contains :mem/node-8138]
+[:mem/node-8685 :valid_time :mem/node-8686]
+[:mem/node-8685 :schema_version "1.0.8"]
+[:mem/node-8685 :module-name "AMP Global Intel"]
+[:mem/node-8685 :naga/entity true]
+[:mem/node-8685 :observable :mem/node-8687]
+[:mem/node-8685 :type "judgement"]
+[:mem/node-8685 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8685 :external_ids :mem/node-8688]
+[:mem/node-8685 :disposition 2]
+[:mem/node-8685 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8685 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8685 :disposition_name "Malicious"]
+[:mem/node-8685 :priority 90]
+[:mem/node-8685 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-2943e6a6-f0f1-4fec-847e-ff5c6ea5fbf2"]
+[:mem/node-8685 :severity "High"]
+[:mem/node-8685 :tlp "green"]
+[:mem/node-8685 :db/ident :mem/node-8685]
+[:mem/node-8685 :confidence "High"]
+[:mem/node-8320 :naga/first "hydrant-7ce911ad71b21cbb23985049cf4dea842ff0cb4ac02ee9dde4f33ad7d06ddc7f"]
+[:mem/node-8320 :naga/contains "hydrant-7ce911ad71b21cbb23985049cf4dea842ff0cb4ac02ee9dde4f33ad7d06ddc7f"]
+[:mem/node-8134 :naga/first "hydrant-c57f1dbe4b543fa0838fdafcdae0d1d01c203e04ec7cbcb41eb127688680d004"]
+[:mem/node-8134 :naga/contains "hydrant-c57f1dbe4b543fa0838fdafcdae0d1d01c203e04ec7cbcb41eb127688680d004"]
+[:mem/node-8900 :valid_time :mem/node-8901]
+[:mem/node-8900 :schema_version "1.0.8"]
+[:mem/node-8900 :module-name "AMP Global Intel"]
+[:mem/node-8900 :naga/entity true]
+[:mem/node-8900 :observable :mem/node-8902]
+[:mem/node-8900 :type "judgement"]
+[:mem/node-8900 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8900 :external_ids :mem/node-8903]
+[:mem/node-8900 :disposition 2]
+[:mem/node-8900 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8900 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8900 :disposition_name "Malicious"]
+[:mem/node-8900 :priority 90]
+[:mem/node-8900 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-546c043e-43bb-41ac-8ea9-e64349284f6f"]
+[:mem/node-8900 :severity "High"]
+[:mem/node-8900 :tlp "green"]
+[:mem/node-8900 :db/ident :mem/node-8900]
+[:mem/node-8900 :timestamp "2019-02-26T00:31:16.748Z"]
+[:mem/node-8900 :confidence "High"]
+[:mem/node-8774 :start_time #object[java.time.ZonedDateTime 0x3fd6dfbc "2019-02-14T06:31:10Z"]]
+[:mem/node-8774 :end_time #object[java.time.ZonedDateTime 0x4023d23f "2019-03-14T06:31:10Z"]]
+[:mem/node-8311 :naga/first "hydrant-4b9cca480c7b6124587c45a278a59f0e177896e3b94ef00c368fc4ec137ed0ce"]
+[:mem/node-8311 :naga/contains "hydrant-4b9cca480c7b6124587c45a278a59f0e177896e3b94ef00c368fc4ec137ed0ce"]
+[:mem/node-8750 :start_time #object[java.time.ZonedDateTime 0x402676e3 "2018-04-14T06:25:16Z"]]
+[:mem/node-8750 :end_time #object[java.time.ZonedDateTime 0x1a4ae53d "2018-04-14T06:25:16Z"]]
+[:mem/node-8096 :naga/first "hydrant-0ba925e3c312eeaa8ad579ee9b56a50f29a4a5408165e988cc3d878cc197c754"]
+[:mem/node-8096 :naga/contains "hydrant-0ba925e3c312eeaa8ad579ee9b56a50f29a4a5408165e988cc3d878cc197c754"]
+[:mem/node-8333 :value "bibrath.eu"]
+[:mem/node-8333 :type "domain"]
+[:mem/node-8895 :naga/first "hydrant-caa3c352ae224b9f99776f467cf912c3446df4a5db97e141e4ea70484100fa9f"]
+[:mem/node-8895 :naga/contains "hydrant-caa3c352ae224b9f99776f467cf912c3446df4a5db97e141e4ea70484100fa9f"]
+[:mem/node-8529 :naga/first "Threat Grid - int"]
+[:mem/node-8529 :naga/rest :mem/node-8530]
+[:mem/node-8726 :naga/first "hydrant-a5f12fd56d7399c98392f1ea2987b2236c63ed6ee9190d57886857fd28a62a8c"]
+[:mem/node-8726 :naga/contains "hydrant-a5f12fd56d7399c98392f1ea2987b2236c63ed6ee9190d57886857fd28a62a8c"]
+[:mem/node-8606 :valid_time :mem/node-8607]
+[:mem/node-8606 :schema_version "1.0.8"]
+[:mem/node-8606 :module-name "AMP Global Intel"]
+[:mem/node-8606 :naga/entity true]
+[:mem/node-8606 :observable :mem/node-8608]
+[:mem/node-8606 :type "judgement"]
+[:mem/node-8606 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8606 :external_ids :mem/node-8609]
+[:mem/node-8606 :disposition 2]
+[:mem/node-8606 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8606 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8606 :disposition_name "Malicious"]
+[:mem/node-8606 :priority 90]
+[:mem/node-8606 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-504470e1-2fee-461f-a995-cabbf6496021"]
+[:mem/node-8606 :severity "High"]
+[:mem/node-8606 :tlp "green"]
+[:mem/node-8606 :db/ident :mem/node-8606]
+[:mem/node-8606 :confidence "High"]
+[:mem/node-8595 :value "bibrath.eu"]
+[:mem/node-8595 :type "domain"]
+[:mem/node-8402 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8402 :schema_version "1.0.0"]
+[:mem/node-8402 :module-name "AMP Global Intel"]
+[:mem/node-8402 :naga/entity true]
+[:mem/node-8402 :observables :mem/node-8403]
+[:mem/node-8402 :type "sighting"]
+[:mem/node-8402 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8402 :external_ids :mem/node-8405]
+[:mem/node-8402 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8402 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-c95ed825-18d0-4c8c-8c1d-20a1f43ec30f"]
+[:mem/node-8402 :count 1]
+[:mem/node-8402 :tlp "green"]
+[:mem/node-8402 :db/ident :mem/node-8402]
+[:mem/node-8402 :confidence "High"]
+[:mem/node-8402 :observed_time :mem/node-8406]
+[:mem/node-8797 :start_time #object[java.time.ZonedDateTime 0x1368e2f7 "2019-03-22T00:31:23.407Z"]]
+[:mem/node-8797 :end_time #object[java.time.ZonedDateTime 0x4d84688f "2019-04-21T00:31:23.407Z"]]
+[:mem/node-8520 :valid_time :mem/node-8521]
+[:mem/node-8520 :schema_version "1.0.8"]
+[:mem/node-8520 :module-name "AMP Global Intel"]
+[:mem/node-8520 :naga/entity true]
+[:mem/node-8520 :observable :mem/node-8522]
+[:mem/node-8520 :type "judgement"]
+[:mem/node-8520 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8520 :external_ids :mem/node-8523]
+[:mem/node-8520 :disposition 2]
+[:mem/node-8520 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8520 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8520 :disposition_name "Malicious"]
+[:mem/node-8520 :priority 90]
+[:mem/node-8520 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-d89e29b9-32ea-4cb1-b959-9cc2e9d8a8fa"]
+[:mem/node-8520 :severity "High"]
+[:mem/node-8520 :tlp "green"]
+[:mem/node-8520 :db/ident :mem/node-8520]
+[:mem/node-8520 :timestamp "2019-03-04T00:31:21.156Z"]
+[:mem/node-8520 :confidence "High"]
+[:mem/node-8343 :value "bibrath.eu"]
+[:mem/node-8343 :type "domain"]
+[:mem/node-8111 :naga/first :mem/node-8112]
+[:mem/node-8111 :naga/contains :mem/node-8112]
+[:mem/node-8463 :naga/first :mem/node-8464]
+[:mem/node-8463 :naga/contains :mem/node-8464]
+[:mem/node-8656 :naga/first "hydrant-ef0b054d7e3ec9130375ca8c007afa7517f7c67ddda0db815bd4e7afe007c7c5"]
+[:mem/node-8656 :naga/contains "hydrant-ef0b054d7e3ec9130375ca8c007afa7517f7c67ddda0db815bd4e7afe007c7c5"]
+[:mem/node-8347 :value "bibrath.eu"]
+[:mem/node-8347 :type "domain"]
+[:mem/node-8671 :valid_time :mem/node-8672]
+[:mem/node-8671 :schema_version "1.0.8"]
+[:mem/node-8671 :module-name "AMP Global Intel"]
+[:mem/node-8671 :naga/entity true]
+[:mem/node-8671 :observable :mem/node-8673]
+[:mem/node-8671 :type "judgement"]
+[:mem/node-8671 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8671 :external_ids :mem/node-8674]
+[:mem/node-8671 :disposition 2]
+[:mem/node-8671 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8671 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8671 :disposition_name "Malicious"]
+[:mem/node-8671 :priority 90]
+[:mem/node-8671 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-dea7a53a-f884-43be-8981-b4936242437d"]
+[:mem/node-8671 :severity "High"]
+[:mem/node-8671 :tlp "green"]
+[:mem/node-8671 :db/ident :mem/node-8671]
+[:mem/node-8671 :timestamp "2019-03-06T00:31:10.336Z"]
+[:mem/node-8671 :confidence "High"]
+[:mem/node-8532 :naga/first :mem/node-8533]
+[:mem/node-8532 :naga/rest :mem/node-8536]
+[:mem/node-8532 :naga/contains :mem/node-8533]
+[:mem/node-8532 :naga/contains :mem/node-8537]
+[:mem/node-8532 :naga/contains :mem/node-8541]
+[:mem/node-8532 :naga/contains :mem/node-8545]
+[:mem/node-8532 :naga/contains :mem/node-8549]
+[:mem/node-8532 :naga/contains :mem/node-8553]
+[:mem/node-8532 :naga/contains :mem/node-8557]
+[:mem/node-8532 :naga/contains :mem/node-8561]
+[:mem/node-8532 :naga/contains :mem/node-8565]
+[:mem/node-8143 :value "bibrath.eu"]
+[:mem/node-8143 :type "domain"]
+[:mem/node-8361 :naga/first "hydrant-afa18984b1872adaafc6c71694cd698f748ea4bf9054fe74542b6d3b11d2d5e2"]
+[:mem/node-8361 :naga/contains "hydrant-afa18984b1872adaafc6c71694cd698f748ea4bf9054fe74542b6d3b11d2d5e2"]
+[:mem/node-8573 :value "bibrath.eu"]
+[:mem/node-8573 :type "domain"]
+[:mem/node-8559 :value "bibrath.eu"]
+[:mem/node-8559 :type "domain"]
+[:mem/node-8906 :value "bibrath.eu"]
+[:mem/node-8906 :type "domain"]
+[:mem/node-8862 :naga/first "hydrant-bea7e6c89f9b8c3fc679addf9b697347708cd19abfa2458a3570bac763e66106"]
+[:mem/node-8862 :naga/contains "hydrant-bea7e6c89f9b8c3fc679addf9b697347708cd19abfa2458a3570bac763e66106"]
+[:mem/node-8274 :value "bibrath.eu"]
+[:mem/node-8274 :type "domain"]
+[:mem/node-8620 :valid_time :mem/node-8621]
+[:mem/node-8620 :schema_version "1.0.8"]
+[:mem/node-8620 :module-name "AMP Global Intel"]
+[:mem/node-8620 :naga/entity true]
+[:mem/node-8620 :observable :mem/node-8622]
+[:mem/node-8620 :type "judgement"]
+[:mem/node-8620 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8620 :external_ids :mem/node-8623]
+[:mem/node-8620 :disposition 2]
+[:mem/node-8620 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8620 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8620 :disposition_name "Malicious"]
+[:mem/node-8620 :priority 90]
+[:mem/node-8620 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-af77aca7-1fa0-4cac-80b7-fd958dc74e69"]
+[:mem/node-8620 :severity "High"]
+[:mem/node-8620 :tlp "green"]
+[:mem/node-8620 :db/ident :mem/node-8620]
+[:mem/node-8620 :confidence "High"]
+[:mem/node-8315 :value "bibrath.eu"]
+[:mem/node-8315 :type "domain"]
+[:mem/node-8091 :naga/first "hydrant-785c6a069dbdc3aa1bbf6abb56f97ebb79257679a408d775f0ed0a2fd84d8425"]
+[:mem/node-8091 :naga/contains "hydrant-785c6a069dbdc3aa1bbf6abb56f97ebb79257679a408d775f0ed0a2fd84d8425"]
+[:mem/node-8192 :start_time #object[java.time.ZonedDateTime 0x3ee68eb2 "2019-02-25T00:31:23Z"]]
+[:mem/node-8192 :end_time #object[java.time.ZonedDateTime 0x7348e75e "2019-03-25T00:31:23Z"]]
+[:mem/node-8928 :start_time #object[java.time.ZonedDateTime 0x27e3dc9a "2019-02-13T12:31:16Z"]]
+[:mem/node-8928 :end_time #object[java.time.ZonedDateTime 0x49cd08f9 "2019-03-13T12:31:16Z"]]
+[:mem/node-8894 :value "bibrath.eu"]
+[:mem/node-8894 :type "domain"]
+[:mem/node-9021 :valid_time :mem/node-9022]
+[:mem/node-9021 :schema_version "1.0.8"]
+[:mem/node-9021 :module-name "AMP Global Intel"]
+[:mem/node-9021 :naga/entity true]
+[:mem/node-9021 :observable :mem/node-9023]
+[:mem/node-9021 :type "judgement"]
+[:mem/node-9021 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9021 :external_ids :mem/node-9024]
+[:mem/node-9021 :disposition 2]
+[:mem/node-9021 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9021 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9021 :disposition_name "Malicious"]
+[:mem/node-9021 :priority 90]
+[:mem/node-9021 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-c77596c2-b792-49b0-87e2-08367392bf71"]
+[:mem/node-9021 :severity "High"]
+[:mem/node-9021 :tlp "green"]
+[:mem/node-9021 :db/ident :mem/node-9021]
+[:mem/node-9021 :confidence "High"]
+[:mem/node-8721 :value "http://bibrath.eu/"]
+[:mem/node-8721 :type "url"]
+[:mem/node-9014 :start_time #object[java.time.ZonedDateTime 0x43549c6c "2019-02-19T06:31:17Z"]]
+[:mem/node-9014 :end_time #object[java.time.ZonedDateTime 0x7792e14f "2019-03-19T06:31:17Z"]]
+[:mem/node-8709 :naga/first "hydrant-9e7a64aea74dc3c804a61eb5edd8065a6db4526d380c0abc0d5d003c6d1fc545"]
+[:mem/node-8709 :naga/contains "hydrant-9e7a64aea74dc3c804a61eb5edd8065a6db4526d380c0abc0d5d003c6d1fc545"]
+[:mem/node-8855 :valid_time :mem/node-8856]
+[:mem/node-8855 :schema_version "1.0.8"]
+[:mem/node-8855 :module-name "AMP Global Intel"]
+[:mem/node-8855 :naga/entity true]
+[:mem/node-8855 :observable :mem/node-8857]
+[:mem/node-8855 :type "judgement"]
+[:mem/node-8855 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8855 :external_ids :mem/node-8858]
+[:mem/node-8855 :disposition 2]
+[:mem/node-8855 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8855 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8855 :disposition_name "Malicious"]
+[:mem/node-8855 :priority 90]
+[:mem/node-8855 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-2deaa889-b8ed-4b0f-b80c-bc00e1d026a6"]
+[:mem/node-8855 :severity "High"]
+[:mem/node-8855 :tlp "green"]
+[:mem/node-8855 :db/ident :mem/node-8855]
+[:mem/node-8855 :confidence "High"]
+[:mem/node-8151 "Has_Verdict" :mem/node-8720]
+[:mem/node-8151 "Observed_By" :mem/node-8531]
+[:mem/node-8151 "Contains" :mem/node-8524]
+[:mem/node-8151 :value "http://bibrath.eu/"]
+[:mem/node-8151 :naga/entity true]
+[:mem/node-8151 :type "url"]
+[:mem/node-8151 :disposition "Malicious"]
+[:mem/node-8151 :id "9362e8c4"]
+[:mem/node-8151 :db/ident :mem/node-8151]
+[:mem/node-8151 :deliberated true]
+[:mem/node-8792 :naga/first :mem/node-8793]
+[:mem/node-8792 :naga/contains :mem/node-8793]
+[:mem/node-8467 :valid_time :mem/node-8468]
+[:mem/node-8467 :schema_version "1.0.8"]
+[:mem/node-8467 :module-name "AMP Global Intel"]
+[:mem/node-8467 :naga/entity true]
+[:mem/node-8467 :observable :mem/node-8469]
+[:mem/node-8467 :type "judgement"]
+[:mem/node-8467 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8467 :external_ids :mem/node-8470]
+[:mem/node-8467 :disposition 2]
+[:mem/node-8467 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8467 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8467 :disposition_name "Malicious"]
+[:mem/node-8467 :priority 90]
+[:mem/node-8467 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-12c3e933-4c2a-4136-a83e-6e6b5e5dbfd1"]
+[:mem/node-8467 :severity "High"]
+[:mem/node-8467 :tlp "green"]
+[:mem/node-8467 :db/ident :mem/node-8467]
+[:mem/node-8467 :confidence "High"]
+[:mem/node-8840 :naga/first "hydrant-427856889366ff363c1f0979966b5212acc1e139e8ac773c30bac04f6dcfedbf"]
+[:mem/node-8840 :naga/contains "hydrant-427856889366ff363c1f0979966b5212acc1e139e8ac773c30bac04f6dcfedbf"]
+[:mem/node-8395 :naga/first "hydrant-c8e486460be63e6fdc506ee9b0419deeeaafdad650ffd06b1d694d5b469e84bb"]
+[:mem/node-8395 :naga/contains "hydrant-c8e486460be63e6fdc506ee9b0419deeeaafdad650ffd06b1d694d5b469e84bb"]
+[:mem/node-8789 :naga/first "hydrant-ac87d7ed9ca299ec63d48df19087740cba50b82baff3db22a98e44b2e7f984c7"]
+[:mem/node-8789 :naga/contains "hydrant-ac87d7ed9ca299ec63d48df19087740cba50b82baff3db22a98e44b2e7f984c7"]
+[:mem/node-8286 :naga/first "hydrant-825989f5a9bc0c61a603ed31bade8156e6945bcd74d69ca46e3bb21aa4c5d012"]
+[:mem/node-8286 :naga/contains "hydrant-825989f5a9bc0c61a603ed31bade8156e6945bcd74d69ca46e3bb21aa4c5d012"]
+[:mem/node-8819 :value "bibrath.eu"]
+[:mem/node-8819 :type "domain"]
+[:mem/node-8439 :valid_time :mem/node-8440]
+[:mem/node-8439 :schema_version "1.0.8"]
+[:mem/node-8439 :module-name "AMP Global Intel"]
+[:mem/node-8439 :naga/entity true]
+[:mem/node-8439 :observable :mem/node-8441]
+[:mem/node-8439 :type "judgement"]
+[:mem/node-8439 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8439 :external_ids :mem/node-8442]
+[:mem/node-8439 :disposition 2]
+[:mem/node-8439 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8439 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8439 :disposition_name "Malicious"]
+[:mem/node-8439 :priority 90]
+[:mem/node-8439 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-263d1b9c-bfe8-4778-ba2b-a1a714712191"]
+[:mem/node-8439 :severity "High"]
+[:mem/node-8439 :tlp "green"]
+[:mem/node-8439 :db/ident :mem/node-8439]
+[:mem/node-8439 :confidence "High"]
+[:mem/node-8629 :naga/first :mem/node-8630]
+[:mem/node-8629 :naga/contains :mem/node-8630]
+[:mem/node-8651 :naga/first "hydrant-a722d1d1c0da37aed2e85b637132d540040736140b6c312aea15be1cd4548128"]
+[:mem/node-8651 :naga/contains "hydrant-a722d1d1c0da37aed2e85b637132d540040736140b6c312aea15be1cd4548128"]
+[:mem/node-8725 :value "bibrath.eu"]
+[:mem/node-8725 :type "domain"]
+[:mem/node-8256 :value "bibrath.eu"]
+[:mem/node-8256 :type "domain"]
+[:mem/node-8316 :naga/first "hydrant-e1e27e3bba418ca1815ccb63a06e3a4944fb5066f47aa468d56636b70dd85df9"]
+[:mem/node-8316 :naga/contains "hydrant-e1e27e3bba418ca1815ccb63a06e3a4944fb5066f47aa468d56636b70dd85df9"]
+[:mem/node-8526 :naga/first "VirusTotal"]
+[:mem/node-8526 :naga/rest :mem/node-8527]
+[:mem/node-8536 :naga/first :mem/node-8537]
+[:mem/node-8536 :naga/rest :mem/node-8540]
+[:mem/node-8334 :naga/first "hydrant-2be57f35dc300ae3a0c4bb6fef7b102cb2933f02b61de78fc376ff624eca7c52"]
+[:mem/node-8334 :naga/contains "hydrant-2be57f35dc300ae3a0c4bb6fef7b102cb2933f02b61de78fc376ff624eca7c52"]
+[:mem/node-9073 :start_time #object[java.time.ZonedDateTime 0x4eace42b "2019-02-25T06:31:07Z"]]
+[:mem/node-9073 :end_time #object[java.time.ZonedDateTime 0x6f87a7c7 "2019-03-25T06:31:07Z"]]
+[:mem/node-8998 :value "bibrath.eu"]
+[:mem/node-8998 :type "domain"]
+[:mem/node-8955 :start_time #object[java.time.ZonedDateTime 0x857f1a7 "2019-02-13T00:31:14Z"]]
+[:mem/node-8955 :end_time #object[java.time.ZonedDateTime 0x682fe17b "2019-03-13T00:31:14Z"]]
+[:mem/node-8558 :value "https://bibrath.eu/"]
+[:mem/node-8558 :type "url"]
+[:mem/node-8940 :start_time #object[java.time.ZonedDateTime 0x418bdde9 "2018-05-12T12:25:12Z"]]
+[:mem/node-8940 :end_time #object[java.time.ZonedDateTime 0x13e0f380 "2018-05-12T12:25:12Z"]]
+[:mem/node-8513 :value "bibrath.eu"]
+[:mem/node-8513 :type "domain"]
+[:mem/node-8563 :value "bibrath.eu"]
+[:mem/node-8563 :type "domain"]
+[:mem/node-8227 :naga/first :mem/node-8228]
+[:mem/node-8227 :naga/contains :mem/node-8228]
+[:mem/node-8958 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8958 :schema_version "1.0.0"]
+[:mem/node-8958 :module-name "AMP Global Intel"]
+[:mem/node-8958 :naga/entity true]
+[:mem/node-8958 :observables :mem/node-8959]
+[:mem/node-8958 :type "sighting"]
+[:mem/node-8958 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8958 :external_ids :mem/node-8961]
+[:mem/node-8958 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8958 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2b54255c-295f-477b-bbda-c9aabb0c3ac9"]
+[:mem/node-8958 :count 1]
+[:mem/node-8958 :tlp "green"]
+[:mem/node-8958 :db/ident :mem/node-8958]
+[:mem/node-8958 :confidence "High"]
+[:mem/node-8958 :observed_time :mem/node-8962]
+[:mem/node-8205 :value "bibrath.eu"]
+[:mem/node-8205 :type "domain"]
+[:mem/node-8171 :start_time #object[java.time.ZonedDateTime 0x240df292 "2019-02-11T06:31:11Z"]]
+[:mem/node-8171 :end_time #object[java.time.ZonedDateTime 0x333efb51 "2019-03-11T06:31:11Z"]]
+[:mem/node-8482 :description "IP addresses that bibrath.eu resolves to"]
+[:mem/node-8482 :schema_version "1.0.10"]
+[:mem/node-8482 :relations :mem/node-8483]
+[:mem/node-8482 :module-name "VirusTotal"]
+[:mem/node-8482 :naga/entity true]
+[:mem/node-8482 :observables :mem/node-8487]
+[:mem/node-8482 :type "sighting"]
+[:mem/node-8482 :source "VirusTotal"]
+[:mem/node-8482 :source_uri "https://www.virustotal.com/en/domain/bibrath.eu/information/"]
+[:mem/node-8482 :id "transient:4eb90d1c-5c0f-434b-8ebd-b14a7dde3e68"]
+[:mem/node-8482 :count 1]
+[:mem/node-8482 :tlp "white"]
+[:mem/node-8482 :db/ident :mem/node-8482]
+[:mem/node-8482 :confidence "High"]
+[:mem/node-8482 :observed_time :mem/node-8489]
+[:mem/node-8482 :sensor "process.sandbox"]
+[:mem/node-8158 :start_time #object[java.time.ZonedDateTime 0x2c451c4a "2019-02-25T12:31:12Z"]]
+[:mem/node-8158 :end_time #object[java.time.ZonedDateTime 0x38ad86b1 "2019-03-25T12:31:12Z"]]
+[:mem/node-8549 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8549 :relation "Contains"]
+[:mem/node-8549 :source :mem/node-8550]
+[:mem/node-8549 :related :mem/node-8551]
+[:mem/node-8594 :naga/first :mem/node-8595]
+[:mem/node-8594 :naga/contains :mem/node-8595]
+[:mem/node-8267 :start_time #object[java.time.ZonedDateTime 0x73ff7a54 "2018-10-02T18:25:15Z"]]
+[:mem/node-8267 :end_time #object[java.time.ZonedDateTime 0x375ff309 "2018-10-02T18:25:15Z"]]
+[:mem/node-8865 :naga/first :mem/node-8866]
+[:mem/node-8865 :naga/contains :mem/node-8866]
+[:mem/node-8659 :start_time #object[java.time.ZonedDateTime 0x337c0ee4 "2019-03-11T00:31:24.014Z"]]
+[:mem/node-8659 :end_time #object[java.time.ZonedDateTime 0x67b09e34 "2019-04-10T00:31:24.014Z"]]
+[:mem/node-8123 :valid_time :mem/node-8124]
+[:mem/node-8123 :schema_version "1.0.8"]
+[:mem/node-8123 :module-name "AMP Global Intel"]
+[:mem/node-8123 :naga/entity true]
+[:mem/node-8123 :observable :mem/node-8125]
+[:mem/node-8123 :type "judgement"]
+[:mem/node-8123 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8123 :external_ids :mem/node-8126]
+[:mem/node-8123 :disposition 2]
+[:mem/node-8123 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8123 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8123 :disposition_name "Malicious"]
+[:mem/node-8123 :priority 90]
+[:mem/node-8123 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-f6b21948-c637-4110-99f8-438910cdbb28"]
+[:mem/node-8123 :severity "High"]
+[:mem/node-8123 :tlp "green"]
+[:mem/node-8123 :db/ident :mem/node-8123]
+[:mem/node-8123 :confidence "High"]
+[:mem/node-8623 :naga/first "hydrant-2e0609dc35c4b9f38efb33a95ae716124e6849a92c3441d19c4aef999273ce6a"]
+[:mem/node-8623 :naga/contains "hydrant-2e0609dc35c4b9f38efb33a95ae716124e6849a92c3441d19c4aef999273ce6a"]
+[:mem/node-9028 :naga/first "hydrant-803444ec0a0005ba7b9bdbebbe0654a96de76fc932163d91ca979087e216c753"]
+[:mem/node-9028 :naga/contains "hydrant-803444ec0a0005ba7b9bdbebbe0654a96de76fc932163d91ca979087e216c753"]
+[:mem/node-8719 :db/ident :mem/node-8719]
+[:mem/node-8719 :naga/entity true]
+[:mem/node-8719 :value "http://bibrath.eu/gdgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8719 :type "url"]
+[:mem/node-8719 :id "39bd25c5"]
+[:mem/node-8719 :deliberated true]
+[:mem/node-8719 "Contains" :mem/node-8524]
+[:mem/node-8719 "Observed_By" :mem/node-8531]
+[:mem/node-8152 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8152 :schema_version "1.0.0"]
+[:mem/node-8152 :module-name "AMP Global Intel"]
+[:mem/node-8152 :naga/entity true]
+[:mem/node-8152 :observables :mem/node-8153]
+[:mem/node-8152 :type "sighting"]
+[:mem/node-8152 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8152 :external_ids :mem/node-8155]
+[:mem/node-8152 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8152 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-97fc956a-dc17-4a1b-a7f6-444e7aa5d5f2"]
+[:mem/node-8152 :count 1]
+[:mem/node-8152 :tlp "green"]
+[:mem/node-8152 :db/ident :mem/node-8152]
+[:mem/node-8152 :confidence "High"]
+[:mem/node-8152 :observed_time :mem/node-8156]
+[:mem/node-8185 :value "bibrath.eu"]
+[:mem/node-8185 :type "domain"]
+[:mem/node-8761 :start_time #object[java.time.ZonedDateTime 0x6f95654c "2019-03-13T00:31:13.119Z"]]
+[:mem/node-8761 :end_time #object[java.time.ZonedDateTime 0x271a140c "2019-04-12T00:31:13.119Z"]]
+[:mem/node-8827 :db/ident :mem/node-8827]
+[:mem/node-8827 :naga/entity true]
+[:mem/node-8827 :value "http://bibrath.eu/club.php"]
+[:mem/node-8827 :type "url"]
+[:mem/node-8827 :id "9c5402b5"]
+[:mem/node-8827 :deliberated true]
+[:mem/node-8827 "Contains" :mem/node-8524]
+[:mem/node-8827 "Observed_By" :mem/node-8531]
+[:mem/node-8949 :start_time #object[java.time.ZonedDateTime 0x74c23525 "2018-04-27T18:25:12Z"]]
+[:mem/node-8949 :end_time #object[java.time.ZonedDateTime 0x176054b7 "2018-04-27T18:25:12Z"]]
+[:mem/node-8094 :start_time #object[java.time.ZonedDateTime 0x531bec12 "2019-03-15T00:31:23.499Z"]]
+[:mem/node-8094 :end_time #object[java.time.ZonedDateTime 0x24563809 "2019-04-14T00:31:23.499Z"]]
+[:mem/node-8272 :valid_time :mem/node-8273]
+[:mem/node-8272 :schema_version "1.0.10"]
+[:mem/node-8272 :module-name "Umbrella"]
+[:mem/node-8272 :naga/entity true]
+[:mem/node-8272 :observable :mem/node-8274]
+[:mem/node-8272 :type "judgement"]
+[:mem/node-8272 :source "Umbrella Investigate API"]
+[:mem/node-8272 :disposition 2]
+[:mem/node-8272 :reason "Poor Cisco Umbrella reputation status"]
+[:mem/node-8272 :source_uri "https://investigate.umbrella.com/domain-view/name/bibrath.eu/view"]
+[:mem/node-8272 :disposition_name "Malicious"]
+[:mem/node-8272 :priority 90]
+[:mem/node-8272 :id "transient:e2a6d875-c2be-44f3-991d-89456f6c1fa7"]
+[:mem/node-8272 :severity "High"]
+[:mem/node-8272 :tlp "amber"]
+[:mem/node-8272 :db/ident :mem/node-8272]
+[:mem/node-8272 :confidence "High"]
+[:mem/node-8992 :naga/first :mem/node-8993]
+[:mem/node-8992 :naga/contains :mem/node-8993]
+[:mem/node-8818 :naga/first :mem/node-8819]
+[:mem/node-8818 :naga/contains :mem/node-8819]
+[:mem/node-8464 :value "bibrath.eu"]
+[:mem/node-8464 :type "domain"]
+[:mem/node-8657 :start_time #object[java.time.ZonedDateTime 0x41d84abb "2018-04-26T06:25:13Z"]]
+[:mem/node-8657 :end_time #object[java.time.ZonedDateTime 0x54087bdb "2018-04-26T06:25:13Z"]]
+[:mem/node-8993 :value "bibrath.eu"]
+[:mem/node-8993 :type "domain"]
+[:mem/node-8422 :start_time #object[java.time.ZonedDateTime 0x587f6634 "2019-02-16T18:31:06Z"]]
+[:mem/node-8422 :end_time #object[java.time.ZonedDateTime 0x4d7c9b42 "2019-03-16T18:31:06Z"]]
+[:mem/node-8154 :value "bibrath.eu"]
+[:mem/node-8154 :type "domain"]
+[:mem/node-8355 :value "bibrath.eu"]
+[:mem/node-8355 :type "domain"]
+[:mem/node-8160 :naga/first "hydrant-ab173347f529bf83781d504dc49804c4346497e75e357ec813cba1dc314fc856"]
+[:mem/node-8160 :naga/contains "hydrant-ab173347f529bf83781d504dc49804c4346497e75e357ec813cba1dc314fc856"]
+[:mem/node-8874 :naga/first :mem/node-8875]
+[:mem/node-8874 :naga/contains :mem/node-8875]
+[:mem/node-9011 :value "bibrath.eu"]
+[:mem/node-9011 :type "domain"]
+[:mem/node-9042 :naga/first "hydrant-1ae3a08ec454a357e7215e4bc121c4688b35ae2ce2df661245722d1b2fd045e8"]
+[:mem/node-9042 :naga/contains "hydrant-1ae3a08ec454a357e7215e4bc121c4688b35ae2ce2df661245722d1b2fd045e8"]
+[:mem/node-8835 :naga/first "hydrant-cb5ba435e47a56fe501d59425ce3645ef1e87bdf7d82fcbb968efce428e5dccd"]
+[:mem/node-8835 :naga/contains "hydrant-cb5ba435e47a56fe501d59425ce3645ef1e87bdf7d82fcbb968efce428e5dccd"]
+[:mem/node-8868 :start_time #object[java.time.ZonedDateTime 0x4ef28dc4 "2018-10-01T12:25:14Z"]]
+[:mem/node-8868 :end_time #object[java.time.ZonedDateTime 0x59b3f162 "2018-10-01T12:25:14Z"]]
+[:mem/node-8260 :start_time #object[java.time.ZonedDateTime 0x7ade62a6 "2019-02-10T06:31:20Z"]]
+[:mem/node-8260 :end_time #object[java.time.ZonedDateTime 0x53d15034 "2019-03-10T06:31:20Z"]]
+[:mem/node-8917 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8917 :schema_version "1.0.0"]
+[:mem/node-8917 :module-name "AMP Global Intel"]
+[:mem/node-8917 :naga/entity true]
+[:mem/node-8917 :observables :mem/node-8918]
+[:mem/node-8917 :type "sighting"]
+[:mem/node-8917 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8917 :external_ids :mem/node-8920]
+[:mem/node-8917 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8917 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-d2223172-4813-4578-a059-32e7e0fda36b"]
+[:mem/node-8917 :count 1]
+[:mem/node-8917 :tlp "green"]
+[:mem/node-8917 :db/ident :mem/node-8917]
+[:mem/node-8917 :confidence "High"]
+[:mem/node-8917 :observed_time :mem/node-8921]
+[:mem/node-9006 :value "bibrath.eu"]
+[:mem/node-9006 :type "domain"]
+[:mem/node-8591 :value "bibrath.eu"]
+[:mem/node-8591 :type "domain"]
+[:mem/node-8172 :value "bibrath.eu"]
+[:mem/node-8172 :type "domain"]
+[:mem/node-8931 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8931 :schema_version "1.0.0"]
+[:mem/node-8931 :module-name "AMP Global Intel"]
+[:mem/node-8931 :naga/entity true]
+[:mem/node-8931 :observables :mem/node-8932]
+[:mem/node-8931 :type "sighting"]
+[:mem/node-8931 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8931 :external_ids :mem/node-8934]
+[:mem/node-8931 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8931 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-cf9b372d-21a2-4bff-9fc9-3adb6e29d6d7"]
+[:mem/node-8931 :count 1]
+[:mem/node-8931 :tlp "green"]
+[:mem/node-8931 :db/ident :mem/node-8931]
+[:mem/node-8931 :confidence "High"]
+[:mem/node-8931 :observed_time :mem/node-8935]
+[:mem/node-8392 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8392 :schema_version "1.0.0"]
+[:mem/node-8392 :module-name "AMP Global Intel"]
+[:mem/node-8392 :naga/entity true]
+[:mem/node-8392 :observables :mem/node-8393]
+[:mem/node-8392 :type "sighting"]
+[:mem/node-8392 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8392 :external_ids :mem/node-8395]
+[:mem/node-8392 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8392 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a0f9e4c7-b243-43d2-9257-351449a14fd3"]
+[:mem/node-8392 :count 1]
+[:mem/node-8392 :tlp "green"]
+[:mem/node-8392 :db/ident :mem/node-8392]
+[:mem/node-8392 :confidence "High"]
+[:mem/node-8392 :observed_time :mem/node-8396]
+[:mem/node-8103 :start_time #object[java.time.ZonedDateTime 0x9976b27 "2019-02-17T00:31:25Z"]]
+[:mem/node-8103 :end_time #object[java.time.ZonedDateTime 0x4fe9a396 "2019-03-17T00:31:25Z"]]
+[:mem/node-8283 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8283 :schema_version "1.0.0"]
+[:mem/node-8283 :module-name "AMP Global Intel"]
+[:mem/node-8283 :naga/entity true]
+[:mem/node-8283 :observables :mem/node-8284]
+[:mem/node-8283 :type "sighting"]
+[:mem/node-8283 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8283 :external_ids :mem/node-8286]
+[:mem/node-8283 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8283 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-3c08c4f7-23b4-4de7-aed5-65731b2c27dc"]
+[:mem/node-8283 :count 1]
+[:mem/node-8283 :tlp "green"]
+[:mem/node-8283 :db/ident :mem/node-8283]
+[:mem/node-8283 :confidence "High"]
+[:mem/node-8283 :observed_time :mem/node-8287]
+[:mem/node-8190 :naga/first "hydrant-83a6a80e3afa654ca96dd5b50a2ad09b3fa610e1dbe01e4fbc5972a648f047aa"]
+[:mem/node-8190 :naga/contains "hydrant-83a6a80e3afa654ca96dd5b50a2ad09b3fa610e1dbe01e4fbc5972a648f047aa"]
+[:mem/node-8646 :naga/first "hydrant-65cd397c8dd76d9b5690ccacefadfa7a9762a718502d8e08c2725d54f1c70fe9"]
+[:mem/node-8646 :naga/contains "hydrant-65cd397c8dd76d9b5690ccacefadfa7a9762a718502d8e08c2725d54f1c70fe9"]
+[:mem/node-8745 :start_time #object[java.time.ZonedDateTime 0x462b239f "2018-04-24T00:25:11Z"]]
+[:mem/node-8745 :end_time #object[java.time.ZonedDateTime 0x1fa29b9e "2018-04-24T00:25:11Z"]]
+[:mem/node-8712 :start_time #object[java.time.ZonedDateTime 0x2d5e051e "2019-02-24T06:31:10Z"]]
+[:mem/node-8712 :end_time #object[java.time.ZonedDateTime 0x2f29e630 "2019-03-24T06:31:10Z"]]
+[:mem/node-8845 :naga/first "hydrant-3f1ee2d30872a88009cc334db68889e6a2a718fba816cec072d29f17bb68f685"]
+[:mem/node-8845 :naga/contains "hydrant-3f1ee2d30872a88009cc334db68889e6a2a718fba816cec072d29f17bb68f685"]
+[:mem/node-8578 :naga/first "hydrant-5252c893ab527c5e332d5c0180c3091048d87b84d55b4f5b13c23d869b9c2216"]
+[:mem/node-8578 :naga/contains "hydrant-5252c893ab527c5e332d5c0180c3091048d87b84d55b4f5b13c23d869b9c2216"]
+[:mem/node-8170 :valid_time :mem/node-8171]
+[:mem/node-8170 :schema_version "1.0.8"]
+[:mem/node-8170 :module-name "AMP Global Intel"]
+[:mem/node-8170 :naga/entity true]
+[:mem/node-8170 :observable :mem/node-8172]
+[:mem/node-8170 :type "judgement"]
+[:mem/node-8170 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8170 :external_ids :mem/node-8173]
+[:mem/node-8170 :disposition 2]
+[:mem/node-8170 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8170 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8170 :disposition_name "Malicious"]
+[:mem/node-8170 :priority 90]
+[:mem/node-8170 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-3168928d-2fcc-45dc-b1dd-c3208471d48a"]
+[:mem/node-8170 :severity "High"]
+[:mem/node-8170 :tlp "green"]
+[:mem/node-8170 :db/ident :mem/node-8170]
+[:mem/node-8170 :confidence "High"]
+[:mem/node-8688 :naga/first "hydrant-eed525c9381d8bada9b4e789eacbb1bbdd70d97aa4edd587951d9c602237fbd4"]
+[:mem/node-8688 :naga/contains "hydrant-eed525c9381d8bada9b4e789eacbb1bbdd70d97aa4edd587951d9c602237fbd4"]
+[:mem/node-8446 :naga/first "hydrant-bf134136e98536a42a0b9c97510958796e45b02a24a633b4959135b1fd76d425"]
+[:mem/node-8446 :naga/contains "hydrant-bf134136e98536a42a0b9c97510958796e45b02a24a633b4959135b1fd76d425"]
+[:mem/node-8751 :valid_time :mem/node-8752]
+[:mem/node-8751 :schema_version "1.0.8"]
+[:mem/node-8751 :module-name "AMP Global Intel"]
+[:mem/node-8751 :naga/entity true]
+[:mem/node-8751 :observable :mem/node-8753]
+[:mem/node-8751 :type "judgement"]
+[:mem/node-8751 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8751 :external_ids :mem/node-8754]
+[:mem/node-8751 :disposition 2]
+[:mem/node-8751 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8751 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8751 :disposition_name "Malicious"]
+[:mem/node-8751 :priority 90]
+[:mem/node-8751 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-4e2c07c2-d0a5-4063-81ef-f76f856069a5"]
+[:mem/node-8751 :severity "High"]
+[:mem/node-8751 :tlp "green"]
+[:mem/node-8751 :db/ident :mem/node-8751]
+[:mem/node-8751 :confidence "High"]
+[:mem/node-8966 :naga/first "hydrant-a180c1dff71caba258acb8089b904bb388e55a1e9198662f9ebbb431cbd17c13"]
+[:mem/node-8966 :naga/contains "hydrant-a180c1dff71caba258acb8089b904bb388e55a1e9198662f9ebbb431cbd17c13"]
+[:mem/node-8927 :valid_time :mem/node-8928]
+[:mem/node-8927 :schema_version "1.0.8"]
+[:mem/node-8927 :module-name "AMP Global Intel"]
+[:mem/node-8927 :naga/entity true]
+[:mem/node-8927 :observable :mem/node-8929]
+[:mem/node-8927 :type "judgement"]
+[:mem/node-8927 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8927 :external_ids :mem/node-8930]
+[:mem/node-8927 :disposition 2]
+[:mem/node-8927 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8927 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8927 :disposition_name "Malicious"]
+[:mem/node-8927 :priority 90]
+[:mem/node-8927 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b36df536-c0c1-47b8-b788-d1e20718f025"]
+[:mem/node-8927 :severity "High"]
+[:mem/node-8927 :tlp "green"]
+[:mem/node-8927 :db/ident :mem/node-8927]
+[:mem/node-8927 :confidence "High"]
+[:mem/node-8749 :naga/first "hydrant-91d4db06f1c3ff9753505d81b312132b3b529c4f12c1b802e361690cbc31de9a"]
+[:mem/node-8749 :naga/contains "hydrant-91d4db06f1c3ff9753505d81b312132b3b529c4f12c1b802e361690cbc31de9a"]
+[:mem/node-8287 :start_time #object[java.time.ZonedDateTime 0x30811f91 "2018-05-07T18:25:12Z"]]
+[:mem/node-8287 :end_time #object[java.time.ZonedDateTime 0x3bf40c74 "2018-05-07T18:25:12Z"]]
+[:mem/node-8775 :value "bibrath.eu"]
+[:mem/node-8775 :type "domain"]
+[:mem/node-8587 :naga/first "hydrant-f5617152de3a611ccb47c71912edf9d8821e883dea1bfacb0fee692ed8d7fa52"]
+[:mem/node-8587 :naga/contains "hydrant-f5617152de3a611ccb47c71912edf9d8821e883dea1bfacb0fee692ed8d7fa52"]
+[:mem/node-8616 :naga/first :mem/node-8617]
+[:mem/node-8616 :naga/contains :mem/node-8617]
+[:mem/node-8282 :naga/first "hydrant-1ad1470a38f9d14976fc661d3b8a4c630462c8828e6d145014740575ffb637d1"]
+[:mem/node-8282 :naga/contains "hydrant-1ad1470a38f9d14976fc661d3b8a4c630462c8828e6d145014740575ffb637d1"]
+[:mem/node-8683 :naga/first "hydrant-33a95f3384e6734f153576ad3238245ed09f96ca2f117a5bb1f0f18107450b11"]
+[:mem/node-8683 :naga/contains "hydrant-33a95f3384e6734f153576ad3238245ed09f96ca2f117a5bb1f0f18107450b11"]
+[:mem/node-8292 :start_time #object[java.time.ZonedDateTime 0x665f88e1 "2018-10-17T18:25:16Z"]]
+[:mem/node-8292 :end_time #object[java.time.ZonedDateTime 0x6a7ea7c "2018-10-17T18:25:16Z"]]
+[:mem/node-8203 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8203 :schema_version "1.0.0"]
+[:mem/node-8203 :module-name "AMP Global Intel"]
+[:mem/node-8203 :naga/entity true]
+[:mem/node-8203 :observables :mem/node-8204]
+[:mem/node-8203 :type "sighting"]
+[:mem/node-8203 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8203 :external_ids :mem/node-8206]
+[:mem/node-8203 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8203 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-71c0bbeb-64a2-4bf0-b518-a2368bb71b07"]
+[:mem/node-8203 :count 1]
+[:mem/node-8203 :tlp "green"]
+[:mem/node-8203 :db/ident :mem/node-8203]
+[:mem/node-8203 :confidence "High"]
+[:mem/node-8203 :observed_time :mem/node-8207]
+[:mem/node-8431 :value "bibrath.eu"]
+[:mem/node-8431 :type "domain"]
+[:mem/node-9003 :naga/first "hydrant-7ef78b5565416ef7b4ff1fef5563ba2de1c7fabf746be2ccf274ffde41866e39"]
+[:mem/node-9003 :naga/contains "hydrant-7ef78b5565416ef7b4ff1fef5563ba2de1c7fabf746be2ccf274ffde41866e39"]
+[:mem/node-8961 :naga/first "hydrant-46c7af7f0d75f1c2f36012b37e38db6132d76dd0b17d305551a78a68ee81ddf2"]
+[:mem/node-8961 :naga/contains "hydrant-46c7af7f0d75f1c2f36012b37e38db6132d76dd0b17d305551a78a68ee81ddf2"]
+[:mem/node-8194 :naga/first "hydrant-d74f946db2733036eeef5f8283cae3798cfab63a40fadee6535e900295653f33"]
+[:mem/node-8194 :naga/contains "hydrant-d74f946db2733036eeef5f8283cae3798cfab63a40fadee6535e900295653f33"]
+[:mem/node-8903 :naga/first "hydrant-f6b183f1ba24884ca3403724b14e2b96739c1cb5864d53a206a532ad4e0c5f31"]
+[:mem/node-8903 :naga/contains "hydrant-f6b183f1ba24884ca3403724b14e2b96739c1cb5864d53a206a532ad4e0c5f31"]
+[:mem/node-8399 :value "bibrath.eu"]
+[:mem/node-8399 :type "domain"]
+[:mem/node-8857 :value "bibrath.eu"]
+[:mem/node-8857 :type "domain"]
+[:mem/node-8744 :naga/first "hydrant-aba68bdc15cb2abaeb874ce51f4168100df7da7e1e53a87fa92066f04ba292b3"]
+[:mem/node-8744 :naga/contains "hydrant-aba68bdc15cb2abaeb874ce51f4168100df7da7e1e53a87fa92066f04ba292b3"]
+[:mem/node-8831 :naga/first "hydrant-8e4a0693e9087602e6c32cca0d9fdba8c957dcca99f1ea1a2e0107cb989bd96d"]
+[:mem/node-8831 :naga/contains "hydrant-8e4a0693e9087602e6c32cca0d9fdba8c957dcca99f1ea1a2e0107cb989bd96d"]
+[:mem/node-8934 :naga/first "hydrant-5d0609ac22ff185b20da6a523d771eba673bdc020bb8997ee8c0dc59bf8472a8"]
+[:mem/node-8934 :naga/contains "hydrant-5d0609ac22ff185b20da6a523d771eba673bdc020bb8997ee8c0dc59bf8472a8"]
+[:mem/node-9040 :start_time #object[java.time.ZonedDateTime 0x3ee200ae "2019-04-02T00:31:19.426Z"]]
+[:mem/node-9040 :end_time #object[java.time.ZonedDateTime 0x25ee3caa "2019-05-02T00:31:19.426Z"]]
+[:mem/node-8618 :naga/first "hydrant-b41c7a16f269344362de5fc421c941642c7eae28bb82bfc71168e6bd2514b31f"]
+[:mem/node-8618 :naga/contains "hydrant-b41c7a16f269344362de5fc421c941642c7eae28bb82bfc71168e6bd2514b31f"]
+[:mem/node-8121 :value "bibrath.eu"]
+[:mem/node-8121 :type "domain"]
+[:mem/node-8407 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8407 :schema_version "1.0.0"]
+[:mem/node-8407 :module-name "AMP Global Intel"]
+[:mem/node-8407 :naga/entity true]
+[:mem/node-8407 :observables :mem/node-8408]
+[:mem/node-8407 :type "sighting"]
+[:mem/node-8407 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8407 :external_ids :mem/node-8410]
+[:mem/node-8407 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8407 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-7106a2e6-b8d3-4759-89ba-62077d3b29f0"]
+[:mem/node-8407 :count 1]
+[:mem/node-8407 :tlp "green"]
+[:mem/node-8407 :db/ident :mem/node-8407]
+[:mem/node-8407 :confidence "High"]
+[:mem/node-8407 :observed_time :mem/node-8411]
+[:mem/node-8105 :naga/first "hydrant-74dd84ff21a49ba7331d57bc0a350725da81542e7eacaa1f625512da2414736b"]
+[:mem/node-8105 :naga/contains "hydrant-74dd84ff21a49ba7331d57bc0a350725da81542e7eacaa1f625512da2414736b"]
+[:mem/node-8397 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8397 :schema_version "1.0.0"]
+[:mem/node-8397 :module-name "AMP Global Intel"]
+[:mem/node-8397 :naga/entity true]
+[:mem/node-8397 :observables :mem/node-8398]
+[:mem/node-8397 :type "sighting"]
+[:mem/node-8397 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8397 :external_ids :mem/node-8400]
+[:mem/node-8397 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8397 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-83cd7fba-655d-4e6c-98ca-58852799b274"]
+[:mem/node-8397 :count 1]
+[:mem/node-8397 :tlp "green"]
+[:mem/node-8397 :db/ident :mem/node-8397]
+[:mem/node-8397 :confidence "High"]
+[:mem/node-8397 :observed_time :mem/node-8401]
+[:mem/node-8583 :naga/first "hydrant-e20428d3174df4826fd807ace2647f5f0bfe7fa44c056046ffc7737f6674e662"]
+[:mem/node-8583 :naga/contains "hydrant-e20428d3174df4826fd807ace2647f5f0bfe7fa44c056046ffc7737f6674e662"]
+[:mem/node-8092 :start_time #object[java.time.ZonedDateTime 0x3fecb076 "2018-05-04T18:25:14Z"]]
+[:mem/node-8092 :end_time #object[java.time.ZonedDateTime 0x62159fd "2018-05-04T18:25:14Z"]]
+[:mem/node-8722 :start_time #object[java.time.ZonedDateTime 0x28e8dee7 "2019-03-08T06:07:29Z"]]
+[:mem/node-8722 :end_time #object[java.time.ZonedDateTime 0x7c37ac3c "2019-05-07T06:07:29Z"]]
+[:mem/node-8596 :naga/first "hydrant-847294feb8b59e3e49e1874bc792811ce8aece0bca98769ecdbd90eacdbf9fa7"]
+[:mem/node-8596 :naga/contains "hydrant-847294feb8b59e3e49e1874bc792811ce8aece0bca98769ecdbd90eacdbf9fa7"]
+[:mem/node-8861 :value "bibrath.eu"]
+[:mem/node-8861 :type "domain"]
+[:mem/node-8389 :db/ident :mem/node-8389]
+[:mem/node-8389 :naga/entity true]
+[:mem/node-8389 :type "verdict"]
+[:mem/node-8389 :disposition 5]
+[:mem/node-8389 :observable :mem/node-8390]
+[:mem/node-8389 :disposition_name "Unknown"]
+[:mem/node-8389 :valid_time :mem/node-8391]
+[:mem/node-8389 :id "verdict::aca56b9a"]
+[:mem/node-8389 :module-name "Umbrella"]
+[:mem/node-8093 :valid_time :mem/node-8094]
+[:mem/node-8093 :schema_version "1.0.9"]
+[:mem/node-8093 :module-name "AMP Global Intel"]
+[:mem/node-8093 :naga/entity true]
+[:mem/node-8093 :observable :mem/node-8095]
+[:mem/node-8093 :type "judgement"]
+[:mem/node-8093 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8093 :external_ids :mem/node-8096]
+[:mem/node-8093 :disposition 2]
+[:mem/node-8093 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8093 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8093 :disposition_name "Malicious"]
+[:mem/node-8093 :priority 90]
+[:mem/node-8093 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-3d5d0aa2-747b-4db7-b0f4-a4c56a4bf57b"]
+[:mem/node-8093 :severity "High"]
+[:mem/node-8093 :tlp "green"]
+[:mem/node-8093 :db/ident :mem/node-8093]
+[:mem/node-8093 :timestamp "2019-03-15T00:31:23.499Z"]
+[:mem/node-8093 :confidence "High"]
+[:mem/node-8951 :start_time #object[java.time.ZonedDateTime 0x2682cccc "2019-02-18T06:31:24Z"]]
+[:mem/node-8951 :end_time #object[java.time.ZonedDateTime 0x2ae08750 "2019-03-18T06:31:24Z"]]
+[:mem/node-8580 :valid_time :mem/node-8581]
+[:mem/node-8580 :schema_version "1.0.8"]
+[:mem/node-8580 :module-name "AMP Global Intel"]
+[:mem/node-8580 :naga/entity true]
+[:mem/node-8580 :observable :mem/node-8582]
+[:mem/node-8580 :type "judgement"]
+[:mem/node-8580 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8580 :external_ids :mem/node-8583]
+[:mem/node-8580 :disposition 2]
+[:mem/node-8580 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8580 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8580 :disposition_name "Malicious"]
+[:mem/node-8580 :priority 90]
+[:mem/node-8580 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-9179c93c-5298-4678-8662-7c913b23ace5"]
+[:mem/node-8580 :severity "High"]
+[:mem/node-8580 :tlp "green"]
+[:mem/node-8580 :db/ident :mem/node-8580]
+[:mem/node-8580 :confidence "High"]
+[:mem/node-8362 :start_time #object[java.time.ZonedDateTime 0x44117b0d "2018-04-18T06:25:13Z"]]
+[:mem/node-8362 :end_time #object[java.time.ZonedDateTime 0x58679ff "2018-04-18T06:25:13Z"]]
+[:mem/node-8201 :value "bibrath.eu"]
+[:mem/node-8201 :type "domain"]
+[:mem/node-8534 :value "http://bibrath.eu/dgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8534 :type "url"]
+[:mem/node-8114 :start_time #object[java.time.ZonedDateTime 0x35d2312f "2018-10-22T06:25:16Z"]]
+[:mem/node-8114 :end_time #object[java.time.ZonedDateTime 0x1b26fac2 "2018-10-22T06:25:16Z"]]
+[:mem/node-8972 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8972 :schema_version "1.0.4"]
+[:mem/node-8972 :module-name "AMP Global Intel"]
+[:mem/node-8972 :naga/entity true]
+[:mem/node-8972 :observables :mem/node-8973]
+[:mem/node-8972 :type "sighting"]
+[:mem/node-8972 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8972 :external_ids :mem/node-8975]
+[:mem/node-8972 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8972 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-91c14a5c-a6c4-4dc5-80ab-d176da80a76b"]
+[:mem/node-8972 :count 1]
+[:mem/node-8972 :tlp "green"]
+[:mem/node-8972 :db/ident :mem/node-8972]
+[:mem/node-8972 :confidence "High"]
+[:mem/node-8972 :observed_time :mem/node-8976]
+[:mem/node-8607 :start_time #object[java.time.ZonedDateTime 0x54a033b8 "2019-02-15T12:31:18Z"]]
+[:mem/node-8607 :end_time #object[java.time.ZonedDateTime 0x62dfe152 "2019-03-15T12:31:18Z"]]
+[:mem/node-8477 :naga/first "zeus"]
+[:mem/node-8477 :naga/rest :mem/node-8478]
+[:mem/node-8235 :start_time #object[java.time.ZonedDateTime 0x46a0ef6f "2018-04-14T12:25:12Z"]]
+[:mem/node-8235 :end_time #object[java.time.ZonedDateTime 0x6afced93 "2018-04-14T12:25:12Z"]]
+[:mem/node-8236 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8236 :schema_version "1.0.4"]
+[:mem/node-8236 :module-name "AMP Global Intel"]
+[:mem/node-8236 :naga/entity true]
+[:mem/node-8236 :observables :mem/node-8237]
+[:mem/node-8236 :type "sighting"]
+[:mem/node-8236 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8236 :external_ids :mem/node-8239]
+[:mem/node-8236 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8236 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-f477f869-4f15-4eb2-9072-112f95818ffb"]
+[:mem/node-8236 :count 1]
+[:mem/node-8236 :tlp "green"]
+[:mem/node-8236 :db/ident :mem/node-8236]
+[:mem/node-8236 :confidence "High"]
+[:mem/node-8236 :observed_time :mem/node-8240]
+[:mem/node-8473 :value "bibrath.eu"]
+[:mem/node-8473 :type "domain"]
+[:mem/node-8757 :value "bibrath.eu"]
+[:mem/node-8757 :type "domain"]
+[:mem/node-8112 :value "bibrath.eu"]
+[:mem/node-8112 :type "domain"]
+[:mem/node-8486 :value "194.63.142.171"]
+[:mem/node-8486 :type "ip"]
+[:mem/node-8957 :naga/first "hydrant-637bc039bb2e5e7b21578c83c4bf80c859963ea2a11a03cde89c419887e07499"]
+[:mem/node-8957 :naga/contains "hydrant-637bc039bb2e5e7b21578c83c4bf80c859963ea2a11a03cde89c419887e07499"]
+[:mem/node-8820 :naga/first "hydrant-15ddda9cb2fb9d02566783e5c0eb3644ca9ad9321b5b8a9da8b93fb7dafd3153"]
+[:mem/node-8820 :naga/contains "hydrant-15ddda9cb2fb9d02566783e5c0eb3644ca9ad9321b5b8a9da8b93fb7dafd3153"]
+[:mem/node-8624 :valid_time :mem/node-8625]
+[:mem/node-8624 :schema_version "1.0.8"]
+[:mem/node-8624 :module-name "AMP Global Intel"]
+[:mem/node-8624 :naga/entity true]
+[:mem/node-8624 :observable :mem/node-8626]
+[:mem/node-8624 :type "judgement"]
+[:mem/node-8624 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8624 :external_ids :mem/node-8627]
+[:mem/node-8624 :disposition 2]
+[:mem/node-8624 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8624 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8624 :disposition_name "Malicious"]
+[:mem/node-8624 :priority 90]
+[:mem/node-8624 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-c80d622d-377e-4db7-8ba8-709d53c48b46"]
+[:mem/node-8624 :severity "High"]
+[:mem/node-8624 :tlp "green"]
+[:mem/node-8624 :db/ident :mem/node-8624]
+[:mem/node-8624 :confidence "High"]
+[:mem/node-8325 :naga/first "hydrant-3c29a40ab6addb61ab3784658fb0e6d6363082ce10a30fdff1e9f3b15218245a"]
+[:mem/node-8325 :naga/contains "hydrant-3c29a40ab6addb61ab3784658fb0e6d6363082ce10a30fdff1e9f3b15218245a"]
+[:mem/node-8309 :naga/first :mem/node-8310]
+[:mem/node-8309 :naga/contains :mem/node-8310]
+[:mem/node-8136 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8136 :schema_version "1.0.0"]
+[:mem/node-8136 :module-name "AMP Global Intel"]
+[:mem/node-8136 :naga/entity true]
+[:mem/node-8136 :observables :mem/node-8137]
+[:mem/node-8136 :type "sighting"]
+[:mem/node-8136 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8136 :external_ids :mem/node-8139]
+[:mem/node-8136 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8136 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-8fd7b40f-80c6-43e7-a950-c358c33ad2be"]
+[:mem/node-8136 :count 1]
+[:mem/node-8136 :tlp "green"]
+[:mem/node-8136 :db/ident :mem/node-8136]
+[:mem/node-8136 :confidence "High"]
+[:mem/node-8136 :observed_time :mem/node-8140]
+[:mem/node-8890 :value "bibrath.eu"]
+[:mem/node-8890 :type "domain"]
+[:mem/node-8231 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8231 :schema_version "1.0.0"]
+[:mem/node-8231 :module-name "AMP Global Intel"]
+[:mem/node-8231 :naga/entity true]
+[:mem/node-8231 :observables :mem/node-8232]
+[:mem/node-8231 :type "sighting"]
+[:mem/node-8231 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8231 :external_ids :mem/node-8234]
+[:mem/node-8231 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8231 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-841db38c-0aa9-4f13-8238-0b6a811e7a7d"]
+[:mem/node-8231 :count 1]
+[:mem/node-8231 :tlp "green"]
+[:mem/node-8231 :db/ident :mem/node-8231]
+[:mem/node-8231 :confidence "High"]
+[:mem/node-8231 :observed_time :mem/node-8235]
+[:mem/node-8841 :start_time #object[java.time.ZonedDateTime 0x3f142e87 "2018-04-13T18:25:12Z"]]
+[:mem/node-8841 :end_time #object[java.time.ZonedDateTime 0x22dc9d46 "2018-04-13T18:25:12Z"]]
+[:mem/node-8687 :value "bibrath.eu"]
+[:mem/node-8687 :type "domain"]
+[:mem/node-8187 :valid_time :mem/node-8188]
+[:mem/node-8187 :schema_version "1.0.8"]
+[:mem/node-8187 :module-name "AMP Global Intel"]
+[:mem/node-8187 :naga/entity true]
+[:mem/node-8187 :observable :mem/node-8189]
+[:mem/node-8187 :type "judgement"]
+[:mem/node-8187 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8187 :external_ids :mem/node-8190]
+[:mem/node-8187 :disposition 2]
+[:mem/node-8187 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8187 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8187 :disposition_name "Malicious"]
+[:mem/node-8187 :priority 90]
+[:mem/node-8187 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-fa1e31e7-bc3e-4942-86fa-f1ef56792443"]
+[:mem/node-8187 :severity "High"]
+[:mem/node-8187 :tlp "green"]
+[:mem/node-8187 :db/ident :mem/node-8187]
+[:mem/node-8187 :confidence "High"]
+[:mem/node-8944 :naga/first "hydrant-8dae86b98acecb8b8974707efc209d6632601f401b4058becc8f827f6fa83773"]
+[:mem/node-8944 :naga/contains "hydrant-8dae86b98acecb8b8974707efc209d6632601f401b4058becc8f827f6fa83773"]
+[:mem/node-8887 :naga/first "Threat Grid"]
+[:mem/node-8973 :naga/first :mem/node-8974]
+[:mem/node-8973 :naga/contains :mem/node-8974]
+[:mem/node-8710 :start_time #object[java.time.ZonedDateTime 0x63c6c5e5 "2018-05-13T00:25:12Z"]]
+[:mem/node-8710 :end_time #object[java.time.ZonedDateTime 0x6edb2c7b "2018-05-13T00:25:12Z"]]
+[:mem/node-8453 :naga/first :mem/node-8454]
+[:mem/node-8453 :naga/contains :mem/node-8454]
+[:mem/node-8419 :value "bibrath.eu"]
+[:mem/node-8419 :type "domain"]
+[:mem/node-8848 :value "bibrath.eu"]
+[:mem/node-8848 :type "domain"]
+[:mem/node-8441 :value "bibrath.eu"]
+[:mem/node-8441 :type "domain"]
+[:mem/node-8208 :valid_time :mem/node-8209]
+[:mem/node-8208 :schema_version "1.0.8"]
+[:mem/node-8208 :module-name "AMP Global Intel"]
+[:mem/node-8208 :naga/entity true]
+[:mem/node-8208 :observable :mem/node-8210]
+[:mem/node-8208 :type "judgement"]
+[:mem/node-8208 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8208 :external_ids :mem/node-8211]
+[:mem/node-8208 :disposition 2]
+[:mem/node-8208 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8208 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8208 :disposition_name "Malicious"]
+[:mem/node-8208 :priority 90]
+[:mem/node-8208 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-40d2e63f-b1fb-4728-921d-03cdbb41fe9a"]
+[:mem/node-8208 :severity "High"]
+[:mem/node-8208 :tlp "green"]
+[:mem/node-8208 :db/ident :mem/node-8208]
+[:mem/node-8208 :confidence "High"]
+[:mem/node-8689 :valid_time :mem/node-8690]
+[:mem/node-8689 :schema_version "1.0.8"]
+[:mem/node-8689 :module-name "AMP Global Intel"]
+[:mem/node-8689 :naga/entity true]
+[:mem/node-8689 :observable :mem/node-8691]
+[:mem/node-8689 :type "judgement"]
+[:mem/node-8689 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8689 :external_ids :mem/node-8692]
+[:mem/node-8689 :disposition 2]
+[:mem/node-8689 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8689 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8689 :disposition_name "Malicious"]
+[:mem/node-8689 :priority 90]
+[:mem/node-8689 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-156a4354-43b9-47de-83ed-3d1ed8eff6a7"]
+[:mem/node-8689 :severity "High"]
+[:mem/node-8689 :tlp "green"]
+[:mem/node-8689 :db/ident :mem/node-8689]
+[:mem/node-8689 :confidence "High"]
+[:mem/node-8131 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8131 :schema_version "1.0.0"]
+[:mem/node-8131 :module-name "AMP Global Intel"]
+[:mem/node-8131 :naga/entity true]
+[:mem/node-8131 :observables :mem/node-8132]
+[:mem/node-8131 :type "sighting"]
+[:mem/node-8131 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8131 :external_ids :mem/node-8134]
+[:mem/node-8131 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8131 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-ca70021c-e124-4568-baba-726371162fb0"]
+[:mem/node-8131 :count 1]
+[:mem/node-8131 :tlp "green"]
+[:mem/node-8131 :db/ident :mem/node-8131]
+[:mem/node-8131 :confidence "High"]
+[:mem/node-8131 :observed_time :mem/node-8135]
+[:mem/node-8261 :value "bibrath.eu"]
+[:mem/node-8261 :type "domain"]
+[:mem/node-8912 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8912 :schema_version "1.0.0"]
+[:mem/node-8912 :module-name "AMP Global Intel"]
+[:mem/node-8912 :naga/entity true]
+[:mem/node-8912 :observables :mem/node-8913]
+[:mem/node-8912 :type "sighting"]
+[:mem/node-8912 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8912 :external_ids :mem/node-8915]
+[:mem/node-8912 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8912 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-861f6050-3d15-49e7-901e-75cacee5eacc"]
+[:mem/node-8912 :count 1]
+[:mem/node-8912 :tlp "green"]
+[:mem/node-8912 :db/ident :mem/node-8912]
+[:mem/node-8912 :confidence "High"]
+[:mem/node-8912 :observed_time :mem/node-8916]
+[:mem/node-9032 :naga/first "hydrant-3cb3eead4169b2222e62e920d76742696fadecdd7721648af597a32e6b7eed17"]
+[:mem/node-9032 :naga/contains "hydrant-3cb3eead4169b2222e62e920d76742696fadecdd7721648af597a32e6b7eed17"]
+[:mem/node-8603 :start_time #object[java.time.ZonedDateTime 0x70a54731 "2019-03-12T00:31:23.923Z"]]
+[:mem/node-8603 :end_time #object[java.time.ZonedDateTime 0x36d5c2ce "2019-04-11T00:31:23.923Z"]]
+[:mem/node-9057 :start_time #object[java.time.ZonedDateTime 0x6369d01c "2018-05-10T06:25:15Z"]]
+[:mem/node-9057 :end_time #object[java.time.ZonedDateTime 0x54e680fe "2018-05-10T06:25:15Z"]]
+[:mem/node-8863 :start_time #object[java.time.ZonedDateTime 0xea0c99c "2018-10-01T06:25:13Z"]]
+[:mem/node-8863 :end_time #object[java.time.ZonedDateTime 0x167bb934 "2018-10-01T06:25:13Z"]]
+[:mem/node-8405 :naga/first "hydrant-f5e80a665d60cbab755b85617d3486e95bb54ee30629e0e97491d6673773b80c"]
+[:mem/node-8405 :naga/contains "hydrant-f5e80a665d60cbab755b85617d3486e95bb54ee30629e0e97491d6673773b80c"]
+[:mem/node-9076 :module-name "OpenDNS"]
+[:mem/node-9076 :naga/entity true]
+[:mem/node-9076 :observable :mem/node-9077]
+[:mem/node-9076 :type "verdict"]
+[:mem/node-9076 :disposition 2]
+[:mem/node-9076 :disposition_name "Malicious"]
+[:mem/node-9076 :id "verdict::b961fcff"]
+[:mem/node-9076 :db/ident :mem/node-9076]
+[:mem/node-9076 :judgement_id "transient:e2a6d875-c2be-44f3-991d-89456f6fffff"]
+[:mem/node-8245 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8245 :schema_version "1.0.4"]
+[:mem/node-8245 :module-name "AMP Global Intel"]
+[:mem/node-8245 :naga/entity true]
+[:mem/node-8245 :observables :mem/node-8246]
+[:mem/node-8245 :type "sighting"]
+[:mem/node-8245 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8245 :external_ids :mem/node-8248]
+[:mem/node-8245 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8245 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-909d1b3e-bd30-4b9a-92f0-4e170597e9f5"]
+[:mem/node-8245 :count 1]
+[:mem/node-8245 :tlp "green"]
+[:mem/node-8245 :db/ident :mem/node-8245]
+[:mem/node-8245 :confidence "High"]
+[:mem/node-8245 :observed_time :mem/node-8249]
+[:mem/node-9046 :naga/first "hydrant-c6b1072671d0723b8aabfc3a5fa849924dac5618b8dc5a9d8bb82fb2201b2e66"]
+[:mem/node-9046 :naga/contains "hydrant-c6b1072671d0723b8aabfc3a5fa849924dac5618b8dc5a9d8bb82fb2201b2e66"]
+[:mem/node-8893 :naga/first :mem/node-8894]
+[:mem/node-8893 :naga/contains :mem/node-8894]
+[:mem/node-8222 :start_time #object[java.time.ZonedDateTime 0x3b3f62d7 "2019-02-11T00:31:17Z"]]
+[:mem/node-8222 :end_time #object[java.time.ZonedDateTime 0x5b3ee43e "2019-03-11T00:31:17Z"]]
+[:mem/node-8229 :naga/first "hydrant-2143528ef72602cc52d648f60b4854aa45207c22e4b9890d20da2b9aa3c2bee2"]
+[:mem/node-8229 :naga/contains "hydrant-2143528ef72602cc52d648f60b4854aa45207c22e4b9890d20da2b9aa3c2bee2"]
+[:mem/node-8491 :start_time #object[java.time.ZonedDateTime 0x53da2aec "2019-02-24T12:31:10Z"]]
+[:mem/node-8491 :end_time #object[java.time.ZonedDateTime 0x18a38bba "2019-03-24T12:31:10Z"]]
+[:mem/node-8339 :naga/first "hydrant-2a7693df90a3f714fef5347ed1ab8de5c2d4be5bcf9ae23a6ee638c9d918c8ab"]
+[:mem/node-8339 :naga/contains "hydrant-2a7693df90a3f714fef5347ed1ab8de5c2d4be5bcf9ae23a6ee638c9d918c8ab"]
+[:mem/node-8155 :naga/first "hydrant-dce3027ce4877c6cbc82565537dcabadd029285065867b7d148be65b4fe2eb0f"]
+[:mem/node-8155 :naga/contains "hydrant-dce3027ce4877c6cbc82565537dcabadd029285065867b7d148be65b4fe2eb0f"]
+[:mem/node-8225 :db/ident :mem/node-8225]
+[:mem/node-8225 :naga/entity true]
+[:mem/node-8225 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8225 :type "url"]
+[:mem/node-8225 :id "ad746c33"]
+[:mem/node-8225 :deliberated true]
+[:mem/node-8225 "Contains" :mem/node-8524]
+[:mem/node-8225 "Observed_By" :mem/node-8531]
+[:mem/node-8273 :start_time #object[java.time.ZonedDateTime 0x58ca6ba3 "2019-04-02T20:10:46.684Z"]]
+[:mem/node-8273 :end_time #object[java.time.ZonedDateTime 0x74797b90 "2019-05-02T20:10:46.684Z"]]
+[:mem/node-8977 :valid_time :mem/node-8978]
+[:mem/node-8977 :schema_version "1.0.9"]
+[:mem/node-8977 :module-name "AMP Global Intel"]
+[:mem/node-8977 :naga/entity true]
+[:mem/node-8977 :observable :mem/node-8979]
+[:mem/node-8977 :type "judgement"]
+[:mem/node-8977 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8977 :external_ids :mem/node-8980]
+[:mem/node-8977 :disposition 2]
+[:mem/node-8977 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8977 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8977 :disposition_name "Malicious"]
+[:mem/node-8977 :priority 90]
+[:mem/node-8977 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-0b8e5d2b-32ea-4c5a-98a5-4826e8fd2c8f"]
+[:mem/node-8977 :severity "High"]
+[:mem/node-8977 :tlp "green"]
+[:mem/node-8977 :db/ident :mem/node-8977]
+[:mem/node-8977 :timestamp "2019-03-09T00:31:20.766Z"]
+[:mem/node-8977 :confidence "High"]
+[:mem/node-8783 :value "bibrath.eu"]
+[:mem/node-8783 :type "domain"]
+[:mem/node-8099 :value "bibrath.eu"]
+[:mem/node-8099 :type "domain"]
+[:mem/node-8901 :start_time #object[java.time.ZonedDateTime 0x7676b2b9 "2019-02-26T00:31:16.748Z"]]
+[:mem/node-8901 :end_time #object[java.time.ZonedDateTime 0x720c0996 "2019-03-28T00:31:16.748Z"]]
+[:mem/node-8499 :valid_time :mem/node-8500]
+[:mem/node-8499 :schema_version "1.0.9"]
+[:mem/node-8499 :module-name "AMP Global Intel"]
+[:mem/node-8499 :naga/entity true]
+[:mem/node-8499 :observable :mem/node-8501]
+[:mem/node-8499 :type "judgement"]
+[:mem/node-8499 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8499 :external_ids :mem/node-8502]
+[:mem/node-8499 :disposition 2]
+[:mem/node-8499 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8499 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8499 :disposition_name "Malicious"]
+[:mem/node-8499 :priority 90]
+[:mem/node-8499 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-81814fac-f3a1-439c-b1f3-45eeeebdfbd4"]
+[:mem/node-8499 :severity "High"]
+[:mem/node-8499 :tlp "green"]
+[:mem/node-8499 :db/ident :mem/node-8499]
+[:mem/node-8499 :timestamp "2019-03-23T00:31:15.948Z"]
+[:mem/node-8499 :confidence "High"]
+[:mem/node-8458 :naga/first :mem/node-8459]
+[:mem/node-8458 :naga/contains :mem/node-8459]
+[:mem/node-8425 :valid_time :mem/node-8426]
+[:mem/node-8425 :schema_version "1.0.8"]
+[:mem/node-8425 :module-name "AMP Global Intel"]
+[:mem/node-8425 :naga/entity true]
+[:mem/node-8425 :observable :mem/node-8427]
+[:mem/node-8425 :type "judgement"]
+[:mem/node-8425 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8425 :external_ids :mem/node-8428]
+[:mem/node-8425 :disposition 2]
+[:mem/node-8425 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8425 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8425 :disposition_name "Malicious"]
+[:mem/node-8425 :priority 90]
+[:mem/node-8425 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-cfd56344-5fd4-45fd-ae5e-35ed736ba7ad"]
+[:mem/node-8425 :severity "High"]
+[:mem/node-8425 :tlp "green"]
+[:mem/node-8425 :db/ident :mem/node-8425]
+[:mem/node-8425 :confidence "High"]
+[:mem/node-9017 :valid_time :mem/node-9018]
+[:mem/node-9017 :schema_version "1.0.8"]
+[:mem/node-9017 :module-name "AMP Global Intel"]
+[:mem/node-9017 :naga/entity true]
+[:mem/node-9017 :observable :mem/node-9019]
+[:mem/node-9017 :type "judgement"]
+[:mem/node-9017 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9017 :external_ids :mem/node-9020]
+[:mem/node-9017 :disposition 2]
+[:mem/node-9017 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9017 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9017 :disposition_name "Malicious"]
+[:mem/node-9017 :priority 90]
+[:mem/node-9017 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5c372137-a861-4763-b0ba-874e87937e00"]
+[:mem/node-9017 :severity "High"]
+[:mem/node-9017 :tlp "green"]
+[:mem/node-9017 :db/ident :mem/node-9017]
+[:mem/node-9017 :confidence "High"]
+[:mem/node-8847 :naga/first :mem/node-8848]
+[:mem/node-8847 :naga/contains :mem/node-8848]
+[:mem/node-8632 :start_time #object[java.time.ZonedDateTime 0x7910e307 "2018-04-13T06:25:13Z"]]
+[:mem/node-8632 :end_time #object[java.time.ZonedDateTime 0x460aa24e "2018-04-13T06:25:13Z"]]
+[:mem/node-8217 :valid_time :mem/node-8218]
+[:mem/node-8217 :schema_version "1.0.9"]
+[:mem/node-8217 :module-name "AMP Global Intel"]
+[:mem/node-8217 :naga/entity true]
+[:mem/node-8217 :observable :mem/node-8219]
+[:mem/node-8217 :type "judgement"]
+[:mem/node-8217 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8217 :external_ids :mem/node-8220]
+[:mem/node-8217 :disposition 2]
+[:mem/node-8217 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8217 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8217 :disposition_name "Malicious"]
+[:mem/node-8217 :priority 90]
+[:mem/node-8217 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-9bb0529d-8ad9-4126-9da0-dad0b99a2c6d"]
+[:mem/node-8217 :severity "High"]
+[:mem/node-8217 :tlp "green"]
+[:mem/node-8217 :db/ident :mem/node-8217]
+[:mem/node-8217 :timestamp "2019-03-30T00:31:17.099Z"]
+[:mem/node-8217 :confidence "High"]
+[:mem/node-8604 :value "bibrath.eu"]
+[:mem/node-8604 :type "domain"]
+[:mem/node-8779 :value "bibrath.eu"]
+[:mem/node-8779 :type "domain"]
+[:mem/node-8139 :naga/first "hydrant-e231fff99ea011b648b8c84ff232b2a77a35e1a1f3348c36d41d3ee0f1af15e0"]
+[:mem/node-8139 :naga/contains "hydrant-e231fff99ea011b648b8c84ff232b2a77a35e1a1f3348c36d41d3ee0f1af15e0"]
+[:mem/node-8294 :start_time #object[java.time.ZonedDateTime 0x5aa334c "2019-03-20T00:31:23.555Z"]]
+[:mem/node-8294 :end_time #object[java.time.ZonedDateTime 0x17f8cad6 "2019-04-19T00:31:23.555Z"]]
+[:mem/node-8175 :start_time #object[java.time.ZonedDateTime 0x698e1bf5 "2019-02-28T00:31:14.018Z"]]
+[:mem/node-8175 :end_time #object[java.time.ZonedDateTime 0x7a85dc58 "2019-03-30T00:31:14.018Z"]]
+[:mem/node-9038 :start_time #object[java.time.ZonedDateTime 0x2ee1b017 "2018-04-23T06:25:13Z"]]
+[:mem/node-9038 :end_time #object[java.time.ZonedDateTime 0x7f9e6167 "2018-04-23T06:25:13Z"]]
+[:mem/node-8478 :naga/first "c&c"]
+[:mem/node-8723 :valid_time :mem/node-8724]
+[:mem/node-8723 :schema_version "1.0.9"]
+[:mem/node-8723 :module-name "AMP Global Intel"]
+[:mem/node-8723 :naga/entity true]
+[:mem/node-8723 :observable :mem/node-8725]
+[:mem/node-8723 :type "judgement"]
+[:mem/node-8723 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8723 :external_ids :mem/node-8726]
+[:mem/node-8723 :disposition 2]
+[:mem/node-8723 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8723 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8723 :disposition_name "Malicious"]
+[:mem/node-8723 :priority 90]
+[:mem/node-8723 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-306c4884-cc0a-4e05-a4ec-a0951555b11f"]
+[:mem/node-8723 :severity "High"]
+[:mem/node-8723 :tlp "green"]
+[:mem/node-8723 :db/ident :mem/node-8723]
+[:mem/node-8723 :timestamp "2019-03-18T00:31:15.614Z"]
+[:mem/node-8723 :confidence "High"]
+[:mem/node-9071 :naga/first "hydrant-78af33979cac6d657e8ec777534773655a5d4dc8648648517c10e251106dab82"]
+[:mem/node-9071 :naga/contains "hydrant-78af33979cac6d657e8ec777534773655a5d4dc8648648517c10e251106dab82"]
+[:mem/node-8786 :valid_time :mem/node-8787]
+[:mem/node-8786 :schema_version "1.0.9"]
+[:mem/node-8786 :module-name "AMP Global Intel"]
+[:mem/node-8786 :naga/entity true]
+[:mem/node-8786 :observable :mem/node-8788]
+[:mem/node-8786 :type "judgement"]
+[:mem/node-8786 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8786 :external_ids :mem/node-8789]
+[:mem/node-8786 :disposition 2]
+[:mem/node-8786 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8786 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8786 :disposition_name "Malicious"]
+[:mem/node-8786 :priority 90]
+[:mem/node-8786 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-7fad678c-9a7a-4957-9df9-7362d8b6efcf"]
+[:mem/node-8786 :severity "High"]
+[:mem/node-8786 :tlp "green"]
+[:mem/node-8786 :db/ident :mem/node-8786]
+[:mem/node-8786 :timestamp "2019-03-21T00:31:23.090Z"]
+[:mem/node-8786 :confidence "High"]
+[:mem/node-8877 :start_time #object[java.time.ZonedDateTime 0x66d69cd2 "2018-10-07T12:25:19Z"]]
+[:mem/node-8877 :end_time #object[java.time.ZonedDateTime 0x32e5fb4c "2018-10-07T12:25:19Z"]]
+[:mem/node-8281 :value "bibrath.eu"]
+[:mem/node-8281 :type "domain"]
+[:mem/node-8106 :valid_time :mem/node-8107]
+[:mem/node-8106 :schema_version "1.0.8"]
+[:mem/node-8106 :module-name "AMP Global Intel"]
+[:mem/node-8106 :naga/entity true]
+[:mem/node-8106 :observable :mem/node-8108]
+[:mem/node-8106 :type "judgement"]
+[:mem/node-8106 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8106 :external_ids :mem/node-8109]
+[:mem/node-8106 :disposition 2]
+[:mem/node-8106 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8106 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8106 :disposition_name "Malicious"]
+[:mem/node-8106 :priority 90]
+[:mem/node-8106 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-c03940b9-7290-4eb5-b539-01ea4c9ebc4a"]
+[:mem/node-8106 :severity "High"]
+[:mem/node-8106 :tlp "green"]
+[:mem/node-8106 :db/ident :mem/node-8106]
+[:mem/node-8106 :confidence "High"]
+[:mem/node-8577 :value "bibrath.eu"]
+[:mem/node-8577 :type "domain"]
+[:mem/node-8174 :valid_time :mem/node-8175]
+[:mem/node-8174 :schema_version "1.0.8"]
+[:mem/node-8174 :module-name "AMP Global Intel"]
+[:mem/node-8174 :naga/entity true]
+[:mem/node-8174 :observable :mem/node-8176]
+[:mem/node-8174 :type "judgement"]
+[:mem/node-8174 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8174 :external_ids :mem/node-8177]
+[:mem/node-8174 :disposition 2]
+[:mem/node-8174 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8174 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8174 :disposition_name "Malicious"]
+[:mem/node-8174 :priority 90]
+[:mem/node-8174 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-02a9d6c2-62b9-4703-bdda-7ef35ca03cb6"]
+[:mem/node-8174 :severity "High"]
+[:mem/node-8174 :tlp "green"]
+[:mem/node-8174 :db/ident :mem/node-8174]
+[:mem/node-8174 :timestamp "2019-02-28T00:31:14.018Z"]
+[:mem/node-8174 :confidence "High"]
+[:mem/node-8312 :start_time #object[java.time.ZonedDateTime 0x11a7840f "2018-04-16T00:25:11Z"]]
+[:mem/node-8312 :end_time #object[java.time.ZonedDateTime 0x1d3e5a05 "2018-04-16T00:25:11Z"]]
+[:mem/node-8633 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8633 :schema_version "1.0.0"]
+[:mem/node-8633 :module-name "AMP Global Intel"]
+[:mem/node-8633 :naga/entity true]
+[:mem/node-8633 :observables :mem/node-8634]
+[:mem/node-8633 :type "sighting"]
+[:mem/node-8633 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8633 :external_ids :mem/node-8636]
+[:mem/node-8633 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8633 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-9a6a6b1a-dec4-4623-a728-0e7493efdb28"]
+[:mem/node-8633 :count 1]
+[:mem/node-8633 :tlp "green"]
+[:mem/node-8633 :db/ident :mem/node-8633]
+[:mem/node-8633 :confidence "High"]
+[:mem/node-8633 :observed_time :mem/node-8637]
+[:mem/node-8822 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8822 :schema_version "1.0.0"]
+[:mem/node-8822 :module-name "AMP Global Intel"]
+[:mem/node-8822 :naga/entity true]
+[:mem/node-8822 :observables :mem/node-8823]
+[:mem/node-8822 :type "sighting"]
+[:mem/node-8822 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8822 :external_ids :mem/node-8825]
+[:mem/node-8822 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8822 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5c222947-475f-4768-97a5-8dc841b2bf8b"]
+[:mem/node-8822 :count 1]
+[:mem/node-8822 :tlp "green"]
+[:mem/node-8822 :db/ident :mem/node-8822]
+[:mem/node-8822 :confidence "High"]
+[:mem/node-8822 :observed_time :mem/node-8826]
+[:mem/node-8785 :start_time #object[java.time.ZonedDateTime 0x4f5c757c "2018-05-08T18:25:12Z"]]
+[:mem/node-8785 :end_time #object[java.time.ZonedDateTime 0x52fec840 "2018-05-08T18:25:12Z"]]
+[:mem/node-8850 :start_time #object[java.time.ZonedDateTime 0x7fd4b9ec "2018-05-15T12:25:12Z"]]
+[:mem/node-8850 :end_time #object[java.time.ZonedDateTime 0x10553a61 "2018-05-15T12:25:12Z"]]
+[:mem/node-8518 :value "bibrath.eu"]
+[:mem/node-8518 :type "domain"]
+[:mem/node-8265 :value "bibrath.eu"]
+[:mem/node-8265 :type "domain"]
+[:mem/node-8739 :naga/first "hydrant-1550887a1736544c6786d735e8351eab9c0ff6cc11d0a38cec2b460c19980f91"]
+[:mem/node-8739 :naga/contains "hydrant-1550887a1736544c6786d735e8351eab9c0ff6cc11d0a38cec2b460c19980f91"]
+[:mem/node-8120 :start_time #object[java.time.ZonedDateTime 0x3c8e4a82 "2019-02-23T00:31:26Z"]]
+[:mem/node-8120 :end_time #object[java.time.ZonedDateTime 0x1896299b "2019-03-23T00:31:26Z"]]
+[:mem/node-8803 :value "bibrath.eu"]
+[:mem/node-8803 :type "domain"]
+[:mem/node-8433 :start_time #object[java.time.ZonedDateTime 0x42d7e8bc "2018-09-28T06:25:14Z"]]
+[:mem/node-8433 :end_time #object[java.time.ZonedDateTime 0x7b6854b5 "2018-09-28T06:25:14Z"]]
+[:mem/node-8707 :naga/first :mem/node-8708]
+[:mem/node-8707 :naga/contains :mem/node-8708]
+[:mem/node-8801 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8801 :schema_version "1.0.0"]
+[:mem/node-8801 :module-name "AMP Global Intel"]
+[:mem/node-8801 :naga/entity true]
+[:mem/node-8801 :observables :mem/node-8802]
+[:mem/node-8801 :type "sighting"]
+[:mem/node-8801 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8801 :external_ids :mem/node-8804]
+[:mem/node-8801 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8801 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-cd36b5bf-089f-4d0a-a0f3-da4408aeaefc"]
+[:mem/node-8801 :count 1]
+[:mem/node-8801 :tlp "green"]
+[:mem/node-8801 :db/ident :mem/node-8801]
+[:mem/node-8801 :confidence "High"]
+[:mem/node-8801 :observed_time :mem/node-8805]
+[:mem/node-8434 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8434 :schema_version "1.0.0"]
+[:mem/node-8434 :module-name "AMP Global Intel"]
+[:mem/node-8434 :naga/entity true]
+[:mem/node-8434 :observables :mem/node-8435]
+[:mem/node-8434 :type "sighting"]
+[:mem/node-8434 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8434 :external_ids :mem/node-8437]
+[:mem/node-8434 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8434 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-440bd6aa-a99f-4a77-8bd7-3c6300cab994"]
+[:mem/node-8434 :count 1]
+[:mem/node-8434 :tlp "green"]
+[:mem/node-8434 :db/ident :mem/node-8434]
+[:mem/node-8434 :confidence "High"]
+[:mem/node-8434 :observed_time :mem/node-8438]
+[:mem/node-8752 :start_time #object[java.time.ZonedDateTime 0x357cdb00 "2019-02-11T18:31:08Z"]]
+[:mem/node-8752 :end_time #object[java.time.ZonedDateTime 0x1c0fe6c5 "2019-03-11T18:31:08Z"]]
+[:mem/node-8298 :naga/first :mem/node-8299]
+[:mem/node-8298 :naga/contains :mem/node-8299]
+[:mem/node-8357 :start_time #object[java.time.ZonedDateTime 0x61607ff0 "2018-04-17T00:25:12Z"]]
+[:mem/node-8357 :end_time #object[java.time.ZonedDateTime 0x58945295 "2018-04-17T00:25:12Z"]]
+[:mem/node-9047 :start_time #object[java.time.ZonedDateTime 0xb63365c "2018-04-17T12:25:11Z"]]
+[:mem/node-9047 :end_time #object[java.time.ZonedDateTime 0x6839d03b "2018-04-17T12:25:11Z"]]
+[:mem/node-8195 :valid_time :mem/node-8196]
+[:mem/node-8195 :schema_version "1.0.8"]
+[:mem/node-8195 :module-name "AMP Global Intel"]
+[:mem/node-8195 :naga/entity true]
+[:mem/node-8195 :observable :mem/node-8197]
+[:mem/node-8195 :type "judgement"]
+[:mem/node-8195 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8195 :external_ids :mem/node-8198]
+[:mem/node-8195 :disposition 2]
+[:mem/node-8195 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8195 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8195 :disposition_name "Malicious"]
+[:mem/node-8195 :priority 90]
+[:mem/node-8195 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e4133b4a-8a1b-4057-abfe-93430fbe1cb5"]
+[:mem/node-8195 :severity "High"]
+[:mem/node-8195 :tlp "green"]
+[:mem/node-8195 :db/ident :mem/node-8195]
+[:mem/node-8195 :confidence "High"]
+[:mem/node-8353 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8353 :schema_version "1.0.0"]
+[:mem/node-8353 :module-name "AMP Global Intel"]
+[:mem/node-8353 :naga/entity true]
+[:mem/node-8353 :observables :mem/node-8354]
+[:mem/node-8353 :type "sighting"]
+[:mem/node-8353 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8353 :external_ids :mem/node-8356]
+[:mem/node-8353 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8353 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-507225fa-9947-4040-97ee-c2cc289a4200"]
+[:mem/node-8353 :count 1]
+[:mem/node-8353 :tlp "green"]
+[:mem/node-8353 :db/ident :mem/node-8353]
+[:mem/node-8353 :confidence "High"]
+[:mem/node-8353 :observed_time :mem/node-8357]
+[:mem/node-8770 :start_time #object[java.time.ZonedDateTime 0xa44ad33 "2019-02-17T06:31:20Z"]]
+[:mem/node-8770 :end_time #object[java.time.ZonedDateTime 0x703e5614 "2019-03-17T06:31:20Z"]]
+[:mem/node-8471 :valid_time :mem/node-8472]
+[:mem/node-8471 :schema_version "1.0.8"]
+[:mem/node-8471 :module-name "AMP Global Intel"]
+[:mem/node-8471 :naga/entity true]
+[:mem/node-8471 :observable :mem/node-8473]
+[:mem/node-8471 :type "judgement"]
+[:mem/node-8471 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8471 :external_ids :mem/node-8474]
+[:mem/node-8471 :disposition 2]
+[:mem/node-8471 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8471 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8471 :disposition_name "Malicious"]
+[:mem/node-8471 :priority 90]
+[:mem/node-8471 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b65f413c-9b3e-4276-bb1f-4bb9b8005240"]
+[:mem/node-8471 :severity "High"]
+[:mem/node-8471 :tlp "green"]
+[:mem/node-8471 :db/ident :mem/node-8471]
+[:mem/node-8471 :confidence "High"]
+[:mem/node-9005 :naga/first :mem/node-9006]
+[:mem/node-9005 :naga/contains :mem/node-9006]
+[:mem/node-8135 :start_time #object[java.time.ZonedDateTime 0x627d5f99 "2018-04-15T00:25:12Z"]]
+[:mem/node-8135 :end_time #object[java.time.ZonedDateTime 0x44e3f3e5 "2018-04-15T00:25:12Z"]]
+[:mem/node-8285 :value "bibrath.eu"]
+[:mem/node-8285 :type "domain"]
+[:mem/node-8817 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8817 :schema_version "1.0.0"]
+[:mem/node-8817 :module-name "AMP Global Intel"]
+[:mem/node-8817 :naga/entity true]
+[:mem/node-8817 :observables :mem/node-8818]
+[:mem/node-8817 :type "sighting"]
+[:mem/node-8817 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8817 :external_ids :mem/node-8820]
+[:mem/node-8817 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8817 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-cb7f7b85-d6ad-4fc1-a2ac-eb85e6ebbe00"]
+[:mem/node-8817 :count 1]
+[:mem/node-8817 :tlp "green"]
+[:mem/node-8817 :db/ident :mem/node-8817]
+[:mem/node-8817 :confidence "High"]
+[:mem/node-8817 :observed_time :mem/node-8821]
+[:mem/node-8372 :naga/first :mem/node-8373]
+[:mem/node-8372 :naga/contains :mem/node-8373]
+[:mem/node-8732 :valid_time :mem/node-8733]
+[:mem/node-8732 :schema_version "1.0.9"]
+[:mem/node-8732 :module-name "AMP Global Intel"]
+[:mem/node-8732 :naga/entity true]
+[:mem/node-8732 :observable :mem/node-8734]
+[:mem/node-8732 :type "judgement"]
+[:mem/node-8732 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8732 :external_ids :mem/node-8735]
+[:mem/node-8732 :disposition 2]
+[:mem/node-8732 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8732 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8732 :disposition_name "Malicious"]
+[:mem/node-8732 :priority 90]
+[:mem/node-8732 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-2adc6d29-f5f4-40c4-ac00-951ca796f43d"]
+[:mem/node-8732 :severity "High"]
+[:mem/node-8732 :tlp "green"]
+[:mem/node-8732 :db/ident :mem/node-8732]
+[:mem/node-8732 :timestamp "2019-03-16T00:31:25.274Z"]
+[:mem/node-8732 :confidence "High"]
+[:mem/node-8444 :start_time #object[java.time.ZonedDateTime 0x6be1f37f "2019-02-20T00:31:20Z"]]
+[:mem/node-8444 :end_time #object[java.time.ZonedDateTime 0x69ed96e1 "2019-03-20T00:31:20Z"]]
+[:mem/node-8364 :start_time #object[java.time.ZonedDateTime 0x61648dd2 "2019-03-19T00:31:15.604Z"]]
+[:mem/node-8364 :end_time #object[java.time.ZonedDateTime 0x3ac326c0 "2019-04-18T00:31:15.604Z"]]
+[:mem/node-8390 :value "194.63.142.171"]
+[:mem/node-8390 :type "ip"]
+[:mem/node-8423 :value "bibrath.eu"]
+[:mem/node-8423 :type "domain"]
+[:mem/node-8987 :naga/first :mem/node-8988]
+[:mem/node-8987 :naga/contains :mem/node-8988]
+[:mem/node-8692 :naga/first "hydrant-d6e95f833b96fb982de6949b369413628df15109e743028bcb591cc6279abd84"]
+[:mem/node-8692 :naga/contains "hydrant-d6e95f833b96fb982de6949b369413628df15109e743028bcb591cc6279abd84"]
+[:mem/node-8644 :naga/first :mem/node-8645]
+[:mem/node-8644 :naga/contains :mem/node-8645]
+[:mem/node-9012 :naga/first "hydrant-0e13a6c62e4340a02e2b103817393703200f279ddb3fda552fc8228f6ae66fca"]
+[:mem/node-9012 :naga/contains "hydrant-0e13a6c62e4340a02e2b103817393703200f279ddb3fda552fc8228f6ae66fca"]
+[:mem/node-8396 :start_time #object[java.time.ZonedDateTime 0x5e5d40ec "2018-05-01T18:25:12Z"]]
+[:mem/node-8396 :end_time #object[java.time.ZonedDateTime 0x5b028f58 "2018-05-01T18:25:12Z"]]
+[:mem/node-8815 :naga/first "hydrant-1664e0ddc8fe5a424aec3c300fd541049d0b8f782af773e17c1db23e05207c10"]
+[:mem/node-8815 :naga/contains "hydrant-1664e0ddc8fe5a424aec3c300fd541049d0b8f782af773e17c1db23e05207c10"]
+[:mem/node-8846 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8846 :schema_version "1.0.0"]
+[:mem/node-8846 :module-name "AMP Global Intel"]
+[:mem/node-8846 :naga/entity true]
+[:mem/node-8846 :observables :mem/node-8847]
+[:mem/node-8846 :type "sighting"]
+[:mem/node-8846 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8846 :external_ids :mem/node-8849]
+[:mem/node-8846 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8846 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-576fb491-46ef-4e06-92a6-87e36f6a86b2"]
+[:mem/node-8846 :count 1]
+[:mem/node-8846 :tlp "green"]
+[:mem/node-8846 :db/ident :mem/node-8846]
+[:mem/node-8846 :confidence "High"]
+[:mem/node-8846 :observed_time :mem/node-8850]
+[:mem/node-8550 :value "http://bibrath.eu/gdgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8550 :type "url"]
+[:mem/node-8376 :valid_time :mem/node-8377]
+[:mem/node-8376 :schema_version "1.0.8"]
+[:mem/node-8376 :module-name "AMP Global Intel"]
+[:mem/node-8376 :naga/entity true]
+[:mem/node-8376 :observable :mem/node-8378]
+[:mem/node-8376 :type "judgement"]
+[:mem/node-8376 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8376 :external_ids :mem/node-8379]
+[:mem/node-8376 :disposition 2]
+[:mem/node-8376 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8376 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8376 :disposition_name "Malicious"]
+[:mem/node-8376 :priority 90]
+[:mem/node-8376 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-add57487-937c-4b01-9044-fd175e5f9104"]
+[:mem/node-8376 :severity "High"]
+[:mem/node-8376 :tlp "green"]
+[:mem/node-8376 :db/ident :mem/node-8376]
+[:mem/node-8376 :confidence "High"]
+[:mem/node-8554 :value "http://bibrath.eu/club.php"]
+[:mem/node-8554 :type "url"]
+[:mem/node-8836 :start_time #object[java.time.ZonedDateTime 0x1e4d93f7 "2018-04-23T12:25:12Z"]]
+[:mem/node-8836 :end_time #object[java.time.ZonedDateTime 0x3d1b43d8 "2018-04-23T12:25:12Z"]]
+[:mem/node-8811 :db/ident :mem/node-8811]
+[:mem/node-8811 :naga/entity true]
+[:mem/node-8811 :value "http://bibrath.eu/gdgsdgewrwerw823n/wwh.jpg"]
+[:mem/node-8811 :type "url"]
+[:mem/node-8811 :id "3773530c"]
+[:mem/node-8811 :deliberated true]
+[:mem/node-8811 "Contains" :mem/node-8524]
+[:mem/node-8811 "Observed_By" :mem/node-8531]
+[:mem/node-8547 :value "bibrath.eu"]
+[:mem/node-8547 :type "domain"]
+[:mem/node-8556 :naga/first :mem/node-8557]
+[:mem/node-8556 :naga/rest :mem/node-8560]
+[:mem/node-8243 :value "bibrath.eu"]
+[:mem/node-8243 :type "domain"]
+[:mem/node-8551 :value "bibrath.eu"]
+[:mem/node-8551 :type "domain"]
+[:mem/node-8579 :start_time #object[java.time.ZonedDateTime 0x9f52eb7 "2018-10-23T06:25:17Z"]]
+[:mem/node-8579 :end_time #object[java.time.ZonedDateTime 0x46c2189e "2018-10-23T06:25:17Z"]]
+[:mem/node-8902 :value "bibrath.eu"]
+[:mem/node-8902 :type "domain"]
+[:mem/node-9033 :start_time #object[java.time.ZonedDateTime 0x3462e99a "2018-04-30T18:25:12Z"]]
+[:mem/node-9033 :end_time #object[java.time.ZonedDateTime 0x5300694d "2018-04-30T18:25:12Z"]]
+[:mem/node-8406 :start_time #object[java.time.ZonedDateTime 0x7320750c "2018-05-08T12:25:12Z"]]
+[:mem/node-8406 :end_time #object[java.time.ZonedDateTime 0x2570851e "2018-05-08T12:25:12Z"]]
+[:mem/node-8810 :start_time #object[java.time.ZonedDateTime 0x67d8613 "2018-04-25T00:25:12Z"]]
+[:mem/node-8810 :end_time #object[java.time.ZonedDateTime 0x5667dd90 "2018-04-25T00:25:12Z"]]
+[:mem/node-8448 :naga/first :mem/node-8449]
+[:mem/node-8448 :naga/contains :mem/node-8449]
+[:mem/node-8781 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8781 :schema_version "1.0.0"]
+[:mem/node-8781 :module-name "AMP Global Intel"]
+[:mem/node-8781 :naga/entity true]
+[:mem/node-8781 :observables :mem/node-8782]
+[:mem/node-8781 :type "sighting"]
+[:mem/node-8781 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8781 :external_ids :mem/node-8784]
+[:mem/node-8781 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8781 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc831355-f96e-4dba-82b5-16c1c181fe0a"]
+[:mem/node-8781 :count 1]
+[:mem/node-8781 :tlp "green"]
+[:mem/node-8781 :db/ident :mem/node-8781]
+[:mem/node-8781 :confidence "High"]
+[:mem/node-8781 :observed_time :mem/node-8785]
+[:mem/node-8481 :naga/first "Domain Watchlist"]
+[:mem/node-8481 :naga/contains "Domain Watchlist"]
+[:mem/node-8605 :naga/first "hydrant-d483107288e5d389dadeae858d47ecdb65a902dcb00f8502c4913a80fa22b5e7"]
+[:mem/node-8605 :naga/contains "hydrant-d483107288e5d389dadeae858d47ecdb65a902dcb00f8502c4913a80fa22b5e7"]
+[:mem/node-8967 :start_time #object[java.time.ZonedDateTime 0x261f5a45 "2018-04-20T12:25:12Z"]]
+[:mem/node-8967 :end_time #object[java.time.ZonedDateTime 0x76673ed "2018-04-20T12:25:12Z"]]
+[:mem/node-8289 :naga/first :mem/node-8290]
+[:mem/node-8289 :naga/contains :mem/node-8290]
+[:mem/node-8540 :naga/first :mem/node-8541]
+[:mem/node-8540 :naga/rest :mem/node-8544]
+[:mem/node-8575 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8575 :schema_version "1.0.4"]
+[:mem/node-8575 :module-name "AMP Global Intel"]
+[:mem/node-8575 :naga/entity true]
+[:mem/node-8575 :observables :mem/node-8576]
+[:mem/node-8575 :type "sighting"]
+[:mem/node-8575 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8575 :external_ids :mem/node-8578]
+[:mem/node-8575 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8575 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-87fd5fc6-a7b6-403f-9fdb-aa38ba046f38"]
+[:mem/node-8575 :count 1]
+[:mem/node-8575 :tlp "green"]
+[:mem/node-8575 :db/ident :mem/node-8575]
+[:mem/node-8575 :confidence "High"]
+[:mem/node-8575 :observed_time :mem/node-8579]
+[:mem/node-8418 :start_time #object[java.time.ZonedDateTime 0x6d41200c "2019-03-26T00:31:24.850Z"]]
+[:mem/node-8418 :end_time #object[java.time.ZonedDateTime 0x522fb69 "2019-04-25T00:31:24.850Z"]]
+[:mem/node-8599 :start_time #object[java.time.ZonedDateTime 0x593354fa "2019-03-25T00:31:13.258Z"]]
+[:mem/node-8599 :end_time #object[java.time.ZonedDateTime 0x6dfebd2a "2019-04-24T00:31:13.258Z"]]
+[:mem/node-9044 :naga/first :mem/node-9045]
+[:mem/node-9044 :naga/contains :mem/node-9045]
+[:mem/node-9018 :start_time #object[java.time.ZonedDateTime 0x9dbb1d9 "2019-02-10T12:31:21Z"]]
+[:mem/node-9018 :end_time #object[java.time.ZonedDateTime 0x1bb0fa38 "2019-03-10T12:31:21Z"]]
+[:mem/node-8100 :naga/first "hydrant-30fa4881fce57f78cf963d552841881099d11b9959f54f79fcc4cf90cd1f4719"]
+[:mem/node-8100 :naga/contains "hydrant-30fa4881fce57f78cf963d552841881099d11b9959f54f79fcc4cf90cd1f4719"]
+[:mem/node-8784 :naga/first "hydrant-02504bb4754eb6510e732736051ae182eae2f07bfc90fe932da8287ed462db7e"]
+[:mem/node-8784 :naga/contains "hydrant-02504bb4754eb6510e732736051ae182eae2f07bfc90fe932da8287ed462db7e"]
+[:mem/node-8188 :start_time #object[java.time.ZonedDateTime 0x58e7f930 "2019-02-22T06:31:08Z"]]
+[:mem/node-8188 :end_time #object[java.time.ZonedDateTime 0x406808eb "2019-03-22T06:31:08Z"]]
+[:mem/node-9062 :start_time #object[java.time.ZonedDateTime 0x14e93c46 "2018-04-22T12:25:12Z"]]
+[:mem/node-9062 :end_time #object[java.time.ZonedDateTime 0x89465d9 "2018-04-22T12:25:12Z"]]
+[:mem/node-8218 :start_time #object[java.time.ZonedDateTime 0x6fdd3382 "2019-03-30T00:31:17.099Z"]]
+[:mem/node-8218 :end_time #object[java.time.ZonedDateTime 0x6f7241c2 "2019-04-29T00:31:17.099Z"]]
+[:mem/node-8555 :value "bibrath.eu"]
+[:mem/node-8555 :type "domain"]
+[:mem/node-8608 :value "bibrath.eu"]
+[:mem/node-8608 :type "domain"]
+[:mem/node-8564 :naga/first :mem/node-8565]
+[:mem/node-8572 :start_time #object[java.time.ZonedDateTime 0x32245b66 "2019-03-03T00:31:13.320Z"]]
+[:mem/node-8572 :end_time #object[java.time.ZonedDateTime 0x19355a56 "2019-04-02T00:31:13.320Z"]]
+[:mem/node-8772 :naga/first "hydrant-86cb9c2fa7cc928518d4f35095d2f438312c85c5579761bf8d217d723126259b"]
+[:mem/node-8772 :naga/contains "hydrant-86cb9c2fa7cc928518d4f35095d2f438312c85c5579761bf8d217d723126259b"]
+[:mem/node-8323 :naga/first :mem/node-8324]
+[:mem/node-8323 :naga/contains :mem/node-8324]
+[:mem/node-8244 :naga/first "hydrant-0f2d5b548d31e183987691e3de3065fb7baf354c6f809a0a7dc6d13ce2dcc5f4"]
+[:mem/node-8244 :naga/contains "hydrant-0f2d5b548d31e183987691e3de3065fb7baf354c6f809a0a7dc6d13ce2dcc5f4"]
+[:mem/node-8262 :naga/first "hydrant-c16671e761a69ee65b55a08d759ddf6c3546f0786bb5f0714c1d758132855e4a"]
+[:mem/node-8262 :naga/contains "hydrant-c16671e761a69ee65b55a08d759ddf6c3546f0786bb5f0714c1d758132855e4a"]
+[:mem/node-8383 :naga/first "hydrant-60811fa077ddb917fcd2b989cea0f9aa34b0c27e4fe24b88eb97f19ee7bbb50b"]
+[:mem/node-8383 :naga/contains "hydrant-60811fa077ddb917fcd2b989cea0f9aa34b0c27e4fe24b88eb97f19ee7bbb50b"]
+[:mem/node-8276 :start_time #object[java.time.ZonedDateTime 0x1ff23bd1 "2019-02-18T00:31:23Z"]]
+[:mem/node-8276 :end_time #object[java.time.ZonedDateTime 0x62f305bc "2019-03-18T00:31:23Z"]]
+[:mem/node-8259 :valid_time :mem/node-8260]
+[:mem/node-8259 :schema_version "1.0.8"]
+[:mem/node-8259 :module-name "AMP Global Intel"]
+[:mem/node-8259 :naga/entity true]
+[:mem/node-8259 :observable :mem/node-8261]
+[:mem/node-8259 :type "judgement"]
+[:mem/node-8259 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8259 :external_ids :mem/node-8262]
+[:mem/node-8259 :disposition 2]
+[:mem/node-8259 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8259 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8259 :disposition_name "Malicious"]
+[:mem/node-8259 :priority 90]
+[:mem/node-8259 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-2d094174-e2f1-42b4-95e4-9988857c087c"]
+[:mem/node-8259 :severity "High"]
+[:mem/node-8259 :tlp "green"]
+[:mem/node-8259 :db/ident :mem/node-8259]
+[:mem/node-8259 :confidence "High"]
+[:mem/node-8600 :value "bibrath.eu"]
+[:mem/node-8600 :type "domain"]
+[:mem/node-8697 :valid_time :mem/node-8698]
+[:mem/node-8697 :schema_version "1.0.8"]
+[:mem/node-8697 :module-name "AMP Global Intel"]
+[:mem/node-8697 :naga/entity true]
+[:mem/node-8697 :observable :mem/node-8699]
+[:mem/node-8697 :type "judgement"]
+[:mem/node-8697 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8697 :external_ids :mem/node-8700]
+[:mem/node-8697 :disposition 2]
+[:mem/node-8697 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8697 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8697 :disposition_name "Malicious"]
+[:mem/node-8697 :priority 90]
+[:mem/node-8697 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b30cdac5-e8f7-4857-9c2b-aa75ee0324a0"]
+[:mem/node-8697 :severity "High"]
+[:mem/node-8697 :tlp "green"]
+[:mem/node-8697 :db/ident :mem/node-8697]
+[:mem/node-8697 :confidence "High"]
+[:mem/node-8501 :value "bibrath.eu"]
+[:mem/node-8501 :type "domain"]
+[:mem/node-8918 :naga/first :mem/node-8919]
+[:mem/node-8918 :naga/contains :mem/node-8919]
+[:mem/node-8833 :naga/first :mem/node-8834]
+[:mem/node-8833 :naga/contains :mem/node-8834]
+[:mem/node-8541 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8541 :relation "Contains"]
+[:mem/node-8541 :source :mem/node-8542]
+[:mem/node-8541 :related :mem/node-8543]
+[:mem/node-8592 :naga/first "hydrant-805a163b69d2a2803d51edc92ad4d6e5c8ca9c82af188be34dedadbc2ff90f00"]
+[:mem/node-8592 :naga/contains "hydrant-805a163b69d2a2803d51edc92ad4d6e5c8ca9c82af188be34dedadbc2ff90f00"]
+[:mem/node-8661 :naga/first "hydrant-58801dcfc5404e1c7410b12cac08c566913d9a0775f5bb9600085fded8e69b83"]
+[:mem/node-8661 :naga/contains "hydrant-58801dcfc5404e1c7410b12cac08c566913d9a0775f5bb9600085fded8e69b83"]
+[:mem/node-8277 :value "bibrath.eu"]
+[:mem/node-8277 :type "domain"]
+[:mem/node-8234 :naga/first "hydrant-981b03f92bc09bfde35573364f6e07493e84a281e486ac5e6d26117043699537"]
+[:mem/node-8234 :naga/contains "hydrant-981b03f92bc09bfde35573364f6e07493e84a281e486ac5e6d26117043699537"]
+[:mem/node-8531 :description "URLs with domain name bibrath.eu have url scanner postive detections"]
+[:mem/node-8531 :schema_version "1.0.10"]
+[:mem/node-8531 :relations :mem/node-8532]
+[:mem/node-8531 :module-name "VirusTotal"]
+[:mem/node-8531 :naga/entity true]
+[:mem/node-8531 :observables :mem/node-8568]
+[:mem/node-8531 :type "sighting"]
+[:mem/node-8531 :source "VirusTotal"]
+[:mem/node-8531 :source_uri "https://www.virustotal.com/en/domain/bibrath.eu/information/"]
+[:mem/node-8531 :id "transient:e069b63e-8543-42d6-8246-274aa77e28ba"]
+[:mem/node-8531 :count 1]
+[:mem/node-8531 :tlp "white"]
+[:mem/node-8531 :db/ident :mem/node-8531]
+[:mem/node-8531 :confidence "High"]
+[:mem/node-8531 :observed_time :mem/node-8570]
+[:mem/node-8531 :sensor "process.sandbox"]
+[:mem/node-8926 :start_time #object[java.time.ZonedDateTime 0x729c8def "2018-05-05T18:25:12Z"]]
+[:mem/node-8926 :end_time #object[java.time.ZonedDateTime 0x41c88e00 "2018-05-05T18:25:12Z"]]
+[:mem/node-8306 :start_time #object[java.time.ZonedDateTime 0x4fea095b "2018-04-28T00:25:12Z"]]
+[:mem/node-8306 :end_time #object[java.time.ZonedDateTime 0x354e2bff "2018-04-28T00:25:12Z"]]
+[:mem/node-9013 :valid_time :mem/node-9014]
+[:mem/node-9013 :schema_version "1.0.8"]
+[:mem/node-9013 :module-name "AMP Global Intel"]
+[:mem/node-9013 :naga/entity true]
+[:mem/node-9013 :observable :mem/node-9015]
+[:mem/node-9013 :type "judgement"]
+[:mem/node-9013 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9013 :external_ids :mem/node-9016]
+[:mem/node-9013 :disposition 2]
+[:mem/node-9013 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9013 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9013 :disposition_name "Malicious"]
+[:mem/node-9013 :priority 90]
+[:mem/node-9013 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5b932a40-de0b-4f40-ac03-cda26c7395ca"]
+[:mem/node-9013 :severity "High"]
+[:mem/node-9013 :tlp "green"]
+[:mem/node-9013 :db/ident :mem/node-9013]
+[:mem/node-9013 :confidence "High"]
+[:mem/node-9022 :start_time #object[java.time.ZonedDateTime 0x232b3b4c "2019-02-10T00:31:23Z"]]
+[:mem/node-9022 :end_time #object[java.time.ZonedDateTime 0x261609a7 "2019-03-10T00:31:23Z"]]
+[:mem/node-8509 :value "bibrath.eu"]
+[:mem/node-8509 :type "domain"]
+[:mem/node-8799 :naga/first "hydrant-b0f552d7712145cc147c963f3b170e1086b37ca1563dd7693320f80d955cfd69"]
+[:mem/node-8799 :naga/contains "hydrant-b0f552d7712145cc147c963f3b170e1086b37ca1563dd7693320f80d955cfd69"]
+[:mem/node-8851 :valid_time :mem/node-8852]
+[:mem/node-8851 :schema_version "1.0.8"]
+[:mem/node-8851 :module-name "AMP Global Intel"]
+[:mem/node-8851 :naga/entity true]
+[:mem/node-8851 :observable :mem/node-8853]
+[:mem/node-8851 :type "judgement"]
+[:mem/node-8851 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8851 :external_ids :mem/node-8854]
+[:mem/node-8851 :disposition 2]
+[:mem/node-8851 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8851 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8851 :disposition_name "Malicious"]
+[:mem/node-8851 :priority 90]
+[:mem/node-8851 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-337b0eb4-c3d0-4538-aa55-03840ab2da31"]
+[:mem/node-8851 :severity "High"]
+[:mem/node-8851 :tlp "green"]
+[:mem/node-8851 :db/ident :mem/node-8851]
+[:mem/node-8851 :timestamp "2019-03-01T00:31:20.472Z"]
+[:mem/node-8851 :confidence "High"]
+[:mem/node-8614 :start_time #object[java.time.ZonedDateTime 0x39296cef "2018-05-05T00:25:12Z"]]
+[:mem/node-8614 :end_time #object[java.time.ZonedDateTime 0x7dfca9e6 "2018-05-05T00:25:12Z"]]
+[:mem/node-8336 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8336 :schema_version "1.0.4"]
+[:mem/node-8336 :module-name "AMP Global Intel"]
+[:mem/node-8336 :naga/entity true]
+[:mem/node-8336 :observables :mem/node-8337]
+[:mem/node-8336 :type "sighting"]
+[:mem/node-8336 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8336 :external_ids :mem/node-8339]
+[:mem/node-8336 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8336 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-59a0c1b9-ac79-42f0-84b0-bb208fd42681"]
+[:mem/node-8336 :count 1]
+[:mem/node-8336 :tlp "green"]
+[:mem/node-8336 :db/ident :mem/node-8336]
+[:mem/node-8336 :confidence "High"]
+[:mem/node-8336 :observed_time :mem/node-8340]
+[:mem/node-8698 :start_time #object[java.time.ZonedDateTime 0x7771c4e "2019-02-21T18:31:26Z"]]
+[:mem/node-8698 :end_time #object[java.time.ZonedDateTime 0x113a6636 "2019-03-21T18:31:26Z"]]
+[:mem/node-8994 :naga/first "hydrant-e3ed944adb5ba539ea56ea88b1f1f839cff2818712feaa1ef6c71d7561b8dc69"]
+[:mem/node-8994 :naga/contains "hydrant-e3ed944adb5ba539ea56ea88b1f1f839cff2818712feaa1ef6c71d7561b8dc69"]
+[:mem/node-8885 :naga/first "VirusTotal"]
+[:mem/node-8885 :naga/rest :mem/node-8886]
+[:mem/node-8451 :start_time #object[java.time.ZonedDateTime 0x63062eea "2018-05-09T00:25:12Z"]]
+[:mem/node-8451 :end_time #object[java.time.ZonedDateTime 0x7bad18f5 "2018-05-09T00:25:12Z"]]
+[:mem/node-8946 :naga/first :mem/node-8947]
+[:mem/node-8946 :naga/contains :mem/node-8947]
+[:mem/node-9034 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9034 :schema_version "1.0.0"]
+[:mem/node-9034 :module-name "AMP Global Intel"]
+[:mem/node-9034 :naga/entity true]
+[:mem/node-9034 :observables :mem/node-9035]
+[:mem/node-9034 :type "sighting"]
+[:mem/node-9034 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9034 :external_ids :mem/node-9037]
+[:mem/node-9034 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9034 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-02088373-f1a5-4d98-bce6-0985cfa6a80e"]
+[:mem/node-9034 :count 1]
+[:mem/node-9034 :tlp "green"]
+[:mem/node-9034 :db/ident :mem/node-9034]
+[:mem/node-9034 :confidence "High"]
+[:mem/node-9034 :observed_time :mem/node-9038]
+[:mem/node-8663 :start_time #object[java.time.ZonedDateTime 0x4407fea2 "2019-02-24T18:31:21Z"]]
+[:mem/node-8663 :end_time #object[java.time.ZonedDateTime 0x64e3bc2 "2019-03-24T18:31:21Z"]]
+[:mem/node-8242 :start_time #object[java.time.ZonedDateTime 0x54ed249f "2019-02-16T06:31:13Z"]]
+[:mem/node-8242 :end_time #object[java.time.ZonedDateTime 0x4714f447 "2019-03-16T06:31:13Z"]]
+[:mem/node-8156 :start_time #object[java.time.ZonedDateTime 0x3c1df0e9 "2018-04-30T12:25:13Z"]]
+[:mem/node-8156 :end_time #object[java.time.ZonedDateTime 0x4b7a4c83 "2018-04-30T12:25:13Z"]]
+[:mem/node-8341 :valid_time :mem/node-8342]
+[:mem/node-8341 :schema_version "1.0.8"]
+[:mem/node-8341 :module-name "AMP Global Intel"]
+[:mem/node-8341 :naga/entity true]
+[:mem/node-8341 :observable :mem/node-8343]
+[:mem/node-8341 :type "judgement"]
+[:mem/node-8341 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8341 :external_ids :mem/node-8344]
+[:mem/node-8341 :disposition 2]
+[:mem/node-8341 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8341 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8341 :disposition_name "Malicious"]
+[:mem/node-8341 :priority 90]
+[:mem/node-8341 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b1f41643-eb0b-40b5-8f41-b6e72fbf550b"]
+[:mem/node-8341 :severity "High"]
+[:mem/node-8341 :tlp "green"]
+[:mem/node-8341 :db/ident :mem/node-8341]
+[:mem/node-8341 :confidence "High"]
+[:mem/node-9070 :value "bibrath.eu"]
+[:mem/node-9070 :type "domain"]
+[:mem/node-8735 :naga/first "hydrant-7e185f3986f141eb52ad9b8496fd764c50a73bb9a1775def654c728071758cbf"]
+[:mem/node-8735 :naga/contains "hydrant-7e185f3986f141eb52ad9b8496fd764c50a73bb9a1775def654c728071758cbf"]
+[:mem/node-8522 :value "bibrath.eu"]
+[:mem/node-8522 :type "domain"]
+[:mem/node-8449 :value "bibrath.eu"]
+[:mem/node-8449 :type "domain"]
+[:mem/node-8932 :naga/first :mem/node-8933]
+[:mem/node-8932 :naga/contains :mem/node-8933]
+[:mem/node-8462 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8462 :schema_version "1.0.0"]
+[:mem/node-8462 :module-name "AMP Global Intel"]
+[:mem/node-8462 :naga/entity true]
+[:mem/node-8462 :observables :mem/node-8463]
+[:mem/node-8462 :type "sighting"]
+[:mem/node-8462 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8462 :external_ids :mem/node-8465]
+[:mem/node-8462 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8462 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-be5bce26-709b-4e39-b08b-6cb432e360f4"]
+[:mem/node-8462 :count 1]
+[:mem/node-8462 :tlp "green"]
+[:mem/node-8462 :db/ident :mem/node-8462]
+[:mem/node-8462 :confidence "High"]
+[:mem/node-8462 :observed_time :mem/node-8466]
+[:mem/node-9075 :naga/first "hydrant-fd88d33d869ec87459a89364e064b303fc2e3221025bebbf6dc1cf19ab1abda8"]
+[:mem/node-9075 :naga/contains "hydrant-fd88d33d869ec87459a89364e064b303fc2e3221025bebbf6dc1cf19ab1abda8"]
+[:mem/node-8748 :value "bibrath.eu"]
+[:mem/node-8748 :type "domain"]
+[:mem/node-8714 :naga/first "hydrant-61844a94f759832c05853831e49180466de3715c06934d696092e32b5eabfe44"]
+[:mem/node-8714 :naga/contains "hydrant-61844a94f759832c05853831e49180466de3715c06934d696092e32b5eabfe44"]
+[:mem/node-8489 :start_time #object[java.time.ZonedDateTime 0x768e40af "2015-03-18T00:00Z"]]
+[:mem/node-8489 :end_time #object[java.time.ZonedDateTime 0x165824f5 "2015-03-18T00:00Z"]]
+[:mem/node-8356 :naga/first "hydrant-882d7f124f88d59d436a776821ae339bfcedd3be1b7922b784462fd554294b19"]
+[:mem/node-8356 :naga/contains "hydrant-882d7f124f88d59d436a776821ae339bfcedd3be1b7922b784462fd554294b19"]
+[:mem/node-8214 :value "bibrath.eu"]
+[:mem/node-8214 :type "domain"]
+[:mem/node-8128 :start_time #object[java.time.ZonedDateTime 0x4511146f "2019-02-12T12:31:09Z"]]
+[:mem/node-8128 :end_time #object[java.time.ZonedDateTime 0x5c16561a "2019-03-12T12:31:09Z"]]
+[:mem/node-8867 :naga/first "hydrant-2fd46e30c75438df44ab7d926f39bb2022ad50959943a76835c111bd81e58cf8"]
+[:mem/node-8867 :naga/contains "hydrant-2fd46e30c75438df44ab7d926f39bb2022ad50959943a76835c111bd81e58cf8"]
+[:mem/node-8737 :naga/first :mem/node-8738]
+[:mem/node-8737 :naga/contains :mem/node-8738]
+[:mem/node-8678 :naga/first "hydrant-e9be43a7096bce2e96d7845ae45eaa8b80ea3ec7607e4ad518070cdd9d8c6412"]
+[:mem/node-8678 :naga/contains "hydrant-e9be43a7096bce2e96d7845ae45eaa8b80ea3ec7607e4ad518070cdd9d8c6412"]
+[:mem/node-8631 :naga/first "hydrant-3d93b961e7e4cbc5ad2bce17424f149c0eda5f48066cedf2a965121f92a0fc34"]
+[:mem/node-8631 :naga/contains "hydrant-3d93b961e7e4cbc5ad2bce17424f149c0eda5f48066cedf2a965121f92a0fc34"]
+[:mem/node-8669 :naga/first "hydrant-cab041c6758e634df576d2cf6c75f814be12ae24628c29a2101c5184935f167f"]
+[:mem/node-8669 :naga/contains "hydrant-cab041c6758e634df576d2cf6c75f814be12ae24628c29a2101c5184935f167f"]
+[:mem/node-8804 :naga/first "hydrant-cefc588d979b5c57f83f4bae16aac885080f75f80b3c8370b3f4fc5675454b81"]
+[:mem/node-8804 :naga/contains "hydrant-cefc588d979b5c57f83f4bae16aac885080f75f80b3c8370b3f4fc5675454b81"]
+[:mem/node-8370 :naga/first "hydrant-1d635d81dead02a2115bd959272900f465c05a40559d349426f378d6f940359c"]
+[:mem/node-8370 :naga/contains "hydrant-1d635d81dead02a2115bd959272900f465c05a40559d349426f378d6f940359c"]
+[:mem/node-8420 :naga/first "hydrant-a9a6066fe2128a0abacb868621313df6b8aa79a41661daaa6e686daf59694cfe"]
+[:mem/node-8420 :naga/contains "hydrant-a9a6066fe2128a0abacb868621313df6b8aa79a41661daaa6e686daf59694cfe"]
+[:mem/node-8133 :value "bibrath.eu"]
+[:mem/node-8133 :type "domain"]
+[:mem/node-8401 :start_time #object[java.time.ZonedDateTime 0x5819ee0f "2018-05-06T12:25:12Z"]]
+[:mem/node-8401 :end_time #object[java.time.ZonedDateTime 0xf310675 "2018-05-06T12:25:12Z"]]
+[:mem/node-8304 :value "bibrath.eu"]
+[:mem/node-8304 :type "domain"]
+[:mem/node-8230 :start_time #object[java.time.ZonedDateTime 0x424ec990 "2018-04-14T18:25:12Z"]]
+[:mem/node-8230 :end_time #object[java.time.ZonedDateTime 0x2c06e145 "2018-04-14T18:25:12Z"]]
+[:mem/node-8763 :naga/first "hydrant-2492d7f425c0808fca702e616d309a48d0837e87b5d0bd1d4af38a4836132b0b"]
+[:mem/node-8763 :naga/contains "hydrant-2492d7f425c0808fca702e616d309a48d0837e87b5d0bd1d4af38a4836132b0b"]
+[:mem/node-8161 :valid_time :mem/node-8162]
+[:mem/node-8161 :schema_version "1.0.8"]
+[:mem/node-8161 :module-name "AMP Global Intel"]
+[:mem/node-8161 :naga/entity true]
+[:mem/node-8161 :observable :mem/node-8163]
+[:mem/node-8161 :type "judgement"]
+[:mem/node-8161 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8161 :external_ids :mem/node-8164]
+[:mem/node-8161 :disposition 2]
+[:mem/node-8161 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8161 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8161 :disposition_name "Malicious"]
+[:mem/node-8161 :priority 90]
+[:mem/node-8161 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-6c9ac1a3-4b81-4464-99ee-ec54855e2dc2"]
+[:mem/node-8161 :severity "High"]
+[:mem/node-8161 :tlp "green"]
+[:mem/node-8161 :db/ident :mem/node-8161]
+[:mem/node-8161 :confidence "High"]
+[:mem/node-8122 :naga/first "hydrant-76feaff4c6a2760acd899c5e96f37cd8968bb275255673d2f06410170c645684"]
+[:mem/node-8122 :naga/contains "hydrant-76feaff4c6a2760acd899c5e96f37cd8968bb275255673d2f06410170c645684"]
+[:mem/node-8648 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8648 :schema_version "1.0.0"]
+[:mem/node-8648 :module-name "AMP Global Intel"]
+[:mem/node-8648 :naga/entity true]
+[:mem/node-8648 :observables :mem/node-8649]
+[:mem/node-8648 :type "sighting"]
+[:mem/node-8648 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8648 :external_ids :mem/node-8651]
+[:mem/node-8648 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8648 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-4010ab31-42ba-46f1-9c2d-bdba60c77267"]
+[:mem/node-8648 :count 1]
+[:mem/node-8648 :tlp "green"]
+[:mem/node-8648 :db/ident :mem/node-8648]
+[:mem/node-8648 :confidence "High"]
+[:mem/node-8648 :observed_time :mem/node-8652]
+[:mem/node-9074 :value "bibrath.eu"]
+[:mem/node-9074 :type "domain"]
+[:mem/node-8753 :value "bibrath.eu"]
+[:mem/node-8753 :type "domain"]
+[:mem/node-8731 :start_time #object[java.time.ZonedDateTime 0x3b780b5c "2018-04-20T00:25:13Z"]]
+[:mem/node-8731 :end_time #object[java.time.ZonedDateTime 0x3c7db0e8 "2018-04-20T00:25:13Z"]]
+[:mem/node-8802 :naga/first :mem/node-8803]
+[:mem/node-8802 :naga/contains :mem/node-8803]
+[:mem/node-8278 :naga/first "hydrant-fb576da4e9f58ceaedbaf8458da7a212ec65d6b780bc117ec0a88e92c6760a3f"]
+[:mem/node-8278 :naga/contains "hydrant-fb576da4e9f58ceaedbaf8458da7a212ec65d6b780bc117ec0a88e92c6760a3f"]
+[:mem/node-8502 :naga/first "hydrant-3200dad643c73ed3a1ff87cd5dc69fb61adf468ff83a2734179b3b3356647dc5"]
+[:mem/node-8502 :naga/contains "hydrant-3200dad643c73ed3a1ff87cd5dc69fb61adf468ff83a2734179b3b3356647dc5"]
+[:mem/node-8691 :value "bibrath.eu"]
+[:mem/node-8691 :type "domain"]
+[:mem/node-8716 :start_time #object[java.time.ZonedDateTime 0x84becbe "2019-03-07T00:31:26.259Z"]]
+[:mem/node-8716 :end_time #object[java.time.ZonedDateTime 0x13dc383b "2019-04-06T00:31:26.259Z"]]
+[:mem/node-8246 :naga/first :mem/node-8247]
+[:mem/node-8246 :naga/contains :mem/node-8247]
+[:mem/node-8410 :naga/first "hydrant-6bb3d48d2ac796a00427bca8c7fd60fff5d949bda17c8d704374c0bb04cf0250"]
+[:mem/node-8410 :naga/contains "hydrant-6bb3d48d2ac796a00427bca8c7fd60fff5d949bda17c8d704374c0bb04cf0250"]
+[:mem/node-8232 :naga/first :mem/node-8233]
+[:mem/node-8232 :naga/contains :mem/node-8233]
+[:mem/node-8378 :value "bibrath.eu"]
+[:mem/node-8378 :type "domain"]
+[:mem/node-8108 :value "bibrath.eu"]
+[:mem/node-8108 :type "domain"]
+[:mem/node-9066 :naga/first "hydrant-a1998b889d8877712c9bae72a1ef2a48f8995fea883e92dfeeace24d27aeb196"]
+[:mem/node-9066 :naga/contains "hydrant-a1998b889d8877712c9bae72a1ef2a48f8995fea883e92dfeeace24d27aeb196"]
+[:mem/node-8673 :value "bibrath.eu"]
+[:mem/node-8673 :type "domain"]
+[:mem/node-8676 :naga/first :mem/node-8677]
+[:mem/node-8676 :naga/contains :mem/node-8677]
+[:mem/node-8765 :naga/first :mem/node-8766]
+[:mem/node-8765 :naga/contains :mem/node-8766]
+[:mem/node-8186 :naga/first "hydrant-baa05d66a84d59d7e1b4670fa3710b45f6e034872ddd110ae1ef6a4012ab8fc3"]
+[:mem/node-8186 :naga/contains "hydrant-baa05d66a84d59d7e1b4670fa3710b45f6e034872ddd110ae1ef6a4012ab8fc3"]
+[:mem/node-8495 :naga/first :mem/node-8496]
+[:mem/node-8495 :naga/contains :mem/node-8496]
+[:mem/node-8809 :naga/first "hydrant-7495d4b386e0dbe5649361a04f89d0d992a788477c29426bb6752f8905681ce6"]
+[:mem/node-8809 :naga/contains "hydrant-7495d4b386e0dbe5649361a04f89d0d992a788477c29426bb6752f8905681ce6"]
+[:mem/node-8989 :naga/first "hydrant-7ef2d8924fa5e6fde8394e75edb80b0ffb32feaff5ef97bd2d9cc2469240cf4f"]
+[:mem/node-8989 :naga/contains "hydrant-7ef2d8924fa5e6fde8394e75edb80b0ffb32feaff5ef97bd2d9cc2469240cf4f"]
+[:mem/node-8674 :naga/first "hydrant-e4e222c381f887cdbd8bcc1bf4fe604a1d2d5067530da013246e61cddf67bc11"]
+[:mem/node-8674 :naga/contains "hydrant-e4e222c381f887cdbd8bcc1bf4fe604a1d2d5067530da013246e61cddf67bc11"]
+[:mem/node-8200 :start_time #object[java.time.ZonedDateTime 0x6885f3f7 "2019-02-12T00:31:17Z"]]
+[:mem/node-8200 :end_time #object[java.time.ZonedDateTime 0x392ef4ff "2019-03-12T00:31:17Z"]]
+[:mem/node-8965 :value "bibrath.eu"]
+[:mem/node-8965 :type "domain"]
+[:mem/node-8537 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8537 :relation "Contains"]
+[:mem/node-8537 :source :mem/node-8538]
+[:mem/node-8537 :related :mem/node-8539]
+[:mem/node-8640 :value "bibrath.eu"]
+[:mem/node-8640 :type "domain"]
+[:mem/node-8109 :naga/first "hydrant-6d9ad79e6e1c0b9798750aa869f95bb076f9f63fbf757e424f63e78630714f15"]
+[:mem/node-8109 :naga/contains "hydrant-6d9ad79e6e1c0b9798750aa869f95bb076f9f63fbf757e424f63e78630714f15"]
+[:mem/node-8881 :naga/first "hydrant-fd2cef67224cb4cbf04fc86d2b4469b09a81a31414366788ec1696ca268ab8d9"]
+[:mem/node-8881 :naga/contains "hydrant-fd2cef67224cb4cbf04fc86d2b4469b09a81a31414366788ec1696ca268ab8d9"]
+[:mem/node-8986 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8986 :schema_version "1.0.0"]
+[:mem/node-8986 :module-name "AMP Global Intel"]
+[:mem/node-8986 :naga/entity true]
+[:mem/node-8986 :observables :mem/node-8987]
+[:mem/node-8986 :type "sighting"]
+[:mem/node-8986 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8986 :external_ids :mem/node-8989]
+[:mem/node-8986 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8986 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a64c7b32-8d8e-4ac0-aa3f-1690efeed8ae"]
+[:mem/node-8986 :count 1]
+[:mem/node-8986 :tlp "green"]
+[:mem/node-8986 :db/ident :mem/node-8986]
+[:mem/node-8986 :confidence "High"]
+[:mem/node-8986 :observed_time :mem/node-8990]
+[:mem/node-8366 :naga/first "hydrant-53f13eca488f67abc71921fe5def701b9f816c2a2b16d69592aeb03d1c273a99"]
+[:mem/node-8366 :naga/contains "hydrant-53f13eca488f67abc71921fe5def701b9f816c2a2b16d69592aeb03d1c273a99"]
+[:mem/node-8130 :naga/first "hydrant-feabf58f30acfde3cde203cff7d407f0408ff4b3a6612a20cd42e8dcca0675f2"]
+[:mem/node-8130 :naga/contains "hydrant-feabf58f30acfde3cde203cff7d407f0408ff4b3a6612a20cd42e8dcca0675f2"]
+[:mem/node-8369 :value "bibrath.eu"]
+[:mem/node-8369 :type "domain"]
+[:mem/node-8331 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8331 :schema_version "1.0.0"]
+[:mem/node-8331 :module-name "AMP Global Intel"]
+[:mem/node-8331 :naga/entity true]
+[:mem/node-8331 :observables :mem/node-8332]
+[:mem/node-8331 :type "sighting"]
+[:mem/node-8331 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8331 :external_ids :mem/node-8334]
+[:mem/node-8331 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8331 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-71278ffe-4fcd-4d6d-a59e-8156c8c7778c"]
+[:mem/node-8331 :count 1]
+[:mem/node-8331 :tlp "green"]
+[:mem/node-8331 :db/ident :mem/node-8331]
+[:mem/node-8331 :confidence "High"]
+[:mem/node-8331 :observed_time :mem/node-8335]
+[:mem/node-8593 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8593 :schema_version "1.0.0"]
+[:mem/node-8593 :module-name "AMP Global Intel"]
+[:mem/node-8593 :naga/entity true]
+[:mem/node-8593 :observables :mem/node-8594]
+[:mem/node-8593 :type "sighting"]
+[:mem/node-8593 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8593 :external_ids :mem/node-8596]
+[:mem/node-8593 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8593 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-96a57602-f513-4191-b1f6-4caafef08116"]
+[:mem/node-8593 :count 1]
+[:mem/node-8593 :tlp "green"]
+[:mem/node-8593 :db/ident :mem/node-8593]
+[:mem/node-8593 :confidence "High"]
+[:mem/node-8593 :observed_time :mem/node-8597]
+[:mem/node-8162 :start_time #object[java.time.ZonedDateTime 0x6ed7c178 "2019-02-11T12:31:07Z"]]
+[:mem/node-8162 :end_time #object[java.time.ZonedDateTime 0x1c382179 "2019-03-11T12:31:07Z"]]
+[:mem/node-8899 :start_time #object[java.time.ZonedDateTime 0x5b657342 "2019-04-02T20:10:46.684Z"]]
+[:mem/node-8899 :end_time #object[java.time.ZonedDateTime 0x15a2fddd "2019-05-02T20:10:46.684Z"]]
+[:mem/node-8684 :start_time #object[java.time.ZonedDateTime 0x452e2210 "2018-05-05T12:25:13Z"]]
+[:mem/node-8684 :end_time #object[java.time.ZonedDateTime 0x18c0f025 "2018-05-05T12:25:13Z"]]
+[:mem/node-8959 :naga/first :mem/node-8960]
+[:mem/node-8959 :naga/contains :mem/node-8960]
+[:mem/node-8138 :value "bibrath.eu"]
+[:mem/node-8138 :type "domain"]
+[:mem/node-8990 :start_time #object[java.time.ZonedDateTime 0x684f7f1c "2018-05-14T00:25:12Z"]]
+[:mem/node-8990 :end_time #object[java.time.ZonedDateTime 0x6a013bdd "2018-05-14T00:25:12Z"]]
+[:mem/node-8318 :naga/first :mem/node-8319]
+[:mem/node-8318 :naga/contains :mem/node-8319]
+[:mem/node-8098 :naga/first :mem/node-8099]
+[:mem/node-8098 :naga/contains :mem/node-8099]
+[:mem/node-8589 :valid_time :mem/node-8590]
+[:mem/node-8589 :schema_version "1.0.8"]
+[:mem/node-8589 :module-name "AMP Global Intel"]
+[:mem/node-8589 :naga/entity true]
+[:mem/node-8589 :observable :mem/node-8591]
+[:mem/node-8589 :type "judgement"]
+[:mem/node-8589 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8589 :external_ids :mem/node-8592]
+[:mem/node-8589 :disposition 2]
+[:mem/node-8589 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8589 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8589 :disposition_name "Malicious"]
+[:mem/node-8589 :priority 90]
+[:mem/node-8589 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8a842be-4378-4f24-86fc-dfd56453c226"]
+[:mem/node-8589 :severity "High"]
+[:mem/node-8589 :tlp "green"]
+[:mem/node-8589 :db/ident :mem/node-8589]
+[:mem/node-8589 :confidence "High"]
+[:mem/node-9015 :value "bibrath.eu"]
+[:mem/node-9015 :type "domain"]
+[:mem/node-8164 :naga/first "hydrant-2c7426094f485dce80da99635440ded3547df335c7cd8dd1ddd5a84bbb86e3cf"]
+[:mem/node-8164 :naga/contains "hydrant-2c7426094f485dce80da99635440ded3547df335c7cd8dd1ddd5a84bbb86e3cf"]
+[:mem/node-8521 :start_time #object[java.time.ZonedDateTime 0x5e0bba2f "2019-03-04T00:31:21.156Z"]]
+[:mem/node-8521 :end_time #object[java.time.ZonedDateTime 0x41d53813 "2019-04-03T00:31:21.156Z"]]
+[:mem/node-8102 :valid_time :mem/node-8103]
+[:mem/node-8102 :schema_version "1.0.8"]
+[:mem/node-8102 :module-name "AMP Global Intel"]
+[:mem/node-8102 :naga/entity true]
+[:mem/node-8102 :observable :mem/node-8104]
+[:mem/node-8102 :type "judgement"]
+[:mem/node-8102 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8102 :external_ids :mem/node-8105]
+[:mem/node-8102 :disposition 2]
+[:mem/node-8102 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8102 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8102 :disposition_name "Malicious"]
+[:mem/node-8102 :priority 90]
+[:mem/node-8102 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-21c69197-fd56-4ad4-bda0-c8665f0930f2"]
+[:mem/node-8102 :severity "High"]
+[:mem/node-8102 :tlp "green"]
+[:mem/node-8102 :db/ident :mem/node-8102]
+[:mem/node-8102 :confidence "High"]
+[:mem/node-8179 :naga/first :mem/node-8180]
+[:mem/node-8179 :naga/contains :mem/node-8180]
+[:mem/node-8667 :naga/first :mem/node-8668]
+[:mem/node-8667 :naga/contains :mem/node-8668]
+[:mem/node-8375 :start_time #object[java.time.ZonedDateTime 0x52f118aa "2018-10-19T18:25:16Z"]]
+[:mem/node-8375 :end_time #object[java.time.ZonedDateTime 0x31cd0efa "2018-10-19T18:25:16Z"]]
+[:mem/node-8515 :start_time #object[java.time.ZonedDateTime 0x3294102e "2018-04-15T06:25:13Z"]]
+[:mem/node-8515 :end_time #object[java.time.ZonedDateTime 0x5a69b3cf "2018-04-15T06:25:13Z"]]
+[:mem/node-8270 :value "bibrath.eu"]
+[:mem/node-8270 :type "domain"]
+[:mem/node-8340 :start_time #object[java.time.ZonedDateTime 0x7c460 "2018-10-03T00:25:16Z"]]
+[:mem/node-8340 :end_time #object[java.time.ZonedDateTime 0x59e4a044 "2018-10-03T00:25:16Z"]]
+[:mem/node-8666 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8666 :schema_version "1.0.0"]
+[:mem/node-8666 :module-name "AMP Global Intel"]
+[:mem/node-8666 :naga/entity true]
+[:mem/node-8666 :observables :mem/node-8667]
+[:mem/node-8666 :type "sighting"]
+[:mem/node-8666 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8666 :external_ids :mem/node-8669]
+[:mem/node-8666 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8666 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-8e1a7ce5-2e4e-4118-a239-287cc0a4c133"]
+[:mem/node-8666 :count 1]
+[:mem/node-8666 :tlp "green"]
+[:mem/node-8666 :db/ident :mem/node-8666]
+[:mem/node-8666 :confidence "High"]
+[:mem/node-8666 :observed_time :mem/node-8670]
+[:mem/node-8798 :value "bibrath.eu"]
+[:mem/node-8798 :type "domain"]
+[:mem/node-8354 :naga/first :mem/node-8355]
+[:mem/node-8354 :naga/contains :mem/node-8355]
+[:mem/node-8911 :naga/first "hydrant-98293917f5ea37e1a0739fc7e80900a99ea01730048315d147ac245bab48a70f"]
+[:mem/node-8911 :naga/contains "hydrant-98293917f5ea37e1a0739fc7e80900a99ea01730048315d147ac245bab48a70f"]
+[:mem/node-8470 :naga/first "hydrant-2d36ae79dbee777a7e9e577b885a7637e4479cecf42f709b6c2e03b69282fefc"]
+[:mem/node-8470 :naga/contains "hydrant-2d36ae79dbee777a7e9e577b885a7637e4479cecf42f709b6c2e03b69282fefc"]
+[:mem/node-9053 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9053 :schema_version "1.0.0"]
+[:mem/node-9053 :module-name "AMP Global Intel"]
+[:mem/node-9053 :naga/entity true]
+[:mem/node-9053 :observables :mem/node-9054]
+[:mem/node-9053 :type "sighting"]
+[:mem/node-9053 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9053 :external_ids :mem/node-9056]
+[:mem/node-9053 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9053 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-ae662ce0-07fe-4050-9037-eb5795322c7e"]
+[:mem/node-9053 :count 1]
+[:mem/node-9053 :tlp "green"]
+[:mem/node-9053 :db/ident :mem/node-9053]
+[:mem/node-9053 :confidence "High"]
+[:mem/node-9053 :observed_time :mem/node-9057]
+[:mem/node-8457 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8457 :schema_version "1.0.0"]
+[:mem/node-8457 :module-name "AMP Global Intel"]
+[:mem/node-8457 :naga/entity true]
+[:mem/node-8457 :observables :mem/node-8458]
+[:mem/node-8457 :type "sighting"]
+[:mem/node-8457 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8457 :external_ids :mem/node-8460]
+[:mem/node-8457 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8457 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a56017a-d1c3-4c46-b4cd-fe47d52f281f"]
+[:mem/node-8457 :count 1]
+[:mem/node-8457 :tlp "green"]
+[:mem/node-8457 :db/ident :mem/node-8457]
+[:mem/node-8457 :confidence "High"]
+[:mem/node-8457 :observed_time :mem/node-8461]
+[:mem/node-8202 :naga/first "hydrant-85a581c08e63cacd371e810b7ee08b0f343055a2250a116a09c6f524c7738803"]
+[:mem/node-8202 :naga/contains "hydrant-85a581c08e63cacd371e810b7ee08b0f343055a2250a116a09c6f524c7738803"]
+[:mem/node-8266 :naga/first "hydrant-9c10478ed58d26b43f51072718c33e5a3b0f6324a712a0d55ae004da83a3e3f2"]
+[:mem/node-8266 :naga/contains "hydrant-9c10478ed58d26b43f51072718c33e5a3b0f6324a712a0d55ae004da83a3e3f2"]
+[:mem/node-8703 :start_time #object[java.time.ZonedDateTime 0x4be3de36 "2019-03-14T00:31:26.925Z"]]
+[:mem/node-8703 :end_time #object[java.time.ZonedDateTime 0x5c03eb4e "2019-04-13T00:31:26.925Z"]]
+[:mem/node-8962 :start_time #object[java.time.ZonedDateTime 0x6219006a "2018-05-12T06:25:14Z"]]
+[:mem/node-8962 :end_time #object[java.time.ZonedDateTime 0x1e836aed "2018-05-12T06:25:14Z"]]
+[:mem/node-8625 :start_time #object[java.time.ZonedDateTime 0x4bc41565 "2019-02-24T00:31:24Z"]]
+[:mem/node-8625 :end_time #object[java.time.ZonedDateTime 0x8dedec8 "2019-03-24T00:31:24Z"]]
+[:mem/node-8393 :naga/first :mem/node-8394]
+[:mem/node-8393 :naga/contains :mem/node-8394]
+[:mem/node-8213 :naga/first :mem/node-8214]
+[:mem/node-8213 :naga/contains :mem/node-8214]
+[:mem/node-8553 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8553 :relation "Contains"]
+[:mem/node-8553 :source :mem/node-8554]
+[:mem/node-8553 :related :mem/node-8555]
+[:mem/node-8089 :naga/first :mem/node-8090]
+[:mem/node-8089 :naga/contains :mem/node-8090]
+[:mem/node-8125 :value "bibrath.eu"]
+[:mem/node-8125 :type "domain"]
+[:mem/node-8754 :naga/first "hydrant-141c1befa04a9787c6f4793fa5207b21e902a70050077e6aeaaaa345c83e537a"]
+[:mem/node-8754 :naga/contains "hydrant-141c1befa04a9787c6f4793fa5207b21e902a70050077e6aeaaaa345c83e537a"]
+[:mem/node-8472 :start_time #object[java.time.ZonedDateTime 0x226e95e9 "2019-02-13T06:31:12Z"]]
+[:mem/node-8472 :end_time #object[java.time.ZonedDateTime 0x27bf574b "2019-03-13T06:31:12Z"]]
+[:mem/node-8933 :value "bibrath.eu"]
+[:mem/node-8933 :type "domain"]
+[:mem/node-8984 :naga/first "hydrant-672e6f7ea6b4b5b799137ffcc4c46c8bedbe613386d4570a02bbf687fceb6dbb"]
+[:mem/node-8984 :naga/contains "hydrant-672e6f7ea6b4b5b799137ffcc4c46c8bedbe613386d4570a02bbf687fceb6dbb"]
+[:mem/node-8995 :start_time #object[java.time.ZonedDateTime 0x4cbb11e4 "2018-04-20T18:25:12Z"]]
+[:mem/node-8995 :end_time #object[java.time.ZonedDateTime 0x326dbe25 "2018-04-20T18:25:12Z"]]
+[:mem/node-8387 :value "bibrath.eu"]
+[:mem/node-8387 :type "domain"]
+[:mem/node-8221 :valid_time :mem/node-8222]
+[:mem/node-8221 :schema_version "1.0.8"]
+[:mem/node-8221 :module-name "AMP Global Intel"]
+[:mem/node-8221 :naga/entity true]
+[:mem/node-8221 :observable :mem/node-8223]
+[:mem/node-8221 :type "judgement"]
+[:mem/node-8221 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8221 :external_ids :mem/node-8224]
+[:mem/node-8221 :disposition 2]
+[:mem/node-8221 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8221 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8221 :disposition_name "Malicious"]
+[:mem/node-8221 :priority 90]
+[:mem/node-8221 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e49b54ef-4c9c-41ed-b5b6-0e983e859c71"]
+[:mem/node-8221 :severity "High"]
+[:mem/node-8221 :tlp "green"]
+[:mem/node-8221 :db/ident :mem/node-8221]
+[:mem/node-8221 :confidence "High"]
+[:mem/node-8729 :value "bibrath.eu"]
+[:mem/node-8729 :type "domain"]
+[:mem/node-8568 :naga/first :mem/node-8569]
+[:mem/node-8568 :naga/contains :mem/node-8569]
+[:mem/node-8968 :valid_time :mem/node-8969]
+[:mem/node-8968 :schema_version "1.0.8"]
+[:mem/node-8968 :module-name "AMP Global Intel"]
+[:mem/node-8968 :naga/entity true]
+[:mem/node-8968 :observable :mem/node-8970]
+[:mem/node-8968 :type "judgement"]
+[:mem/node-8968 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8968 :external_ids :mem/node-8971]
+[:mem/node-8968 :disposition 2]
+[:mem/node-8968 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8968 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8968 :disposition_name "Malicious"]
+[:mem/node-8968 :priority 90]
+[:mem/node-8968 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-c808197c-928b-4831-9eea-d9ad2e44582d"]
+[:mem/node-8968 :severity "High"]
+[:mem/node-8968 :tlp "green"]
+[:mem/node-8968 :db/ident :mem/node-8968]
+[:mem/node-8968 :confidence "High"]
+[:mem/node-8708 :value "bibrath.eu"]
+[:mem/node-8708 :type "domain"]
+[:mem/node-8211 :naga/first "hydrant-af1701c174b61c5eeedf8c6f56b26c060dec819ddc0c5281d6e72bbb9573e724"]
+[:mem/node-8211 :naga/contains "hydrant-af1701c174b61c5eeedf8c6f56b26c060dec819ddc0c5281d6e72bbb9573e724"]
+[:mem/node-8153 :naga/first :mem/node-8154]
+[:mem/node-8153 :naga/contains :mem/node-8154]
+[:mem/node-8552 :naga/first :mem/node-8553]
+[:mem/node-8552 :naga/rest :mem/node-8556]
+[:mem/node-8146 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8146 :schema_version "1.0.0"]
+[:mem/node-8146 :module-name "AMP Global Intel"]
+[:mem/node-8146 :naga/entity true]
+[:mem/node-8146 :observables :mem/node-8147]
+[:mem/node-8146 :type "sighting"]
+[:mem/node-8146 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8146 :external_ids :mem/node-8149]
+[:mem/node-8146 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8146 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-960ff53f-4cc6-4b41-a5b8-90aa4bd53cf6"]
+[:mem/node-8146 :count 1]
+[:mem/node-8146 :tlp "green"]
+[:mem/node-8146 :db/ident :mem/node-8146]
+[:mem/node-8146 :confidence "High"]
+[:mem/node-8146 :observed_time :mem/node-8150]
+[:mem/node-8101 :start_time #object[java.time.ZonedDateTime 0x647aa45c "2018-05-01T00:25:13Z"]]
+[:mem/node-8101 :end_time #object[java.time.ZonedDateTime 0x3922b297 "2018-05-01T00:25:13Z"]]
+[:mem/node-8183 :valid_time :mem/node-8184]
+[:mem/node-8183 :schema_version "1.0.9"]
+[:mem/node-8183 :module-name "AMP Global Intel"]
+[:mem/node-8183 :naga/entity true]
+[:mem/node-8183 :observable :mem/node-8185]
+[:mem/node-8183 :type "judgement"]
+[:mem/node-8183 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8183 :external_ids :mem/node-8186]
+[:mem/node-8183 :disposition 2]
+[:mem/node-8183 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8183 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8183 :disposition_name "Malicious"]
+[:mem/node-8183 :priority 90]
+[:mem/node-8183 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-4d0b005d-33be-4dcc-89d0-2b0b64c26005"]
+[:mem/node-8183 :severity "High"]
+[:mem/node-8183 :tlp "green"]
+[:mem/node-8183 :db/ident :mem/node-8183]
+[:mem/node-8183 :timestamp "2019-03-17T00:31:24.025Z"]
+[:mem/node-8183 :confidence "High"]
+[:mem/node-8794 :naga/first "hydrant-d08be8584a9f803c528ab8a923a9a483d4bff8e6be8358de565db8f94c48f018"]
+[:mem/node-8794 :naga/contains "hydrant-d08be8584a9f803c528ab8a923a9a483d4bff8e6be8358de565db8f94c48f018"]
+[:mem/node-8440 :start_time #object[java.time.ZonedDateTime 0x2d02a066 "2019-02-21T12:31:14Z"]]
+[:mem/node-8440 :end_time #object[java.time.ZonedDateTime 0x72c1bf75 "2019-03-21T12:31:14Z"]]
+[:mem/node-8310 :value "bibrath.eu"]
+[:mem/node-8310 :type "domain"]
+[:mem/node-8297 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8297 :schema_version "1.0.0"]
+[:mem/node-8297 :module-name "AMP Global Intel"]
+[:mem/node-8297 :naga/entity true]
+[:mem/node-8297 :observables :mem/node-8298]
+[:mem/node-8297 :type "sighting"]
+[:mem/node-8297 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8297 :external_ids :mem/node-8300]
+[:mem/node-8297 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8297 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2f878e6d-febf-4df3-aa9d-a723d40a5db6"]
+[:mem/node-8297 :count 1]
+[:mem/node-8297 :tlp "green"]
+[:mem/node-8297 :db/ident :mem/node-8297]
+[:mem/node-8297 :confidence "High"]
+[:mem/node-8297 :observed_time :mem/node-8301]
+[:mem/node-8830 :value "bibrath.eu"]
+[:mem/node-8830 :type "domain"]
+[:mem/node-8110 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8110 :schema_version "1.0.4"]
+[:mem/node-8110 :module-name "AMP Global Intel"]
+[:mem/node-8110 :naga/entity true]
+[:mem/node-8110 :observables :mem/node-8111]
+[:mem/node-8110 :type "sighting"]
+[:mem/node-8110 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8110 :external_ids :mem/node-8113]
+[:mem/node-8110 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8110 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-0f80c78f-85f2-45fe-9bb6-fdb7b84f7381"]
+[:mem/node-8110 :count 1]
+[:mem/node-8110 :tlp "green"]
+[:mem/node-8110 :db/ident :mem/node-8110]
+[:mem/node-8110 :confidence "High"]
+[:mem/node-8110 :observed_time :mem/node-8114]
+[:mem/node-8255 :naga/first :mem/node-8256]
+[:mem/node-8255 :naga/contains :mem/node-8256]
+[:mem/node-8980 :naga/first "hydrant-d4a21cb96845f5f8d4d5f09074ecec11800e69ce886387ab588efff7cae9c28e"]
+[:mem/node-8980 :naga/contains "hydrant-d4a21cb96845f5f8d4d5f09074ecec11800e69ce886387ab588efff7cae9c28e"]
+[:mem/node-8838 :naga/first :mem/node-8839]
+[:mem/node-8838 :naga/contains :mem/node-8839]
+[:mem/node-8149 :naga/first "hydrant-313fa52cce3a8913949853e84204702bf73cee17e5deac23d42599f86b3c9a96"]
+[:mem/node-8149 :naga/contains "hydrant-313fa52cce3a8913949853e84204702bf73cee17e5deac23d42599f86b3c9a96"]
+[:mem/node-8542 :value "http://bibrath.eu/gdgsdgewrwerw823n/wwh.jpg"]
+[:mem/node-8542 :type "url"]
+[:mem/node-8169 :start_time #object[java.time.ZonedDateTime 0x43a8bd35 "2018-10-13T00:25:15Z"]]
+[:mem/node-8169 :end_time #object[java.time.ZonedDateTime 0x6fb219dd "2018-10-13T00:25:15Z"]]
+[:mem/node-8452 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8452 :schema_version "1.0.0"]
+[:mem/node-8452 :module-name "AMP Global Intel"]
+[:mem/node-8452 :naga/entity true]
+[:mem/node-8452 :observables :mem/node-8453]
+[:mem/node-8452 :type "sighting"]
+[:mem/node-8452 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8452 :external_ids :mem/node-8455]
+[:mem/node-8452 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8452 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-4bea537d-a563-48e3-9fb2-6cf45b02c4bc"]
+[:mem/node-8452 :count 1]
+[:mem/node-8452 :tlp "green"]
+[:mem/node-8452 :db/ident :mem/node-8452]
+[:mem/node-8452 :confidence "High"]
+[:mem/node-8452 :observed_time :mem/node-8456]
+[:mem/node-8622 :value "bibrath.eu"]
+[:mem/node-8622 :type "domain"]
+[:mem/node-8886 :naga/first "Threat Grid - int"]
+[:mem/node-8886 :naga/rest :mem/node-8887]
+[:mem/node-8853 :value "bibrath.eu"]
+[:mem/node-8853 :type "domain"]
+[:mem/node-8665 :naga/first "hydrant-61311a9b909a93b424bffcfa356de6075ebb3dd5a00467d58773fb2634eedf59"]
+[:mem/node-8665 :naga/contains "hydrant-61311a9b909a93b424bffcfa356de6075ebb3dd5a00467d58773fb2634eedf59"]
+[:mem/node-8771 :value "bibrath.eu"]
+[:mem/node-8771 :type "domain"]
+[:mem/node-8615 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8615 :schema_version "1.0.0"]
+[:mem/node-8615 :module-name "AMP Global Intel"]
+[:mem/node-8615 :naga/entity true]
+[:mem/node-8615 :observables :mem/node-8616]
+[:mem/node-8615 :type "sighting"]
+[:mem/node-8615 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8615 :external_ids :mem/node-8618]
+[:mem/node-8615 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8615 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-2f578968-e38b-4339-90dc-e6e38560fba6"]
+[:mem/node-8615 :count 1]
+[:mem/node-8615 :tlp "green"]
+[:mem/node-8615 :db/ident :mem/node-8615]
+[:mem/node-8615 :confidence "High"]
+[:mem/node-8615 :observed_time :mem/node-8619]
+[:mem/node-8280 :start_time #object[java.time.ZonedDateTime 0x570b85dd "2019-02-19T12:31:24Z"]]
+[:mem/node-8280 :end_time #object[java.time.ZonedDateTime 0x28ceb25e "2019-03-19T12:31:24Z"]]
+[:mem/node-8257 :naga/first "hydrant-1b43ab4a1a2f7a7d7c718d5968ee694260a47128e7523d00d4c94b41f0408b48"]
+[:mem/node-8257 :naga/contains "hydrant-1b43ab4a1a2f7a7d7c718d5968ee694260a47128e7523d00d4c94b41f0408b48"]
+[:mem/node-8117 :value "bibrath.eu"]
+[:mem/node-8117 :type "domain"]
+[:mem/node-8209 :start_time #object[java.time.ZonedDateTime 0x2e09e367 "2019-02-14T00:31:18Z"]]
+[:mem/node-8209 :end_time #object[java.time.ZonedDateTime 0x518a7b8a "2019-03-14T00:31:18Z"]]
+[:mem/node-8832 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8832 :schema_version "1.0.0"]
+[:mem/node-8832 :module-name "AMP Global Intel"]
+[:mem/node-8832 :naga/entity true]
+[:mem/node-8832 :observables :mem/node-8833]
+[:mem/node-8832 :type "sighting"]
+[:mem/node-8832 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8832 :external_ids :mem/node-8835]
+[:mem/node-8832 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8832 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-3f407255-5d40-4719-adab-fdfa483a87a6"]
+[:mem/node-8832 :count 1]
+[:mem/node-8832 :tlp "green"]
+[:mem/node-8832 :db/ident :mem/node-8832]
+[:mem/node-8832 :confidence "High"]
+[:mem/node-8832 :observed_time :mem/node-8836]
+[:mem/node-8496 :value "bibrath.eu"]
+[:mem/node-8496 :type "domain"]
+[:mem/node-8416 :start_time #object[java.time.ZonedDateTime 0x5a24390b "2018-04-27T06:25:13Z"]]
+[:mem/node-8416 :end_time #object[java.time.ZonedDateTime 0x7253c53 "2018-04-27T06:25:13Z"]]
+[:mem/node-8727 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8727 :schema_version "1.0.0"]
+[:mem/node-8727 :module-name "AMP Global Intel"]
+[:mem/node-8727 :naga/entity true]
+[:mem/node-8727 :observables :mem/node-8728]
+[:mem/node-8727 :type "sighting"]
+[:mem/node-8727 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8727 :external_ids :mem/node-8730]
+[:mem/node-8727 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8727 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-65ac6a9a-ac53-4234-b262-ca589f77ad29"]
+[:mem/node-8727 :count 1]
+[:mem/node-8727 :tlp "green"]
+[:mem/node-8727 :db/ident :mem/node-8727]
+[:mem/node-8727 :confidence "High"]
+[:mem/node-8727 :observed_time :mem/node-8731]
+[:mem/node-9036 :value "bibrath.eu"]
+[:mem/node-9036 :type "domain"]
+[:mem/node-8511 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8511 :schema_version "1.0.0"]
+[:mem/node-8511 :module-name "AMP Global Intel"]
+[:mem/node-8511 :naga/entity true]
+[:mem/node-8511 :observables :mem/node-8512]
+[:mem/node-8511 :type "sighting"]
+[:mem/node-8511 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8511 :external_ids :mem/node-8514]
+[:mem/node-8511 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8511 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-3065e569-bacf-4531-8f63-85861c27a1a2"]
+[:mem/node-8511 :count 1]
+[:mem/node-8511 :tlp "green"]
+[:mem/node-8511 :db/ident :mem/node-8511]
+[:mem/node-8511 :confidence "High"]
+[:mem/node-8511 :observed_time :mem/node-8515]
+[:mem/node-9045 :value "bibrath.eu"]
+[:mem/node-9045 :type "domain"]
+[:mem/node-8724 :start_time #object[java.time.ZonedDateTime 0x66d6e50b "2019-03-18T00:31:15.614Z"]]
+[:mem/node-8724 :end_time #object[java.time.ZonedDateTime 0x64829470 "2019-04-17T00:31:15.614Z"]]
+[:mem/node-8948 :naga/first "hydrant-0f57143e338758ab5139d69c14e579f70bc1511e85ca5eaa7883ea735b1c5b2a"]
+[:mem/node-8948 :naga/contains "hydrant-0f57143e338758ab5139d69c14e579f70bc1511e85ca5eaa7883ea735b1c5b2a"]
+[:mem/node-8856 :start_time #object[java.time.ZonedDateTime 0x1f95158a "2019-02-15T06:31:22Z"]]
+[:mem/node-8856 :end_time #object[java.time.ZonedDateTime 0x31fc658f "2019-03-15T06:31:22Z"]]
+[:mem/node-8668 :value "bibrath.eu"]
+[:mem/node-8668 :type "domain"]
+[:mem/node-8880 :value "bibrath.eu"]
+[:mem/node-8880 :type "domain"]
+[:mem/node-8641 :naga/first "hydrant-2f4d798335582756febccd4707f7078049d8ec934d8bdb3c88a90172d635346d"]
+[:mem/node-8641 :naga/contains "hydrant-2f4d798335582756febccd4707f7078049d8ec934d8bdb3c88a90172d635346d"]
+[:mem/node-8741 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8741 :schema_version "1.0.0"]
+[:mem/node-8741 :module-name "AMP Global Intel"]
+[:mem/node-8741 :naga/entity true]
+[:mem/node-8741 :observables :mem/node-8742]
+[:mem/node-8741 :type "sighting"]
+[:mem/node-8741 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8741 :external_ids :mem/node-8744]
+[:mem/node-8741 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8741 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-64cc2451-05f4-462f-80ec-0dd80daf46cb"]
+[:mem/node-8741 :count 1]
+[:mem/node-8741 :tlp "green"]
+[:mem/node-8741 :db/ident :mem/node-8741]
+[:mem/node-8741 :confidence "High"]
+[:mem/node-8741 :observed_time :mem/node-8745]
+[:mem/node-8443 :valid_time :mem/node-8444]
+[:mem/node-8443 :schema_version "1.0.8"]
+[:mem/node-8443 :module-name "AMP Global Intel"]
+[:mem/node-8443 :naga/entity true]
+[:mem/node-8443 :observable :mem/node-8445]
+[:mem/node-8443 :type "judgement"]
+[:mem/node-8443 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8443 :external_ids :mem/node-8446]
+[:mem/node-8443 :disposition 2]
+[:mem/node-8443 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8443 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8443 :disposition_name "Malicious"]
+[:mem/node-8443 :priority 90]
+[:mem/node-8443 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e94d3214-4865-4aab-9a32-6dfc9e25f369"]
+[:mem/node-8443 :severity "High"]
+[:mem/node-8443 :tlp "green"]
+[:mem/node-8443 :db/ident :mem/node-8443]
+[:mem/node-8443 :confidence "High"]
+[:mem/node-8581 :start_time #object[java.time.ZonedDateTime 0x60d32006 "2019-02-20T06:31:18Z"]]
+[:mem/node-8581 :end_time #object[java.time.ZonedDateTime 0x10820978 "2019-03-20T06:31:18Z"]]
+[:mem/node-8947 :value "bibrath.eu"]
+[:mem/node-8947 :type "domain"]
+[:mem/node-8465 :naga/first "hydrant-c1706740fe6b8d8a30e4ee2c3f09c8cc3c08788ed6ab87cf040211308ebbd603"]
+[:mem/node-8465 :naga/contains "hydrant-c1706740fe6b8d8a30e4ee2c3f09c8cc3c08788ed6ab87cf040211308ebbd603"]
+[:mem/node-8288 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8288 :schema_version "1.0.4"]
+[:mem/node-8288 :module-name "AMP Global Intel"]
+[:mem/node-8288 :naga/entity true]
+[:mem/node-8288 :observables :mem/node-8289]
+[:mem/node-8288 :type "sighting"]
+[:mem/node-8288 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8288 :external_ids :mem/node-8291]
+[:mem/node-8288 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8288 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-83725bc5-3a7b-40a7-9bc1-0a7c979e3e93"]
+[:mem/node-8288 :count 1]
+[:mem/node-8288 :tlp "green"]
+[:mem/node-8288 :db/ident :mem/node-8288]
+[:mem/node-8288 :confidence "High"]
+[:mem/node-8288 :observed_time :mem/node-8292]
+[:mem/node-8145 :start_time #object[java.time.ZonedDateTime 0x278c67a7 "2018-05-11T18:25:13Z"]]
+[:mem/node-8145 :end_time #object[java.time.ZonedDateTime 0x758ebec4 "2018-05-11T18:25:13Z"]]
+[:mem/node-8239 :naga/first "hydrant-2804c4a298c72b899122be6c2e2fee5433dea6e829b6a744009adb56f35c8cdb"]
+[:mem/node-8239 :naga/contains "hydrant-2804c4a298c72b899122be6c2e2fee5433dea6e829b6a744009adb56f35c8cdb"]
+[:mem/node-8571 :valid_time :mem/node-8572]
+[:mem/node-8571 :schema_version "1.0.8"]
+[:mem/node-8571 :module-name "AMP Global Intel"]
+[:mem/node-8571 :naga/entity true]
+[:mem/node-8571 :observable :mem/node-8573]
+[:mem/node-8571 :type "judgement"]
+[:mem/node-8571 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8571 :external_ids :mem/node-8574]
+[:mem/node-8571 :disposition 2]
+[:mem/node-8571 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8571 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8571 :disposition_name "Malicious"]
+[:mem/node-8571 :priority 90]
+[:mem/node-8571 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-8452f135-6cd3-4f33-8a7b-48d0a461c4ed"]
+[:mem/node-8571 :severity "High"]
+[:mem/node-8571 :tlp "green"]
+[:mem/node-8571 :db/ident :mem/node-8571]
+[:mem/node-8571 :timestamp "2019-03-03T00:31:13.320Z"]
+[:mem/node-8571 :confidence "High"]
+[:mem/node-8561 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8561 :relation "Contains"]
+[:mem/node-8561 :source :mem/node-8562]
+[:mem/node-8561 :related :mem/node-8563]
+[:mem/node-8937 :naga/first :mem/node-8938]
+[:mem/node-8937 :naga/contains :mem/node-8938]
+[:mem/node-8505 :value "bibrath.eu"]
+[:mem/node-8505 :type "domain"]
+[:mem/node-8755 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8755 :schema_version "1.0.0"]
+[:mem/node-8755 :module-name "AMP Global Intel"]
+[:mem/node-8755 :naga/entity true]
+[:mem/node-8755 :observables :mem/node-8756]
+[:mem/node-8755 :type "sighting"]
+[:mem/node-8755 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8755 :external_ids :mem/node-8758]
+[:mem/node-8755 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8755 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-3328ec8e-38be-40d8-8184-95410949985f"]
+[:mem/node-8755 :count 1]
+[:mem/node-8755 :tlp "green"]
+[:mem/node-8755 :db/ident :mem/node-8755]
+[:mem/node-8755 :confidence "High"]
+[:mem/node-8755 :observed_time :mem/node-8759]
+[:mem/node-8191 :valid_time :mem/node-8192]
+[:mem/node-8191 :schema_version "1.0.8"]
+[:mem/node-8191 :module-name "AMP Global Intel"]
+[:mem/node-8191 :naga/entity true]
+[:mem/node-8191 :observable :mem/node-8193]
+[:mem/node-8191 :type "judgement"]
+[:mem/node-8191 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8191 :external_ids :mem/node-8194]
+[:mem/node-8191 :disposition 2]
+[:mem/node-8191 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8191 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8191 :disposition_name "Malicious"]
+[:mem/node-8191 :priority 90]
+[:mem/node-8191 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-9e3c16f8-4042-44b6-a71a-f2e62c7c2a0a"]
+[:mem/node-8191 :severity "High"]
+[:mem/node-8191 :tlp "green"]
+[:mem/node-8191 :db/ident :mem/node-8191]
+[:mem/node-8191 :confidence "High"]
+[:mem/node-9029 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9029 :schema_version "1.0.0"]
+[:mem/node-9029 :module-name "AMP Global Intel"]
+[:mem/node-9029 :naga/entity true]
+[:mem/node-9029 :observables :mem/node-9030]
+[:mem/node-9029 :type "sighting"]
+[:mem/node-9029 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9029 :external_ids :mem/node-9032]
+[:mem/node-9029 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9029 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-84207e07-ab6f-487c-b3ca-2b5f71e3f18b"]
+[:mem/node-9029 :count 1]
+[:mem/node-9029 :tlp "green"]
+[:mem/node-9029 :db/ident :mem/node-9029]
+[:mem/node-9029 :confidence "High"]
+[:mem/node-9029 :observed_time :mem/node-9033]
+[:mem/node-8307 :db/ident :mem/node-8307]
+[:mem/node-8307 :naga/entity true]
+[:mem/node-8307 :value "https://bibrath.eu/"]
+[:mem/node-8307 :type "url"]
+[:mem/node-8307 :id "68faebb3"]
+[:mem/node-8307 :deliberated true]
+[:mem/node-8307 "Contains" :mem/node-8524]
+[:mem/node-8307 "Observed_By" :mem/node-8531]
+[:mem/node-8653 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8653 :schema_version "1.0.0"]
+[:mem/node-8653 :module-name "AMP Global Intel"]
+[:mem/node-8653 :naga/entity true]
+[:mem/node-8653 :observables :mem/node-8654]
+[:mem/node-8653 :type "sighting"]
+[:mem/node-8653 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8653 :external_ids :mem/node-8656]
+[:mem/node-8653 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8653 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a4a22064-bec0-487b-8298-bfa50479cbec"]
+[:mem/node-8653 :count 1]
+[:mem/node-8653 :tlp "green"]
+[:mem/node-8653 :db/ident :mem/node-8653]
+[:mem/node-8653 :confidence "High"]
+[:mem/node-8653 :observed_time :mem/node-8657]
+[:mem/node-8512 :naga/first :mem/node-8513]
+[:mem/node-8512 :naga/contains :mem/node-8513]
+[:mem/node-8118 :naga/first "hydrant-fe6d48216ea076ff445c15f2a7faf1500d6aed865d972b65da4e1a2028af4a68"]
+[:mem/node-8118 :naga/contains "hydrant-fe6d48216ea076ff445c15f2a7faf1500d6aed865d972b65da4e1a2028af4a68"]
+[:mem/node-8437 :naga/first "hydrant-f736066f8e900e43e974d761563c026c23ee8e0e685d1061f573bccaa6064a4c"]
+[:mem/node-8437 :naga/contains "hydrant-f736066f8e900e43e974d761563c026c23ee8e0e685d1061f573bccaa6064a4c"]
+[:mem/node-8991 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8991 :schema_version "1.0.0"]
+[:mem/node-8991 :module-name "AMP Global Intel"]
+[:mem/node-8991 :naga/entity true]
+[:mem/node-8991 :observables :mem/node-8992]
+[:mem/node-8991 :type "sighting"]
+[:mem/node-8991 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8991 :external_ids :mem/node-8994]
+[:mem/node-8991 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8991 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-aba3d72b-a8d1-4462-8e4c-a20f6c4a797c"]
+[:mem/node-8991 :count 1]
+[:mem/node-8991 :tlp "green"]
+[:mem/node-8991 :db/ident :mem/node-8991]
+[:mem/node-8991 :confidence "High"]
+[:mem/node-8991 :observed_time :mem/node-8995]
+[:mem/node-8459 :value "bibrath.eu"]
+[:mem/node-8459 :type "domain"]
+[:mem/node-8791 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8791 :schema_version "1.0.0"]
+[:mem/node-8791 :module-name "AMP Global Intel"]
+[:mem/node-8791 :naga/entity true]
+[:mem/node-8791 :observables :mem/node-8792]
+[:mem/node-8791 :type "sighting"]
+[:mem/node-8791 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8791 :external_ids :mem/node-8794]
+[:mem/node-8791 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8791 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a9a0f02b-3dec-489a-93d2-9f8d6a8688c2"]
+[:mem/node-8791 :count 1]
+[:mem/node-8791 :tlp "green"]
+[:mem/node-8791 :db/ident :mem/node-8791]
+[:mem/node-8791 :confidence "High"]
+[:mem/node-8791 :observed_time :mem/node-8795]
+[:mem/node-8909 :start_time #object[java.time.ZonedDateTime 0xc247363 "2019-03-08T00:31:10.043Z"]]
+[:mem/node-8909 :end_time #object[java.time.ZonedDateTime 0xc6d7256 "2019-04-07T00:31:10.043Z"]]
+[:mem/node-8588 :start_time #object[java.time.ZonedDateTime 0x48188d23 "2018-05-06T18:25:12Z"]]
+[:mem/node-8588 :end_time #object[java.time.ZonedDateTime 0x4860627a "2018-05-06T18:25:12Z"]]
+[:mem/node-9049 :naga/first :mem/node-9050]
+[:mem/node-9049 :naga/contains :mem/node-9050]
+[:mem/node-8979 :value "bibrath.eu"]
+[:mem/node-8979 :type "domain"]
+[:mem/node-8328 :start_time #object[java.time.ZonedDateTime 0x67f0bf7e "2019-03-24T00:31:13.488Z"]]
+[:mem/node-8328 :end_time #object[java.time.ZonedDateTime 0xe88e14 "2019-04-23T00:31:13.488Z"]]
+[:mem/node-8338 :value "bibrath.eu"]
+[:mem/node-8338 :type "domain"]
+[:mem/node-8873 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8873 :schema_version "1.0.4"]
+[:mem/node-8873 :module-name "AMP Global Intel"]
+[:mem/node-8873 :naga/entity true]
+[:mem/node-8873 :observables :mem/node-8874]
+[:mem/node-8873 :type "sighting"]
+[:mem/node-8873 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8873 :external_ids :mem/node-8876]
+[:mem/node-8873 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8873 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5591cda7-2a68-407b-8d98-04c2d1e09a85"]
+[:mem/node-8873 :count 1]
+[:mem/node-8873 :tlp "green"]
+[:mem/node-8873 :db/ident :mem/node-8873]
+[:mem/node-8873 :confidence "High"]
+[:mem/node-8873 :observed_time :mem/node-8877]
+[:mem/node-8493 :naga/first "hydrant-46fc59ac9727cef4ce29b8d688958915671094b32892483d13a79ed119e75f0d"]
+[:mem/node-8493 :naga/contains "hydrant-46fc59ac9727cef4ce29b8d688958915671094b32892483d13a79ed119e75f0d"]
+[:mem/node-8228 :value "bibrath.eu"]
+[:mem/node-8228 :type "domain"]
+[:mem/node-8876 :naga/first "hydrant-781c31b36e60b59ad8b88e503e4073c7991080b9ed3b309f4126afa83029b84c"]
+[:mem/node-8876 :naga/contains "hydrant-781c31b36e60b59ad8b88e503e4073c7991080b9ed3b309f4126afa83029b84c"]
+[:mem/node-8435 :naga/first :mem/node-8436]
+[:mem/node-8435 :naga/contains :mem/node-8436]
+[:mem/node-8713 :value "bibrath.eu"]
+[:mem/node-8713 :type "domain"]
+[:mem/node-8695 :value "bibrath.eu"]
+[:mem/node-8695 :type "domain"]
+[:mem/node-8365 :value "bibrath.eu"]
+[:mem/node-8365 :type "domain"]
+[:mem/node-8129 :value "bibrath.eu"]
+[:mem/node-8129 :type "domain"]
+[:mem/node-8628 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8628 :schema_version "1.0.0"]
+[:mem/node-8628 :module-name "AMP Global Intel"]
+[:mem/node-8628 :naga/entity true]
+[:mem/node-8628 :observables :mem/node-8629]
+[:mem/node-8628 :type "sighting"]
+[:mem/node-8628 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8628 :external_ids :mem/node-8631]
+[:mem/node-8628 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8628 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-c353800d-f2df-4e01-b177-3c35aa2b9120"]
+[:mem/node-8628 :count 1]
+[:mem/node-8628 :tlp "green"]
+[:mem/node-8628 :db/ident :mem/node-8628]
+[:mem/node-8628 :confidence "High"]
+[:mem/node-8628 :observed_time :mem/node-8632]
+[:mem/node-8613 :naga/first "hydrant-35af36c2c5d7ded43842aa2413e9e8bd552da43c1740c9739fedc5a1af351aa0"]
+[:mem/node-8613 :naga/contains "hydrant-35af36c2c5d7ded43842aa2413e9e8bd552da43c1740c9739fedc5a1af351aa0"]
+[:mem/node-8945 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8945 :schema_version "1.0.0"]
+[:mem/node-8945 :module-name "AMP Global Intel"]
+[:mem/node-8945 :naga/entity true]
+[:mem/node-8945 :observables :mem/node-8946]
+[:mem/node-8945 :type "sighting"]
+[:mem/node-8945 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8945 :external_ids :mem/node-8948]
+[:mem/node-8945 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8945 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-8e214116-20d1-420e-b1ec-4ed2be7821d0"]
+[:mem/node-8945 :count 1]
+[:mem/node-8945 :tlp "green"]
+[:mem/node-8945 :db/ident :mem/node-8945]
+[:mem/node-8945 :confidence "High"]
+[:mem/node-8945 :observed_time :mem/node-8949]
+[:mem/node-8942 :start_time #object[java.time.ZonedDateTime 0xc157abf "2019-02-14T12:31:25Z"]]
+[:mem/node-8942 :end_time #object[java.time.ZonedDateTime 0x472dbaf5 "2019-03-14T12:31:25Z"]]
+[:mem/node-8127 :valid_time :mem/node-8128]
+[:mem/node-8127 :schema_version "1.0.8"]
+[:mem/node-8127 :module-name "AMP Global Intel"]
+[:mem/node-8127 :naga/entity true]
+[:mem/node-8127 :observable :mem/node-8129]
+[:mem/node-8127 :type "judgement"]
+[:mem/node-8127 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8127 :external_ids :mem/node-8130]
+[:mem/node-8127 :disposition 2]
+[:mem/node-8127 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8127 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8127 :disposition_name "Malicious"]
+[:mem/node-8127 :priority 90]
+[:mem/node-8127 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-a411d2ae-fd12-4078-b3cd-31ebe9ce5d4e"]
+[:mem/node-8127 :severity "High"]
+[:mem/node-8127 :tlp "green"]
+[:mem/node-8127 :db/ident :mem/node-8127]
+[:mem/node-8127 :confidence "High"]
+[:mem/node-8461 :start_time #object[java.time.ZonedDateTime 0x25c4f621 "2018-04-13T12:25:12Z"]]
+[:mem/node-8461 :end_time #object[java.time.ZonedDateTime 0x619854a3 "2018-04-13T12:25:12Z"]]
+[:mem/node-8717 :value "bibrath.eu"]
+[:mem/node-8717 :type "domain"]
+[:mem/node-8974 :value "bibrath.eu"]
+[:mem/node-8974 :type "domain"]
+[:mem/node-8780 :naga/first "hydrant-8b48f50688c4d3b8addd028d940c901338330f46925243354bf996bd4dc9178e"]
+[:mem/node-8780 :naga/contains "hydrant-8b48f50688c4d3b8addd028d940c901338330f46925243354bf996bd4dc9178e"]
+[:mem/node-8635 :value "bibrath.eu"]
+[:mem/node-8635 :type "domain"]
+[:mem/node-8516 :valid_time :mem/node-8517]
+[:mem/node-8516 :schema_version "1.0.8"]
+[:mem/node-8516 :module-name "AMP Global Intel"]
+[:mem/node-8516 :naga/entity true]
+[:mem/node-8516 :observable :mem/node-8518]
+[:mem/node-8516 :type "judgement"]
+[:mem/node-8516 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8516 :external_ids :mem/node-8519]
+[:mem/node-8516 :disposition 2]
+[:mem/node-8516 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8516 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8516 :disposition_name "Malicious"]
+[:mem/node-8516 :priority 90]
+[:mem/node-8516 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-9ff7cdf9-a39e-4653-97f2-606e2ee62ffb"]
+[:mem/node-8516 :severity "High"]
+[:mem/node-8516 :tlp "green"]
+[:mem/node-8516 :db/ident :mem/node-8516]
+[:mem/node-8516 :confidence "High"]
+[:mem/node-8898 :value "bibrath.eu"]
+[:mem/node-8898 :type "domain"]
+[:mem/node-8492 :value "bibrath.eu"]
+[:mem/node-8492 :type "domain"]
+[:mem/node-8907 :naga/first "hydrant-ae1924bbc16647bc654bfd32fc87ae35e30176dfc8c57c9c71d2181efb4355be"]
+[:mem/node-8907 :naga/contains "hydrant-ae1924bbc16647bc654bfd32fc87ae35e30176dfc8c57c9c71d2181efb4355be"]
+[:mem/node-8728 :naga/first :mem/node-8729]
+[:mem/node-8728 :naga/contains :mem/node-8729]
+[:mem/node-8404 :value "bibrath.eu"]
+[:mem/node-8404 :type "domain"]
+[:mem/node-8483 :naga/first :mem/node-8484]
+[:mem/node-8483 :naga/contains :mem/node-8484]
+[:mem/node-8837 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8837 :schema_version "1.0.0"]
+[:mem/node-8837 :module-name "AMP Global Intel"]
+[:mem/node-8837 :naga/entity true]
+[:mem/node-8837 :observables :mem/node-8838]
+[:mem/node-8837 :type "sighting"]
+[:mem/node-8837 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8837 :external_ids :mem/node-8840]
+[:mem/node-8837 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8837 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-b37cc11c-f1a6-4edd-97f6-eb8e3cfd8edf"]
+[:mem/node-8837 :count 1]
+[:mem/node-8837 :tlp "green"]
+[:mem/node-8837 :db/ident :mem/node-8837]
+[:mem/node-8837 :confidence "High"]
+[:mem/node-8837 :observed_time :mem/node-8841]
+[:mem/node-8545 :origin "VirusTotal Enrichment Module"]
+[:mem/node-8545 :relation "Contains"]
+[:mem/node-8545 :source :mem/node-8546]
+[:mem/node-8545 :related :mem/node-8547]
+[:mem/node-8429 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8429 :schema_version "1.0.4"]
+[:mem/node-8429 :module-name "AMP Global Intel"]
+[:mem/node-8429 :naga/entity true]
+[:mem/node-8429 :observables :mem/node-8430]
+[:mem/node-8429 :type "sighting"]
+[:mem/node-8429 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8429 :external_ids :mem/node-8432]
+[:mem/node-8429 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8429 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-16fdf8dc-de8f-4d26-bfc8-4ca464844dd0"]
+[:mem/node-8429 :count 1]
+[:mem/node-8429 :tlp "green"]
+[:mem/node-8429 :db/ident :mem/node-8429]
+[:mem/node-8429 :confidence "High"]
+[:mem/node-8429 :observed_time :mem/node-8433]
+[:mem/node-8508 :start_time #object[java.time.ZonedDateTime 0x46ff1aad "2019-02-23T18:31:16Z"]]
+[:mem/node-8508 :end_time #object[java.time.ZonedDateTime 0x6c2fea95 "2019-03-23T18:31:16Z"]]
+[:mem/node-8864 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8864 :schema_version "1.0.4"]
+[:mem/node-8864 :module-name "AMP Global Intel"]
+[:mem/node-8864 :naga/entity true]
+[:mem/node-8864 :observables :mem/node-8865]
+[:mem/node-8864 :type "sighting"]
+[:mem/node-8864 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8864 :external_ids :mem/node-8867]
+[:mem/node-8864 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8864 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-30135280-7488-43df-93f3-a5f2c85ee92e"]
+[:mem/node-8864 :count 1]
+[:mem/node-8864 :tlp "green"]
+[:mem/node-8864 :db/ident :mem/node-8864]
+[:mem/node-8864 :confidence "High"]
+[:mem/node-8864 :observed_time :mem/node-8868]
+[:mem/node-8548 :naga/first :mem/node-8549]
+[:mem/node-8548 :naga/rest :mem/node-8552]
+[:mem/node-9060 :value "bibrath.eu"]
+[:mem/node-9060 :type "domain"]
+[:mem/node-8924 :value "bibrath.eu"]
+[:mem/node-8924 :type "domain"]
+[:mem/node-9068 :valid_time :mem/node-9069]
+[:mem/node-9068 :schema_version "1.0.8"]
+[:mem/node-9068 :module-name "AMP Global Intel"]
+[:mem/node-9068 :naga/entity true]
+[:mem/node-9068 :observable :mem/node-9070]
+[:mem/node-9068 :type "judgement"]
+[:mem/node-9068 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9068 :external_ids :mem/node-9071]
+[:mem/node-9068 :disposition 2]
+[:mem/node-9068 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9068 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9068 :disposition_name "Malicious"]
+[:mem/node-9068 :priority 90]
+[:mem/node-9068 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-56988dc8-7366-4b50-b2c7-070b00a8454c"]
+[:mem/node-9068 :severity "High"]
+[:mem/node-9068 :tlp "green"]
+[:mem/node-9068 :db/ident :mem/node-9068]
+[:mem/node-9068 :confidence "High"]
+[:mem/node-8544 :naga/first :mem/node-8545]
+[:mem/node-8544 :naga/rest :mem/node-8548]
+[:mem/node-8790 :db/ident :mem/node-8790]
+[:mem/node-8790 :naga/entity true]
+[:mem/node-8790 :value "194.63.142.171"]
+[:mem/node-8790 :type "ip"]
+[:mem/node-8790 :id "aca56b9a"]
+[:mem/node-8790 :deliberated true]
+[:mem/node-8790 :disposition "Unknown"]
+[:mem/node-8790 "Observed_By" :mem/node-8482]
+[:mem/node-8790 "Has_Verdict" :mem/node-8389]
+[:mem/node-8132 :naga/first :mem/node-8133]
+[:mem/node-8132 :naga/contains :mem/node-8133]
+[:mem/node-8241 :valid_time :mem/node-8242]
+[:mem/node-8241 :schema_version "1.0.8"]
+[:mem/node-8241 :module-name "AMP Global Intel"]
+[:mem/node-8241 :naga/entity true]
+[:mem/node-8241 :observable :mem/node-8243]
+[:mem/node-8241 :type "judgement"]
+[:mem/node-8241 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8241 :external_ids :mem/node-8244]
+[:mem/node-8241 :disposition 2]
+[:mem/node-8241 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8241 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8241 :disposition_name "Malicious"]
+[:mem/node-8241 :priority 90]
+[:mem/node-8241 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e855ccf4-9d50-4600-882c-1a42fe534d90"]
+[:mem/node-8241 :severity "High"]
+[:mem/node-8241 :tlp "green"]
+[:mem/node-8241 :db/ident :mem/node-8241]
+[:mem/node-8241 :confidence "High"]
+[:mem/node-8524 "Has_Verdict" :mem/node-8897]
+[:mem/node-8524 "Has_Verdict" :mem/node-8897]
+[:mem/node-8524 "Has_Indicator" :mem/node-8475]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8531]
+[:mem/node-8524 "Observed_By" :mem/node-8482]
+[:mem/node-8524 :modules :mem/node-8525]
+[:mem/node-8524 :value "bibrath.eu"]
+[:mem/node-8524 :naga/entity true]
+[:mem/node-8524 :type "domain"]
+[:mem/node-8524 :state :ok]
+[:mem/node-8524 :disposition "Malicious"]
+[:mem/node-8524 :id "b961fc9e"]
+[:mem/node-8524 :investigated true]
+[:mem/node-8524 "Has_Sighting" :mem/node-8308]
+[:mem/node-8524 "Has_Sighting" :mem/node-8358]
+[:mem/node-8524 "Has_Sighting" :mem/node-8806]
+[:mem/node-8524 "Has_Sighting" :mem/node-8165]
+[:mem/node-8524 "Has_Sighting" :mem/node-8736]
+[:mem/node-8524 "Has_Sighting" :mem/node-8892]
+[:mem/node-8524 "Has_Sighting" :mem/node-8254]
+[:mem/node-8524 "Has_Sighting" :mem/node-8638]
+[:mem/node-8524 "Has_Sighting" :mem/node-8380]
+[:mem/node-8524 "Has_Sighting" :mem/node-8812]
+[:mem/node-8524 "Has_Sighting" :mem/node-8141]
+[:mem/node-8524 "Has_Sighting" :mem/node-8322]
+[:mem/node-8524 "Has_Sighting" :mem/node-8706]
+[:mem/node-8524 "Has_Sighting" :mem/node-9058]
+[:mem/node-8524 "Has_Sighting" :mem/node-8494]
+[:mem/node-8524 "Has_Sighting" :mem/node-8263]
+[:mem/node-8524 "Has_Sighting" :mem/node-8178]
+[:mem/node-8524 "Has_Sighting" :mem/node-8963]
+[:mem/node-8524 "Has_Sighting" :mem/node-8447]
+[:mem/node-8524 "Has_Sighting" :mem/node-8936]
+[:mem/node-8524 "Has_Sighting" :mem/node-8302]
+[:mem/node-8524 "Has_Sighting" :mem/node-9004]
+[:mem/node-8524 "Has_Sighting" :mem/node-9048]
+[:mem/node-8524 "Has_Sighting" :mem/node-8371]
+[:mem/node-8524 "Has_Sighting" :mem/node-8412]
+[:mem/node-8524 "Has_Sighting" :mem/node-8643]
+[:mem/node-8524 "Has_Sighting" :mem/node-8097]
+[:mem/node-8524 "Has_Sighting" :mem/node-9063]
+[:mem/node-8524 "Has_Sighting" :mem/node-8981]
+[:mem/node-8524 "Has_Sighting" :mem/node-8402]
+[:mem/node-8524 "Has_Sighting" :mem/node-8958]
+[:mem/node-8524 "Has_Sighting" :mem/node-8482]
+[:mem/node-8524 "Has_Sighting" :mem/node-8152]
+[:mem/node-8524 "Has_Sighting" :mem/node-8917]
+[:mem/node-8524 "Has_Sighting" :mem/node-8931]
+[:mem/node-8524 "Has_Sighting" :mem/node-8392]
+[:mem/node-8524 "Has_Sighting" :mem/node-8283]
+[:mem/node-8524 "Has_Sighting" :mem/node-8203]
+[:mem/node-8524 "Has_Sighting" :mem/node-8407]
+[:mem/node-8524 "Has_Sighting" :mem/node-8397]
+[:mem/node-8524 "Has_Sighting" :mem/node-8972]
+[:mem/node-8524 "Has_Sighting" :mem/node-8236]
+[:mem/node-8524 "Has_Sighting" :mem/node-8136]
+[:mem/node-8524 "Has_Sighting" :mem/node-8231]
+[:mem/node-8524 "Has_Sighting" :mem/node-8131]
+[:mem/node-8524 "Has_Sighting" :mem/node-8912]
+[:mem/node-8524 "Has_Sighting" :mem/node-8245]
+[:mem/node-8524 "Has_Sighting" :mem/node-8633]
+[:mem/node-8524 "Has_Sighting" :mem/node-8822]
+[:mem/node-8524 "Has_Sighting" :mem/node-8801]
+[:mem/node-8524 "Has_Sighting" :mem/node-8434]
+[:mem/node-8524 "Has_Sighting" :mem/node-8353]
+[:mem/node-8524 "Has_Sighting" :mem/node-8817]
+[:mem/node-8524 "Has_Sighting" :mem/node-8846]
+[:mem/node-8524 "Has_Sighting" :mem/node-8781]
+[:mem/node-8524 "Has_Sighting" :mem/node-8575]
+[:mem/node-8524 "Has_Sighting" :mem/node-8531]
+[:mem/node-8524 "Has_Sighting" :mem/node-8336]
+[:mem/node-8524 "Has_Sighting" :mem/node-9034]
+[:mem/node-8524 "Has_Sighting" :mem/node-8462]
+[:mem/node-8524 "Has_Sighting" :mem/node-8648]
+[:mem/node-8524 "Has_Sighting" :mem/node-8986]
+[:mem/node-8524 "Has_Sighting" :mem/node-8331]
+[:mem/node-8524 "Has_Sighting" :mem/node-8593]
+[:mem/node-8524 "Has_Sighting" :mem/node-8666]
+[:mem/node-8524 "Has_Sighting" :mem/node-9053]
+[:mem/node-8524 "Has_Sighting" :mem/node-8457]
+[:mem/node-8524 "Has_Sighting" :mem/node-8146]
+[:mem/node-8524 "Has_Sighting" :mem/node-8297]
+[:mem/node-8524 "Has_Sighting" :mem/node-8110]
+[:mem/node-8524 "Has_Sighting" :mem/node-8452]
+[:mem/node-8524 "Has_Sighting" :mem/node-8615]
+[:mem/node-8524 "Has_Sighting" :mem/node-8832]
+[:mem/node-8524 "Has_Sighting" :mem/node-8727]
+[:mem/node-8524 "Has_Sighting" :mem/node-8511]
+[:mem/node-8524 "Has_Sighting" :mem/node-8741]
+[:mem/node-8524 "Has_Sighting" :mem/node-8288]
+[:mem/node-8524 "Has_Sighting" :mem/node-8755]
+[:mem/node-8524 "Has_Sighting" :mem/node-9029]
+[:mem/node-8524 "Has_Sighting" :mem/node-8653]
+[:mem/node-8524 "Has_Sighting" :mem/node-8991]
+[:mem/node-8524 "Has_Sighting" :mem/node-8791]
+[:mem/node-8524 "Has_Sighting" :mem/node-8873]
+[:mem/node-8524 "Has_Sighting" :mem/node-8628]
+[:mem/node-8524 "Has_Sighting" :mem/node-8945]
+[:mem/node-8524 "Has_Sighting" :mem/node-8837]
+[:mem/node-8524 "Has_Sighting" :mem/node-8429]
+[:mem/node-8524 "Has_Sighting" :mem/node-8864]
+[:mem/node-8524 "Has_Sighting" :mem/node-8878]
+[:mem/node-8524 "Has_Sighting" :mem/node-8226]
+[:mem/node-8524 "Has_Sighting" :mem/node-8088]
+[:mem/node-8524 "Has_Sighting" :mem/node-8212]
+[:mem/node-8524 "Has_Sighting" :mem/node-8859]
+[:mem/node-8524 "Has_Sighting" :mem/node-8922]
+[:mem/node-8524 "Has_Sighting" :mem/node-8746]
+[:mem/node-8524 "Has_Sighting" :mem/node-9043]
+[:mem/node-8524 "Has_Sighting" :mem/node-8317]
+[:mem/node-8524 "Has_Sighting" :mem/node-8584]
+[:mem/node-8524 "Has_Sighting" :mem/node-8680]
+[:mem/node-8524 "Has_Sighting" :mem/node-8764]
+[:mem/node-8524 "Has_Sighting" :mem/node-8675]
+[:mem/node-8524 "Has_Sighting" :mem/node-8610]
+[:mem/node-8524 "Has_Judgement" :mem/node-9000]
+[:mem/node-8524 "Has_Judgement" :mem/node-8275]
+[:mem/node-8524 "Has_Judgement" :mem/node-8157]
+[:mem/node-8524 "Has_Judgement" :mem/node-8773]
+[:mem/node-8524 "Has_Judgement" :mem/node-8503]
+[:mem/node-8524 "Has_Judgement" :mem/node-8904]
+[:mem/node-8524 "Has_Judgement" :mem/node-8693]
+[:mem/node-8524 "Has_Judgement" :mem/node-8715]
+[:mem/node-8524 "Has_Judgement" :mem/node-8268]
+[:mem/node-8524 "Has_Judgement" :mem/node-8769]
+[:mem/node-8524 "Has_Judgement" :mem/node-8313]
+[:mem/node-8524 "Has_Judgement" :mem/node-8345]
+[:mem/node-8524 "Has_Judgement" :mem/node-8662]
+[:mem/node-8524 "Has_Judgement" :mem/node-8796]
+[:mem/node-8524 "Has_Judgement" :mem/node-8658]
+[:mem/node-8524 "Has_Judgement" :mem/node-8421]
+[:mem/node-8524 "Has_Judgement" :mem/node-8367]
+[:mem/node-8524 "Has_Judgement" :mem/node-8327]
+[:mem/node-8524 "Has_Judgement" :mem/node-8490]
+[:mem/node-8524 "Has_Judgement" :mem/node-8507]
+[:mem/node-8524 "Has_Judgement" :mem/node-8602]
+[:mem/node-8524 "Has_Judgement" :mem/node-8941]
+[:mem/node-8524 "Has_Judgement" :mem/node-8777]
+[:mem/node-8524 "Has_Judgement" :mem/node-8711]
+[:mem/node-8524 "Has_Judgement" :mem/node-8954]
+[:mem/node-8524 "Has_Judgement" :mem/node-8598]
+[:mem/node-8524 "Has_Judgement" :mem/node-8950]
+[:mem/node-8524 "Has_Judgement" :mem/node-8842]
+[:mem/node-8524 "Has_Judgement" :mem/node-8760]
+[:mem/node-8524 "Has_Judgement" :mem/node-9025]
+[:mem/node-8524 "Has_Judgement" :mem/node-8702]
+[:mem/node-8524 "Has_Judgement" :mem/node-8115]
+[:mem/node-8524 "Has_Judgement" :mem/node-9039]
+[:mem/node-8524 "Has_Judgement" :mem/node-8685]
+[:mem/node-8524 "Has_Judgement" :mem/node-8900]
+[:mem/node-8524 "Has_Judgement" :mem/node-8606]
+[:mem/node-8524 "Has_Judgement" :mem/node-8520]
+[:mem/node-8524 "Has_Judgement" :mem/node-8671]
+[:mem/node-8524 "Has_Judgement" :mem/node-8620]
+[:mem/node-8524 "Has_Judgement" :mem/node-9021]
+[:mem/node-8524 "Has_Judgement" :mem/node-8855]
+[:mem/node-8524 "Has_Judgement" :mem/node-8467]
+[:mem/node-8524 "Has_Judgement" :mem/node-8439]
+[:mem/node-8524 "Has_Judgement" :mem/node-8123]
+[:mem/node-8524 "Has_Judgement" :mem/node-8272]
+[:mem/node-8524 "Has_Judgement" :mem/node-8170]
+[:mem/node-8524 "Has_Judgement" :mem/node-8751]
+[:mem/node-8524 "Has_Judgement" :mem/node-8927]
+[:mem/node-8524 "Has_Judgement" :mem/node-8093]
+[:mem/node-8524 "Has_Judgement" :mem/node-8580]
+[:mem/node-8524 "Has_Judgement" :mem/node-8624]
+[:mem/node-8524 "Has_Judgement" :mem/node-8187]
+[:mem/node-8524 "Has_Judgement" :mem/node-8208]
+[:mem/node-8524 "Has_Judgement" :mem/node-8689]
+[:mem/node-8524 "Has_Judgement" :mem/node-8977]
+[:mem/node-8524 "Has_Judgement" :mem/node-8499]
+[:mem/node-8524 "Has_Judgement" :mem/node-8425]
+[:mem/node-8524 "Has_Judgement" :mem/node-9017]
+[:mem/node-8524 "Has_Judgement" :mem/node-8217]
+[:mem/node-8524 "Has_Judgement" :mem/node-8723]
+[:mem/node-8524 "Has_Judgement" :mem/node-8786]
+[:mem/node-8524 "Has_Judgement" :mem/node-8106]
+[:mem/node-8524 "Has_Judgement" :mem/node-8174]
+[:mem/node-8524 "Has_Judgement" :mem/node-8195]
+[:mem/node-8524 "Has_Judgement" :mem/node-8471]
+[:mem/node-8524 "Has_Judgement" :mem/node-8732]
+[:mem/node-8524 "Has_Judgement" :mem/node-8376]
+[:mem/node-8524 "Has_Judgement" :mem/node-8259]
+[:mem/node-8524 "Has_Judgement" :mem/node-8697]
+[:mem/node-8524 "Has_Judgement" :mem/node-9013]
+[:mem/node-8524 "Has_Judgement" :mem/node-8851]
+[:mem/node-8524 "Has_Judgement" :mem/node-8341]
+[:mem/node-8524 "Has_Judgement" :mem/node-8161]
+[:mem/node-8524 "Has_Judgement" :mem/node-8589]
+[:mem/node-8524 "Has_Judgement" :mem/node-8102]
+[:mem/node-8524 "Has_Judgement" :mem/node-8221]
+[:mem/node-8524 "Has_Judgement" :mem/node-8968]
+[:mem/node-8524 "Has_Judgement" :mem/node-8183]
+[:mem/node-8524 "Has_Judgement" :mem/node-8443]
+[:mem/node-8524 "Has_Judgement" :mem/node-8571]
+[:mem/node-8524 "Has_Judgement" :mem/node-8191]
+[:mem/node-8524 "Has_Judgement" :mem/node-8127]
+[:mem/node-8524 "Has_Judgement" :mem/node-8516]
+[:mem/node-8524 "Has_Judgement" :mem/node-9068]
+[:mem/node-8524 "Has_Judgement" :mem/node-8241]
+[:mem/node-8524 "Has_Judgement" :mem/node-9009]
+[:mem/node-8524 "Has_Judgement" :mem/node-8363]
+[:mem/node-8524 "Has_Judgement" :mem/node-8828]
+[:mem/node-8524 "Has_Judgement" :mem/node-8199]
+[:mem/node-8524 "Has_Judgement" :mem/node-8888]
+[:mem/node-8524 "Has_Judgement" :mem/node-8869]
+[:mem/node-8524 "Has_Judgement" :mem/node-8250]
+[:mem/node-8524 "Has_Judgement" :mem/node-8119]
+[:mem/node-8524 "Has_Judgement" :mem/node-8908]
+[:mem/node-8524 "Has_Judgement" :mem/node-8349]
+[:mem/node-8524 "Has_Judgement" :mem/node-8417]
+[:mem/node-8524 "Has_Judgement" :mem/node-8279]
+[:mem/node-8524 "Has_Judgement" :mem/node-8385]
+[:mem/node-8524 "Has_Judgement" :mem/node-8293]
+[:mem/node-8524 "Has_Judgement" :mem/node-8996]
+[:mem/node-8524 "Has_Judgement" :mem/node-9072]
+[:mem/node-8524 :db/ident :mem/node-8524]
+[:mem/node-8524 "Resolved_To" :mem/node-8790]
+[:mem/node-8359 :naga/first :mem/node-8360]
+[:mem/node-8359 :naga/contains :mem/node-8360]
+[:mem/node-8925 :naga/first "hydrant-13fb77fcce90d00434d5ed9ea77674afc82a16fc6451f968e4c0fa5463accece"]
+[:mem/node-8925 :naga/contains "hydrant-13fb77fcce90d00434d5ed9ea77674afc82a16fc6451f968e4c0fa5463accece"]
+[:mem/node-8360 :value "bibrath.eu"]
+[:mem/node-8360 :type "domain"]
+[:mem/node-8826 :start_time #object[java.time.ZonedDateTime 0x6ed87ccf "2018-05-02T00:25:12Z"]]
+[:mem/node-8826 :end_time #object[java.time.ZonedDateTime 0x4d4600fb "2018-05-02T00:25:12Z"]]
+[:mem/node-8756 :naga/first :mem/node-8757]
+[:mem/node-8756 :naga/contains :mem/node-8757]
+[:mem/node-8636 :naga/first "hydrant-3b3f34e4d32202503b839937eea19a6744045383bc667e634c7b0e7c64bf9694"]
+[:mem/node-8636 :naga/contains "hydrant-3b3f34e4d32202503b839937eea19a6744045383bc667e634c7b0e7c64bf9694"]
+[:mem/node-8878 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8878 :schema_version "1.0.0"]
+[:mem/node-8878 :module-name "AMP Global Intel"]
+[:mem/node-8878 :naga/entity true]
+[:mem/node-8878 :observables :mem/node-8879]
+[:mem/node-8878 :type "sighting"]
+[:mem/node-8878 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8878 :external_ids :mem/node-8881]
+[:mem/node-8878 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8878 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-6f23910d-94f7-4ba8-b566-176addbcd234"]
+[:mem/node-8878 :count 1]
+[:mem/node-8878 :tlp "green"]
+[:mem/node-8878 :db/ident :mem/node-8878]
+[:mem/node-8878 :confidence "High"]
+[:mem/node-8878 :observed_time :mem/node-8882]
+[:mem/node-8476 :naga/first "malware"]
+[:mem/node-8476 :naga/rest :mem/node-8477]
+[:mem/node-8476 :naga/contains "malware"]
+[:mem/node-8476 :naga/contains "zeus"]
+[:mem/node-8476 :naga/contains "c&c"]
+[:mem/node-9009 :valid_time :mem/node-9010]
+[:mem/node-9009 :schema_version "1.0.8"]
+[:mem/node-9009 :module-name "AMP Global Intel"]
+[:mem/node-9009 :naga/entity true]
+[:mem/node-9009 :observable :mem/node-9011]
+[:mem/node-9009 :type "judgement"]
+[:mem/node-9009 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9009 :external_ids :mem/node-9012]
+[:mem/node-9009 :disposition 2]
+[:mem/node-9009 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9009 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9009 :disposition_name "Malicious"]
+[:mem/node-9009 :priority 90]
+[:mem/node-9009 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-e5a40e8d-4de6-496c-81a8-a2a1255ee3b0"]
+[:mem/node-9009 :severity "High"]
+[:mem/node-9009 :tlp "green"]
+[:mem/node-9009 :db/ident :mem/node-9009]
+[:mem/node-9009 :confidence "High"]
+[:mem/node-8426 :start_time #object[java.time.ZonedDateTime 0x7352418c "2019-02-15T18:31:21Z"]]
+[:mem/node-8426 :end_time #object[java.time.ZonedDateTime 0x60ba6631 "2019-03-15T18:31:21Z"]]
+[:mem/node-9016 :naga/first "hydrant-231a1d309b3287f6918a2c4dceebdf172d5adeaa2e970cb127a11888eab06833"]
+[:mem/node-9016 :naga/contains "hydrant-231a1d309b3287f6918a2c4dceebdf172d5adeaa2e970cb127a11888eab06833"]
+[:mem/node-8301 :start_time #object[java.time.ZonedDateTime 0x4d2950ed "2018-05-01T06:25:12Z"]]
+[:mem/node-8301 :end_time #object[java.time.ZonedDateTime 0x3095d06b "2018-05-01T06:25:12Z"]]
+[:mem/node-8116 :start_time #object[java.time.ZonedDateTime 0x51aaa9d4 "2019-03-31T00:31:05.643Z"]]
+[:mem/node-8116 :end_time #object[java.time.ZonedDateTime 0x6292c63e "2019-04-30T00:31:05.643Z"]]
+[:mem/node-8226 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8226 :schema_version "1.0.0"]
+[:mem/node-8226 :module-name "AMP Global Intel"]
+[:mem/node-8226 :naga/entity true]
+[:mem/node-8226 :observables :mem/node-8227]
+[:mem/node-8226 :type "sighting"]
+[:mem/node-8226 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8226 :external_ids :mem/node-8229]
+[:mem/node-8226 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8226 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-324bdb73-b662-4438-bd08-a39e628b951e"]
+[:mem/node-8226 :count 1]
+[:mem/node-8226 :tlp "green"]
+[:mem/node-8226 :db/ident :mem/node-8226]
+[:mem/node-8226 :confidence "High"]
+[:mem/node-8226 :observed_time :mem/node-8230]
+[:mem/node-8814 :value "bibrath.eu"]
+[:mem/node-8814 :type "domain"]
+[:mem/node-8104 :value "bibrath.eu"]
+[:mem/node-8104 :type "domain"]
+[:mem/node-9030 :naga/first :mem/node-9031]
+[:mem/node-9030 :naga/contains :mem/node-9031]
+[:mem/node-8363 :valid_time :mem/node-8364]
+[:mem/node-8363 :schema_version "1.0.9"]
+[:mem/node-8363 :module-name "AMP Global Intel"]
+[:mem/node-8363 :naga/entity true]
+[:mem/node-8363 :observable :mem/node-8365]
+[:mem/node-8363 :type "judgement"]
+[:mem/node-8363 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8363 :external_ids :mem/node-8366]
+[:mem/node-8363 :disposition 2]
+[:mem/node-8363 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8363 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8363 :disposition_name "Malicious"]
+[:mem/node-8363 :priority 90]
+[:mem/node-8363 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-61766c63-74a8-47bd-84be-63bf2de53cd0"]
+[:mem/node-8363 :severity "High"]
+[:mem/node-8363 :tlp "green"]
+[:mem/node-8363 :db/ident :mem/node-8363]
+[:mem/node-8363 :timestamp "2019-03-19T00:31:15.604Z"]
+[:mem/node-8363 :confidence "High"]
+[:mem/node-8634 :naga/first :mem/node-8635]
+[:mem/node-8634 :naga/contains :mem/node-8635]
+[:mem/node-8088 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8088 :schema_version "1.0.0"]
+[:mem/node-8088 :module-name "AMP Global Intel"]
+[:mem/node-8088 :naga/entity true]
+[:mem/node-8088 :observables :mem/node-8089]
+[:mem/node-8088 :type "sighting"]
+[:mem/node-8088 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8088 :external_ids :mem/node-8091]
+[:mem/node-8088 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8088 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5f70d984-78c8-4930-8d09-fc3376c781e7"]
+[:mem/node-8088 :count 1]
+[:mem/node-8088 :tlp "green"]
+[:mem/node-8088 :db/ident :mem/node-8088]
+[:mem/node-8088 :confidence "High"]
+[:mem/node-8088 :observed_time :mem/node-8092]
+[:mem/node-8828 :valid_time :mem/node-8829]
+[:mem/node-8828 :schema_version "1.0.8"]
+[:mem/node-8828 :module-name "AMP Global Intel"]
+[:mem/node-8828 :naga/entity true]
+[:mem/node-8828 :observable :mem/node-8830]
+[:mem/node-8828 :type "judgement"]
+[:mem/node-8828 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8828 :external_ids :mem/node-8831]
+[:mem/node-8828 :disposition 2]
+[:mem/node-8828 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8828 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8828 :disposition_name "Malicious"]
+[:mem/node-8828 :priority 90]
+[:mem/node-8828 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-bb5e5899-5a29-47e5-a937-8b713d318160"]
+[:mem/node-8828 :severity "High"]
+[:mem/node-8828 :tlp "green"]
+[:mem/node-8828 :db/ident :mem/node-8828]
+[:mem/node-8828 :confidence "High"]
+[:mem/node-8199 :valid_time :mem/node-8200]
+[:mem/node-8199 :schema_version "1.0.8"]
+[:mem/node-8199 :module-name "AMP Global Intel"]
+[:mem/node-8199 :naga/entity true]
+[:mem/node-8199 :observable :mem/node-8201]
+[:mem/node-8199 :type "judgement"]
+[:mem/node-8199 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8199 :external_ids :mem/node-8202]
+[:mem/node-8199 :disposition 2]
+[:mem/node-8199 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8199 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8199 :disposition_name "Malicious"]
+[:mem/node-8199 :priority 90]
+[:mem/node-8199 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-6f7c063b-47a0-4bdf-b6e0-5fec5d5981bc"]
+[:mem/node-8199 :severity "High"]
+[:mem/node-8199 :tlp "green"]
+[:mem/node-8199 :db/ident :mem/node-8199]
+[:mem/node-8199 :confidence "High"]
+[:mem/node-8649 :naga/first :mem/node-8650]
+[:mem/node-8649 :naga/contains :mem/node-8650]
+[:mem/node-8247 :value "bibrath.eu"]
+[:mem/node-8247 :type "domain"]
+[:mem/node-8888 :valid_time :mem/node-8889]
+[:mem/node-8888 :schema_version "1.0.8"]
+[:mem/node-8888 :module-name "AMP Global Intel"]
+[:mem/node-8888 :naga/entity true]
+[:mem/node-8888 :observable :mem/node-8890]
+[:mem/node-8888 :type "judgement"]
+[:mem/node-8888 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8888 :external_ids :mem/node-8891]
+[:mem/node-8888 :disposition 2]
+[:mem/node-8888 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8888 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8888 :disposition_name "Malicious"]
+[:mem/node-8888 :priority 90]
+[:mem/node-8888 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-09ce5c7d-4a1a-4c4e-b217-d8f428e8c646"]
+[:mem/node-8888 :severity "High"]
+[:mem/node-8888 :tlp "green"]
+[:mem/node-8888 :db/ident :mem/node-8888]
+[:mem/node-8888 :confidence "High"]
+[:mem/node-8910 :value "bibrath.eu"]
+[:mem/node-8910 :type "domain"]
+[:mem/node-8914 :value "bibrath.eu"]
+[:mem/node-8914 :type "domain"]
+[:mem/node-8147 :naga/first :mem/node-8148]
+[:mem/node-8147 :naga/contains :mem/node-8148]
+[:mem/node-8896 :start_time #object[java.time.ZonedDateTime 0x65bb4cb9 "2018-04-24T12:25:12Z"]]
+[:mem/node-8896 :end_time #object[java.time.ZonedDateTime 0x7b33deed "2018-04-24T12:25:12Z"]]
+[:mem/node-8424 :naga/first "hydrant-cb101ac839299f639244b6e958c081d048f180a4ea5c736f35f21efd20e24b5e"]
+[:mem/node-8424 :naga/contains "hydrant-cb101ac839299f639244b6e958c081d048f180a4ea5c736f35f21efd20e24b5e"]
+[:mem/node-8567 :value "bibrath.eu"]
+[:mem/node-8567 :type "domain"]
+[:mem/node-8609 :naga/first "hydrant-6f5d3dce81aae9f33fc2f5ed1d89921807c866d9aaae3d49f42bd2552197e3ce"]
+[:mem/node-8609 :naga/contains "hydrant-6f5d3dce81aae9f33fc2f5ed1d89921807c866d9aaae3d49f42bd2552197e3ce"]
+[:mem/node-8408 :naga/first :mem/node-8409]
+[:mem/node-8408 :naga/contains :mem/node-8409]
+[:mem/node-8574 :naga/first "hydrant-b80d91a11b0c2f5c7a3adb2d46348edeecb07269dda2b15a1aa8e913efdaffc7"]
+[:mem/node-8574 :naga/contains "hydrant-b80d91a11b0c2f5c7a3adb2d46348edeecb07269dda2b15a1aa8e913efdaffc7"]
+[:mem/node-8271 :naga/first "hydrant-7e7d1b5c480b54f2eacadc6eb999981e8053f8e7c0b417c7cc8b7f17d9014985"]
+[:mem/node-8271 :naga/contains "hydrant-7e7d1b5c480b54f2eacadc6eb999981e8053f8e7c0b417c7cc8b7f17d9014985"]
+[:mem/node-8212 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8212 :schema_version "1.0.0"]
+[:mem/node-8212 :module-name "AMP Global Intel"]
+[:mem/node-8212 :naga/entity true]
+[:mem/node-8212 :observables :mem/node-8213]
+[:mem/node-8212 :type "sighting"]
+[:mem/node-8212 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8212 :external_ids :mem/node-8215]
+[:mem/node-8212 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8212 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5510747e-e35c-4aec-8f94-61b4d53ade7b"]
+[:mem/node-8212 :count 1]
+[:mem/node-8212 :tlp "green"]
+[:mem/node-8212 :db/ident :mem/node-8212]
+[:mem/node-8212 :confidence "High"]
+[:mem/node-8212 :observed_time :mem/node-8216]
+[:mem/node-8284 :naga/first :mem/node-8285]
+[:mem/node-8284 :naga/contains :mem/node-8285]
+[:mem/node-8204 :naga/first :mem/node-8205]
+[:mem/node-8204 :naga/contains :mem/node-8205]
+[:mem/node-8445 :value "bibrath.eu"]
+[:mem/node-8445 :type "domain"]
+[:mem/node-8460 :naga/first "hydrant-541cbe50d7b6dee5fcc09a8d73a958be032c7dd106916c0de9adcf16b56bffca"]
+[:mem/node-8460 :naga/contains "hydrant-541cbe50d7b6dee5fcc09a8d73a958be032c7dd106916c0de9adcf16b56bffca"]
+[:mem/node-8869 :valid_time :mem/node-8870]
+[:mem/node-8869 :schema_version "1.0.9"]
+[:mem/node-8869 :module-name "AMP Global Intel"]
+[:mem/node-8869 :naga/entity true]
+[:mem/node-8869 :observable :mem/node-8871]
+[:mem/node-8869 :type "judgement"]
+[:mem/node-8869 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8869 :external_ids :mem/node-8872]
+[:mem/node-8869 :disposition 2]
+[:mem/node-8869 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8869 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8869 :disposition_name "Malicious"]
+[:mem/node-8869 :priority 90]
+[:mem/node-8869 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-829a295f-3473-4fa6-a10d-2303fae34a64"]
+[:mem/node-8869 :severity "High"]
+[:mem/node-8869 :tlp "green"]
+[:mem/node-8869 :db/ident :mem/node-8869]
+[:mem/node-8869 :timestamp "2019-03-27T00:31:15.914Z"]
+[:mem/node-8869 :confidence "High"]
+[:mem/node-9064 :naga/first :mem/node-9065]
+[:mem/node-9064 :naga/contains :mem/node-9065]
+[:mem/node-8919 :value "bibrath.eu"]
+[:mem/node-8919 :type "domain"]
+[:mem/node-9052 :start_time #object[java.time.ZonedDateTime 0x7fd32c56 "2018-05-03T18:25:12Z"]]
+[:mem/node-9052 :end_time #object[java.time.ZonedDateTime 0xb04a6a4 "2018-05-03T18:25:12Z"]]
+[:mem/node-8566 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.exe"]
+[:mem/node-8566 :type "url"]
+[:mem/node-8859 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8859 :schema_version "1.0.4"]
+[:mem/node-8859 :module-name "AMP Global Intel"]
+[:mem/node-8859 :naga/entity true]
+[:mem/node-8859 :observables :mem/node-8860]
+[:mem/node-8859 :type "sighting"]
+[:mem/node-8859 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8859 :external_ids :mem/node-8862]
+[:mem/node-8859 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8859 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-59971a65-19fa-4ac4-b840-95e7922aad95"]
+[:mem/node-8859 :count 1]
+[:mem/node-8859 :tlp "green"]
+[:mem/node-8859 :db/ident :mem/node-8859]
+[:mem/node-8859 :confidence "High"]
+[:mem/node-8859 :observed_time :mem/node-8863]
+[:mem/node-8922 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8922 :schema_version "1.0.0"]
+[:mem/node-8922 :module-name "AMP Global Intel"]
+[:mem/node-8922 :naga/entity true]
+[:mem/node-8922 :observables :mem/node-8923]
+[:mem/node-8922 :type "sighting"]
+[:mem/node-8922 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8922 :external_ids :mem/node-8925]
+[:mem/node-8922 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8922 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-add5691f-3fc5-45e2-846b-74210ff34fc1"]
+[:mem/node-8922 :count 1]
+[:mem/node-8922 :tlp "green"]
+[:mem/node-8922 :db/ident :mem/node-8922]
+[:mem/node-8922 :confidence "High"]
+[:mem/node-8922 :observed_time :mem/node-8926]
+[:mem/node-8746 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8746 :schema_version "1.0.0"]
+[:mem/node-8746 :module-name "AMP Global Intel"]
+[:mem/node-8746 :naga/entity true]
+[:mem/node-8746 :observables :mem/node-8747]
+[:mem/node-8746 :type "sighting"]
+[:mem/node-8746 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8746 :external_ids :mem/node-8749]
+[:mem/node-8746 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8746 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-a860dd2e-ad3b-4e71-ba20-d0b23010ebce"]
+[:mem/node-8746 :count 1]
+[:mem/node-8746 :tlp "green"]
+[:mem/node-8746 :db/ident :mem/node-8746]
+[:mem/node-8746 :confidence "High"]
+[:mem/node-8746 :observed_time :mem/node-8750]
+[:mem/node-8642 :start_time #object[java.time.ZonedDateTime 0x3465edf9 "2018-04-29T06:25:14Z"]]
+[:mem/node-8642 :end_time #object[java.time.ZonedDateTime 0x51c4992e "2018-04-29T06:25:14Z"]]
+[:mem/node-8166 :naga/first :mem/node-8167]
+[:mem/node-8166 :naga/contains :mem/node-8167]
+[:mem/node-8617 :value "bibrath.eu"]
+[:mem/node-8617 :type "domain"]
+[:mem/node-8768 :start_time #object[java.time.ZonedDateTime 0x3713bedc "2018-05-15T18:25:12Z"]]
+[:mem/node-8768 :end_time #object[java.time.ZonedDateTime 0x198c0f1c "2018-05-15T18:25:12Z"]]
+[:mem/node-8976 :start_time #object[java.time.ZonedDateTime 0x29d33f1 "2018-09-28T12:25:13Z"]]
+[:mem/node-8976 :end_time #object[java.time.ZonedDateTime 0x77e5c765 "2018-09-28T12:25:13Z"]]
+[:mem/node-8430 :naga/first :mem/node-8431]
+[:mem/node-8430 :naga/contains :mem/node-8431]
+[:mem/node-8829 :start_time #object[java.time.ZonedDateTime 0x5daa621b "2019-02-16T12:31:06Z"]]
+[:mem/node-8829 :end_time #object[java.time.ZonedDateTime 0x24a7725d "2019-03-16T12:31:06Z"]]
+[:mem/node-8969 :start_time #object[java.time.ZonedDateTime 0x4fcedf83 "2019-02-23T12:31:22Z"]]
+[:mem/node-8969 :end_time #object[java.time.ZonedDateTime 0x16c9f7f0 "2019-03-23T12:31:22Z"]]
+[:mem/node-8291 :naga/first "hydrant-2c10b37c5c6aeebcd2a11ddbe7849e2a0e9a455d7c2f7cb90c509b1f7245bb72"]
+[:mem/node-8291 :naga/contains "hydrant-2c10b37c5c6aeebcd2a11ddbe7849e2a0e9a455d7c2f7cb90c509b1f7245bb72"]
+[:mem/node-9043 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9043 :schema_version "1.0.0"]
+[:mem/node-9043 :module-name "AMP Global Intel"]
+[:mem/node-9043 :naga/entity true]
+[:mem/node-9043 :observables :mem/node-9044]
+[:mem/node-9043 :type "sighting"]
+[:mem/node-9043 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9043 :external_ids :mem/node-9046]
+[:mem/node-9043 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9043 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-c7883123-aad9-4935-afb0-8ec676bf6421"]
+[:mem/node-9043 :count 1]
+[:mem/node-9043 :tlp "green"]
+[:mem/node-9043 :db/ident :mem/node-9043]
+[:mem/node-9043 :confidence "High"]
+[:mem/node-9043 :observed_time :mem/node-9047]
+[:mem/node-8879 :naga/first :mem/node-8880]
+[:mem/node-8879 :naga/contains :mem/node-8880]
+[:mem/node-8921 :start_time #object[java.time.ZonedDateTime 0x187df588 "2018-05-11T00:25:12Z"]]
+[:mem/node-8921 :end_time #object[java.time.ZonedDateTime 0x7d75940 "2018-05-11T00:25:12Z"]]
+[:mem/node-8250 :valid_time :mem/node-8251]
+[:mem/node-8250 :schema_version "1.0.8"]
+[:mem/node-8250 :module-name "AMP Global Intel"]
+[:mem/node-8250 :naga/entity true]
+[:mem/node-8250 :observable :mem/node-8252]
+[:mem/node-8250 :type "judgement"]
+[:mem/node-8250 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8250 :external_ids :mem/node-8253]
+[:mem/node-8250 :disposition 2]
+[:mem/node-8250 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8250 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8250 :disposition_name "Malicious"]
+[:mem/node-8250 :priority 90]
+[:mem/node-8250 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-87f73071-8587-44b4-8006-e1ab0d6fd549"]
+[:mem/node-8250 :severity "High"]
+[:mem/node-8250 :tlp "green"]
+[:mem/node-8250 :db/ident :mem/node-8250]
+[:mem/node-8250 :confidence "High"]
+[:mem/node-8701 :db/ident :mem/node-8701]
+[:mem/node-8701 :naga/entity true]
+[:mem/node-8701 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.jpg"]
+[:mem/node-8701 :type "url"]
+[:mem/node-8701 :id "e070f57b"]
+[:mem/node-8701 :deliberated true]
+[:mem/node-8701 "Contains" :mem/node-8524]
+[:mem/node-8701 "Observed_By" :mem/node-8531]
+[:mem/node-8126 :naga/first "hydrant-62336e22cfc550cedb0adc8852f02c737d9362a475a3433d82c42e7e086d04b3"]
+[:mem/node-8126 :naga/contains "hydrant-62336e22cfc550cedb0adc8852f02c737d9362a475a3433d82c42e7e086d04b3"]
+[:mem/node-8738 :value "bibrath.eu"]
+[:mem/node-8738 :type "domain"]
+[:mem/node-8677 :value "bibrath.eu"]
+[:mem/node-8677 :type "domain"]
+[:mem/node-8119 :valid_time :mem/node-8120]
+[:mem/node-8119 :schema_version "1.0.8"]
+[:mem/node-8119 :module-name "AMP Global Intel"]
+[:mem/node-8119 :naga/entity true]
+[:mem/node-8119 :observable :mem/node-8121]
+[:mem/node-8119 :type "judgement"]
+[:mem/node-8119 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8119 :external_ids :mem/node-8122]
+[:mem/node-8119 :disposition 2]
+[:mem/node-8119 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8119 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8119 :disposition_name "Malicious"]
+[:mem/node-8119 :priority 90]
+[:mem/node-8119 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-7d83fbd5-d146-4b4a-acb1-d17f2b74b913"]
+[:mem/node-8119 :severity "High"]
+[:mem/node-8119 :tlp "green"]
+[:mem/node-8119 :db/ident :mem/node-8119]
+[:mem/node-8119 :confidence "High"]
+[:mem/node-8883 "Observed_By" :mem/node-8531]
+[:mem/node-8883 "Contains" :mem/node-8524]
+[:mem/node-8883 :modules :mem/node-8884]
+[:mem/node-8883 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.ex"]
+[:mem/node-8883 :naga/entity true]
+[:mem/node-8883 :type "url"]
+[:mem/node-8883 :state :ok]
+[:mem/node-8883 :id "925b504f"]
+[:mem/node-8883 :investigated true]
+[:mem/node-8883 :db/ident :mem/node-8883]
+[:mem/node-9007 :naga/first "hydrant-db1f39feccb4a90b301afd1a77899e6ca4e74a466c8b5efb6828937ad177134c"]
+[:mem/node-9007 :naga/contains "hydrant-db1f39feccb4a90b301afd1a77899e6ca4e74a466c8b5efb6828937ad177134c"]
+[:mem/node-8882 :start_time #object[java.time.ZonedDateTime 0x3e5cbcfe "2018-04-22T18:25:12Z"]]
+[:mem/node-8882 :end_time #object[java.time.ZonedDateTime 0x6773bab2 "2018-04-22T18:25:12Z"]]
+[:mem/node-8627 :naga/first "hydrant-309ac8fd447b9fd6bc8a78507254d0b4050afd930f0d8a042d8eb17fbc377389"]
+[:mem/node-8627 :naga/contains "hydrant-309ac8fd447b9fd6bc8a78507254d0b4050afd930f0d8a042d8eb17fbc377389"]
+[:mem/node-8413 :naga/first :mem/node-8414]
+[:mem/node-8413 :naga/contains :mem/node-8414]
+[:mem/node-8999 :naga/first "hydrant-66d12ffd6bd3445bc7e6c6518ff580cc5d6c4585bef6116c92b9521129827c9e"]
+[:mem/node-8999 :naga/contains "hydrant-66d12ffd6bd3445bc7e6c6518ff580cc5d6c4585bef6116c92b9521129827c9e"]
+[:mem/node-8538 :value "http://bibrath.eu/Gdgsdgewrwerw823n/wwh.ex"]
+[:mem/node-8538 :type "url"]
+[:mem/node-8303 :naga/first :mem/node-8304]
+[:mem/node-8303 :naga/contains :mem/node-8304]
+[:mem/node-8860 :naga/first :mem/node-8861]
+[:mem/node-8860 :naga/contains :mem/node-8861]
+[:mem/node-8935 :start_time #object[java.time.ZonedDateTime 0x1055d261 "2018-05-04T06:25:13Z"]]
+[:mem/node-8935 :end_time #object[java.time.ZonedDateTime 0x2d758472 "2018-05-04T06:25:13Z"]]
+[:mem/node-8718 :naga/first "hydrant-5976d676a996817fdce18f0a37047f4cef28d04790138d0ef59a49abe03055d7"]
+[:mem/node-8718 :naga/contains "hydrant-5976d676a996817fdce18f0a37047f4cef28d04790138d0ef59a49abe03055d7"]
+[:mem/node-8813 :naga/first :mem/node-8814]
+[:mem/node-8813 :naga/contains :mem/node-8814]
+[:mem/node-8197 :value "bibrath.eu"]
+[:mem/node-8197 :type "domain"]
+[:mem/node-8908 :valid_time :mem/node-8909]
+[:mem/node-8908 :schema_version "1.0.8"]
+[:mem/node-8908 :module-name "AMP Global Intel"]
+[:mem/node-8908 :naga/entity true]
+[:mem/node-8908 :observable :mem/node-8910]
+[:mem/node-8908 :type "judgement"]
+[:mem/node-8908 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8908 :external_ids :mem/node-8911]
+[:mem/node-8908 :disposition 2]
+[:mem/node-8908 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8908 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8908 :disposition_name "Malicious"]
+[:mem/node-8908 :priority 90]
+[:mem/node-8908 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-08eb1120-dd47-486b-a7dc-7fe72a33c118"]
+[:mem/node-8908 :severity "High"]
+[:mem/node-8908 :tlp "green"]
+[:mem/node-8908 :db/ident :mem/node-8908]
+[:mem/node-8908 :timestamp "2019-03-08T00:31:10.043Z"]
+[:mem/node-8908 :confidence "High"]
+[:mem/node-8349 :valid_time :mem/node-8350]
+[:mem/node-8349 :schema_version "1.0.8"]
+[:mem/node-8349 :module-name "AMP Global Intel"]
+[:mem/node-8349 :naga/entity true]
+[:mem/node-8349 :observable :mem/node-8351]
+[:mem/node-8349 :type "judgement"]
+[:mem/node-8349 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8349 :external_ids :mem/node-8352]
+[:mem/node-8349 :disposition 2]
+[:mem/node-8349 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8349 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8349 :disposition_name "Malicious"]
+[:mem/node-8349 :priority 90]
+[:mem/node-8349 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-aaaa9cbc-a133-4017-aa80-de859de6eb52"]
+[:mem/node-8349 :severity "High"]
+[:mem/node-8349 :tlp "green"]
+[:mem/node-8349 :db/ident :mem/node-8349]
+[:mem/node-8349 :timestamp "2019-03-05T00:31:04.841Z"]
+[:mem/node-8349 :confidence "High"]
+[:mem/node-8317 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8317 :schema_version "1.0.0"]
+[:mem/node-8317 :module-name "AMP Global Intel"]
+[:mem/node-8317 :naga/entity true]
+[:mem/node-8317 :observables :mem/node-8318]
+[:mem/node-8317 :type "sighting"]
+[:mem/node-8317 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8317 :external_ids :mem/node-8320]
+[:mem/node-8317 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8317 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5805ad74-7cb8-4b9d-929f-68833222338d"]
+[:mem/node-8317 :count 1]
+[:mem/node-8317 :tlp "green"]
+[:mem/node-8317 :db/ident :mem/node-8317]
+[:mem/node-8317 :confidence "High"]
+[:mem/node-8317 :observed_time :mem/node-8321]
+[:mem/node-8611 :naga/first :mem/node-8612]
+[:mem/node-8611 :naga/contains :mem/node-8612]
+[:mem/node-8730 :naga/first "hydrant-9fd9cf4ebb0b1d4fecadbf964d557491c46a03181b7ad09f51e40a7449c4ce77"]
+[:mem/node-8730 :naga/contains "hydrant-9fd9cf4ebb0b1d4fecadbf964d557491c46a03181b7ad09f51e40a7449c4ce77"]
+[:mem/node-8417 :valid_time :mem/node-8418]
+[:mem/node-8417 :schema_version "1.0.9"]
+[:mem/node-8417 :module-name "AMP Global Intel"]
+[:mem/node-8417 :naga/entity true]
+[:mem/node-8417 :observable :mem/node-8419]
+[:mem/node-8417 :type "judgement"]
+[:mem/node-8417 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8417 :external_ids :mem/node-8420]
+[:mem/node-8417 :disposition 2]
+[:mem/node-8417 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8417 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8417 :disposition_name "Malicious"]
+[:mem/node-8417 :priority 90]
+[:mem/node-8417 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-a751130c-18a0-4f8e-93dd-c088ef7a9aeb"]
+[:mem/node-8417 :severity "High"]
+[:mem/node-8417 :tlp "green"]
+[:mem/node-8417 :db/ident :mem/node-8417]
+[:mem/node-8417 :timestamp "2019-03-26T00:31:24.850Z"]
+[:mem/node-8417 :confidence "High"]
+[:mem/node-8290 :value "bibrath.eu"]
+[:mem/node-8290 :type "domain"]
+[:mem/node-8866 :value "bibrath.eu"]
+[:mem/node-8866 :type "domain"]
+[:mem/node-8525 :naga/first "Talos Intelligence"]
+[:mem/node-8525 :naga/rest :mem/node-8526]
+[:mem/node-8525 :naga/contains "Talos Intelligence"]
+[:mem/node-8525 :naga/contains "VirusTotal"]
+[:mem/node-8525 :naga/contains "AMP Global Intel"]
+[:mem/node-8525 :naga/contains "Umbrella"]
+[:mem/node-8525 :naga/contains "Threat Grid - int"]
+[:mem/node-8525 :naga/contains "Threat Grid"]
+[:mem/node-8584 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8584 :schema_version "1.0.0"]
+[:mem/node-8584 :module-name "AMP Global Intel"]
+[:mem/node-8584 :naga/entity true]
+[:mem/node-8584 :observables :mem/node-8585]
+[:mem/node-8584 :type "sighting"]
+[:mem/node-8584 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8584 :external_ids :mem/node-8587]
+[:mem/node-8584 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8584 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-809366aa-6b28-47cc-b6a6-ad1e11d8faf7"]
+[:mem/node-8584 :count 1]
+[:mem/node-8584 :tlp "green"]
+[:mem/node-8584 :db/ident :mem/node-8584]
+[:mem/node-8584 :confidence "High"]
+[:mem/node-8584 :observed_time :mem/node-8588]
+[:mem/node-8498 :start_time #object[java.time.ZonedDateTime 0x7615666e "2018-10-09T12:25:16Z"]]
+[:mem/node-8498 :end_time #object[java.time.ZonedDateTime 0xc49e434 "2018-10-09T12:25:16Z"]]
+[:mem/node-8680 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8680 :schema_version "1.0.0"]
+[:mem/node-8680 :module-name "AMP Global Intel"]
+[:mem/node-8680 :naga/entity true]
+[:mem/node-8680 :observables :mem/node-8681]
+[:mem/node-8680 :type "sighting"]
+[:mem/node-8680 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8680 :external_ids :mem/node-8683]
+[:mem/node-8680 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8680 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-9e60ce5a-a776-4eba-b819-ae2cbfed8e1b"]
+[:mem/node-8680 :count 1]
+[:mem/node-8680 :tlp "green"]
+[:mem/node-8680 :db/ident :mem/node-8680]
+[:mem/node-8680 :confidence "High"]
+[:mem/node-8680 :observed_time :mem/node-8684]
+[:mem/node-8487 :naga/first :mem/node-8488]
+[:mem/node-8487 :naga/contains :mem/node-8488]
+[:mem/node-8337 :naga/first :mem/node-8338]
+[:mem/node-8337 :naga/contains :mem/node-8338]
+[:mem/node-8386 :start_time #object[java.time.ZonedDateTime 0x32b1e906 "2019-02-10T18:31:17Z"]]
+[:mem/node-8386 :end_time #object[java.time.ZonedDateTime 0x33e6bd36 "2019-03-10T18:31:17Z"]]
+[:mem/node-8764 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8764 :schema_version "1.0.0"]
+[:mem/node-8764 :module-name "AMP Global Intel"]
+[:mem/node-8764 :naga/entity true]
+[:mem/node-8764 :observables :mem/node-8765]
+[:mem/node-8764 :type "sighting"]
+[:mem/node-8764 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8764 :external_ids :mem/node-8767]
+[:mem/node-8764 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8764 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e1a83ab-f4d7-417c-a47e-545cdfa10f19"]
+[:mem/node-8764 :count 1]
+[:mem/node-8764 :tlp "green"]
+[:mem/node-8764 :db/ident :mem/node-8764]
+[:mem/node-8764 :confidence "High"]
+[:mem/node-8764 :observed_time :mem/node-8768]
+[:mem/node-8253 :naga/first "hydrant-c33b49053fe05fceb8f2060c0658cfb00dac9dd45957a5e538decccacef5ef5c"]
+[:mem/node-8253 :naga/contains "hydrant-c33b49053fe05fceb8f2060c0658cfb00dac9dd45957a5e538decccacef5ef5c"]
+[:mem/node-8279 :valid_time :mem/node-8280]
+[:mem/node-8279 :schema_version "1.0.8"]
+[:mem/node-8279 :module-name "AMP Global Intel"]
+[:mem/node-8279 :naga/entity true]
+[:mem/node-8279 :observable :mem/node-8281]
+[:mem/node-8279 :type "judgement"]
+[:mem/node-8279 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8279 :external_ids :mem/node-8282]
+[:mem/node-8279 :disposition 2]
+[:mem/node-8279 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8279 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8279 :disposition_name "Malicious"]
+[:mem/node-8279 :priority 90]
+[:mem/node-8279 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-3e41e715-4bd6-4b80-9892-2e64dbbcc834"]
+[:mem/node-8279 :severity "High"]
+[:mem/node-8279 :tlp "green"]
+[:mem/node-8279 :db/ident :mem/node-8279]
+[:mem/node-8279 :confidence "High"]
+[:mem/node-8220 :naga/first "hydrant-9489b277ad068c5f3125a35a5654482c500da6738b0253d026d4713f62cea17b"]
+[:mem/node-8220 :naga/contains "hydrant-9489b277ad068c5f3125a35a5654482c500da6738b0253d026d4713f62cea17b"]
+[:mem/node-8377 :start_time #object[java.time.ZonedDateTime 0x6e1d9b32 "2019-02-25T18:31:26Z"]]
+[:mem/node-8377 :end_time #object[java.time.ZonedDateTime 0x2db6ba81 "2019-03-25T18:31:26Z"]]
+[:mem/node-8095 :value "bibrath.eu"]
+[:mem/node-8095 :type "domain"]
+[:mem/node-8352 :naga/first "hydrant-69d5669200b4e100f2ed881f812f6306fc6d864dae177bb02ef5680c503d1585"]
+[:mem/node-8352 :naga/contains "hydrant-69d5669200b4e100f2ed881f812f6306fc6d864dae177bb02ef5680c503d1585"]
+[:mem/node-8699 :value "bibrath.eu"]
+[:mem/node-8699 :type "domain"]
+[:mem/node-8264 :naga/first :mem/node-8265]
+[:mem/node-8264 :naga/contains :mem/node-8265]
+[:mem/node-8196 :start_time #object[java.time.ZonedDateTime 0x10728fe8 "2019-02-13T18:31:20Z"]]
+[:mem/node-8196 :end_time #object[java.time.ZonedDateTime 0x16fb9fdd "2019-03-13T18:31:20Z"]]
+[:mem/node-8943 :value "bibrath.eu"]
+[:mem/node-8943 :type "domain"]
+[:mem/node-8528 :naga/first "Umbrella"]
+[:mem/node-8528 :naga/rest :mem/node-8529]
+[:mem/node-8675 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8675 :schema_version "1.0.0"]
+[:mem/node-8675 :module-name "AMP Global Intel"]
+[:mem/node-8675 :naga/entity true]
+[:mem/node-8675 :observables :mem/node-8676]
+[:mem/node-8675 :type "sighting"]
+[:mem/node-8675 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8675 :external_ids :mem/node-8678]
+[:mem/node-8675 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8675 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-b52e7c69-71d7-40a2-afb5-a53ad5e9cde9"]
+[:mem/node-8675 :count 1]
+[:mem/node-8675 :tlp "green"]
+[:mem/node-8675 :db/ident :mem/node-8675]
+[:mem/node-8675 :confidence "High"]
+[:mem/node-8675 :observed_time :mem/node-8679]
+[:mem/node-8601 :naga/first "hydrant-2ccc64d6b253d9b47edbf18a90d184072c33755a51a2439853525f596d53bdc3"]
+[:mem/node-8601 :naga/contains "hydrant-2ccc64d6b253d9b47edbf18a90d184072c33755a51a2439853525f596d53bdc3"]
+[:mem/node-8385 :valid_time :mem/node-8386]
+[:mem/node-8385 :schema_version "1.0.8"]
+[:mem/node-8385 :module-name "AMP Global Intel"]
+[:mem/node-8385 :naga/entity true]
+[:mem/node-8385 :observable :mem/node-8387]
+[:mem/node-8385 :type "judgement"]
+[:mem/node-8385 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8385 :external_ids :mem/node-8388]
+[:mem/node-8385 :disposition 2]
+[:mem/node-8385 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8385 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8385 :disposition_name "Malicious"]
+[:mem/node-8385 :priority 90]
+[:mem/node-8385 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-b969101c-fb9d-4854-a390-21d045624847"]
+[:mem/node-8385 :severity "High"]
+[:mem/node-8385 :tlp "green"]
+[:mem/node-8385 :db/ident :mem/node-8385]
+[:mem/node-8385 :confidence "High"]
+[:mem/node-8920 :naga/first "hydrant-00b3604fc65b8207bb9d5980f35ab21ad10e814467f19567e54a7cde1ac6b912"]
+[:mem/node-8920 :naga/contains "hydrant-00b3604fc65b8207bb9d5980f35ab21ad10e814467f19567e54a7cde1ac6b912"]
+[:mem/node-8905 :start_time #object[java.time.ZonedDateTime 0x14bd523b "2019-03-29T00:31:05.667Z"]]
+[:mem/node-8905 :end_time #object[java.time.ZonedDateTime 0xcc7909f "2019-04-28T00:31:05.667Z"]]
+[:mem/node-8450 :naga/first "hydrant-8688e1bd661dd6241f1cb91b0fb905a6849d7bdac85842eb444e5f4fddb2c92d"]
+[:mem/node-8450 :naga/contains "hydrant-8688e1bd661dd6241f1cb91b0fb905a6849d7bdac85842eb444e5f4fddb2c92d"]
+[:mem/node-8090 :value "bibrath.eu"]
+[:mem/node-8090 :type "domain"]
+[:mem/node-8223 :value "bibrath.eu"]
+[:mem/node-8223 :type "domain"]
+[:mem/node-9059 :naga/first :mem/node-9060]
+[:mem/node-9059 :naga/contains :mem/node-9060]
+[:mem/node-8224 :naga/first "hydrant-3cb234b07479c1ee9fd3a0d26dffa48f75dee996ec238a2c348e80a7d690bc22"]
+[:mem/node-8224 :naga/contains "hydrant-3cb234b07479c1ee9fd3a0d26dffa48f75dee996ec238a2c348e80a7d690bc22"]
+[:mem/node-8454 :value "bibrath.eu"]
+[:mem/node-8454 :type "domain"]
+[:mem/node-8177 :naga/first "hydrant-10a0b136353475168f618bc16ed9f029932a08b6870562fffac0f96a79a85751"]
+[:mem/node-8177 :naga/contains "hydrant-10a0b136353475168f618bc16ed9f029932a08b6870562fffac0f96a79a85751"]
+[:mem/node-8293 :valid_time :mem/node-8294]
+[:mem/node-8293 :schema_version "1.0.9"]
+[:mem/node-8293 :module-name "AMP Global Intel"]
+[:mem/node-8293 :naga/entity true]
+[:mem/node-8293 :observable :mem/node-8295]
+[:mem/node-8293 :type "judgement"]
+[:mem/node-8293 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8293 :external_ids :mem/node-8296]
+[:mem/node-8293 :disposition 2]
+[:mem/node-8293 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8293 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8293 :disposition_name "Malicious"]
+[:mem/node-8293 :priority 90]
+[:mem/node-8293 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-ee68e921-6830-4ad0-8351-9518a3ca82e5"]
+[:mem/node-8293 :severity "High"]
+[:mem/node-8293 :tlp "green"]
+[:mem/node-8293 :db/ident :mem/node-8293]
+[:mem/node-8293 :timestamp "2019-03-20T00:31:23.555Z"]
+[:mem/node-8293 :confidence "High"]
+[:mem/node-8319 :value "bibrath.eu"]
+[:mem/node-8319 :type "domain"]
+[:mem/node-8996 :valid_time :mem/node-8997]
+[:mem/node-8996 :schema_version "1.0.8"]
+[:mem/node-8996 :module-name "AMP Global Intel"]
+[:mem/node-8996 :naga/entity true]
+[:mem/node-8996 :observable :mem/node-8998]
+[:mem/node-8996 :type "judgement"]
+[:mem/node-8996 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8996 :external_ids :mem/node-8999]
+[:mem/node-8996 :disposition 2]
+[:mem/node-8996 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8996 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8996 :disposition_name "Malicious"]
+[:mem/node-8996 :priority 90]
+[:mem/node-8996 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-5e33280b-f153-47c4-bdd3-d821e57c340b"]
+[:mem/node-8996 :severity "High"]
+[:mem/node-8996 :tlp "green"]
+[:mem/node-8996 :db/ident :mem/node-8996]
+[:mem/node-8996 :confidence "High"]
+[:mem/node-8144 :naga/first "hydrant-3a5d44300565e483117a5d2f0e902ed1ea6f8e97eb101df009d29e984b66271d"]
+[:mem/node-8144 :naga/contains "hydrant-3a5d44300565e483117a5d2f0e902ed1ea6f8e97eb101df009d29e984b66271d"]
+[:mem/node-8875 :value "bibrath.eu"]
+[:mem/node-8875 :type "domain"]
+[:mem/node-8415 :naga/first "hydrant-69c88c13a55b95402aff31d8edb59692413b113df597bb25a385be0bb914b473"]
+[:mem/node-8415 :naga/contains "hydrant-69c88c13a55b95402aff31d8edb59692413b113df597bb25a385be0bb914b473"]
+[:mem/node-8647 :start_time #object[java.time.ZonedDateTime 0x8ce4320 "2018-04-15T18:25:12Z"]]
+[:mem/node-8647 :end_time #object[java.time.ZonedDateTime 0x42012093 "2018-04-15T18:25:12Z"]]
+[:mem/node-8610 :description "Domain used for Zeus banking trojan C&C"]
+[:mem/node-8610 :schema_version "1.0.0"]
+[:mem/node-8610 :module-name "AMP Global Intel"]
+[:mem/node-8610 :naga/entity true]
+[:mem/node-8610 :observables :mem/node-8611]
+[:mem/node-8610 :type "sighting"]
+[:mem/node-8610 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-8610 :external_ids :mem/node-8613]
+[:mem/node-8610 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-8610 :id "https://intel.amp.cisco.com:443/ctia/sighting/sighting-5658fc2d-ca29-481a-a379-005c86898c27"]
+[:mem/node-8610 :count 1]
+[:mem/node-8610 :tlp "green"]
+[:mem/node-8610 :db/ident :mem/node-8610]
+[:mem/node-8610 :confidence "High"]
+[:mem/node-8610 :observed_time :mem/node-8614]
+[:mem/node-9077 :type "domain"]
+[:mem/node-9077 :value "bibrath.eu"]
+[:mem/node-9072 :valid_time :mem/node-9073]
+[:mem/node-9072 :schema_version "1.0.8"]
+[:mem/node-9072 :module-name "AMP Global Intel"]
+[:mem/node-9072 :naga/entity true]
+[:mem/node-9072 :observable :mem/node-9074]
+[:mem/node-9072 :type "judgement"]
+[:mem/node-9072 :source "Abuse.ch Zeus Tracker"]
+[:mem/node-9072 :external_ids :mem/node-9075]
+[:mem/node-9072 :disposition 2]
+[:mem/node-9072 :reason "Domain used for Zeus banking trojan C&C"]
+[:mem/node-9072 :source_uri "https://zeustracker.abuse.ch"]
+[:mem/node-9072 :disposition_name "Malicious"]
+[:mem/node-9072 :priority 90]
+[:mem/node-9072 :id "https://intel.amp.cisco.com:443/ctia/judgement/judgement-581b6f6a-152d-49ba-8ba4-8be8403e2415"]
+[:mem/node-9072 :severity "High"]
+[:mem/node-9072 :tlp "green"]
+[:mem/node-9072 :db/ident :mem/node-9072]
+[:mem/node-9072 :confidence "High"]
+[:mem/node-8374 :naga/first "hydrant-8874f573eaf60d5b6a6b4181fdeb601ae3eb8392cede4560023fe58eaecf8243"]
+[:mem/node-8374 :naga/contains "hydrant-8874f573eaf60d5b6a6b4181fdeb601ae3eb8392cede4560023fe58eaecf8243"]
+]