{ "type": "bundle", "id": "bundle--5a09aaa3-e7fc-4e3c-acda-cb8d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:41:16.000Z", "modified": "2017-11-17T12:41:16.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a09aaa3-e7fc-4e3c-acda-cb8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:41:16.000Z", "modified": "2017-11-17T12:41:16.000Z", "name": "OSINT - Saudi Arabia's 'Game of Thobes'", "context": "suspicious-activity", "object_refs": [ "observed-data--5a09ab4a-49f4-4c13-9da2-458b950d210f", "url--5a09ab4a-49f4-4c13-9da2-458b950d210f", "indicator--5a09ab6e-33f0-4d46-b1e4-42e7950d210f", "indicator--5a09ab6e-2168-4156-b837-4462950d210f", "indicator--5a09ab6e-88f4-40d1-94bd-44ba950d210f", "indicator--5a09af92-143c-4539-b34a-4939950d210f", "indicator--5a09af92-4234-4cfc-8aa2-4154950d210f", "indicator--5a09af92-f3d4-4794-9bfd-48a2950d210f", "indicator--5a09af92-b3a8-4ad7-a250-4fc7950d210f", "indicator--5a09afd3-f700-41f7-9d84-43ab950d210f", "indicator--5a09afd3-7710-49d4-9626-460c950d210f", "indicator--5a09afd3-5d74-4020-bd70-44fe950d210f", "indicator--5a09afd3-3ec4-4e61-a267-455f950d210f", "indicator--5a09afd3-d328-4cd7-8d4b-46ad950d210f", "indicator--5a09afd3-9e98-4bc5-abc1-4f62950d210f", "indicator--5a09b133-be00-49f3-8ee8-48c6950d210f", "indicator--5a09b133-653c-413d-9682-4ac3950d210f", "indicator--5a09b326-833c-48ce-8397-4034950d210f", "indicator--5a09b326-4660-4c3b-92ba-4a33950d210f", "indicator--5a09b326-bd9c-4a2e-9950-4ff8950d210f", "indicator--5a09b326-1c58-4d04-afb8-46ab950d210f", "observed-data--5a0ed8d0-a348-4851-8def-40e502de0b81", "url--5a0ed8d0-a348-4851-8def-40e502de0b81", "observed-data--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81", "url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81", "x-misp-object--5a09ab2f-39b8-490c-84fb-4daf950d210f", "indicator--5a09abf7-7304-4831-b206-46b8950d210f", "indicator--5a09ad27-2430-434c-ad1b-47ea950d210f", "indicator--5a09b25e-24f0-4913-8df2-4a94950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a09ab4a-49f4-4c13-9da2-458b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "first_observed": "2017-11-17T12:40:47Z", "last_observed": "2017-11-17T12:40:47Z", "number_observed": 1, "object_refs": [ "url--5a09ab4a-49f4-4c13-9da2-458b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a09ab4a-49f4-4c13-9da2-458b950d210f", "value": "https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09ab6e-33f0-4d46-b1e4-42e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.106.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09ab6e-2168-4156-b837-4462950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.36.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09ab6e-88f4-40d1-94bd-44ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "description": "C2", "pattern": "[domain-name:value = 'saudiedi.toh.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09af92-143c-4539-b34a-4939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[file:hashes.SHA1 = 'a1047665ed9d665f5cf066e4a9902d809e7325cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09af92-4234-4cfc-8aa2-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[file:hashes.MD5 = 'ade199b16607fd29c8e7288fb750ca2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09af92-f3d4-4794-9bfd-48a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[file:hashes.SHA256 = 'd5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09af92-b3a8-4ad7-a250-4fc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[url:value = 'saudiedi.toh.info/search?q=\\\\%E7\\\\%DF\\\\%5D\\\\%10&cvid=714105926300154928']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-f700-41f7-9d84-43ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[url:value = 'articles/937933.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-7710-49d4-9626-460c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[url:value = 'articles/937934.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-5d74-4020-bd70-44fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:47.000Z", "modified": "2017-11-17T12:40:47.000Z", "pattern": "[url:value = 'articles/937935.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-3ec4-4e61-a267-455f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[url:value = 'articles/937936.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-d328-4cd7-8d4b-46ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[url:value = 'articles/937937.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09afd3-9e98-4bc5-abc1-4f62950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[url:value = 'articles/937938.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b133-be00-49f3-8ee8-48c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:name = '00007AA8[.]ex_']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b133-653c-413d-9682-4ac3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:name = 'Saudi Arabia\\'s \\'Game of Thobes\\'[.]doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b326-833c-48ce-8397-4034950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:hashes.MD5 = '8598313222c41280eb42863eda8a9490']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b326-4660-4c3b-92ba-4a33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:hashes.SHA1 = '256c631372692a1a907b04d27a735eb0905a003e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b326-bd9c-4a2e-9950-4ff8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:hashes.SHA256 = '50eedaf3150253cc2298446615421f4caa0482cb93658dc095855c38d425e3fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b326-1c58-4d04-afb8-46ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "pattern": "[file:hashes.SHA256 = '8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-17T12:40:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a0ed8d0-a348-4851-8def-40e502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "first_observed": "2017-11-17T12:40:48Z", "last_observed": "2017-11-17T12:40:48Z", "number_observed": 1, "object_refs": [ "url--5a0ed8d0-a348-4851-8def-40e502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a0ed8d0-a348-4851-8def-40e502de0b81", "value": "https://www.virustotal.com/file/8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8/analysis/1509021029/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-17T12:40:48.000Z", "modified": "2017-11-17T12:40:48.000Z", "first_observed": "2017-11-17T12:40:48Z", "last_observed": "2017-11-17T12:40:48Z", "number_observed": 1, "object_refs": [ "url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81", "value": "https://www.virustotal.com/file/d5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb/analysis/1510308447/" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a09ab2f-39b8-490c-84fb-4daf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-13T14:24:47.000Z", "modified": "2017-11-13T14:24:47.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "\"Saudi Arabia's 'Game of Thobes'.doc\u05f3\" submitted from TR, CVE-2017-11826, \r\nC2: 45.76.106[.]149 , 45.76.36[.]243 , saudiedi.toh[.]info\r\n\r\nMore details in Raw Threat Intelligence:\r\n\r\n(link: https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp) docs.google.com/document/d/1_n\u2026", "category": "Other", "uuid": "5a09ab2f-fb18-4691-ad33-4c74950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5a09ab2f-e0cc-4dbb-a6f9-47e2950d210f" }, { "type": "url", "object_relation": "link", "value": "https://mobile.twitter.com/ClearskySec/status/929998314002673666", "category": "External analysis", "to_ids": true, "uuid": "5a09ab2f-db38-4066-9878-4865950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "2017/11/13", "category": "Other", "uuid": "5a09ab2f-13c0-4417-9869-42c4950d210f" }, { "type": "text", "object_relation": "username", "value": "@ClearskySec", "category": "Other", "uuid": "5a09ab2f-9960-4d5f-a028-4b36950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09abf7-7304-4831-b206-46b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-13T14:28:07.000Z", "modified": "2017-11-13T14:28:07.000Z", "pattern": "[file:hashes.MD5 = 'aede654e77e92dbd77ca512e19f495b8' AND file:hashes.SHA1 = 'd9fac68b6c49c485675d9141f375799d10572999' AND file:hashes.SHA256 = 'aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3' AND file:name = '2017-11-13 \u201cSaudi Arabia\\'s \\'Game of Thobes\\'.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-13T14:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09ad27-2430-434c-ad1b-47ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-13T14:33:11.000Z", "modified": "2017-11-13T14:33:11.000Z", "pattern": "[file:hashes.MD5 = 'b76f4c8c22b84600ac3cff64dadfaf8b' AND file:hashes.SHA1 = '78c0266456e33abed00895cb05d0f9fe09b83da3' AND file:hashes.SHA256 = '5ae0a582ed5d60324d6d1397be3deb0c704a1d77c9ef3d5f486455f99da32e7f' AND file:name = '\\\\%TEMP\\\\%\\\\vcpkgs.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-13T14:33:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a09b25e-24f0-4913-8df2-4a94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-11-13T14:55:26.000Z", "modified": "2017-11-13T14:55:26.000Z", "pattern": "[file:hashes.MD5 = 'fea6546e3299a31a58a3aa2a6b7060c9' AND file:hashes.SHA1 = 'eddf2ca780b4396c0bf5ea3f13d22275fb6822fc' AND file:hashes.SHA256 = '26c672b2537f8a89f2d59674f00bcfe9825796ca9b1ec51c96e5675dd586b87b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-13T14:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }