{ "type": "bundle", "id": "bundle--54323f2c-e50c-4268-896c-4867950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:57.000Z", "modified": "2014-10-06T07:12:57.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54323f2c-e50c-4268-896c-4867950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:57.000Z", "modified": "2014-10-06T07:12:57.000Z", "name": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", "published": "2016-02-22T14:22:58Z", "object_refs": [ "observed-data--54323f34-fc28-4ad9-9295-4c32950d210b", "url--54323f34-fc28-4ad9-9295-4c32950d210b", "x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b", "indicator--54323f9c-2aec-42b7-8abb-41b1950d210b", "indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b", "indicator--54323f9c-e698-49c5-99e6-4039950d210b", "indicator--54323f9c-4138-4efc-a2ca-4851950d210b", "indicator--54323f9c-12b8-4909-86b1-45a8950d210b", "indicator--54323f9c-2768-4c9f-b004-4fc5950d210b", "indicator--54323f9c-dc1c-442d-843f-490f950d210b", "indicator--54324042-49fc-4628-a95e-44da950d210b", "indicator--54324042-7c14-4318-a5c0-4600950d210b", "indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b", "indicator--54324042-f50c-47f1-9140-435b950d210b", "indicator--54324042-512c-46e0-9551-49cb950d210b", "indicator--54324042-863c-4553-b05c-4174950d210b", "indicator--54324042-a9f0-473c-9284-4f56950d210b", "indicator--54324081-3308-4f1f-8674-4953950d210b", "indicator--54324081-08ec-4161-a2ed-4c75950d210b", "indicator--543240dc-f068-437a-baa9-48f2950d210b", "indicator--543240dc-7fac-4be4-93e8-482b950d210b", "indicator--543240dc-ca14-4537-a5df-4aba950d210b", "x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b", "indicator--56c625a7-f31c-460c-9ea1-c652950d210f", "indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f", "indicator--56c625aa-b0e4-4e44-b997-4d98950d210f", "indicator--56c625ab-2708-47fb-bc05-c650950d210f", "indicator--56c625ac-14e4-409a-91bb-c651950d210f", "indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f", "indicator--56c625ae-9b04-4e28-8806-4e26950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54323f34-fc28-4ad9-9295-4c32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:05:24.000Z", "modified": "2014-10-06T07:05:24.000Z", "first_observed": "2014-10-06T07:05:24Z", "last_observed": "2014-10-06T07:05:24Z", "number_observed": 1, "object_refs": [ "url--54323f34-fc28-4ad9-9295-4c32950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54323f34-fc28-4ad9-9295-4c32950d210b", "value": "http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:05:34.000Z", "modified": "2014-10-06T07:05:34.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data encoded by David Andr\u00c3\u00a9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-2aec-42b7-8abb-41b1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = '7915aabb2e66ff14841e4ef0fbff7486']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = '7522baef20df95eeeeafdf4efe3aac3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-e698-49c5-99e6-4039950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = '6527ba8baab0f86b0ffb6178247772c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-4138-4efc-a2ca-4851950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = '271e6a4d45c2817f86148ca413f97604']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-12b8-4909-86b1-45a8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = 'be765cd5723e4366d35172aaf13fad44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-2768-4c9f-b004-4fc5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = 'ec519d709c0582346741fe0094208216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54323f9c-dc1c-442d-843f-490f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:07:08.000Z", "modified": "2014-10-06T07:07:08.000Z", "pattern": "[file:hashes.MD5 = 'a3b2e34973691ad320b70248bd67fbd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-49fc-4628-a95e-44da950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = '0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-7c14-4318-a5c0-4600950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = '8aef92a986568ba31729269efa31a2488f35920d136ab41cb6fce55fd8e0b4b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = '995bc16a5c2c212b57ba00c2376ac57c8032c7f2b1d521f995a5e1d49066d64d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-f50c-47f1-9140-435b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = 'e7f2af8c48f837da57000c068368d77bc9b06eba1e077edfab58df6aa2ea40ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-512c-46e0-9551-49cb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = 'e601da16f923b33465dbafbff9d47195e8fc50099fd0581a16a1745bf890afb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-863c-4553-b05c-4174950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = '184c083e839451c2ab0de7a89aa801dc0458e2bd1fe79e60f35c26d92a0dbf6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324042-a9f0-473c-9284-4f56950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:09:54.000Z", "modified": "2014-10-06T07:09:54.000Z", "pattern": "[file:hashes.SHA256 = 'ffbddfb536e8e604c880ec977d06f804a500fc0396899bd2c195fb1f5b74207a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324081-3308-4f1f-8674-4953950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:10:57.000Z", "modified": "2014-10-06T07:10:57.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.25.233.248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54324081-08ec-4161-a2ed-4c75950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:10:57.000Z", "modified": "2014-10-06T07:10:57.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.45.144.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543240dc-f068-437a-baa9-48f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:28.000Z", "modified": "2014-10-06T07:12:28.000Z", "pattern": "[domain-name:value = 'xenserver.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543240dc-7fac-4be4-93e8-482b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:28.000Z", "modified": "2014-10-06T07:12:28.000Z", "pattern": "[domain-name:value = 'zipoo.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--543240dc-ca14-4537-a5df-4aba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:28.000Z", "modified": "2014-10-06T07:12:28.000Z", "pattern": "[domain-name:value = 'good.myftp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-10-06T07:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-10-06T07:12:57.000Z", "modified": "2014-10-06T07:12:57.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Nitro" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625a7-f31c-460c-9ea1-c652950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:23.000Z", "modified": "2016-02-18T20:12:23.000Z", "description": "Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)", "pattern": "[file:hashes.SHA1 = '0ea76f1586c008932d90c991dfdd5042f3aac8ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:25.000Z", "modified": "2016-02-18T20:12:25.000Z", "description": "Automatically added (via 7522baef20df95eeeeafdf4efe3aac3c)", "pattern": "[file:hashes.SHA1 = '7c5b1cd43daa19289d629fd969ea0b16c04803fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625aa-b0e4-4e44-b997-4d98950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:26.000Z", "modified": "2016-02-18T20:12:26.000Z", "description": "Automatically added (via 6527ba8baab0f86b0ffb6178247772c4)", "pattern": "[file:hashes.SHA1 = 'd76a8a3c3e6f14ba31e1a42fa63455260f2a9b1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625ab-2708-47fb-bc05-c650950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:27.000Z", "modified": "2016-02-18T20:12:27.000Z", "description": "Automatically added (via 271e6a4d45c2817f86148ca413f97604)", "pattern": "[file:hashes.SHA1 = '8554ac096023dec3235a4c627cc9fd4c5ab0cac8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625ac-14e4-409a-91bb-c651950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:28.000Z", "modified": "2016-02-18T20:12:28.000Z", "description": "Automatically added (via be765cd5723e4366d35172aaf13fad44)", "pattern": "[file:hashes.SHA1 = '0a0a610b209dbed9029dbdf2843f7682b6a5c6ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:29.000Z", "modified": "2016-02-18T20:12:29.000Z", "description": "Automatically added (via ec519d709c0582346741fe0094208216)", "pattern": "[file:hashes.SHA1 = '074df94be307c60e1c1b35c5872654dabb3d61f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c625ae-9b04-4e28-8806-4e26950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T20:12:30.000Z", "modified": "2016-02-18T20:12:30.000Z", "description": "Automatically added (via a3b2e34973691ad320b70248bd67fbd2)", "pattern": "[file:hashes.SHA1 = '5591bae552004f38964f6a0bec7bf9ce5f2b37cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T20:12:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }