{ "type": "bundle", "id": "bundle--5485615b-86f4-4385-a7a3-f894950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:41:22.000Z", "modified": "2014-12-08T08:41:22.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5485615b-86f4-4385-a7a3-f894950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:41:22.000Z", "modified": "2014-12-08T08:41:22.000Z", "name": "OSINT Assorted IOCs associated to Andromeda restlesz.su domain", "published": "2014-12-08T12:47:37Z", "object_refs": [ "indicator--54856166-173c-421b-891d-4564950d210b", "x-misp-attribute--54856172-dac4-463e-a138-cfed950d210b", "observed-data--54856197-2360-4f83-bdc2-cff0950d210b", "url--54856197-2360-4f83-bdc2-cff0950d210b", "observed-data--54856197-78a0-4d72-93bf-cff0950d210b", "url--54856197-78a0-4d72-93bf-cff0950d210b", "observed-data--54856198-e240-4e9d-a1be-cff0950d210b", "url--54856198-e240-4e9d-a1be-cff0950d210b", "observed-data--54856198-5e34-4dbd-a14c-cff0950d210b", "url--54856198-5e34-4dbd-a14c-cff0950d210b", "observed-data--54856198-2060-4164-b451-cff0950d210b", "url--54856198-2060-4164-b451-cff0950d210b", "x-misp-attribute--548561be-b478-4529-82e6-d673950d210b", "indicator--548561f7-83b0-481b-a6a5-d67c950d210b", "x-misp-attribute--54856204-e5f0-4933-a091-f894950d210b", "indicator--54856227-8e98-4c29-a195-cfed950d210b", "indicator--54856227-04b4-4fa4-a1de-cfed950d210b", "indicator--54856227-fdb8-4be5-9ef9-cfed950d210b", "indicator--54856227-d1a0-4777-b9de-cfed950d210b", "indicator--54856227-ed30-449f-a832-cfed950d210b", "indicator--54856228-59dc-4a34-8cbd-cfed950d210b", "indicator--54856228-8cf8-4c09-8d45-cfed950d210b", "indicator--54856228-5888-4f47-ae87-cfed950d210b", "indicator--54856228-1368-4294-b6cb-cfed950d210b", "indicator--54856228-7e18-48df-b2a1-cfed950d210b", "indicator--54856228-1f9c-4a59-9086-cfed950d210b", "indicator--54856228-7bd0-40f0-a606-cfed950d210b", "indicator--54856228-0960-4b37-93a6-cfed950d210b", "indicator--54856228-4c94-4cba-9f5e-cfed950d210b", "indicator--54856228-bd60-45cd-887c-cfed950d210b", "indicator--54856228-82b0-4a8d-aefd-cfed950d210b", "indicator--54856228-5120-43d9-810e-cfed950d210b", "indicator--54856228-9898-41ea-87e6-cfed950d210b", "indicator--54856228-595c-48e0-a921-cfed950d210b", "indicator--54856229-eddc-4fe6-bf7a-cfed950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856166-173c-421b-891d-4564950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:29:26.000Z", "modified": "2014-12-08T08:29:26.000Z", "pattern": "[domain-name:value = 'restlesz.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:29:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54856172-dac4-463e-a138-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:29:38.000Z", "modified": "2014-12-08T08:29:38.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54856197-2360-4f83-bdc2-cff0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:15.000Z", "modified": "2014-12-08T08:30:15.000Z", "first_observed": "2014-12-08T08:30:15Z", "last_observed": "2014-12-08T08:30:15Z", "number_observed": 1, "object_refs": [ "url--54856197-2360-4f83-bdc2-cff0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54856197-2360-4f83-bdc2-cff0950d210b", "value": "https://www.robtex.com/en/advisory/dns/su/restlesz/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54856197-78a0-4d72-93bf-cff0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:15.000Z", "modified": "2014-12-08T08:30:15.000Z", "first_observed": "2014-12-08T08:30:15Z", "last_observed": "2014-12-08T08:30:15Z", "number_observed": 1, "object_refs": [ "url--54856197-78a0-4d72-93bf-cff0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54856197-78a0-4d72-93bf-cff0950d210b", "value": "http://www.scam.cz/2014/10/account-reviewed-paypal-phishing.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54856198-e240-4e9d-a1be-cff0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:16.000Z", "modified": "2014-12-08T08:30:16.000Z", "first_observed": "2014-12-08T08:30:16Z", "last_observed": "2014-12-08T08:30:16Z", "number_observed": 1, "object_refs": [ "url--54856198-e240-4e9d-a1be-cff0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54856198-e240-4e9d-a1be-cff0950d210b", "value": "http://www.phishtank.com/phish_detail.php?phish_id=2307001&frame=details" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54856198-5e34-4dbd-a14c-cff0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:16.000Z", "modified": "2014-12-08T08:30:16.000Z", "first_observed": "2014-12-08T08:30:16Z", "last_observed": "2014-12-08T08:30:16Z", "number_observed": 1, "object_refs": [ "url--54856198-5e34-4dbd-a14c-cff0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54856198-5e34-4dbd-a14c-cff0950d210b", "value": "https://www.virustotal.com/en/domain/fe-cc.su/information/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54856198-2060-4164-b451-cff0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:16.000Z", "modified": "2014-12-08T08:30:16.000Z", "first_observed": "2014-12-08T08:30:16Z", "last_observed": "2014-12-08T08:30:16Z", "number_observed": 1, "object_refs": [ "url--54856198-2060-4164-b451-cff0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54856198-2060-4164-b451-cff0950d210b", "value": "http://www.phishtank.com/phish_detail.php?phish_id=2295899&frame=details" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--548561be-b478-4529-82e6-d673950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:30:54.000Z", "modified": "2014-12-08T08:30:54.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "rawixidawax@hotmail.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--548561f7-83b0-481b-a6a5-d67c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:31:51.000Z", "modified": "2014-12-08T08:31:51.000Z", "pattern": "[domain-name:value = 'devicesta.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:31:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54856204-e5f0-4933-a091-f894950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:04.000Z", "modified": "2014-12-08T08:32:04.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_comment": "Mostly", "x_misp_type": "text", "x_misp_value": "Andromeda" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856227-8e98-4c29-a195-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:39.000Z", "modified": "2014-12-08T08:32:39.000Z", "pattern": "[file:hashes.SHA1 = 'c3463de6074006586adb8693d50425ca92cf648d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856227-04b4-4fa4-a1de-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:39.000Z", "modified": "2014-12-08T08:32:39.000Z", "pattern": "[file:hashes.SHA1 = '848c0e539ccb63ec255815887d30b00ac6656a79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856227-fdb8-4be5-9ef9-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:39.000Z", "modified": "2014-12-08T08:32:39.000Z", "pattern": "[file:hashes.SHA1 = 'f57f3a94d049f322450b45e70e1d40daf83283fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856227-d1a0-4777-b9de-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:39.000Z", "modified": "2014-12-08T08:32:39.000Z", "pattern": "[file:hashes.SHA1 = '40204de2c697c0ba9645c397a4cbeba1fae132b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856227-ed30-449f-a832-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:39.000Z", "modified": "2014-12-08T08:32:39.000Z", "pattern": "[file:hashes.SHA1 = '375e3ea02f5132e8be658214c421baeeda0c1555']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-59dc-4a34-8cbd-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '0c8b800108969c750d8e99af742f6b92df6952ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-8cf8-4c09-8d45-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '0b999e887e055c2804de8c9ccbdf213d2bb8b7aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-5888-4f47-ae87-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '0ba294c3a6385692c861df04b2981ef853044154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-1368-4294-b6cb-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '0d5a395056322b94be09f67101eea7a318065a2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-7e18-48df-b2a1-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = 'e506c4f9e35d8fa04ef5c940165c3c8a05233d73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-1f9c-4a59-9086-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '3fab1c6258e1732af9c3a1964a1949e9ee46a477']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-7bd0-40f0-a606-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '07c64c49356c2c5ede0293b94ef629155fb64a04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-0960-4b37-93a6-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '4c46214a92680812bcb33ac363ecb51fca931a15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-4c94-4cba-9f5e-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '3bb7e8888a3d4453c7953d3b5b9b81e3032e5e77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-bd60-45cd-887c-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '9fba92bbe22de3efdfa70905df8858705a452852']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-82b0-4a8d-aefd-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '8e031c24a766c655b39cef1ff1b12b2698e69ca9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-5120-43d9-810e-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '351b87826564efebd7fc1c25f9068297d24331a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-9898-41ea-87e6-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = 'df7870c693e98b298d5b321400c2c28216e43c5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856228-595c-48e0-a921-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:40.000Z", "modified": "2014-12-08T08:32:40.000Z", "pattern": "[file:hashes.SHA1 = '5091032c26177dbe8d0cf494f78385290b186d52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54856229-eddc-4fe6-bf7a-cfed950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-12-08T08:32:41.000Z", "modified": "2014-12-08T08:32:41.000Z", "pattern": "[file:hashes.SHA1 = '04edc2f4376fab3b9d34bc117891e6c7f265feac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-12-08T08:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }