{ "type": "bundle", "id": "bundle--55355951-0354-4d8a-8148-1bf9950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:24:39.000Z", "modified": "2017-06-22T20:24:39.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55355951-0354-4d8a-8148-1bf9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:24:39.000Z", "modified": "2017-06-22T20:24:39.000Z", "name": "OSINT The Sofacy plot thickens by PwC", "published": "2017-06-22T20:26:14Z", "object_refs": [ "observed-data--5535596a-ad38-49dd-8ee3-470a950d210b", "url--5535596a-ad38-49dd-8ee3-470a950d210b", "observed-data--5535596a-b970-4b6d-906a-429f950d210b", "url--5535596a-b970-4b6d-906a-429f950d210b", "x-misp-attribute--5535597a-8fc8-4e9f-a990-95bb950d210b", "x-misp-attribute--5535597a-0d70-4c4f-b300-95bb950d210b", "x-misp-attribute--5535597a-3fe0-4cb3-94ba-95bb950d210b", "indicator--553559ad-b664-40c6-b5b2-411e950d210b", "indicator--553559ad-e74c-4b25-8f15-47fd950d210b", "indicator--553559ad-39e8-4ff5-a962-4915950d210b", "indicator--553559ad-0f44-4d29-8730-4ba3950d210b", "indicator--553559ad-6b58-4add-9404-45ae950d210b", "indicator--553559ad-3250-41cf-9e91-41e3950d210b", "indicator--553559ad-5a30-420f-8ab2-4690950d210b", "indicator--553559ae-a054-4826-a9a5-4c2d950d210b", "indicator--553559ae-e928-4930-9a31-41aa950d210b", "indicator--553559ae-2e84-461e-811e-4ac5950d210b", "indicator--553559ae-1340-46c7-9f90-4f53950d210b", "indicator--553559ae-2198-405e-949f-43e9950d210b", "indicator--553559ae-120c-46a9-bca1-42e3950d210b", "indicator--553559ae-dd68-462e-b9f6-4e8f950d210b", "indicator--553559ae-e834-4ab1-ae31-4102950d210b", "indicator--553559ae-dfa0-4d16-85fa-4aea950d210b", "indicator--553559af-29e8-4256-a07d-4444950d210b", "indicator--553559af-c1b8-4589-ad23-41e4950d210b", "indicator--553559af-0178-466c-b7d6-4bda950d210b", "indicator--553559af-c894-4e3d-a609-4db6950d210b", "indicator--553559af-d82c-4b09-9db4-450d950d210b", "indicator--553559af-a39c-4c80-b33c-4d12950d210b", "indicator--553559af-943c-47fa-ab66-4e90950d210b", "indicator--553559af-6a60-495f-a53a-4555950d210b", "indicator--553559af-2c68-45e3-8103-4173950d210b", "indicator--553559b0-af44-4289-b549-4427950d210b", "indicator--553559b0-7c90-4822-a2e3-46cb950d210b", "indicator--553559b0-8848-41b2-aab1-4f82950d210b", "indicator--553559b0-bdcc-4295-a93c-427b950d210b", "indicator--553559b0-fd58-4754-b02a-46d3950d210b", "indicator--553559b0-fbc0-4d32-ab05-4617950d210b", "indicator--553559b0-e838-4a20-be30-4bf3950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "misp-galaxy:threat-actor=\"Sofacy\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5535596a-ad38-49dd-8ee3-470a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:54:18.000Z", "modified": "2015-04-20T19:54:18.000Z", "first_observed": "2015-04-20T19:54:18Z", "last_observed": "2015-04-20T19:54:18Z", "number_observed": 1, "object_refs": [ "url--5535596a-ad38-49dd-8ee3-470a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5535596a-ad38-49dd-8ee3-470a950d210b", "value": "http://pwc.blogs.com/cyber_security_updates/2015/04/the-sofacy-plot-thickens.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5535596a-b970-4b6d-906a-429f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:54:18.000Z", "modified": "2015-04-20T19:54:18.000Z", "first_observed": "2015-04-20T19:54:18Z", "last_observed": "2015-04-20T19:54:18Z", "number_observed": 1, "object_refs": [ "url--5535596a-b970-4b6d-906a-429f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5535596a-b970-4b6d-906a-429f950d210b", "value": "http://pwc.blogs.com/files/cto-tib-20150420-01a.pdf" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5535597a-8fc8-4e9f-a990-95bb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:54:34.000Z", "modified": "2015-04-20T19:54:34.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Sofacy" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5535597a-0d70-4c4f-b300-95bb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:54:34.000Z", "modified": "2015-04-20T19:54:34.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "APT28" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5535597a-3fe0-4cb3-94ba-95bb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:54:34.000Z", "modified": "2015-04-20T19:54:34.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Sednit" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-b664-40c6-b5b2-411e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'defencereview.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-e74c-4b25-8f15-47fd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'brnlv-gv.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-39e8-4ff5-a962-4915950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'militaryobserver.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-0f44-4d29-8730-4ba3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'netassistcache.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-6b58-4add-9404-45ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'asus-service.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-3250-41cf-9e91-41e3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'aolnets.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ad-5a30-420f-8ab2-4690950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:25.000Z", "modified": "2015-04-20T19:55:25.000Z", "pattern": "[domain-name:value = 'natopress.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-a054-4826-a9a5-4c2d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'natopress.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-e928-4930-9a31-41aa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'defencereview.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-2e84-461e-811e-4ac5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'intelsupport.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-1340-46c7-9f90-4f53950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'globalnewsweekly.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-2198-405e-949f-43e9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'osce-oscc.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-120c-46a9-bca1-42e3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'enisa-europa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-dd68-462e-b9f6-4e8f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'enisa-europa.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-e834-4ab1-ae31-4102950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'techcruncln.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559ae-dfa0-4d16-85fa-4aea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:26.000Z", "modified": "2015-04-20T19:55:26.000Z", "pattern": "[domain-name:value = 'nato-hq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-29e8-4256-a07d-4444950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'iacr-tcc.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-c1b8-4589-ad23-41e4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'nato-int.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-0178-466c-b7d6-4bda950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'nato-info.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-c894-4e3d-a609-4db6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'bmlv-gv.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-d82c-4b09-9db4-450d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'foreignreview.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-a39c-4c80-b33c-4d12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'mediarea.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-943c-47fa-ab66-4e90950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'osce-military.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-6a60-495f-a53a-4555950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'europeanda.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559af-2c68-45e3-8103-4173950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:27.000Z", "modified": "2015-04-20T19:55:27.000Z", "pattern": "[domain-name:value = 'softupdates.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-af44-4289-b549-4427950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'settings-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-7c90-4822-a2e3-46cb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'settings-live.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-8848-41b2-aab1-4f82950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'delivery-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-bdcc-4295-a93c-427b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'privacy-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-fd58-4754-b02a-46d3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'privacy-live.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-fbc0-4d32-ab05-4617950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:55:28.000Z", "modified": "2015-04-20T19:55:28.000Z", "pattern": "[domain-name:value = 'westinqhousenuclear.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553559b0-e838-4a20-be30-4bf3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-04-20T19:56:00.000Z", "modified": "2015-04-20T19:56:00.000Z", "pattern": "[domain-name:value = 'webmail.westinqhousenuclear.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-04-20T19:56:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }