{ "type": "bundle", "id": "bundle--546481a0-fc90-4aa4-8508-4a68950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:29:44.000Z", "modified": "2014-11-13T10:29:44.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--546481a0-fc90-4aa4-8508-4a68950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:29:44.000Z", "modified": "2014-11-13T10:29:44.000Z", "name": "OSINT Adobe Zero-day Used in LadyBoyle Attack blog post by Symantec", "published": "2014-11-13T14:47:56Z", "object_refs": [ "observed-data--546481ac-fbc4-43b5-b8a1-4e92950d210b", "url--546481ac-fbc4-43b5-b8a1-4e92950d210b", "x-misp-attribute--546481b8-b910-42cc-8be7-4761950d210b", "x-misp-attribute--546481c5-f1dc-4fcf-93f1-e5f1950d210b", "vulnerability--546481e3-0f90-46c1-91c1-4ce9950d210b", "observed-data--54648248-0040-4104-9f56-44f2950d210b", "url--54648248-0040-4104-9f56-44f2950d210b", "observed-data--54648248-cc04-414e-a1ee-4249950d210b", "url--54648248-cc04-414e-a1ee-4249950d210b", "x-misp-attribute--54648724-036c-4c89-97b0-46cc950d210b", "x-misp-attribute--54648724-a2a8-4413-b22e-4df4950d210b", "x-misp-attribute--5464875b-de3c-4891-954d-45bd950d210b", "x-misp-attribute--5464875b-068c-4a32-bb0d-4d0d950d210b", "x-misp-attribute--5464875b-e3f4-4e22-9461-48f2950d210b", "indicator--5464878c-a8c4-4e30-8aac-4c56950d210b", "indicator--546487b7-82ac-4d61-ab31-43f6950d210b", "indicator--546487b7-cbdc-47ef-8691-41c3950d210b", "indicator--546487b7-14cc-4247-9b47-4710950d210b", "indicator--546487b7-d68c-4f45-8b69-4031950d210b", "indicator--546487b7-04ac-4b46-b669-4182950d210b", "indicator--546487b7-8728-4f29-b861-457f950d210b", "indicator--546487b7-6178-49e4-953e-4dc7950d210b", "indicator--546487b7-7904-4f08-a38c-4ade950d210b", "indicator--546487b8-17f0-48e2-b367-4fe7950d210b", "indicator--546487b8-c8a0-45ad-a428-401e950d210b", "indicator--546487b8-36fc-4db2-b188-460c950d210b", "indicator--546487b8-df14-48e7-a97a-4a8a950d210b", "indicator--546487b8-09d4-49a6-a7e2-49f6950d210b", "indicator--546487b8-fb70-4b90-b13d-419b950d210b", "indicator--546487b8-e7b8-46b6-b030-45d9950d210b", "indicator--546487b8-6ef8-45be-b149-4e34950d210b", "indicator--546487b8-d0f8-44a0-925e-4d49950d210b", "indicator--546487b8-0610-4df9-9689-4642950d210b", "indicator--546487b8-ef30-441a-977c-4ea0950d210b", "indicator--546487b8-1ec4-444a-a8f0-4dbd950d210b", "indicator--546487b8-3e3c-4ee9-9018-429e950d210b", "indicator--546487b8-fdf4-481e-87b9-493b950d210b", "indicator--546487b8-6d34-4a88-aac3-4c71950d210b", "indicator--546487b8-f194-40b8-80d6-420d950d210b", "indicator--546487f2-9190-488f-9642-468d950d210b", "indicator--546487f2-ddec-465b-b0ad-46cc950d210b", "indicator--54648818-d770-495e-9995-4be9950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--546481ac-fbc4-43b5-b8a1-4e92950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:02:20.000Z", "modified": "2014-11-13T10:02:20.000Z", "first_observed": "2014-11-13T10:02:20Z", "last_observed": "2014-11-13T10:02:20Z", "number_observed": 1, "object_refs": [ "url--546481ac-fbc4-43b5-b8a1-4e92950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--546481ac-fbc4-43b5-b8a1-4e92950d210b", "value": "http://www.symantec.com/connect/blogs/adobe-zero-day-used-ladyboyle-attack" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546481b8-b910-42cc-8be7-4761950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:02:32.000Z", "modified": "2014-11-13T10:02:32.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "LadyBoyle" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546481c5-f1dc-4fcf-93f1-e5f1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:02:45.000Z", "modified": "2014-11-13T10:02:45.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--546481e3-0f90-46c1-91c1-4ce9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:03:15.000Z", "modified": "2014-11-13T10:03:15.000Z", "name": "CVE-2013-0634", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2013-0634" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54648248-0040-4104-9f56-44f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:06:38.000Z", "modified": "2014-11-13T10:06:38.000Z", "first_observed": "2014-11-13T10:06:38Z", "last_observed": "2014-11-13T10:06:38Z", "number_observed": 1, "object_refs": [ "url--54648248-0040-4104-9f56-44f2950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54648248-0040-4104-9f56-44f2950d210b", "value": "http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54648248-cc04-414e-a1ee-4249950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:04:56.000Z", "modified": "2014-11-13T10:04:56.000Z", "first_observed": "2014-11-13T10:04:56Z", "last_observed": "2014-11-13T10:04:56Z", "number_observed": 1, "object_refs": [ "url--54648248-cc04-414e-a1ee-4249950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54648248-cc04-414e-a1ee-4249950d210b", "value": "http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54648724-036c-4c89-97b0-46cc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:25:40.000Z", "modified": "2014-11-13T10:25:40.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Bloodhound.Flash.19" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54648724-a2a8-4413-b22e-4df4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:25:40.000Z", "modified": "2014-11-13T10:25:40.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Bloodhound.Flash.20" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5464875b-de3c-4891-954d-45bd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:26:34.000Z", "modified": "2014-11-13T10:26:34.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan.Mdropper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5464875b-068c-4a32-bb0d-4d0d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:26:35.000Z", "modified": "2014-11-13T10:26:35.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan.Swifi" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5464875b-e3f4-4e22-9461-48f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:26:35.000Z", "modified": "2014-11-13T10:26:35.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Backdoor.Boda" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464878c-a8c4-4e30-8aac-4c56950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:27:24.000Z", "modified": "2014-11-13T10:27:24.000Z", "pattern": "[domain-name:value = 'ieee.boeing-job.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:27:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-82ac-4d61-ab31-43f6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = '369p.mail-signin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-cbdc-47ef-8691-41c3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'bm1k8.4pu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-14cc-4247-9b47-4710950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'cti.moobesring.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-d68c-4f45-8b69-4031950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'domcon.microtrendsoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-04ac-4b46-b669-4182950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'engage.intelfox.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-8728-4f29-b861-457f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'funny.greenitenergy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-6178-49e4-953e-4dc7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'i0i0i.3322.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b7-7904-4f08-a38c-4ade950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:07.000Z", "modified": "2014-11-13T10:28:07.000Z", "pattern": "[domain-name:value = 'krjregh.sacreeflame.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-17f0-48e2-b367-4fe7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'lol.dns-lookup.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-c8a0-45ad-a428-401e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'lywja.healthsvsolu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-36fc-4db2-b188-460c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'matrix.linkerservices.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-df14-48e7-a97a-4a8a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'mx.dns221.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-09d4-49a6-a7e2-49f6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'piping.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-fb70-4b90-b13d-419b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'ru.pad62.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-e7b8-46b6-b030-45d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'stmp.allshell.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-6ef8-45be-b149-4e34950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'support.icoredb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-d0f8-44a0-925e-4d49950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'svr01.passport.serveuser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-0610-4df9-9689-4642950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'ukupdate.masteradvz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-ef30-441a-977c-4ea0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'update.mysq1.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-1ec4-444a-a8f0-4dbd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'update.updates.mefound.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-3e3c-4ee9-9018-429e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'update1.mysq1.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-fdf4-481e-87b9-493b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'update3.effers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-6d34-4a88-aac3-4c71950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'updatedns.itemdb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487b8-f194-40b8-80d6-420d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:28:08.000Z", "modified": "2014-11-13T10:28:08.000Z", "pattern": "[domain-name:value = 'updatedns.serveuser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487f2-9190-488f-9642-468d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:29:06.000Z", "modified": "2014-11-13T10:29:06.000Z", "pattern": "[file:hashes.MD5 = '3de314089db35af9baaeefc598f09b23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546487f2-ddec-465b-b0ad-46cc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:29:06.000Z", "modified": "2014-11-13T10:29:06.000Z", "pattern": "[file:hashes.MD5 = '2568615875525003688839cb8950aeae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:29:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54648818-d770-495e-9995-4be9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T10:29:44.000Z", "modified": "2014-11-13T10:29:44.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'lynx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T10:29:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }