{ "type": "bundle", "id": "bundle--56b06135-452c-4b99-bd16-4981950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:28.000Z", "modified": "2016-02-02T08:17:28.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56b06135-452c-4b99-bd16-4981950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:28.000Z", "modified": "2016-02-02T08:17:28.000Z", "name": "OSINT Puttering into the Future...by Cylance", "published": "2016-02-02T07:59:03Z", "object_refs": [ "observed-data--56b06148-c508-4ab5-a5be-4b16950d210f", "url--56b06148-c508-4ab5-a5be-4b16950d210f", "indicator--56b06164-c120-447d-b8d1-4f3f950d210f", "indicator--56b06164-02b4-45c4-9aa8-4e00950d210f", "indicator--56b06165-f6a8-4880-bc1c-43f7950d210f", "indicator--56b06165-c70c-401c-b81b-451a950d210f", "indicator--56b06166-1774-4a90-b9d1-4abb950d210f", "indicator--56b06166-7080-4d26-9819-44cd950d210f", "indicator--56b06166-74a4-4aca-bb28-421a950d210f", "indicator--56b06167-3fd0-43d8-b31a-42ad950d210f", "indicator--56b06167-b808-4c3f-aa4a-463a950d210f", "indicator--56b06167-0940-4958-946f-4bd0950d210f", "indicator--56b06168-aedc-40fa-ae0e-486e950d210f", "indicator--56b06168-3cac-4d17-bbb6-457d950d210f", "indicator--56b06168-a1dc-4e1b-a846-4cc7950d210f", "indicator--56b06168-2908-4815-aadb-4cfb950d210f", "indicator--56b06169-10b8-4c50-9b3e-4c83950d210f", "indicator--56b06169-010c-4f5e-9e8e-4646950d210f", "indicator--56b06169-7578-4e89-b972-4ad0950d210f", "indicator--56b0616a-212c-430d-b167-421d950d210f", "indicator--56b0616a-9914-449f-b5c1-42c3950d210f", "indicator--56b0616a-b0ac-426b-8f4b-4195950d210f", "indicator--56b06176-b1b0-4f5e-8fa3-49ca950d210f", "indicator--56b06176-63e8-4b64-856b-417e950d210f", "indicator--56b06177-804c-423b-8926-4445950d210f", "vulnerability--56b061b8-019c-4aaa-a529-49bd950d210f", "indicator--56b061b8-2c6c-480d-9609-436a950d210f", "indicator--56b061b8-9c04-4a7d-a39e-42e3950d210f", "indicator--56b061b9-4a64-4a96-b655-4525950d210f", "indicator--56b061b9-747c-498d-8d40-48c9950d210f", "indicator--56b061b9-7c4c-47c3-8e7a-4a86950d210f", "indicator--56b061ba-86c8-41c5-a407-42c2950d210f", "indicator--56b06618-e46c-4bc8-8290-455102de0b81", "indicator--56b06619-4b40-4c6b-bc1c-4a2202de0b81", "observed-data--56b06619-5fb0-4375-8332-4ddd02de0b81", "url--56b06619-5fb0-4375-8332-4ddd02de0b81", "indicator--56b06619-e874-432b-b834-4c9702de0b81", "indicator--56b0661a-7c50-4ea7-a24c-4d9b02de0b81", "observed-data--56b0661a-1fc0-4d53-ac63-431102de0b81", "url--56b0661a-1fc0-4d53-ac63-431102de0b81", "indicator--56b0661a-6624-4a5f-a25f-487602de0b81", "indicator--56b0661b-08f4-421a-a32b-4db602de0b81", "observed-data--56b0661b-0834-4bfc-9371-4a1702de0b81", "url--56b0661b-0834-4bfc-9371-4a1702de0b81", "indicator--56b0661b-e7c4-46fb-9cbe-4af402de0b81", "indicator--56b0661c-12a0-418d-996d-4e9102de0b81", "observed-data--56b0661c-4138-43d3-b531-4f3502de0b81", "url--56b0661c-4138-43d3-b531-4f3502de0b81", "indicator--56b0661c-a498-4afe-bbf2-4c2f02de0b81", "indicator--56b0661d-7f04-4883-be1e-45cb02de0b81", "observed-data--56b0661d-cf00-4f42-9cf6-403302de0b81", "url--56b0661d-cf00-4f42-9cf6-403302de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06148-c508-4ab5-a5be-4b16950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:56:56.000Z", "modified": "2016-02-02T07:56:56.000Z", "first_observed": "2016-02-02T07:56:56Z", "last_observed": "2016-02-02T07:56:56Z", "number_observed": 1, "object_refs": [ "url--56b06148-c508-4ab5-a5be-4b16950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06148-c508-4ab5-a5be-4b16950d210f", "value": "http://blog.cylance.com/puttering-into-the-future" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06164-c120-447d-b8d1-4f3f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:24.000Z", "modified": "2016-02-02T07:57:24.000Z", "pattern": "[domain-name:value = 'accounts-google.firewall-gateway.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06164-02b4-45c4-9aa8-4e00950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:24.000Z", "modified": "2016-02-02T07:57:24.000Z", "pattern": "[domain-name:value = 'admin.spdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06165-f6a8-4880-bc1c-43f7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:25.000Z", "modified": "2016-02-02T07:57:25.000Z", "pattern": "[domain-name:value = 'creatnimei.dyndns-wiki.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06165-c70c-401c-b81b-451a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:25.000Z", "modified": "2016-02-02T07:57:25.000Z", "pattern": "[domain-name:value = 'detail43.myfirewall.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06166-1774-4a90-b9d1-4abb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:26.000Z", "modified": "2016-02-02T07:57:26.000Z", "pattern": "[domain-name:value = 'docs.google.com.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06166-7080-4d26-9819-44cd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:26.000Z", "modified": "2016-02-02T07:57:26.000Z", "pattern": "[domain-name:value = 'economy.spdns.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06166-74a4-4aca-bb28-421a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:26.000Z", "modified": "2016-02-02T07:57:26.000Z", "pattern": "[domain-name:value = 'economy.spdns.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06167-3fd0-43d8-b31a-42ad950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:27.000Z", "modified": "2016-02-02T07:57:27.000Z", "pattern": "[domain-name:value = 'extension.spdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06167-b808-4c3f-aa4a-463a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:27.000Z", "modified": "2016-02-02T07:57:27.000Z", "pattern": "[domain-name:value = 'firefox.spdns.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06167-0940-4958-946f-4bd0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:27.000Z", "modified": "2016-02-02T07:57:27.000Z", "pattern": "[domain-name:value = 'firewallupdate.firewall-gateway.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06168-aedc-40fa-ae0e-486e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:28.000Z", "modified": "2016-02-02T07:57:28.000Z", "pattern": "[domain-name:value = 'intersecurity.firewall-gateway.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06168-3cac-4d17-bbb6-457d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:28.000Z", "modified": "2016-02-02T07:57:28.000Z", "pattern": "[domain-name:value = 'jdk.spdns.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06168-a1dc-4e1b-a846-4cc7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:28.000Z", "modified": "2016-02-02T07:57:28.000Z", "pattern": "[domain-name:value = 'kaspersky.firewall-gateway.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06168-2908-4815-aadb-4cfb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:28.000Z", "modified": "2016-02-02T07:57:28.000Z", "pattern": "[domain-name:value = 'kissecurity.firewall-gateway.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06169-10b8-4c50-9b3e-4c83950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:29.000Z", "modified": "2016-02-02T07:57:29.000Z", "pattern": "[domain-name:value = 'news.firewall-gateway.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06169-010c-4f5e-9e8e-4646950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:29.000Z", "modified": "2016-02-02T07:57:29.000Z", "pattern": "[domain-name:value = 'opero.spdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06169-7578-4e89-b972-4ad0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:29.000Z", "modified": "2016-02-02T07:57:29.000Z", "pattern": "[domain-name:value = 'sys.firewall-gateway.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0616a-212c-430d-b167-421d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:30.000Z", "modified": "2016-02-02T07:57:30.000Z", "pattern": "[domain-name:value = 'sys.firewall-gateway.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0616a-9914-449f-b5c1-42c3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:30.000Z", "modified": "2016-02-02T07:57:30.000Z", "pattern": "[domain-name:value = 'tally.myfirewall.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0616a-b0ac-426b-8f4b-4195950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:30.000Z", "modified": "2016-02-02T07:57:30.000Z", "pattern": "[domain-name:value = 'zuni.spdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06176-b1b0-4f5e-8fa3-49ca950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:42.000Z", "modified": "2016-02-02T07:57:42.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.129.252.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06176-63e8-4b64-856b-417e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:42.000Z", "modified": "2016-02-02T07:57:42.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.117.229.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06177-804c-423b-8926-4445950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:57:43.000Z", "modified": "2016-02-02T07:57:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.169.86.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:57:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--56b061b8-019c-4aaa-a529-49bd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:48.000Z", "modified": "2016-02-02T07:58:48.000Z", "name": "CVE-2012-0158", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2012-0158" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061b8-2c6c-480d-9609-436a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:48.000Z", "modified": "2016-02-02T07:58:48.000Z", "pattern": "[file:hashes.SHA256 = '333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061b8-9c04-4a7d-a39e-42e3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:48.000Z", "modified": "2016-02-02T07:58:48.000Z", "pattern": "[file:hashes.SHA256 = '523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061b9-4a64-4a96-b655-4525950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:49.000Z", "modified": "2016-02-02T07:58:49.000Z", "pattern": "[file:hashes.SHA256 = 'a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061b9-747c-498d-8d40-48c9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:49.000Z", "modified": "2016-02-02T07:58:49.000Z", "pattern": "[file:name = 'Reappraisal_of_India_Tibet_Policy.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061b9-7c4c-47c3-8e7a-4a86950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:49.000Z", "modified": "2016-02-02T07:58:49.000Z", "pattern": "[file:hashes.SHA256 = '8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b061ba-86c8-41c5-a407-42c2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T07:58:50.000Z", "modified": "2016-02-02T07:58:50.000Z", "pattern": "[file:hashes.SHA256 = '3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T07:58:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06618-e46c-4bc8-8290-455102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:28.000Z", "modified": "2016-02-02T08:17:28.000Z", "description": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9", "pattern": "[file:hashes.SHA1 = '4ca7d9755344d0f48f5838235d973649f798cf65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06619-4b40-4c6b-bc1c-4a2202de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:29.000Z", "modified": "2016-02-02T08:17:29.000Z", "description": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9", "pattern": "[file:hashes.MD5 = '2826b38efe609d0abebe83c2588d0825']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b06619-5fb0-4375-8332-4ddd02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:29.000Z", "modified": "2016-02-02T08:17:29.000Z", "first_observed": "2016-02-02T08:17:29Z", "last_observed": "2016-02-02T08:17:29Z", "number_observed": 1, "object_refs": [ "url--56b06619-5fb0-4375-8332-4ddd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b06619-5fb0-4375-8332-4ddd02de0b81", "value": "https://www.virustotal.com/file/333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9/analysis/1452508817/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b06619-e874-432b-b834-4c9702de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:29.000Z", "modified": "2016-02-02T08:17:29.000Z", "description": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b", "pattern": "[file:hashes.SHA1 = '893dc718a5b798679dc0e527704bd3f7e5ddac73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661a-7c50-4ea7-a24c-4d9b02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:30.000Z", "modified": "2016-02-02T08:17:30.000Z", "description": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b", "pattern": "[file:hashes.MD5 = 'e1de033ce8015a2e529e7c42042108cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b0661a-1fc0-4d53-ac63-431102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:30.000Z", "modified": "2016-02-02T08:17:30.000Z", "first_observed": "2016-02-02T08:17:30Z", "last_observed": "2016-02-02T08:17:30Z", "number_observed": 1, "object_refs": [ "url--56b0661a-1fc0-4d53-ac63-431102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b0661a-1fc0-4d53-ac63-431102de0b81", "value": "https://www.virustotal.com/file/523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b/analysis/1453864468/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661a-6624-4a5f-a25f-487602de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:30.000Z", "modified": "2016-02-02T08:17:30.000Z", "description": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6", "pattern": "[file:hashes.SHA1 = '469b1304be203f796369dd242db10058f9586727']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661b-08f4-421a-a32b-4db602de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:31.000Z", "modified": "2016-02-02T08:17:31.000Z", "description": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6", "pattern": "[file:hashes.MD5 = '3dda36bb1749b907256f3b8fdfd6da07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b0661b-0834-4bfc-9371-4a1702de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:31.000Z", "modified": "2016-02-02T08:17:31.000Z", "first_observed": "2016-02-02T08:17:31Z", "last_observed": "2016-02-02T08:17:31Z", "number_observed": 1, "object_refs": [ "url--56b0661b-0834-4bfc-9371-4a1702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b0661b-0834-4bfc-9371-4a1702de0b81", "value": "https://www.virustotal.com/file/a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6/analysis/1453983769/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661b-e7c4-46fb-9cbe-4af402de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:31.000Z", "modified": "2016-02-02T08:17:31.000Z", "description": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e", "pattern": "[file:hashes.SHA1 = 'e2126ebc4910ea0308a150466f70534854ec201d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661c-12a0-418d-996d-4e9102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:32.000Z", "modified": "2016-02-02T08:17:32.000Z", "description": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e", "pattern": "[file:hashes.MD5 = '7735e571d0450e2a31e97e4f8e0f66fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b0661c-4138-43d3-b531-4f3502de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:32.000Z", "modified": "2016-02-02T08:17:32.000Z", "first_observed": "2016-02-02T08:17:32Z", "last_observed": "2016-02-02T08:17:32Z", "number_observed": 1, "object_refs": [ "url--56b0661c-4138-43d3-b531-4f3502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b0661c-4138-43d3-b531-4f3502de0b81", "value": "https://www.virustotal.com/file/8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e/analysis/1437647138/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661c-a498-4afe-bbf2-4c2f02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:32.000Z", "modified": "2016-02-02T08:17:32.000Z", "description": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520", "pattern": "[file:hashes.SHA1 = '95cecef175012f145df2e0f8255fe92f55f10414']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b0661d-7f04-4883-be1e-45cb02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:33.000Z", "modified": "2016-02-02T08:17:33.000Z", "description": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520", "pattern": "[file:hashes.MD5 = 'ea45265fe98b25e719d5a9cc3b412d66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-02T08:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56b0661d-cf00-4f42-9cf6-403302de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-02T08:17:33.000Z", "modified": "2016-02-02T08:17:33.000Z", "first_observed": "2016-02-02T08:17:33Z", "last_observed": "2016-02-02T08:17:33Z", "number_observed": 1, "object_refs": [ "url--56b0661d-cf00-4f42-9cf6-403302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56b0661d-cf00-4f42-9cf6-403302de0b81", "value": "https://www.virustotal.com/file/3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520/analysis/1453744600/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }