misp-circl-feed/feeds/circl/stix-2.1/555dd7c9-2234-44d6-8604-a479950d210b.json

{
    "type": "bundle",
    "id": "bundle--555dd7c9-2234-44d6-8604-a479950d210b",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:56.000Z",
            "modified": "2015-05-21T13:11:56.000Z",
            "name": "CthulhuSPRL.be",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--555dd7c9-2234-44d6-8604-a479950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:56.000Z",
            "modified": "2015-05-21T13:11:56.000Z",
            "name": "OSINT Attacks on East Asia using Google Code for Command and Control by Palo Alto Unit 42",
            "published": "2015-05-21T17:47:38Z",
            "object_refs": [
                "observed-data--555dd7d9-112c-4809-8582-a479950d210b",
                "url--555dd7d9-112c-4809-8582-a479950d210b",
                "x-misp-attribute--555dd7f7-6660-42aa-a8a7-d8ba950d210b",
                "x-misp-attribute--555dd7f7-1d58-4ad2-865c-d8ba950d210b",
                "indicator--555dd829-b3cc-4645-8b2f-d8ba950d210b",
                "indicator--555dd829-b248-4d57-9e70-d8ba950d210b",
                "indicator--555dd829-1384-4c2f-b19b-d8ba950d210b",
                "indicator--555dd82a-79d0-4f53-a659-d8ba950d210b",
                "indicator--555dd82a-b164-4e34-a2f7-d8ba950d210b",
                "indicator--555dd854-f334-42bf-a213-f22a950d210b",
                "indicator--555dd868-daa4-44a2-81d8-177c950d210b",
                "indicator--555dd933-b4f4-4917-9196-f87b950d210b",
                "indicator--555dd933-f1ac-4ea0-b5de-f87b950d210b",
                "indicator--555dd933-c0f8-4c6e-a161-f87b950d210b",
                "indicator--555dd933-963c-41f7-9fac-f87b950d210b",
                "indicator--555dd933-5cf0-4249-a0e0-f87b950d210b",
                "indicator--555dd933-4e88-442b-9ecb-f87b950d210b",
                "indicator--555dd933-39a4-4860-9c2b-f87b950d210b",
                "indicator--555dd940-6e68-463d-9638-f22a950d210b",
                "indicator--555dd940-c550-4776-8181-f22a950d210b",
                "indicator--555dd940-e598-431a-9cd4-f22a950d210b",
                "indicator--555dd941-baf8-4b8a-9656-f22a950d210b",
                "indicator--555dd941-f1e4-4cee-9d64-f22a950d210b",
                "indicator--555dd941-54c8-4c34-b606-f22a950d210b",
                "indicator--555dd941-8574-429f-9f6b-f22a950d210b",
                "indicator--555dd976-bf14-427d-9d16-a479950d210b",
                "indicator--555dd976-2714-4cb0-bb17-a479950d210b",
                "indicator--555dd977-0d18-4784-857d-a479950d210b",
                "indicator--555dd98d-2c14-457b-a149-f22a950d210b",
                "indicator--555dd99c-b004-444e-a9d9-44cf950d210b",
                "indicator--555dd99c-0664-42ec-8cf8-478c950d210b"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--555dd7d9-112c-4809-8582-a479950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:04:25.000Z",
            "modified": "2015-05-21T13:04:25.000Z",
            "first_observed": "2015-05-21T13:04:25Z",
            "last_observed": "2015-05-21T13:04:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--555dd7d9-112c-4809-8582-a479950d210b"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--555dd7d9-112c-4809-8582-a479950d210b",
            "value": "http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-google-code-command-control/"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--555dd7f7-6660-42aa-a8a7-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:04:55.000Z",
            "modified": "2015-05-21T13:04:55.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Poisoned Hurricane"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--555dd7f7-1d58-4ad2-865c-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:04:55.000Z",
            "modified": "2015-05-21T13:04:55.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Operation Poisoned Hurricane"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd829-b3cc-4645-8b2f-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:05:45.000Z",
            "modified": "2015-05-21T13:05:45.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.29.248.9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:05:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd829-b248-4d57-9e70-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:05:45.000Z",
            "modified": "2015-05-21T13:05:45.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.181.133.237']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:05:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd829-1384-4c2f-b19b-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:05:45.000Z",
            "modified": "2015-05-21T13:05:45.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.78.34.179']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:05:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd82a-79d0-4f53-a659-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:05:45.000Z",
            "modified": "2015-05-21T13:05:45.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.233.89.182']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:05:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd82a-b164-4e34-a2f7-d8ba950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:05:46.000Z",
            "modified": "2015-05-21T13:05:46.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.135.134.243']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:05:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd854-f334-42bf-a213-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:06:28.000Z",
            "modified": "2015-05-21T13:06:28.000Z",
            "description": "Linked to another campaign but had same CnC",
            "pattern": "[file:hashes.MD5 = 'ddd46ce5e5eaaa8e61ce11a121a79266']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:06:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd868-daa4-44a2-81d8-177c950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:06:48.000Z",
            "modified": "2015-05-21T13:06:48.000Z",
            "pattern": "[domain-name:value = 'qq7712409.3322.org']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:06:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-b4f4-4917-9196-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = '50af349c69ae4dec74bc41c581b82459']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-f1ac-4ea0-b5de-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = '59db9dc2bb3635a3bd94182ae68d31cb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-c0f8-4c6e-a161-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = '835a1e33a87941c7a1cc9a741d33a5a3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-963c-41f7-9fac-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = 'a31fe2e6bd94e6df84a091d00d27ec28']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-5cf0-4249-a0e0-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = 'e2a4b96cce9de4fb126cfd5f5c73c3ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-4e88-442b-9ecb-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = 'e8277240392ce218f9ec9d4ec3d00655']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd933-39a4-4860-9c2b-f87b950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:11.000Z",
            "modified": "2015-05-21T13:10:11.000Z",
            "pattern": "[file:hashes.MD5 = 'f92e9e3e86856b5c0ee465f77a440abb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd940-6e68-463d-9638-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:24.000Z",
            "modified": "2015-05-21T13:10:24.000Z",
            "pattern": "[file:hashes.SHA256 = '136e709cc83cbda0cd8ca6e46fe9e57202bd2699ca063f9d1a51602394c06ef3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd940-c550-4776-8181-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:24.000Z",
            "modified": "2015-05-21T13:10:24.000Z",
            "pattern": "[file:hashes.SHA256 = '25a02434132c3977124dfaa7e7392a9af4d1617f3520bc04589d5e7e5aad0362']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd940-e598-431a-9cd4-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:24.000Z",
            "modified": "2015-05-21T13:10:24.000Z",
            "pattern": "[file:hashes.SHA256 = '2ab4953d2e2b38a918e1a1c74741e1de6111b1ce59878a82768990a339318cd2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd941-baf8-4b8a-9656-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:25.000Z",
            "modified": "2015-05-21T13:10:25.000Z",
            "pattern": "[file:hashes.SHA256 = '4d894492c10ddaaae6924744cd21d8115e8b1d72bceb7df6393a8d2cf9130a49']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd941-f1e4-4cee-9d64-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:25.000Z",
            "modified": "2015-05-21T13:10:25.000Z",
            "pattern": "[file:hashes.SHA256 = '6594912a0fe3d0380af1630aa8cb6c489f014af4b37f1c99f62fe4d2806907e5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd941-54c8-4c34-b606-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:25.000Z",
            "modified": "2015-05-21T13:10:25.000Z",
            "pattern": "[file:hashes.SHA256 = '935c9652a0d5427a0205062431fd1db9ccafa68d55313504f76206026b84b2f4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd941-8574-429f-9f6b-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:10:25.000Z",
            "modified": "2015-05-21T13:10:25.000Z",
            "pattern": "[file:hashes.SHA256 = 'bbff6295b390e3098401a43f08d95d35745e807a0dcb19a2ea4a1596aca9ef31']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:10:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd976-bf14-427d-9d16-a479950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:18.000Z",
            "modified": "2015-05-21T13:11:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.149.142']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd976-2714-4cb0-bb17-a479950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:18.000Z",
            "modified": "2015-05-21T13:11:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.253.101.105']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd977-0d18-4784-857d-a479950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:19.000Z",
            "modified": "2015-05-21T13:11:19.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.64.139.39']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd98d-2c14-457b-a149-f22a950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:41.000Z",
            "modified": "2015-05-21T13:11:41.000Z",
            "pattern": "[domain-name:value = 'hk.jave-se.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd99c-b004-444e-a9d9-44cf950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:56.000Z",
            "modified": "2015-05-21T13:11:56.000Z",
            "pattern": "[domain-name:value = 'java-se.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--555dd99c-0664-42ec-8cf8-478c950d210b",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2015-05-21T13:11:56.000Z",
            "modified": "2015-05-21T13:11:56.000Z",
            "pattern": "[domain-name:value = 'lthly.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2015-05-21T13:11:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}