{ "type": "bundle", "id": "bundle--5d264c1b-a568-457e-82a3-be7a02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:38:31.000Z", "modified": "2019-07-10T20:38:31.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5d264c1b-a568-457e-82a3-be7a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:38:31.000Z", "modified": "2019-07-10T20:38:31.000Z", "name": "OSINT - Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques", "context": "suspicious-activity", "object_refs": [ "observed-data--5d264c2e-5254-415f-83bc-c64f02de0b81", "url--5d264c2e-5254-415f-83bc-c64f02de0b81", "indicator--5d264c71-67d8-468b-b4fb-498202de0b81", "indicator--5d264c71-15f4-479f-b9e9-498202de0b81", "indicator--5d264c71-7638-43a8-816f-498202de0b81", "indicator--5d264c93-6474-48b0-9d95-831902de0b81", "indicator--5d264c93-2b40-48d8-95ad-831902de0b81", "indicator--5d264c93-626c-4b2f-bf91-831902de0b81", "indicator--5d264c93-9784-46d5-a187-831902de0b81", "indicator--5d264ca1-5254-4780-ada2-447d02de0b81", "indicator--5d264cb4-34f4-4cbc-9910-47be02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:threat-actor=\"Sea Turtle\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d264c2e-5254-415f-83bc-c64f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:35:58.000Z", "modified": "2019-07-10T20:35:58.000Z", "first_observed": "2019-07-10T20:35:58Z", "last_observed": "2019-07-10T20:35:58Z", "number_observed": 1, "object_refs": [ "url--5d264c2e-5254-415f-83bc-c64f02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d264c2e-5254-415f-83bc-c64f02de0b81", "value": "https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html#more" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c71-67d8-468b-b4fb-498202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:05.000Z", "modified": "2019-07-10T20:37:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.131.225']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c71-15f4-479f-b9e9-498202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:05.000Z", "modified": "2019-07-10T20:37:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '140.82.58.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c71-7638-43a8-816f-498202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:05.000Z", "modified": "2019-07-10T20:37:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.156.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c93-6474-48b0-9d95-831902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:39.000Z", "modified": "2019-07-10T20:37:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.105.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c93-2b40-48d8-95ad-831902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:39.000Z", "modified": "2019-07-10T20:37:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.17.167.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c93-626c-4b2f-bf91-831902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:39.000Z", "modified": "2019-07-10T20:37:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.29.187.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264c93-9784-46d5-a187-831902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:39.000Z", "modified": "2019-07-10T20:37:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.226.192.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264ca1-5254-4780-ada2-447d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:37:53.000Z", "modified": "2019-07-10T20:37:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.100.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:37:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d264cb4-34f4-4cbc-9910-47be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-10T20:38:12.000Z", "modified": "2019-07-10T20:38:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.150.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-10T20:38:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }