misp-circl-feed/feeds/circl/stix-2.1/54323f2c-e50c-4268-896c-4867950d210b.json

735 lines
No EOL
30 KiB
JSON

{
"type": "bundle",
"id": "bundle--54323f2c-e50c-4268-896c-4867950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:57.000Z",
"modified": "2014-10-06T07:12:57.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--54323f2c-e50c-4268-896c-4867950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:57.000Z",
"modified": "2014-10-06T07:12:57.000Z",
"name": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks",
"published": "2016-02-22T14:22:58Z",
"object_refs": [
"observed-data--54323f34-fc28-4ad9-9295-4c32950d210b",
"url--54323f34-fc28-4ad9-9295-4c32950d210b",
"x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b",
"indicator--54323f9c-2aec-42b7-8abb-41b1950d210b",
"indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b",
"indicator--54323f9c-e698-49c5-99e6-4039950d210b",
"indicator--54323f9c-4138-4efc-a2ca-4851950d210b",
"indicator--54323f9c-12b8-4909-86b1-45a8950d210b",
"indicator--54323f9c-2768-4c9f-b004-4fc5950d210b",
"indicator--54323f9c-dc1c-442d-843f-490f950d210b",
"indicator--54324042-49fc-4628-a95e-44da950d210b",
"indicator--54324042-7c14-4318-a5c0-4600950d210b",
"indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b",
"indicator--54324042-f50c-47f1-9140-435b950d210b",
"indicator--54324042-512c-46e0-9551-49cb950d210b",
"indicator--54324042-863c-4553-b05c-4174950d210b",
"indicator--54324042-a9f0-473c-9284-4f56950d210b",
"indicator--54324081-3308-4f1f-8674-4953950d210b",
"indicator--54324081-08ec-4161-a2ed-4c75950d210b",
"indicator--543240dc-f068-437a-baa9-48f2950d210b",
"indicator--543240dc-7fac-4be4-93e8-482b950d210b",
"indicator--543240dc-ca14-4537-a5df-4aba950d210b",
"x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b",
"indicator--56c625a7-f31c-460c-9ea1-c652950d210f",
"indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f",
"indicator--56c625aa-b0e4-4e44-b997-4d98950d210f",
"indicator--56c625ab-2708-47fb-bc05-c650950d210f",
"indicator--56c625ac-14e4-409a-91bb-c651950d210f",
"indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f",
"indicator--56c625ae-9b04-4e28-8806-4e26950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54323f34-fc28-4ad9-9295-4c32950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:05:24.000Z",
"modified": "2014-10-06T07:05:24.000Z",
"first_observed": "2014-10-06T07:05:24Z",
"last_observed": "2014-10-06T07:05:24Z",
"number_observed": 1,
"object_refs": [
"url--54323f34-fc28-4ad9-9295-4c32950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54323f34-fc28-4ad9-9295-4c32950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:05:34.000Z",
"modified": "2014-10-06T07:05:34.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data encoded by David Andr\u00c3\u00a9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-2aec-42b7-8abb-41b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = '7915aabb2e66ff14841e4ef0fbff7486']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = '7522baef20df95eeeeafdf4efe3aac3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-e698-49c5-99e6-4039950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = '6527ba8baab0f86b0ffb6178247772c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-4138-4efc-a2ca-4851950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = '271e6a4d45c2817f86148ca413f97604']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-12b8-4909-86b1-45a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = 'be765cd5723e4366d35172aaf13fad44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-2768-4c9f-b004-4fc5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = 'ec519d709c0582346741fe0094208216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54323f9c-dc1c-442d-843f-490f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:07:08.000Z",
"modified": "2014-10-06T07:07:08.000Z",
"pattern": "[file:hashes.MD5 = 'a3b2e34973691ad320b70248bd67fbd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-49fc-4628-a95e-44da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = '0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-7c14-4318-a5c0-4600950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = '8aef92a986568ba31729269efa31a2488f35920d136ab41cb6fce55fd8e0b4b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = '995bc16a5c2c212b57ba00c2376ac57c8032c7f2b1d521f995a5e1d49066d64d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-f50c-47f1-9140-435b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = 'e7f2af8c48f837da57000c068368d77bc9b06eba1e077edfab58df6aa2ea40ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-512c-46e0-9551-49cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = 'e601da16f923b33465dbafbff9d47195e8fc50099fd0581a16a1745bf890afb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-863c-4553-b05c-4174950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = '184c083e839451c2ab0de7a89aa801dc0458e2bd1fe79e60f35c26d92a0dbf6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324042-a9f0-473c-9284-4f56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:09:54.000Z",
"modified": "2014-10-06T07:09:54.000Z",
"pattern": "[file:hashes.SHA256 = 'ffbddfb536e8e604c880ec977d06f804a500fc0396899bd2c195fb1f5b74207a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324081-3308-4f1f-8674-4953950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:10:57.000Z",
"modified": "2014-10-06T07:10:57.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.25.233.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54324081-08ec-4161-a2ed-4c75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:10:57.000Z",
"modified": "2014-10-06T07:10:57.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.45.144.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543240dc-f068-437a-baa9-48f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:28.000Z",
"modified": "2014-10-06T07:12:28.000Z",
"pattern": "[domain-name:value = 'xenserver.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543240dc-7fac-4be4-93e8-482b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:28.000Z",
"modified": "2014-10-06T07:12:28.000Z",
"pattern": "[domain-name:value = 'zipoo.redirectme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543240dc-ca14-4537-a5df-4aba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:28.000Z",
"modified": "2014-10-06T07:12:28.000Z",
"pattern": "[domain-name:value = 'good.myftp.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-06T07:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-06T07:12:57.000Z",
"modified": "2014-10-06T07:12:57.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Nitro"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625a7-f31c-460c-9ea1-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:23.000Z",
"modified": "2016-02-18T20:12:23.000Z",
"description": "Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)",
"pattern": "[file:hashes.SHA1 = '0ea76f1586c008932d90c991dfdd5042f3aac8ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:25.000Z",
"modified": "2016-02-18T20:12:25.000Z",
"description": "Automatically added (via 7522baef20df95eeeeafdf4efe3aac3c)",
"pattern": "[file:hashes.SHA1 = '7c5b1cd43daa19289d629fd969ea0b16c04803fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625aa-b0e4-4e44-b997-4d98950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:26.000Z",
"modified": "2016-02-18T20:12:26.000Z",
"description": "Automatically added (via 6527ba8baab0f86b0ffb6178247772c4)",
"pattern": "[file:hashes.SHA1 = 'd76a8a3c3e6f14ba31e1a42fa63455260f2a9b1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625ab-2708-47fb-bc05-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:27.000Z",
"modified": "2016-02-18T20:12:27.000Z",
"description": "Automatically added (via 271e6a4d45c2817f86148ca413f97604)",
"pattern": "[file:hashes.SHA1 = '8554ac096023dec3235a4c627cc9fd4c5ab0cac8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625ac-14e4-409a-91bb-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:28.000Z",
"modified": "2016-02-18T20:12:28.000Z",
"description": "Automatically added (via be765cd5723e4366d35172aaf13fad44)",
"pattern": "[file:hashes.SHA1 = '0a0a610b209dbed9029dbdf2843f7682b6a5c6ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:29.000Z",
"modified": "2016-02-18T20:12:29.000Z",
"description": "Automatically added (via ec519d709c0582346741fe0094208216)",
"pattern": "[file:hashes.SHA1 = '074df94be307c60e1c1b35c5872654dabb3d61f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c625ae-9b04-4e28-8806-4e26950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T20:12:30.000Z",
"modified": "2016-02-18T20:12:30.000Z",
"description": "Automatically added (via a3b2e34973691ad320b70248bd67fbd2)",
"pattern": "[file:hashes.SHA1 = '5591bae552004f38964f6a0bec7bf9ce5f2b37cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T20:12:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}