{ "type": "bundle", "id": "bundle--555ddeca-3ecc-40e3-9ebd-177c950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--555ddeca-3ecc-40e3-9ebd-177c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "name": "OSINT Trojanized PuTTY Software by Cisco CSIRT", "published": "2015-05-21T17:49:18Z", "object_refs": [ "observed-data--555ddedb-d3b0-4064-9927-f221950d210b", "url--555ddedb-d3b0-4064-9927-f221950d210b", "indicator--555ddf1e-9e64-41cf-bde3-4c7b950d210b", "indicator--555ddf1e-2d64-465a-8e92-4901950d210b", "indicator--555ddf1f-46a4-42d5-b9fa-4d64950d210b", "x-misp-attribute--555ddf3a-bc50-4045-9947-ab11950d210b", "x-misp-attribute--555ddf3b-fbb0-43f0-bbe3-ab11950d210b", "indicator--555ddf48-ee64-4898-a8fb-d8ba950d210b", "indicator--555ddf48-68b8-42a8-b9e4-d8ba950d210b", "indicator--555ddf48-7240-488a-a033-d8ba950d210b", "indicator--555ddf5f-6aec-4e2f-a1a0-4eff950d210b", "indicator--555ddf5f-5414-454b-afe8-492f950d210b", "indicator--555ddf60-6fc4-4c78-bccc-4c07950d210b", "indicator--555ddf79-21c4-4c68-ae65-f221950d210b", "indicator--555ddfda-d3a0-42ed-a9ed-f87b950d210b", "indicator--555ddfda-8af8-4619-b846-f87b950d210b", "indicator--555ddfda-b92c-4cbf-bd20-f87b950d210b", "indicator--555ddfda-9a08-4486-bbc7-f87b950d210b", "indicator--555ddfda-2578-4c24-ac26-f87b950d210b", "indicator--555ddfda-27b8-4027-92a3-f87b950d210b", "indicator--555ddfdb-a4f4-4517-a9d2-f87b950d210b", "indicator--555ddfdb-b29c-4b92-8fb1-f87b950d210b", "indicator--555ddfdb-2810-4ecc-b53d-f87b950d210b", "indicator--555ddfdb-062c-45d6-a96f-f87b950d210b", "indicator--555ddfdb-c870-4e57-a9ab-f87b950d210b", "indicator--555ddfdb-bcfc-4363-a611-f87b950d210b", "indicator--555ddfdb-2398-4da3-9638-f87b950d210b", "indicator--555ddfdb-11f8-4890-b7c6-f87b950d210b", "indicator--555ddfdc-8cc8-4bca-a421-f87b950d210b", "indicator--555ddfdc-3560-4a94-8cdb-f87b950d210b", "indicator--555ddfdc-7010-4aea-8de6-f87b950d210b", "indicator--555ddfdc-0d44-45cc-bcca-f87b950d210b", "indicator--555ddfdc-4164-453e-be2b-f87b950d210b", "indicator--555ddfdc-0da4-40f9-ae9c-f87b950d210b", "indicator--555ddfdc-8f08-4a9f-87ba-f87b950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--555ddedb-d3b0-4064-9927-f221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:34:19.000Z", "modified": "2015-05-21T13:34:19.000Z", "first_observed": "2015-05-21T13:34:19Z", "last_observed": "2015-05-21T13:34:19Z", "number_observed": 1, "object_refs": [ "url--555ddedb-d3b0-4064-9927-f221950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--555ddedb-d3b0-4064-9927-f221950d210b", "value": "http://blogs.cisco.com/security/trojanized-putty-software" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf1e-9e64-41cf-bde3-4c7b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:35:26.000Z", "modified": "2015-05-21T13:35:26.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'b5c88d5af37afd13f89957150f9311ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf1e-2d64-465a-8e92-4901950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:35:26.000Z", "modified": "2015-05-21T13:35:26.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA1 = '51c409b7f0c641ce3670b169b9a7515ac38cdb82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf1f-46a4-42d5-b9fa-4d64950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:35:27.000Z", "modified": "2015-05-21T13:35:27.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'd3e866e5bf18f2d9c667563de9150b705813e03377312b6974923f6af2e56291']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555ddf3a-bc50-4045-9947-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:35:54.000Z", "modified": "2015-05-21T13:35:54.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "MalZilla" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--555ddf3b-fbb0-43f0-bbe3-ab11950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:35:55.000Z", "modified": "2015-05-21T13:35:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "MalPutty" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf48-ee64-4898-a8fb-d8ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:08.000Z", "modified": "2015-05-21T13:36:08.000Z", "pattern": "[domain-name:value = 'ngusto-uro.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf48-68b8-42a8-b9e4-d8ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:08.000Z", "modified": "2015-05-21T13:36:08.000Z", "pattern": "[domain-name:value = 'go-upload.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf48-7240-488a-a033-d8ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:08.000Z", "modified": "2015-05-21T13:36:08.000Z", "pattern": "[domain-name:value = 'aliserv2013.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf5f-6aec-4e2f-a1a0-4eff950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:31.000Z", "modified": "2015-05-21T13:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.76.120.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf5f-5414-454b-afe8-492f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:31.000Z", "modified": "2015-05-21T13:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.227.240.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf60-6fc4-4c78-bccc-4c07950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:32.000Z", "modified": "2015-05-21T13:36:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.185.239.3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddf79-21c4-4c68-ae65-f221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:36:57.000Z", "modified": "2015-05-21T13:36:57.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.9.168 Version/11.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:36:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-d3a0-42ed-a9ed-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://stc-castelnaudary.fr/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-8af8-4619-b846-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://holidaystennisclub.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-b92c-4cbf-bd20-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://stonarov.wz.cz/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-9a08-4486-bbc7-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://stabryl.home.pl/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-2578-4c24-ac26-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://mohsenfeshari.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfda-27b8-4027-92a3-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:34.000Z", "modified": "2015-05-21T13:38:34.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://nwedigital.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-a4f4-4517-a9d2-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://kangasquads.com.au/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-b29c-4b92-8fb1-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://sistemaysoporte.es/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-2810-4ecc-b53d-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://straydogwinter.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-062c-45d6-a96f-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://snailmailrecall.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-c870-4e57-a9ab-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://steveacker.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-bcfc-4363-a611-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://starsretail.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-2398-4da3-9638-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://podspeak.net/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdb-11f8-4890-b7c6-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:35.000Z", "modified": "2015-05-21T13:38:35.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://stephensimmer.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-8cc8-4bca-a421-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://biznetbrokers.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-3560-4a94-8cdb-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://ofbcorporation.com/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-7010-4aea-8de6-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://spriebel.de/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-0d44-45cc-bcca-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://siteweb.olympe.in/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-4164-453e-be2b-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://yumyums.comcastbiz.net/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-0da4-40f9-ae9c-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://prfc.com.au/putty/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--555ddfdc-8f08-4a9f-87ba-f87b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-21T13:38:36.000Z", "modified": "2015-05-21T13:38:36.000Z", "description": "Compromised hosts", "pattern": "[url:value = 'http://helpmydiabetes.info/wp-includes/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-21T13:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }