{ "type": "bundle", "id": "bundle--557e78b6-91ec-4123-87df-424f950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--557e78b6-91ec-4123-87df-424f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "name": "OSINT Evilgrab Delivered by Watering Hole Attack on President of Myanmar\u00e2\u20ac\u2122s Website by Palo Alto Unit 42", "published": "2015-06-15T09:07:27Z", "object_refs": [ "observed-data--557e78d1-83c4-4017-9c33-4de6950d210b", "url--557e78d1-83c4-4017-9c33-4de6950d210b", "x-misp-attribute--557e78dc-e5c4-4aec-b954-4203950d210b", "vulnerability--557e78fa-dd00-48c9-81bd-4e06950d210b", "indicator--557e7907-9c30-4429-8bd2-4ed7950d210b", "indicator--557e7916-6e04-4bbc-832e-ce64950d210b", "indicator--557e792a-d3ac-482a-8701-ce64950d210b", "indicator--557e7941-4480-4112-ab99-4dca950d210b", "indicator--557e7941-c378-4a95-8948-4bee950d210b", "indicator--557e7bf5-1fac-4513-b4e8-3a65950d210b", "indicator--557e7bf6-2230-4082-9f66-3a65950d210b", "indicator--557e7bf6-6e88-43b7-9920-3a65950d210b", "indicator--557e7c05-7300-4af6-b311-38d3950d210b", "indicator--557e7cdb-14e4-4883-8db7-3a54950d210b", "indicator--557e7d08-2aec-46bb-adb0-3a65950d210b", "indicator--557e7d08-40a8-45d3-af79-3a65950d210b", "indicator--557e7d08-f270-4072-8dec-3a65950d210b", "indicator--557e7d08-eaa8-4647-9319-3a65950d210b", "indicator--557e7d1c-aef8-4fe9-aa83-40be950d210b", "indicator--557e7d31-a988-4350-8692-3a73950d210b", "indicator--557e7d32-e780-40dc-b678-3a73950d210b", "observed-data--557e7d7d-3318-42f9-8a08-3a5f950d210b", "url--557e7d7d-3318-42f9-8a08-3a5f950d210b", "observed-data--557e7d7e-61e8-4bb3-a675-3a5f950d210b", "url--557e7d7e-61e8-4bb3-a675-3a5f950d210b", "observed-data--557e7d7e-d400-4717-a8ea-3a5f950d210b", "url--557e7d7e-d400-4717-a8ea-3a5f950d210b", "observed-data--557e7d7e-db40-4ea1-9e4e-3a5f950d210b", "url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b", "observed-data--557e7d7e-d074-4b71-8a27-3a5f950d210b", "url--557e7d7e-d074-4b71-8a27-3a5f950d210b", "x-misp-attribute--557e7dc8-9fe4-4923-b96d-40be950d210b", "indicator--557e7df7-21fc-40a9-a9ca-47a7950d210b", "indicator--557e7df7-63b8-47fd-95bc-46c8950d210b", "indicator--557e7df7-cba4-46a1-9f89-4eca950d210b", "indicator--557e7df7-f578-4161-9a22-444e950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e78d1-83c4-4017-9c33-4de6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:05.000Z", "modified": "2015-06-15T07:23:05.000Z", "first_observed": "2015-06-15T07:23:05Z", "last_observed": "2015-06-15T07:23:05Z", "number_observed": 1, "object_refs": [ "url--557e78d1-83c4-4017-9c33-4de6950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e78d1-83c4-4017-9c33-4de6950d210b", "value": "http://researchcenter.paloaltonetworks.com/2015/06/evilgrab-delivered-by-watering-hole-attack-on-president-of-myanmars-website/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--557e78dc-e5c4-4aec-b954-4203950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:03:55.000Z", "modified": "2015-06-15T07:03:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Evilgrab" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--557e78fa-dd00-48c9-81bd-4e06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:04:26.000Z", "modified": "2015-06-15T07:04:26.000Z", "name": "CVE-2014-6332", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-6332" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7907-9c30-4429-8bd2-4ed7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:04:39.000Z", "modified": "2015-06-15T07:04:39.000Z", "pattern": "[file:hashes.SHA256 = 'b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:04:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7916-6e04-4bbc-832e-ce64950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:04:54.000Z", "modified": "2015-06-15T07:04:54.000Z", "pattern": "[domain-name:value = 'mmslsh.tiger1234.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e792a-d3ac-482a-8701-ce64950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:05:14.000Z", "modified": "2015-06-15T07:05:14.000Z", "pattern": "[url:value = 'http://www.president-office.gov.mm/sites/all/modules/browscap/List_View.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:05:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7941-4480-4112-ab99-4dca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:24:00.000Z", "modified": "2015-06-15T07:24:00.000Z", "pattern": "[file:hashes.MD5 = '2e78e6d02aaed4f057f4dfa631ea5519']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:24:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7941-c378-4a95-8948-4bee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:24:00.000Z", "modified": "2015-06-15T07:24:00.000Z", "pattern": "[file:hashes.SHA256 = '10d9611e5b4ff41fc79e8907e3eb522630131b1bdc1010a0564c8780ba55c87c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:24:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7bf5-1fac-4513-b4e8-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:17:09.000Z", "modified": "2015-06-15T07:17:09.000Z", "pattern": "[domain-name:value = 'dns.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7bf6-2230-4082-9f66-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:17:10.000Z", "modified": "2015-06-15T07:17:10.000Z", "pattern": "[domain-name:value = 'ns.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7bf6-6e88-43b7-9920-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:17:10.000Z", "modified": "2015-06-15T07:17:10.000Z", "pattern": "[domain-name:value = 'appeur.gnway.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7c05-7300-4af6-b311-38d3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:17:25.000Z", "modified": "2015-06-15T07:17:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.169.202.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:17:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7cdb-14e4-4883-8db7-3a54950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:20:59.000Z", "modified": "2015-06-15T07:20:59.000Z", "pattern": "[domain-name:value = 'websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:20:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d08-2aec-46bb-adb0-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:21:44.000Z", "modified": "2015-06-15T07:21:44.000Z", "pattern": "[domain-name:value = 'usafi.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d08-40a8-45d3-af79-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:21:44.000Z", "modified": "2015-06-15T07:21:44.000Z", "pattern": "[domain-name:value = 'usacia.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d08-f270-4072-8dec-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:21:44.000Z", "modified": "2015-06-15T07:21:44.000Z", "pattern": "[domain-name:value = 'webhttps.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d08-eaa8-4647-9319-3a65950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:21:44.000Z", "modified": "2015-06-15T07:21:44.000Z", "pattern": "[domain-name:value = 'usagovdns.websecexp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d1c-aef8-4fe9-aa83-40be950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:22:04.000Z", "modified": "2015-06-15T07:22:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.16.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d31-a988-4350-8692-3a73950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:22:25.000Z", "modified": "2015-06-15T07:22:25.000Z", "pattern": "[domain-name:value = 'ceshi.mailpseonfz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7d32-e780-40dc-b678-3a73950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:22:26.000Z", "modified": "2015-06-15T07:22:26.000Z", "pattern": "[domain-name:value = 'dns.mailpseonfz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:22:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e7d7d-3318-42f9-8a08-3a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:41.000Z", "modified": "2015-06-15T07:23:41.000Z", "first_observed": "2015-06-15T07:23:41Z", "last_observed": "2015-06-15T07:23:41Z", "number_observed": 1, "object_refs": [ "url--557e7d7d-3318-42f9-8a08-3a5f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e7d7d-3318-42f9-8a08-3a5f950d210b", "value": "https://www.virustotal.com/en/url/91f7d6612c79cc0b266891c447359853614546837b003836ab342b091ee1a6cc/analysis/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e7d7e-61e8-4bb3-a675-3a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:42.000Z", "modified": "2015-06-15T07:23:42.000Z", "first_observed": "2015-06-15T07:23:42Z", "last_observed": "2015-06-15T07:23:42Z", "number_observed": 1, "object_refs": [ "url--557e7d7e-61e8-4bb3-a675-3a5f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e7d7e-61e8-4bb3-a675-3a5f950d210b", "value": "https://www.virustotal.com/en/file/b8c37a1db36d702932b5db97ec150269a323b5dc76059062beff7e330f2d136d/analysis/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e7d7e-d400-4717-a8ea-3a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:42.000Z", "modified": "2015-06-15T07:23:42.000Z", "first_observed": "2015-06-15T07:23:42Z", "last_observed": "2015-06-15T07:23:42Z", "number_observed": 1, "object_refs": [ "url--557e7d7e-d400-4717-a8ea-3a5f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e7d7e-d400-4717-a8ea-3a5f950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e7d7e-db40-4ea1-9e4e-3a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:42.000Z", "modified": "2015-06-15T07:23:42.000Z", "first_observed": "2015-06-15T07:23:42Z", "last_observed": "2015-06-15T07:23:42Z", "number_observed": 1, "object_refs": [ "url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e7d7e-db40-4ea1-9e4e-3a5f950d210b", "value": "http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557e7d7e-d074-4b71-8a27-3a5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:23:42.000Z", "modified": "2015-06-15T07:23:42.000Z", "first_observed": "2015-06-15T07:23:42Z", "last_observed": "2015-06-15T07:23:42Z", "number_observed": 1, "object_refs": [ "url--557e7d7e-d074-4b71-8a27-3a5f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557e7d7e-d074-4b71-8a27-3a5f950d210b", "value": "http://contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--557e7dc8-9fe4-4923-b96d-40be950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:24:56.000Z", "modified": "2015-06-15T07:24:56.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "gooleWarning@gmail.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7df7-21fc-40a9-a9ca-47a7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.54.45.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7df7-63b8-47fd-95bc-46c8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.221.66.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7df7-cba4-46a1-9f89-4eca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.4.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557e7df7-f578-4161-9a22-444e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-15T07:25:43.000Z", "modified": "2015-06-15T07:25:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.16.135']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-15T07:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }