{ "type": "bundle", "id": "bundle--58f14a17-4e68-433a-bac0-451a02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-15T16:25:14.000Z", "modified": "2017-04-15T16:25:14.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--58f14a17-4e68-433a-bac0-451a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-15T16:25:14.000Z", "modified": "2017-04-15T16:25:14.000Z", "name": "OSINT - swift from theshadowbrokers", "context": "suspicious-activity", "object_refs": [ "indicator--58f14a59-8e84-43a4-8494-4bd402de0b81", "indicator--58f14a5a-d534-4f5c-8d98-453902de0b81", "indicator--58f14a5b-2094-4051-b571-453202de0b81", "indicator--58f14a5c-3604-4662-a271-42b202de0b81", "indicator--58f14a5e-0614-49d3-85d9-42ee02de0b81", "indicator--58f14a5f-d174-4c8b-b3e9-401002de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"information-leak\"", "admiralty-scale:information-credibility=\"6\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a59-8e84-43a4-8494-4bd402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:19:52.000Z", "modified": "2017-04-14T22:19:52.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'cis.cc.kurume-it.ac.jp' AND domain-name:resolves_to_refs[*].value = '133.94.1.3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:19:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a5a-d534-4f5c-8d98-453902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:20:14.000Z", "modified": "2017-04-14T22:20:14.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'isun02.informatik.uni-leipzig.de' AND domain-name:resolves_to_refs[*].value = '139.18.13.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:20:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a5b-2094-4051-b571-453202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:20:35.000Z", "modified": "2017-04-14T22:20:35.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'ns.itte.kz' AND domain-name:resolves_to_refs[*].value = '212.19.128.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:20:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a5c-3604-4662-a271-42b202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:20:53.000Z", "modified": "2017-04-14T22:20:53.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'euclid.csie.cnu.edu.tw' AND domain-name:resolves_to_refs[*].value = '163.22.20.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:20:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a5e-0614-49d3-85d9-42ee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:22:05.000Z", "modified": "2017-04-14T22:22:05.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'sunblade.kouku-dai.ac.jp' AND domain-name:resolves_to_refs[*].value = '202.145.16.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f14a5f-d174-4c8b-b3e9-401002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-04-14T22:22:21.000Z", "modified": "2017-04-14T22:22:21.000Z", "description": "Entry point to the SWIFT network", "pattern": "[domain-name:value = 'cnt1.din.or.jp' AND domain-name:resolves_to_refs[*].value = '210.135.90.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-04-14T22:22:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }