misp-circl-feed/feeds/circl/stix-2.1/557e78b6-91ec-4123-87df-424f950d210b.json

759 lines
31 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--557e78b6-91ec-4123-87df-424f950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--557e78b6-91ec-4123-87df-424f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"name": "OSINT Evilgrab Delivered by Watering Hole Attack on President of Myanmar\u00e2\u20ac\u2122s Website by Palo Alto Unit 42",
"published": "2015-06-15T09:07:27Z",
"object_refs": [
"observed-data--557e78d1-83c4-4017-9c33-4de6950d210b",
"url--557e78d1-83c4-4017-9c33-4de6950d210b",
"x-misp-attribute--557e78dc-e5c4-4aec-b954-4203950d210b",
"vulnerability--557e78fa-dd00-48c9-81bd-4e06950d210b",
"indicator--557e7907-9c30-4429-8bd2-4ed7950d210b",
"indicator--557e7916-6e04-4bbc-832e-ce64950d210b",
"indicator--557e792a-d3ac-482a-8701-ce64950d210b",
"indicator--557e7941-4480-4112-ab99-4dca950d210b",
"indicator--557e7941-c378-4a95-8948-4bee950d210b",
"indicator--557e7bf5-1fac-4513-b4e8-3a65950d210b",
"indicator--557e7bf6-2230-4082-9f66-3a65950d210b",
"indicator--557e7bf6-6e88-43b7-9920-3a65950d210b",
"indicator--557e7c05-7300-4af6-b311-38d3950d210b",
"indicator--557e7cdb-14e4-4883-8db7-3a54950d210b",
"indicator--557e7d08-2aec-46bb-adb0-3a65950d210b",
"indicator--557e7d08-40a8-45d3-af79-3a65950d210b",
"indicator--557e7d08-f270-4072-8dec-3a65950d210b",
"indicator--557e7d08-eaa8-4647-9319-3a65950d210b",
"indicator--557e7d1c-aef8-4fe9-aa83-40be950d210b",
"indicator--557e7d31-a988-4350-8692-3a73950d210b",
"indicator--557e7d32-e780-40dc-b678-3a73950d210b",
"observed-data--557e7d7d-3318-42f9-8a08-3a5f950d210b",
"url--557e7d7d-3318-42f9-8a08-3a5f950d210b",
"observed-data--557e7d7e-61e8-4bb3-a675-3a5f950d210b",
"url--557e7d7e-61e8-4bb3-a675-3a5f950d210b",
"observed-data--557e7d7e-d400-4717-a8ea-3a5f950d210b",
"url--557e7d7e-d400-4717-a8ea-3a5f950d210b",
"observed-data--557e7d7e-db40-4ea1-9e4e-3a5f950d210b",
"url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b",
"observed-data--557e7d7e-d074-4b71-8a27-3a5f950d210b",
"url--557e7d7e-d074-4b71-8a27-3a5f950d210b",
"x-misp-attribute--557e7dc8-9fe4-4923-b96d-40be950d210b",
"indicator--557e7df7-21fc-40a9-a9ca-47a7950d210b",
"indicator--557e7df7-63b8-47fd-95bc-46c8950d210b",
"indicator--557e7df7-cba4-46a1-9f89-4eca950d210b",
"indicator--557e7df7-f578-4161-9a22-444e950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e78d1-83c4-4017-9c33-4de6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:05.000Z",
"modified": "2015-06-15T07:23:05.000Z",
"first_observed": "2015-06-15T07:23:05Z",
"last_observed": "2015-06-15T07:23:05Z",
"number_observed": 1,
"object_refs": [
"url--557e78d1-83c4-4017-9c33-4de6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e78d1-83c4-4017-9c33-4de6950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2015/06/evilgrab-delivered-by-watering-hole-attack-on-president-of-myanmars-website/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--557e78dc-e5c4-4aec-b954-4203950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:03:55.000Z",
"modified": "2015-06-15T07:03:55.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Evilgrab"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--557e78fa-dd00-48c9-81bd-4e06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:04:26.000Z",
"modified": "2015-06-15T07:04:26.000Z",
"name": "CVE-2014-6332",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2014-6332"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7907-9c30-4429-8bd2-4ed7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:04:39.000Z",
"modified": "2015-06-15T07:04:39.000Z",
"pattern": "[file:hashes.SHA256 = 'b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:04:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7916-6e04-4bbc-832e-ce64950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:04:54.000Z",
"modified": "2015-06-15T07:04:54.000Z",
"pattern": "[domain-name:value = 'mmslsh.tiger1234.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:04:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e792a-d3ac-482a-8701-ce64950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:05:14.000Z",
"modified": "2015-06-15T07:05:14.000Z",
"pattern": "[url:value = 'http://www.president-office.gov.mm/sites/all/modules/browscap/List_View.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7941-4480-4112-ab99-4dca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:24:00.000Z",
"modified": "2015-06-15T07:24:00.000Z",
"pattern": "[file:hashes.MD5 = '2e78e6d02aaed4f057f4dfa631ea5519']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:24:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7941-c378-4a95-8948-4bee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:24:00.000Z",
"modified": "2015-06-15T07:24:00.000Z",
"pattern": "[file:hashes.SHA256 = '10d9611e5b4ff41fc79e8907e3eb522630131b1bdc1010a0564c8780ba55c87c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:24:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7bf5-1fac-4513-b4e8-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:17:09.000Z",
"modified": "2015-06-15T07:17:09.000Z",
"pattern": "[domain-name:value = 'dns.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:17:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7bf6-2230-4082-9f66-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:17:10.000Z",
"modified": "2015-06-15T07:17:10.000Z",
"pattern": "[domain-name:value = 'ns.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7bf6-6e88-43b7-9920-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:17:10.000Z",
"modified": "2015-06-15T07:17:10.000Z",
"pattern": "[domain-name:value = 'appeur.gnway.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7c05-7300-4af6-b311-38d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:17:25.000Z",
"modified": "2015-06-15T07:17:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.169.202.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7cdb-14e4-4883-8db7-3a54950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:20:59.000Z",
"modified": "2015-06-15T07:20:59.000Z",
"pattern": "[domain-name:value = 'websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:20:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d08-2aec-46bb-adb0-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:21:44.000Z",
"modified": "2015-06-15T07:21:44.000Z",
"pattern": "[domain-name:value = 'usafi.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:21:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d08-40a8-45d3-af79-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:21:44.000Z",
"modified": "2015-06-15T07:21:44.000Z",
"pattern": "[domain-name:value = 'usacia.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:21:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d08-f270-4072-8dec-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:21:44.000Z",
"modified": "2015-06-15T07:21:44.000Z",
"pattern": "[domain-name:value = 'webhttps.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:21:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d08-eaa8-4647-9319-3a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:21:44.000Z",
"modified": "2015-06-15T07:21:44.000Z",
"pattern": "[domain-name:value = 'usagovdns.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:21:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d1c-aef8-4fe9-aa83-40be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:22:04.000Z",
"modified": "2015-06-15T07:22:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.16.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:22:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d31-a988-4350-8692-3a73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:22:25.000Z",
"modified": "2015-06-15T07:22:25.000Z",
"pattern": "[domain-name:value = 'ceshi.mailpseonfz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7d32-e780-40dc-b678-3a73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:22:26.000Z",
"modified": "2015-06-15T07:22:26.000Z",
"pattern": "[domain-name:value = 'dns.mailpseonfz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e7d7d-3318-42f9-8a08-3a5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:41.000Z",
"modified": "2015-06-15T07:23:41.000Z",
"first_observed": "2015-06-15T07:23:41Z",
"last_observed": "2015-06-15T07:23:41Z",
"number_observed": 1,
"object_refs": [
"url--557e7d7d-3318-42f9-8a08-3a5f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e7d7d-3318-42f9-8a08-3a5f950d210b",
"value": "https://www.virustotal.com/en/url/91f7d6612c79cc0b266891c447359853614546837b003836ab342b091ee1a6cc/analysis/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e7d7e-61e8-4bb3-a675-3a5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:42.000Z",
"modified": "2015-06-15T07:23:42.000Z",
"first_observed": "2015-06-15T07:23:42Z",
"last_observed": "2015-06-15T07:23:42Z",
"number_observed": 1,
"object_refs": [
"url--557e7d7e-61e8-4bb3-a675-3a5f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e7d7e-61e8-4bb3-a675-3a5f950d210b",
"value": "https://www.virustotal.com/en/file/b8c37a1db36d702932b5db97ec150269a323b5dc76059062beff7e330f2d136d/analysis/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e7d7e-d400-4717-a8ea-3a5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:42.000Z",
"modified": "2015-06-15T07:23:42.000Z",
"first_observed": "2015-06-15T07:23:42Z",
"last_observed": "2015-06-15T07:23:42Z",
"number_observed": 1,
"object_refs": [
"url--557e7d7e-d400-4717-a8ea-3a5f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e7d7e-d400-4717-a8ea-3a5f950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e7d7e-db40-4ea1-9e4e-3a5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:42.000Z",
"modified": "2015-06-15T07:23:42.000Z",
"first_observed": "2015-06-15T07:23:42Z",
"last_observed": "2015-06-15T07:23:42Z",
"number_observed": 1,
"object_refs": [
"url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b",
"value": "http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557e7d7e-d074-4b71-8a27-3a5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:23:42.000Z",
"modified": "2015-06-15T07:23:42.000Z",
"first_observed": "2015-06-15T07:23:42Z",
"last_observed": "2015-06-15T07:23:42Z",
"number_observed": 1,
"object_refs": [
"url--557e7d7e-d074-4b71-8a27-3a5f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557e7d7e-d074-4b71-8a27-3a5f950d210b",
"value": "http://contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--557e7dc8-9fe4-4923-b96d-40be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:24:56.000Z",
"modified": "2015-06-15T07:24:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "gooleWarning@gmail.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7df7-21fc-40a9-a9ca-47a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.54.45.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7df7-63b8-47fd-95bc-46c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.221.66.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7df7-cba4-46a1-9f89-4eca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.4.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557e7df7-f578-4161-9a22-444e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-15T07:25:43.000Z",
"modified": "2015-06-15T07:25:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.16.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-15T07:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}