{ "type": "bundle", "id": "bundle--5a67a79f-7884-46c7-ad56-49ba950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-24T03:00:22.000Z", "modified": "2018-01-24T03:00:22.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a67a79f-7884-46c7-ad56-49ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-24T03:00:22.000Z", "modified": "2018-01-24T03:00:22.000Z", "name": "OSINT - First C&C (IPv6) - Azorult", "published": "2018-02-16T08:51:49Z", "object_refs": [ "indicator--5a67a7de-8b50-4474-a0b0-1c9b950d210f", "indicator--5a67a7de-f7a0-4aed-ad7a-1c9b950d210f", "indicator--5a67a7f8-1488-4583-ba85-73a9950d210f", "indicator--5a67a7f8-173c-4eb9-9885-73a9950d210f", "x-misp-object--5a67a91b-69c4-4a24-9512-4191950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a67a7de-8b50-4474-a0b0-1c9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-23T21:36:29.000Z", "modified": "2018-01-23T21:36:29.000Z", "pattern": "[url:value = 'http://2a01:4f8:191:70e6::6/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-23T21:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a67a7de-f7a0-4aed-ad7a-1c9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-23T21:36:44.000Z", "modified": "2018-01-23T21:36:44.000Z", "pattern": "[url:value = 'http://2a01:4f8:191:70e6::1c6/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-23T21:36:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a67a7f8-1488-4583-ba85-73a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-23T21:24:08.000Z", "modified": "2018-01-23T21:24:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv6-addr' AND network-traffic:dst_ref.value = '2a01:4f8:191:70e6::6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-23T21:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a67a7f8-173c-4eb9-9885-73a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-23T21:24:08.000Z", "modified": "2018-01-23T21:24:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv6-addr' AND network-traffic:dst_ref.value = '2a01:4f8:191:70e6::1c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-23T21:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a67a91b-69c4-4a24-9512-4191950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-23T21:30:13.000Z", "modified": "2018-01-23T21:30:13.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "IPv6 C&C <3 (Azorult) http://2a01:4f8:191:70e6::1c6", "category": "Other", "uuid": "5a67a91b-5b50-4dc5-8c74-4ea2950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5a67a91c-9ef0-406b-acb2-4433950d210f" }, { "type": "url", "object_relation": "url", "value": "https://twitter.com/benkow_/status/955440904684306432", "category": "External analysis", "uuid": "5a67a91d-ca78-42c3-8a50-4d23950d210f" }, { "type": "text", "object_relation": "username", "value": "benkow_", "category": "Other", "uuid": "5a67a91d-f14c-4e3c-8d08-42dd950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }