{ "type": "bundle", "id": "bundle--543cf0a2-e1d8-4c20-bb05-9177950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:53:20.000Z", "modified": "2014-10-14T09:53:20.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--543cf0a2-e1d8-4c20-bb05-9177950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:53:20.000Z", "modified": "2014-10-14T09:53:20.000Z", "name": "OSINT Shellshock exploitation from Red Sky Weekly blog post", "published": "2014-10-15T11:55:33Z", "object_refs": [ "x-misp-attribute--543cf0af-1304-42f8-9cf7-42b4950d210b", "observed-data--543cf0b9-c5c0-42e6-b945-46bb950d210b", "url--543cf0b9-c5c0-42e6-b945-46bb950d210b", "indicator--543cf18e-6100-428f-864a-4de7950d210b", "indicator--543cf18e-f66c-40da-98ad-4de7950d210b", "indicator--543cf18f-8fac-4e40-9326-4de7950d210b", "indicator--543cf18f-b118-4936-9543-4de7950d210b", "indicator--543cf18f-0728-4008-9466-4de7950d210b", "indicator--543cf18f-5528-4b05-bdf2-4de7950d210b", "indicator--543cf18f-3d48-4092-a4bc-4de7950d210b", "indicator--543cf18f-6e78-49f0-8b5e-4de7950d210b", "indicator--543cf18f-dca4-47c7-842a-4de7950d210b", "indicator--543cf18f-e554-4f24-854c-4de7950d210b", "indicator--543cf18f-bff0-41bd-8694-4de7950d210b", "indicator--543cf18f-c6ac-47f7-b5ca-4de7950d210b", "indicator--543cf18f-3230-4742-a4a7-4de7950d210b", "indicator--543cf18f-f10c-4936-953b-4de7950d210b", "indicator--543cf18f-645c-4977-ab04-4de7950d210b", "indicator--543cf18f-242c-42d9-9cac-4de7950d210b", "indicator--543cf18f-d94c-45cd-af72-4de7950d210b", "indicator--543cf18f-c1d0-4f85-83d4-4de7950d210b", "indicator--543cf18f-cc10-4c57-ace5-4de7950d210b", "x-misp-attribute--543cf211-4a54-4093-8a47-4de7950d210b", "x-misp-attribute--543cf211-65bc-49c8-8e04-4de7950d210b", "x-misp-attribute--543cf211-fb30-4c8c-ba0f-4de7950d210b", "indicator--543cf23e-5c20-4500-b707-d188950d210b", "indicator--543cf254-72d4-49fa-9efc-451b950d210b", "indicator--543cf25c-bbb4-4960-ae47-4d43950d210b", "observed-data--543cf27d-4270-4d4e-8c62-4246950d210b", "url--543cf27d-4270-4d4e-8c62-4246950d210b", "indicator--543cf290-1650-4d10-9448-4eaf950d210b", "indicator--543cf2ba-5b48-4477-a48b-9177950d210b", "indicator--543cf2ba-5774-4371-ae45-9177950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--543cf0af-1304-42f8-9cf7-42b4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:45:19.000Z", "modified": "2014-10-14T09:45:19.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data encoded by David Andr\u00c3\u00a9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--543cf0b9-c5c0-42e6-b945-46bb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:45:28.000Z", "modified": "2014-10-14T09:45:28.000Z", "first_observed": "2014-10-14T09:45:28Z", "last_observed": "2014-10-14T09:45:28Z", "number_observed": 1, "object_refs": [ "url--543cf0b9-c5c0-42e6-b945-46bb950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--543cf0b9-c5c0-42e6-b945-46bb950d210b", "value": "http://henrybasset.blogspot.be/2014/10/red-sky-weekly-faq-and-shellshock.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18e-6100-428f-864a-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:02.000Z", "modified": "2014-10-14T09:49:02.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.163.12.119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18e-f66c-40da-98ad-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:02.000Z", "modified": "2014-10-14T09:49:02.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.29.189.34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-8fac-4e40-9326-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.15.20.81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-b118-4936-9543-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.161.195.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-0728-4008-9466-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.136.130.110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-5528-4b05-bdf2-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.253.229.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-3d48-4092-a4bc-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.139.212.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-6e78-49f0-8b5e-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.227.100.189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-dca4-47c7-842a-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.156.18.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-e554-4f24-854c-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.171.116.163']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-bff0-41bd-8694-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.218.186.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-c6ac-47f7-b5ca-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.172.123.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-3230-4742-a4a7-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.130.114.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-f10c-4936-953b-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.123.75.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-645c-4977-ab04-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.120.175.81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-242c-42d9-9cac-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.121.79.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-d94c-45cd-af72-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.49.241.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-c1d0-4f85-83d4-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.82.114.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf18f-cc10-4c57-ace5-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:49:03.000Z", "modified": "2014-10-14T09:49:03.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.206.54.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:49:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--543cf211-4a54-4093-8a47-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:51:13.000Z", "modified": "2014-10-14T09:51:13.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "Goga Gastoyan" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--543cf211-65bc-49c8-8e04-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:51:13.000Z", "modified": "2014-10-14T09:51:13.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "bash@blogbuddy.ru" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--543cf211-fb30-4c8c-ba0f-4de7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:51:13.000Z", "modified": "2014-10-14T09:51:13.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "+7.4957452002" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf23e-5c20-4500-b707-d188950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:51:58.000Z", "modified": "2014-10-14T09:51:58.000Z", "pattern": "[domain-name:value = 'google-traffic-analytics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:51:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf254-72d4-49fa-9efc-451b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:52:20.000Z", "modified": "2014-10-14T09:52:20.000Z", "pattern": "[domain-name:value = 'stats.google-traffic-analytics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:52:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf25c-bbb4-4960-ae47-4d43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:52:28.000Z", "modified": "2014-10-14T09:52:28.000Z", "pattern": "[url:value = 'http://google-traffic-analytics.com/cl.py']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:52:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--543cf27d-4270-4d4e-8c62-4246950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:53:01.000Z", "modified": "2014-10-14T09:53:01.000Z", "first_observed": "2014-10-14T09:53:01Z", "last_observed": "2014-10-14T09:53:01Z", "number_observed": 1, "object_refs": [ "url--543cf27d-4270-4d4e-8c62-4246950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--543cf27d-4270-4d4e-8c62-4246950d210b", "value": "https://www.virustotal.com/en/file/052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d/analysis/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf290-1650-4d10-9448-4eaf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:53:20.000Z", "modified": "2014-10-14T09:53:20.000Z", "pattern": "[file:hashes.MD5 = '7847e83ad52b8b32ae14522e1a960370']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:53:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf2ba-5b48-4477-a48b-9177950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:54:02.000Z", "modified": "2014-10-14T09:54:02.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA1 = '24b24379c3a6e554d77428faa22b4176d78499b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:54:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543cf2ba-5774-4371-ae45-9177950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-14T09:54:02.000Z", "modified": "2014-10-14T09:54:02.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = '052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-14T09:54:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }