misp-circl-feed/feeds/circl/stix-2.1/59d7d6ca-34f4-4bec-b700-4afa02de0b81.json

662 lines
27 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59d7d6ca-34f4-4bec-b700-4afa02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59d7d6ca-34f4-4bec-b700-4afa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"name": "OSINT - Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea",
"published": "2017-10-06T19:25:09Z",
"object_refs": [
"observed-data--59d7d6f3-d80c-4fbc-8d14-105502de0b81",
"url--59d7d6f3-d80c-4fbc-8d14-105502de0b81",
"x-misp-attribute--59d7d704-a774-46fd-8e57-4f4702de0b81",
"indicator--59d7d733-a08c-48b4-8d9d-414102de0b81",
"indicator--59d7d779-3220-4703-b1d2-43ee02de0b81",
"indicator--59d7d779-e69c-4ad9-bd22-479102de0b81",
"observed-data--59d7d779-5b08-4375-8c84-4b0202de0b81",
"url--59d7d779-5b08-4375-8c84-4b0202de0b81",
"indicator--59d7d797-55fc-4d13-968a-834402de0b81",
"indicator--59d7d7af-587c-42e5-8e44-44ec02de0b81",
"indicator--59d7d7db-6e5c-4c22-a550-49d602de0b81",
"indicator--59d7d80e-4114-47b1-a1f7-4a6902de0b81",
"indicator--59d7d80e-8414-436e-9f0d-488902de0b81",
"indicator--59d7d80e-5fc0-4cde-b9bf-46ca02de0b81",
"indicator--59d7d80e-a25c-4707-b368-404b02de0b81",
"indicator--59d7d80e-eb38-4bb9-90b8-481d02de0b81",
"indicator--59d7d80e-e1a8-4a93-b25e-4a2a02de0b81",
"indicator--59d7d80e-f524-4012-a7ab-442002de0b81",
"indicator--59d7d80e-8a90-4b5e-a2a9-4e4f02de0b81",
"indicator--59d7d80e-b044-4165-ad23-4ce502de0b81",
"indicator--59d7d80e-1d74-467a-9c5a-491b02de0b81",
"indicator--59d7d80e-4774-4579-af6d-4cc002de0b81",
"indicator--59d7d82f-e4c8-4f47-90b4-402602de0b81",
"indicator--59d7d82f-3690-4709-9103-4e2402de0b81",
"indicator--59d7d82f-f10c-4393-a2ec-48b202de0b81",
"indicator--59d7d82f-ddd0-4fb9-9ddf-4e0e02de0b81",
"indicator--59d7d82f-d114-447f-82e3-4be102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d7d6f3-d80c-4fbc-8d14-105502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"first_observed": "2017-10-06T19:20:25Z",
"last_observed": "2017-10-06T19:20:25Z",
"number_observed": 1,
"object_refs": [
"url--59d7d6f3-d80c-4fbc-8d14-105502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59d7d6f3-d80c-4fbc-8d14-105502de0b81",
"value": "https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59d7d704-a774-46fd-8e57-4f4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution mechanisms to deliver the information stealing FormBook malware, including:\r\n\r\n PDFs with download links\r\n DOC and XLS files with malicious macros\r\n Archive files (ZIP, RAR, ACE, and ISOs) containing EXE payloads\r\n\r\nThe PDF and DOC/XLS campaigns primarily impacted the United States and the Archive campaigns largely impacted the Unites States and South Korea."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d733-a08c-48b4-8d9d-414102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"pattern": "[file:hashes.MD5 = 'ce84640c3228925cc4815116dde968cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:20:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d779-3220-4703-b1d2-43ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"description": "- Xchecked via VT: ce84640c3228925cc4815116dde968cb",
"pattern": "[file:hashes.SHA256 = '6e4ec3712cf641a31f4e9e4af7d9d7a84fd7da4cc2875c6aceb9a283ed0330d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:20:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d779-e69c-4ad9-bd22-479102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"description": "- Xchecked via VT: ce84640c3228925cc4815116dde968cb",
"pattern": "[file:hashes.SHA1 = '524e1011c26b6bf7e23f5d107222397129f9893d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:20:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d7d779-5b08-4375-8c84-4b0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:25.000Z",
"modified": "2017-10-06T19:20:25.000Z",
"first_observed": "2017-10-06T19:20:25Z",
"last_observed": "2017-10-06T19:20:25Z",
"number_observed": 1,
"object_refs": [
"url--59d7d779-5b08-4375-8c84-4b0202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59d7d779-5b08-4375-8c84-4b0202de0b81",
"value": "https://www.virustotal.com/file/6e4ec3712cf641a31f4e9e4af7d9d7a84fd7da4cc2875c6aceb9a283ed0330d7/analysis/1507239296/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d797-55fc-4d13-968a-834402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:20:55.000Z",
"modified": "2017-10-06T19:20:55.000Z",
"pattern": "[mutex:name = '8-3503835SZBFHHZ']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d7af-587c-42e5-8e44-44ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:21:19.000Z",
"modified": "2017-10-06T19:21:19.000Z",
"pattern": "[mutex:name = 'LL9PSC56RW7Bx3A5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:21:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d7db-6e5c-4c22-a550-49d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:03.000Z",
"modified": "2017-10-06T19:22:03.000Z",
"description": "The malware communicates with the following C2 server using HTTP requests:",
"pattern": "[url:value = 'www.clicks-track.info/list/hx28/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-4114-47b1-a1f7-4a6902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9TK']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-8414-436e-9f0d-488902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9Uw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-5fc0-4cde-b9bf-46ca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9G1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-a25c-4707-b368-404b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9Q6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-eb38-4bb9-90b8-481d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9H1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-e1a8-4a93-b25e-4a2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9R7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-f524-4012-a7ab-442002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9Tc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-8a90-4b5e-a2a9-4e4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9RM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-b044-4165-ad23-4ce502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9G0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-1d74-467a-9c5a-491b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9Oq']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d80e-4774-4579-af6d-4cc002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:22:54.000Z",
"modified": "2017-10-06T19:22:54.000Z",
"description": "Shorted URLs",
"pattern": "[url:value = 'tny.im/9Oh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d82f-e4c8-4f47-90b4-402602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"description": "Staging Servers (compromised hosts?)",
"pattern": "[domain-name:value = 'maxsutton.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d82f-3690-4709-9103-4e2402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"description": "Staging Servers (compromised hosts?)",
"pattern": "[domain-name:value = 'solderie.dream3w.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d82f-f10c-4393-a2ec-48b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"description": "Staging Servers (compromised hosts?)",
"pattern": "[domain-name:value = 'lifekeeper.com.au']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d82f-ddd0-4fb9-9ddf-4e0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"description": "Staging Servers (compromised hosts?)",
"pattern": "[domain-name:value = 'brinematriscript.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d7d82f-d114-447f-82e3-4be102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-06T19:23:27.000Z",
"modified": "2017-10-06T19:23:27.000Z",
"description": "Staging Servers (compromised hosts?)",
"pattern": "[domain-name:value = 'jaimagroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-06T19:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}