{ "type": "bundle", "id": "bundle--54504af8-1394-43b4-a97d-a3ab950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54504af8-1394-43b4-a97d-a3ab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "name": "OSINT Emerging Threat Alert - CVE-2014-4114 blog post by Cylance", "published": "2016-02-22T15:13:59Z", "object_refs": [ "observed-data--54504b04-e970-44ad-b24e-4f19950d210b", "url--54504b04-e970-44ad-b24e-4f19950d210b", "x-misp-attribute--54504b1b-3090-4da4-8591-8f41950d210b", "vulnerability--54504b2d-fd18-4ef1-b8ec-48e5950d210b", "x-misp-attribute--54504b3d-bc0c-4fc9-be95-4c03950d210b", "x-misp-attribute--54504b3d-e584-4315-be7e-4548950d210b", "indicator--54504b6e-c1d0-4535-8d41-4f2c950d210b", "indicator--54504b6e-8348-41c3-bfd7-4d12950d210b", "indicator--54504b6e-ce68-4385-a0dc-48d7950d210b", "indicator--54504b6e-5264-448a-96b5-4abb950d210b", "indicator--54504b6e-ce80-4ab5-bd72-40fe950d210b", "indicator--54504b6e-626c-4b5e-880a-4607950d210b", "indicator--54504b6e-22a8-46d9-a8c5-4c6b950d210b", "indicator--54504b8a-b2b8-406d-8af6-4182950d210b", "indicator--54504b8a-1d08-431c-a9ca-4804950d210b", "indicator--54504b8a-f9f4-4412-b084-42a6950d210b", "indicator--54504b8a-6e18-4418-9de8-4af9950d210b", "indicator--54504b8a-2074-4899-8d09-43da950d210b", "indicator--54504b8a-6eac-48d3-905a-47fe950d210b", "indicator--54504b8a-1ac8-4590-9502-460f950d210b", "indicator--56c63fda-e898-44bd-8a4a-5f51950d210f", "indicator--56c63fdd-25fc-4b4a-b743-c654950d210f", "indicator--56c63fdf-b504-48df-a63b-599d950d210f", "indicator--56c63fdb-d94c-41d5-8a89-599c950d210f", "indicator--56c63fde-4b54-4d53-9e96-c650950d210f", "indicator--56c63fe0-cbac-4e9d-8d3e-4b3d950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54504b04-e970-44ad-b24e-4f19950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:03:48.000Z", "modified": "2014-10-29T02:03:48.000Z", "first_observed": "2014-10-29T02:03:48Z", "last_observed": "2014-10-29T02:03:48Z", "number_observed": 1, "object_refs": [ "url--54504b04-e970-44ad-b24e-4f19950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54504b04-e970-44ad-b24e-4f19950d210b", "value": "http://blog.cylance.com/emerging-threat-alert-cve-2014-4114" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54504b1b-3090-4da4-8591-8f41950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:04:11.000Z", "modified": "2014-10-29T02:04:11.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data encoded by David Andr\u00c3\u00a9" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--54504b2d-fd18-4ef1-b8ec-48e5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:04:29.000Z", "modified": "2014-10-29T02:04:29.000Z", "name": "CVE-2014-4114", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-4114" } ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54504b3d-bc0c-4fc9-be95-4c03950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:04:45.000Z", "modified": "2014-10-29T02:04:45.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Sandworm" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54504b3d-e584-4315-be7e-4548950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:04:45.000Z", "modified": "2014-10-29T02:04:45.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Black energy" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-c1d0-4535-8d41-4f2c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-8348-41c3-bfd7-4d12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '4b2b9c147ed28b8f908f96f0c0db8bf8a0da0ac47864bbe0b31c976a4229a2ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-ce68-4385-a0dc-48d7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '30175747dda628bc4ad8353d8e71f17e44ec8dde36c81891ff539dcec5693420']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-5264-448a-96b5-4abb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '2baba003ef1858b22c1968a2699269cb12d1c3ec117c4951d9775466eb4c7f76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-ce80-4ab5-bd72-40fe950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '65a8bf996bfc23405be764266d7409a65fa936d19cee52b61ef83e29dcdd6230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-626c-4b5e-880a-4607950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = 'bd2176b239d240232cdced2da9fc930e627a27190e7216142db93f6538b21006']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b6e-22a8-46d9-a8c5-4c6b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:05:34.000Z", "modified": "2014-10-29T02:05:34.000Z", "pattern": "[file:hashes.SHA256 = '6732379efe230b522185cde9c186bc2640a5dfc7e154a6037ee3bbe067d6e705']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-b2b8-406d-8af6-4182950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = 'f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-1d08-431c-a9ca-4804950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = '2731d7cfcde172e6dde879f9c26bddaa0d2b1beba9a27680fbd2fa37f9bf12b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-f9f4-4412-b084-42a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = 'ea72c79d15fb1b7765d40733a251f8e3b8aeb278cd2bbf429d64921155214b36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-6e18-4418-9de8-4af9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = '980d577d3448477dbfe65316b42f2b970c3972e5b01be9abe7abba3568aa1de7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-2074-4899-8d09-43da950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = '0fda6c118fb7dc946440cb9225e32ab1825d87d4f088bb75a6eab7cef35433bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-6eac-48d3-905a-47fe950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = '0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54504b8a-1ac8-4590-9502-460f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-29T02:06:02.000Z", "modified": "2014-10-29T02:06:02.000Z", "pattern": "[file:hashes.SHA256 = '2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-29T02:06:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fda-e898-44bd-8a4a-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:10.000Z", "modified": "2016-02-18T22:04:10.000Z", "description": "Automatically added (via f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75)", "pattern": "[file:hashes.MD5 = '48937e732d0d11e99c68895ac8578374']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fdd-25fc-4b4a-b743-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:13.000Z", "modified": "2016-02-18T22:04:13.000Z", "description": "Automatically added (via 2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b)", "pattern": "[file:hashes.MD5 = '37ca2ecb5e1fc89f73c6adc188ff685d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fdf-b504-48df-a63b-599d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:15.000Z", "modified": "2016-02-18T22:04:15.000Z", "description": "Automatically added (via 0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b)", "pattern": "[file:hashes.MD5 = 'b0dc4c3402e7999d733fa2b668371ade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fdb-d94c-41d5-8a89-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:11.000Z", "modified": "2016-02-18T22:04:11.000Z", "description": "Automatically added (via f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75)", "pattern": "[file:hashes.SHA1 = '118206d910f0036357b04c154da8966bcccd31b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fde-4b54-4d53-9e96-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:14.000Z", "modified": "2016-02-18T22:04:14.000Z", "description": "Automatically added (via 2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b)", "pattern": "[file:hashes.SHA1 = '858c589842029616d75db616f2097ee98414bfbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c63fe0-cbac-4e9d-8d3e-4b3d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:04:16.000Z", "modified": "2016-02-18T22:04:16.000Z", "description": "Automatically added (via 0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b)", "pattern": "[file:hashes.SHA1 = '2ff3b1e5a310983f7dd81daad89e9f1ba262a0e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:04:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }