{ "type": "bundle", "id": "bundle--55dc2f59-7238-468a-8956-575e950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:10.000Z", "modified": "2015-08-25T09:24:10.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55dc2f59-7238-468a-8956-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:10.000Z", "modified": "2015-08-25T09:24:10.000Z", "name": "OSINT RTF Exploit Installs Italian RAT: uWarrior by Palo Alto", "published": "2015-08-25T12:09:58Z", "object_refs": [ "observed-data--55dc2f83-ce00-42b3-946c-58f2950d210b", "url--55dc2f83-ce00-42b3-946c-58f2950d210b", "observed-data--55dc2f83-5594-4ed1-a759-58f2950d210b", "url--55dc2f83-5594-4ed1-a759-58f2950d210b", "indicator--55dc2fc0-ea3c-4a08-9158-58ef950d210b", "indicator--55dc2fc0-1510-46aa-a516-58ef950d210b", "indicator--55dc2fc0-9124-4ef4-866a-58ef950d210b", "indicator--55dc2fc1-e328-49c5-951a-58ef950d210b", "indicator--55dc2fc1-4f84-491a-9d9a-58ef950d210b", "indicator--55dc2fc1-0704-42bb-99e6-58ef950d210b", "indicator--55dc2fc1-e34c-4e1a-a6cc-58ef950d210b", "vulnerability--55dc2fc1-7808-451d-8a34-58ef950d210b", "vulnerability--55dc2fc1-84fc-484d-a0b8-58ef950d210b", "indicator--55dc2fc1-c2a8-4ac7-be4a-58ef950d210b", "indicator--55dc2fc2-a12c-4986-9c18-58ef950d210b", "indicator--55dc2fc2-3858-4ae4-a9f4-58ef950d210b", "indicator--55dc343a-c350-47f7-978f-575e950d210b", "indicator--55dc343a-d060-4295-8e35-575e950d210b", "observed-data--55dc343a-f080-43dc-a122-575e950d210b", "url--55dc343a-f080-43dc-a122-575e950d210b", "indicator--55dc343b-6f78-41f9-948a-575e950d210b", "indicator--55dc343b-eed8-4b86-bb83-575e950d210b", "observed-data--55dc343b-a264-4918-981d-575e950d210b", "url--55dc343b-a264-4918-981d-575e950d210b", "indicator--55dc343b-5e60-488c-8a4c-575e950d210b", "indicator--55dc343b-2ff4-4025-99dd-575e950d210b", "observed-data--55dc343c-1900-4100-adf0-575e950d210b", "url--55dc343c-1900-4100-adf0-575e950d210b", "indicator--55dc343c-ca88-49f9-b19d-575e950d210b", "indicator--55dc343c-2a5c-4153-bca2-575e950d210b", "observed-data--55dc343c-0144-42ed-9807-575e950d210b", "url--55dc343c-0144-42ed-9807-575e950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc2f83-ce00-42b3-946c-58f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:04:03.000Z", "modified": "2015-08-25T09:04:03.000Z", "first_observed": "2015-08-25T09:04:03Z", "last_observed": "2015-08-25T09:04:03Z", "number_observed": 1, "object_refs": [ "url--55dc2f83-ce00-42b3-946c-58f2950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc2f83-ce00-42b3-946c-58f2950d210b", "value": "http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-rat-uwarrior/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc2f83-5594-4ed1-a759-58f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:04:03.000Z", "modified": "2015-08-25T09:04:03.000Z", "first_observed": "2015-08-25T09:04:03Z", "last_observed": "2015-08-25T09:04:03Z", "number_observed": 1, "object_refs": [ "url--55dc2f83-5594-4ed1-a759-58f2950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc2f83-5594-4ed1-a759-58f2950d210b", "value": "https://otx.alienvault.com/pulse/55dbbc8c67db8c7bb8cb68c4/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc0-ea3c-4a08-9158-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:04.000Z", "modified": "2015-08-25T09:05:04.000Z", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\Local\\\\Temp\\\\bootloader.dec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc0-1510-46aa-a516-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:04.000Z", "modified": "2015-08-25T09:05:04.000Z", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\Roaming\\\\warriors.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc0-9124-4ef4-866a-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:04.000Z", "modified": "2015-08-25T09:05:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.249.225.140']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc1-e328-49c5-951a-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "pattern": "[file:hashes.SHA256 = '57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc1-4f84-491a-9d9a-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "pattern": "[file:hashes.SHA256 = '5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc1-0704-42bb-99e6-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '63.142.245.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc1-e34c-4e1a-a6cc-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "pattern": "[file:hashes.SHA256 = 'a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55dc2fc1-7808-451d-8a34-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "name": "CVE-2012-1856", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2012-1856" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55dc2fc1-84fc-484d-a0b8-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "name": "CVE-2015-1770", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-1770" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc1-c2a8-4ac7-be4a-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:05.000Z", "modified": "2015-08-25T09:05:05.000Z", "pattern": "[file:hashes.SHA256 = 'f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc2-a12c-4986-9c18-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:06.000Z", "modified": "2015-08-25T09:05:06.000Z", "pattern": "[domain-name:value = 'login.collegefan.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc2fc2-3858-4ae4-a9f4-58ef950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:05:06.000Z", "modified": "2015-08-25T09:05:06.000Z", "pattern": "[domain-name:value = 'login.loginto.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:05:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343a-c350-47f7-978f-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:10.000Z", "modified": "2015-08-25T09:24:10.000Z", "description": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b", "pattern": "[file:hashes.SHA1 = '844d4888ec0968a9b6da60ec2f1f2aa26937e201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343a-d060-4295-8e35-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:10.000Z", "modified": "2015-08-25T09:24:10.000Z", "description": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b", "pattern": "[file:hashes.MD5 = '828858985c3456e0e5c2bd8add46344b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc343a-f080-43dc-a122-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:10.000Z", "modified": "2015-08-25T09:24:10.000Z", "first_observed": "2015-08-25T09:24:10Z", "last_observed": "2015-08-25T09:24:10Z", "number_observed": 1, "object_refs": [ "url--55dc343a-f080-43dc-a122-575e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc343a-f080-43dc-a122-575e950d210b", "value": "https://www.virustotal.com/file/f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b/analysis/1440299283/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343b-6f78-41f9-948a-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:11.000Z", "modified": "2015-08-25T09:24:11.000Z", "description": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279", "pattern": "[file:hashes.SHA1 = 'fb434ba4f1eaf9f7f20fe6f49c4375e90fa98069']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343b-eed8-4b86-bb83-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:11.000Z", "modified": "2015-08-25T09:24:11.000Z", "description": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279", "pattern": "[file:hashes.MD5 = 'ae6b65ca7cbd4ca0ba86c6278c834547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc343b-a264-4918-981d-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:11.000Z", "modified": "2015-08-25T09:24:11.000Z", "first_observed": "2015-08-25T09:24:11Z", "last_observed": "2015-08-25T09:24:11Z", "number_observed": 1, "object_refs": [ "url--55dc343b-a264-4918-981d-575e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc343b-a264-4918-981d-575e950d210b", "value": "https://www.virustotal.com/file/a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279/analysis/1440434527/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343b-5e60-488c-8a4c-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:11.000Z", "modified": "2015-08-25T09:24:11.000Z", "description": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc", "pattern": "[file:hashes.SHA1 = '777ba38c219d5c0251571b00d630fa3c5a59c9ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343b-2ff4-4025-99dd-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:11.000Z", "modified": "2015-08-25T09:24:11.000Z", "description": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc", "pattern": "[file:hashes.MD5 = '4ec51012233e45e8e293c61250b080ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc343c-1900-4100-adf0-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:12.000Z", "modified": "2015-08-25T09:24:12.000Z", "first_observed": "2015-08-25T09:24:12Z", "last_observed": "2015-08-25T09:24:12Z", "number_observed": 1, "object_refs": [ "url--55dc343c-1900-4100-adf0-575e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc343c-1900-4100-adf0-575e950d210b", "value": "https://www.virustotal.com/file/5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc/analysis/1439560797/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343c-ca88-49f9-b19d-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:12.000Z", "modified": "2015-08-25T09:24:12.000Z", "description": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c", "pattern": "[file:hashes.SHA1 = '58318739e970bbfa3ef45673f47b09ba3fe3f20b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55dc343c-2a5c-4153-bca2-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:12.000Z", "modified": "2015-08-25T09:24:12.000Z", "description": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c", "pattern": "[file:hashes.MD5 = '114c8d4316248de8630364cf4c24a754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-08-25T09:24:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55dc343c-0144-42ed-9807-575e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-08-25T09:24:12.000Z", "modified": "2015-08-25T09:24:12.000Z", "first_observed": "2015-08-25T09:24:12Z", "last_observed": "2015-08-25T09:24:12Z", "number_observed": 1, "object_refs": [ "url--55dc343c-0144-42ed-9807-575e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55dc343c-0144-42ed-9807-575e950d210b", "value": "https://www.virustotal.com/file/57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c/analysis/1440470623/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }