adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56e12e66-f01c-41be-afea-4d9a950d210f.json

344 lines
178 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56e12e66-f01c-41be-afea-4d9a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:20:35.000Z",
"modified": "2016-03-10T10:20:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e12e66-f01c-41be-afea-4d9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:20:35.000Z",
"modified": "2016-03-10T10:20:35.000Z",
"name": "Cerber Ransomware",
"published": "2016-03-10T10:21:19Z",
"object_refs": [
"indicator--56e12ed8-18e4-4f3b-8767-49f5950d210f",
"observed-data--56e12ed9-2378-4c4d-bc31-435b950d210f",
"url--56e12ed9-2378-4c4d-bc31-435b950d210f",
"observed-data--56e12ed9-56ec-46fa-829b-42f6950d210f",
"url--56e12ed9-56ec-46fa-829b-42f6950d210f",
"observed-data--56e12ed9-eefc-4ed9-9d14-4949950d210f",
"url--56e12ed9-eefc-4ed9-9d14-4949950d210f",
"indicator--56e12f82-0c54-4c98-a49d-4de7950d210f",
"indicator--56e12f83-98e0-490c-9820-4807950d210f",
"indicator--56e12f84-d92c-455f-9ecf-4e30950d210f",
"x-misp-attribute--56e148f3-461c-4d44-ace6-493f950d210f",
"x-misp-attribute--56e1493d-c33c-4e3e-bcdd-4ae7950d210f",
"x-misp-attribute--56e1498a-da10-48f7-995e-4fda950d210f",
"observed-data--56e149c8-4648-4514-ba41-4f92950d210f",
"url--56e149c8-4648-4514-ba41-4f92950d210f",
"indicator--56e14a17-4f34-4ffd-8ef8-4990950d210f",
"x-misp-attribute--56e14a73-f9ac-4fea-98f4-46e0950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e12ed8-18e4-4f3b-8767-49f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:22:48.000Z",
"modified": "2016-03-10T08:22:48.000Z",
"description": "Payment site",
"pattern": "[url:value = 'decrypttozxybarc.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T08:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e12ed9-2378-4c4d-bc31-435b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:22:49.000Z",
"modified": "2016-03-10T08:22:49.000Z",
"first_observed": "2016-03-10T08:22:49Z",
"last_observed": "2016-03-10T08:22:49Z",
"number_observed": 1,
"object_refs": [
"url--56e12ed9-2378-4c4d-bc31-435b950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e12ed9-2378-4c4d-bc31-435b950d210f",
"value": "http://ipinfo.io/json"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e12ed9-56ec-46fa-829b-42f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:22:49.000Z",
"modified": "2016-03-10T08:22:49.000Z",
"first_observed": "2016-03-10T08:22:49Z",
"last_observed": "2016-03-10T08:22:49Z",
"number_observed": 1,
"object_refs": [
"url--56e12ed9-56ec-46fa-829b-42f6950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e12ed9-56ec-46fa-829b-42f6950d210f",
"value": "http://freegeoip.net/json/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e12ed9-eefc-4ed9-9d14-4949950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:22:49.000Z",
"modified": "2016-03-10T08:22:49.000Z",
"first_observed": "2016-03-10T08:22:49Z",
"last_observed": "2016-03-10T08:22:49Z",
"number_observed": 1,
"object_refs": [
"url--56e12ed9-eefc-4ed9-9d14-4949950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e12ed9-eefc-4ed9-9d14-4949950d210f",
"value": "http://ip-api.com/json"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e12f82-0c54-4c98-a49d-4de7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:25:38.000Z",
"modified": "2016-03-10T08:25:38.000Z",
"description": "Cerber executable (created: Fri Feb 26 10:28:56 2016)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADNDakjncNW5B+EBAACwAgAgABwAMmY3MDU5ZDdiMWRkYTMwODBlMzkxZDk5Nzg4ZmZmMThVVAkAA4Iv4VaCL+FWdXgLAAEEIQAAAAQhAAAAgG/zDcjQwOQ/2ysuh1sRSTb8nhbadf1DJXYBOf+4/10QuLg/l4MtEABD+a0bHi8hGw0tnV3aCZm5WF9HXVdNSTLfWGTP1PO1V8EHHQKH3toCT4QCVctd8CqUQcARXX5BJGw63+xvYZzRP0cPE21L6+Dii5MadixuRVjxc9FVi6lc1dnam0ZForxwbFI+PMMakpOoRzwHSH4SY8mmf5xvc0G6gGpxo+04INzNYF4GtWyfB+7dHng8agSlzsSnVC9cHN31VdGxZDhagtHkOtiUoIhOU+0/BQ1+T8sM/Lk2fgiUHWgkC/L274nSP6W6v65ok/TVTQUag/hdN8TwDYLrDP1ASqscNsoAaMO+ShNiQajFmeK7ll/EsoOOTYjqPeWN/Jg/Dw+/mFOKBcIJ1RsqMpBiiYndrmSG9vpJjKH8KSE9VsMQJz9i62FTGFAkaSBbVG2wnGKJ8Ur6xnRGMeuj06Y6PIepNHywmP5p49uTIqZyOgHCALeS7YyjIhjB0htO8TxpjByXNo+Afu3shBEsy9FnlzaIpwn9vIZJDF9lkHRvrqEayHbgY/mcqYsOmY2U6ew/c5UIi3SJsRa74AygUt+RgGARpo75BJJXA2+B64X82pzxKWmmrPYnwIQYGl8pP8JjTL02VJKkP9f0gSbKx7qziTbkQZYPnn/0hLHDpI8XLzMUE344zF4NZC7rfiKUNUJ2vcEB2oprwfiCcLOuAZjBJX3erNvHFSrYagx5g1i8hDgsYBBEybmSSD1LNBrpnp8GevoBNhtt8l4hIRjSAm9yen1+2DeEiiU+AcBzVjgS3ptDnXupuT7kMRwRgm39LdveXhVup9MUgfVvVP/+V8/NKP+v/i7+5yG1+mbgod0Ds2x5NhCbox6Vsg0VQnZ8OvZ9DUeyKbDCxfAPeWVTLwr9PVaWIZfO3fbCwz8bnSX+Px9foQOF8N3ZuXHdMk5myXKl2UmaelkcScSeBj10dStp+jQHFsB8ZapwUYlzSnrXXL1RcCkG53EoWampKh0x9/nV7xxcHYmFNlYl4jNppvx7Wasr5whp3G3tlekevzXNFYyrYWx0W1B4vjRECqoqMk7QdU1Hl8AWxp7i4zWUoJCCGJWhhhCG8UwYvnZwmV5noov+zwHjRj+eQSAIbN0tV4AhtozF4tktisRpSCbiGghKRwLhfmH+CaHYx79l41T5/Vp+ghu/0MWNMvO8BLd4xcDP/rC1nULBeXFwEbQydShpcNrVK8n251LA5TX1CN52jFPbXJh2cdkHRgWSn1fb7Miyu8BNNkLRk7+YyxplGyxW4c+CNPHAYiLirLb3xKwuM16VD+riE9mOMdLe7ohzXuTUGVhM2vAKNTMo7I9irHBKt452JTSIBsMnwiZ+i4FLAPKz64NGu1elO/T9T0sP+cmEt/UU8u4JPr24GPvBt0eH8VQYp+WKoAJQ6CXa5rOLnX8ssonmvqrgKD855Uhi8ad+7rGE0PxbTcpLbVkwLLGMuXd8tmjcZutpFSEGsoPV9GU3z/vUkmFz9wJCxRa6oOg+Q5lDoR+82lgujDBYeETc+yLJXIb6nA5HXkL4y+EMsHqkOZBz10FSEkx5N+oE1tbhxJAcqAMIz8ZO3OQMsdiBcc2sPAMKeACcxTj0N/+4JDHV44XTWrD7h8mSDJEwy/cPpGPb8O7PnYrgSCYW9Y1BW+1HwkElhaAfE/lx/5uFJDb3j3Qgi5wMq1nCTZ3MPU161PtJmk5uRWEdAWO0VePkM1ZztbBm+za1ycsYGLERe+C0FIhsxg22C4P88VGSeOq6IFZTTWfVqLjsCerLwCo0v+hHrK5lfhrNK5CuJr1GwVTgNmOE6/fkWW8SlYFJ01/vTHeIaOT6IRjkkIqzZ8gzD1+jPmd1q43LuY9ek52y4X5zUXtNq/olcyb4tfDAVYxHmXDJVmICQMhrhdZSd1uYolpx5VmJsmmWdYTSSEeRkJzWhF5Ce0asv9DNRV82iOlrJDBNOc0C8mhJchNYYIFiwIWPYDiXY4enI6hxAalW2JpRfw0fZVBGErOWS2mcuDLZVYBi5LR+8/5uIRf5ucn27rs0mue7RIO0tptugV+grccqoB5qSgbMvA4d5Vw7GFgqtMfgF+ISZ5nsUBIFVdi5M/2EwF5dSr0TRjA6RkJq5ANJlAi5Pd3AFwgOAWt03RG/bFxr8PAkN+NpNH5iPhqbv+1Xlj5/m6HoVO4SkzUfO+4FiiJVWcCG0GrqPilLb/PCoJwZnJ1Mr1jiOEz8BjlkRWQWX9mYMh2VjaTs6FfWsXxjF4V7HMBuKetO+0iNJ5oZS29wY+nMpBwp03Dn0TnGSQ13APnAsuZmqVmaT004C6mGTAi8L9wQEbQJyJXCTPwPPeZHcQvOcHMku2ECzgZ2wL+uysSdTKETWxF4MK4TAHlMXsgooti+hbPakZ8M2djvMqL+aXBRy+Scy65294HqAX3Cwmv6Xzcfcyw1i3NH/gx9EY/HalWlc5UFr2F9TCUk1MSs/kjt96SP5CU2d75gYeA2QzGIBUyukSrVRAGajOQ9riyGZ4RFPpWQBP1tGGLv6WVe5iiUsJixPvjM2eTCUrd3H3x/6iu6a5FQnPTBEhWW/Kf3pb8NrhJ0nlUR6wisCQZQKCLKg3zDK/b5sSTlb2DbXCpoTjtymA2uug5AJ87QVZhkYY87bQEoi0kxhs7sQ53SVIsIDbeYpKY19HZacB/UYSsw99NwkjrzbHqQR9VJQEtZcxmxMxwyPsgva0FxnVHUuVO98s0dxGZUjj6yYQbvOfkHeLxwNPFCSVTkVxpJ9tDnmp+uwhg/oZuSDUx705Ozu1aof5eojNgQQvTl8Uf91PtxWo2GvqMuc8MUMWGIsPC9ZryAjSRLrtYl0C6AU2RfSmrEGm607s1fdi7kJrDP7+P5frKG46P4d/c+Nqv4hsN6+6Uo5Dw2DygZcFxYPXiTfEP4OqnfmVEkCQQsxH0bzaqRnnqUd+/z77yqmv1G+D58XazpzKUCkS2FUZHlTnN48j79+J213Jc2o7aHaR0B1gvOTQA3YKQXZZ/VurpMxFosHUAsoVYUEB73U/ALfrszqefRVdsoTnPWnWoGwHSK08urDnIYNxi3dAT1z4RQyiUdY9gapF/6mHT8Z8QO+RQHVO4EUUIHisNPhllPVtdW1WDRM4UFTl5It5kFFw0KQSFeAUR2gOYOnR7z46ji7aioR6CGcFT+wXCL7v1mATFBUWaaXck/uikfhJ0gkSn5hWjOGwFAK3i5qne9choEVZbp1/C7E2Tiv1sGmPJjFA4ox933LvW0p6Cg+DSt4b3r0PZnZ7/IiodPitTA5iKzC6+pwKWl3KdmQZeWBoJAcMo/5Hfmu2RwiIVXhPPJPxMYnqC7RqvSsfhRX0ApkwUXHLvbnB9zbQa9/KEfk2JUyTgrdlCGxR0XQmHu/pmV6s0dogihOAlOxJ5n07Za1bY6QUEehNg+OpxLH6dnxSe6YLE0yAagZ87uyyxESe9Ad9tnUkle2TrFp/6tvdWoanF02oC8ZKNTF5HbamjnHDB1XKfJoupESpQiutKDYrkqK8b9UvVQezcx+MpfjAjLv3Y6JbafIrK84Nd0LFVZ8D1SajIRC1Cdi398r/fK0iX9sePNTGUPZLZl+ruoymwRAvP99F9VAQd67r+xamZOgSH87Q7Zqt5LH8i5XExwlPSF0qqI4hZ9DrCM0pQnx6/cjMKvRpFN6S4fjGKxOZxVQYKNk/FQ64vR2aqdqRtAcnGxuef02puAFd0sd9k5DR6dulRMgFnfc9rOcu3mQ9XrPZXCwXtMJQurFkJplC0b9wajRpZeDhiYZ2OnF+jzGYAgdtQCt9lr7C/8Qk2Z3gXtk5OQd18krYobrxhrS2XZC2TAj7cgKTdb9pNbtIQHp6DKHF9gMMj5tePivh
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T08:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e12f83-98e0-490c-9820-4807950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:25:39.000Z",
"modified": "2016-03-10T08:25:39.000Z",
"description": "Cerber executable (created: Fri Feb 26 10:28:56 2016)",
"pattern": "[file:name = 'a5ff5f.exe' AND file:hashes.SHA1 = '0af6bde11eaa699604aa92cce9a6210dfce70f42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T08:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e12f84-d92c-455f-9ecf-4e30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T08:25:40.000Z",
"modified": "2016-03-10T08:25:40.000Z",
"description": "Cerber executable (created: Fri Feb 26 10:28:56 2016)",
"pattern": "[file:name = 'a5ff5f.exe' AND file:hashes.SHA256 = 'a5ff5f861bbb1ac7c6fd44f303f735fac01273ce2ae43a8acb683076192fcfcc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T08:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e148f3-461c-4d44-ace6-493f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:14:11.000Z",
"modified": "2016-03-10T10:14:11.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload installation\""
],
"x_misp_category": "Payload installation",
"x_misp_comment": "# DECRYPT MY FILES #.vbs",
"x_misp_type": "text",
"x_misp_value": "Set SAPI = CreateObject(\"SAPI.SpVoice\")\r\nSAPI.Speak \"Attention! Attention! Attention!\"\r\nFor i = 1 to 5\r\nSAPI.Speak \"Your documents, photos, databases and other important files have been encrypted!\"\r\nNext"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e1493d-c33c-4e3e-bcdd-4ae7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:15:25.000Z",
"modified": "2016-03-10T10:15:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload installation\""
],
"x_misp_category": "Payload installation",
"x_misp_comment": "# DECRYPT MY FILES #.txt",
"x_misp_type": "text",
"x_misp_value": "C E R B E R\r\n -----------\r\n\r\n\r\n Your documents, photos, databases and other important files have been encrypted!\r\n\r\n\r\n To decrypt your files follow the instructions:\r\n\r\n\r\n ---------------------------------------------------------------------------------------\r\n\r\n\r\n 1. Download and install the \"Tor Browser\" from https://www.torproject.org/\r\n\r\n\r\n 2. Run it\r\n\r\n\r\n 3. In the \"Tor Browser\" open website:\r\n\r\n http://decrypttozxybarc.onion/F97F-EFC0-B07D-003F-3EA6\r\n\r\n\r\n 4. Follow the instructions at this website\r\n\r\n\r\n ---------------------------------------------------------------------------------------\r\n\r\n\r\n \u00c2\u00ab...Quod me non necat me fortiorem facit.\u00c2\u00bb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e1498a-da10-48f7-995e-4fda950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:16:42.000Z",
"modified": "2016-03-10T10:16:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload installation\""
],
"x_misp_category": "Payload installation",
"x_misp_comment": "# DECRYPT MY FILES #.html",
"x_misp_type": "text",
"x_misp_value": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n <head>\r\n <link href=\"http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css\" rel=\"stylesheet\">\r\n <meta charset=\"utf-8\">\r\n <meta content=\"IE=edge\" http-equiv=\"X-UA-Compatible\">\r\n <meta content=\"width=device-width, initial-scale=1\" name=\"viewport\">\r\n <title>C E R B E R</title>\r\n </head>\r\n <body>\r\n <div class=\"container\">\r\n <h3 align=\"center\">C E R B E R</h3>\r\n <br />\r\n <h4>Your documents, photos, databases and other important files have been encrypted!<br /><br />To decrypt your files follow the instructions:</h4>\r\n <br />\r\n <div class=\"well\">\r\n <h4>1.&nbsp;&nbsp;&nbsp;Download and install the &laquo;Tor Browser&raquo; from <a href=\"https://www.torproject.org/download/download-easy.html.en\" target=\"_blank\">https://www.torproject.org/</a></h4>\r\n <br />\r\n <h4>2.&nbsp;&nbsp;&nbsp;Run it</h4>\r\n <br />\r\n <h4>3.&nbsp;&nbsp;&nbsp;In the &laquo;Tor Browser&raquo; open website:<br /><br /><div class=\"form-group\" style=\"margin: 0 32px 36px 32px;\"><input class=\"form-control\" style=\"color: #c24; font-size: 22px; height: 50px; text-align: center;\" type=\"text\" value=\"http://decrypttozxybarc.onion/F97F-EFC0-B07D-003F-3EA6\" readonly></div></h4>\r\n <h4>4.&nbsp;&nbsp;&nbsp;Follow the instructions at this website</h4>\r\n </div>\r\n <br />\r\n <p style=\"color: #ccc;\">&laquo;...Quod me non necat me fortiorem facit.&raquo;</p>\r\n <br />\r\n </div>\r\n </body>\r\n</html>"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e149c8-4648-4514-ba41-4f92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:17:44.000Z",
"modified": "2016-03-10T10:17:44.000Z",
"first_observed": "2016-03-10T10:17:44Z",
"last_observed": "2016-03-10T10:17:44Z",
"number_observed": 1,
"object_refs": [
"url--56e149c8-4648-4514-ba41-4f92950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e149c8-4648-4514-ba41-4f92950d210f",
"value": "http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e14a17-4f34-4ffd-8ef8-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:19:03.000Z",
"modified": "2016-03-10T10:19:03.000Z",
"description": "Onion server for payment",
"pattern": "[domain-name:value = 'decrypttozxybarc.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T10:19:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e14a73-f9ac-4fea-98f4-46e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T10:20:35.000Z",
"modified": "2016-03-10T10:20:35.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\""
],
"x_misp_category": "Financial fraud",
"x_misp_comment": "Bitcoin address",
"x_misp_type": "btc",
"x_misp_value": "1GCaWA685Nj2PqqG7P2ZBACYZB8ZtpQuQ9"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink