adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a2804a1-9eb4-4d70-82f4-4032950d210f.json

682 lines
No EOL
29 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5a2804a1-9eb4-4d70-82f4-4032950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:30.000Z",
"modified": "2017-12-06T16:42:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a2804a1-9eb4-4d70-82f4-4032950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:30.000Z",
"modified": "2017-12-06T16:42:30.000Z",
"name": "OSINT - Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5a280530-cb0c-4c08-9599-4f60950d210f",
"url--5a280530-cb0c-4c08-9599-4f60950d210f",
"indicator--5a281c5c-ee8c-4a72-887e-4251950d210f",
"indicator--5a281c5c-db70-4261-8faa-4251950d210f",
"indicator--5a281cd2-f650-4a15-996b-a8d0950d210f",
"indicator--5a281cd2-0aac-4616-825d-a8d0950d210f",
"indicator--5a281df3-aed0-49c1-a5c2-eca8950d210f",
"indicator--5a281df3-ef2c-431b-98e5-eca8950d210f",
"indicator--5a281df3-9dbc-4cd5-9ef2-eca8950d210f",
"indicator--5a281df3-03a4-4556-951a-eca8950d210f",
"indicator--5a281df3-6514-4e08-bfb3-eca8950d210f",
"indicator--5a281339-37b0-4576-98d7-4262950d210f",
"indicator--5a28139e-373c-4efa-b88b-4894950d210f",
"indicator--5a28150d-ea50-4358-b92b-4570950d210f",
"indicator--5a2815be-5734-430d-b413-4b67950d210f",
"indicator--5a281a62-ccbc-4442-ab6f-4fb2950d210f",
"indicator--5a281a9b-2088-4927-bebb-a867950d210f",
"indicator--5a281aca-9c14-412d-a6ea-ab72950d210f",
"indicator--5a281af0-f578-403a-adac-4144950d210f",
"indicator--5a281b15-0198-4277-a942-2118950d210f",
"indicator--5a281b40-3e3c-4f54-8ab6-a867950d210f",
"indicator--5a281b61-96e0-40e1-b3d6-eca7950d210f",
"indicator--5a281ba2-81a0-42a8-aaae-4345950d210f",
"indicator--5a281bd4-bfc0-4c14-b244-a93f950d210f",
"indicator--5a281d17-7db4-4902-b4eb-a867950d210f",
"indicator--5a281d6d-10b0-4008-9a73-4548950d210f",
"relationship--47454068-928d-409e-9165-60a495c71ad0",
"relationship--baf14b7c-d346-4032-946a-6c9d09ed9153",
"relationship--6ce6eb61-f511-40ee-aa9d-2d4e2d8c3529"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a280530-cb0c-4c08-9599-4f60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T14:56:48.000Z",
"modified": "2017-12-06T14:56:48.000Z",
"first_observed": "2017-12-06T14:56:48Z",
"last_observed": "2017-12-06T14:56:48Z",
"number_observed": 1,
"object_refs": [
"url--5a280530-cb0c-4c08-9599-4f60950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a280530-cb0c-4c08-9599-4f60950d210f",
"value": "https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281c5c-ee8c-4a72-887e-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:36:23.000Z",
"modified": "2017-12-06T16:36:23.000Z",
"description": "impersonating diretube.com",
"pattern": "[domain-name:value = 'diretube.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281c5c-db70-4261-8faa-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:36:09.000Z",
"modified": "2017-12-06T16:36:09.000Z",
"description": "impersonating meskerem.net",
"pattern": "[domain-name:value = 'meskereme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281cd2-f650-4a15-996b-a8d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:37:38.000Z",
"modified": "2017-12-06T16:37:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'time-local.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281cd2-0aac-4616-825d-a8d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:37:38.000Z",
"modified": "2017-12-06T16:37:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'time-local.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281df3-aed0-49c1-a5c2-eca8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:27.000Z",
"modified": "2017-12-06T16:42:27.000Z",
"description": "The samples from getadobeplayer.com",
"pattern": "[file:hashes.MD5 = '568d8c43815fa9608974071c49d68232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281df3-ef2c-431b-98e5-eca8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:27.000Z",
"modified": "2017-12-06T16:42:27.000Z",
"description": "The samples from getadobeplayer.com",
"pattern": "[file:hashes.MD5 = '80b7121c4ecac1c321ca2e3f507104c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281df3-9dbc-4cd5-9ef2-eca8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:27.000Z",
"modified": "2017-12-06T16:42:27.000Z",
"description": "The samples from getadobeplayer.com",
"pattern": "[file:hashes.MD5 = '8d6ce1a256acf608d82db6539bf73ae7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281df3-03a4-4556-951a-eca8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:27.000Z",
"modified": "2017-12-06T16:42:27.000Z",
"description": "The samples from getadobeplayer.com",
"pattern": "[file:hashes.MD5 = '840c4299f9cd5d4df46ee708c2c8247c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281df3-6514-4e08-bfb3-eca8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:42:27.000Z",
"modified": "2017-12-06T16:42:27.000Z",
"description": "The samples from getadobeplayer.com",
"pattern": "[file:hashes.MD5 = '961730964fd76c93603fb8f0d445c6f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281339-37b0-4576-98d7-4262950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T15:56:41.000Z",
"modified": "2017-12-06T15:56:41.000Z",
"description": "Phishing sent to Jawar Mohammed (Executive Director of the Oromia Media Network)",
"pattern": "[email-message:from_ref.value = 'sbo.radio88@gmail.com' AND email-message:from_ref.display_name = 'sbo radio' AND email-message:subject = 'Fw: Confidential video made public']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T15:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a28139e-373c-4efa-b88b-4894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T15:58:22.000Z",
"modified": "2017-12-06T15:58:22.000Z",
"description": "Phishing sent to Jawar Mohammed (Executive Director of the Oromia Media Network)",
"pattern": "[email-message:from_ref.value = 'sbo.radio88@gmail.com' AND email-message:from_ref.display_name = 'sbo radio' AND email-message:subject = 'Video hints Eritrea and Ethiopia war is highly likely to continue']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T15:58:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a28150d-ea50-4358-b92b-4570950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:05:20.000Z",
"modified": "2017-12-06T16:05:20.000Z",
"description": "Real Flash Player update bundled with spyware",
"pattern": "[url:value = 'http://getadobeplayer.com/flashplayer/download/index7371.html' AND url:x_misp_domain = 'getadobeplayer.com' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/download/index7371.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2815be-5734-430d-b413-4b67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:08:17.000Z",
"modified": "2017-12-06T16:08:17.000Z",
"description": "Link to a video trying to trick the user to install a malicious flash player",
"pattern": "[url:value = 'http://www.eastafro.net/eritrea-ethiopia-border-clash-video.html' AND url:x_misp_host = 'www.eastafro.net' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/eritrea-ethiopia-border-clash-video.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:08:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281a62-ccbc-4442-ab6f-4fb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:27:14.000Z",
"modified": "2017-12-06T16:27:14.000Z",
"pattern": "[email-message:from_ref.value = 'eliassamare@gmail.com' AND email-message:subject = 'Ethiopia Struggling with inside Challenges!']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281a9b-2088-4927-bebb-a867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:28:11.000Z",
"modified": "2017-12-06T16:28:11.000Z",
"pattern": "[email-message:from_ref.value = 'eliassamare@gmail.com' AND email-message:subject = 'Tsorona Conflict Video!']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:28:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281aca-9c14-412d-a6ea-ab72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:28:58.000Z",
"modified": "2017-12-06T16:28:58.000Z",
"pattern": "[email-message:from_ref.value = 'eliassamare@gmail.com' AND email-message:subject = 'UN Report and Diaspora Reaction!']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:28:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281af0-f578-403a-adac-4144950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:29:36.000Z",
"modified": "2017-12-06T16:29:36.000Z",
"pattern": "[email-message:from_ref.value = 'eliassamare@gmail.com' AND email-message:subject = 'Ethiopia and Current Options!']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:29:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281b15-0198-4277-a942-2118950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:30:13.000Z",
"modified": "2017-12-06T16:30:13.000Z",
"pattern": "[email-message:from_ref.value = 'wadewadejoe@gmail.com' AND email-message:subject = 'Congrats \u2013 \u12e8\u12a2\u1233\u1275 \u134d\u122c\u12ce\u127d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:30:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281b40-3e3c-4f54-8ab6-a867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:30:56.000Z",
"modified": "2017-12-06T16:30:56.000Z",
"pattern": "[email-message:from_ref.value = 'awetnaeyu@gmail.com' AND email-message:subject = 'Egypt-Ethiopia new tension!']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:30:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281b61-96e0-40e1-b3d6-eca7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:31:29.000Z",
"modified": "2017-12-06T16:31:29.000Z",
"pattern": "[email-message:from_ref.value = 'lekanuguse2014@gmail.com' AND email-message:subject = 'Gov official interrogated following leakage of national security meeting minutes']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281ba2-81a0-42a8-aaae-4345950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:32:34.000Z",
"modified": "2017-12-06T16:32:34.000Z",
"description": "Targeting Etana Habte",
"pattern": "[email-message:from_ref.value = 'shigut.gelleta@gmail.com' AND email-message:subject = 'Let\u2019s stop EU & the World Bank from funding $500 m to Ethiopia']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:32:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281bd4-bfc0-4c14-b244-a93f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:33:24.000Z",
"modified": "2017-12-06T16:33:24.000Z",
"description": "Targeting Etana Habte",
"pattern": "[email-message:from_ref.value = 'networkoromostudies2015@gmail.com' AND email-message:subject = 'Fwd: MONOSANTO (A multinational company)\u2019s plan on Oromia']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281d17-7db4-4902-b4eb-a867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:38:47.000Z",
"modified": "2017-12-06T16:38:47.000Z",
"pattern": "[url:value = 'http://pssts1.nozonenet.com/ts8/ts8.php' AND url:x_misp_host = 'pssts1.nozonenet.com' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/ts8/ts8.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a281d6d-10b0-4008-9a73-4548950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T16:41:17.000Z",
"modified": "2017-12-06T16:41:17.000Z",
"pattern": "[file:hashes.MD5 = '376f28fb0aa650d6220a9d722cdb108d' AND file:hashes.SHA1 = 'c7b4b97369a2ca77e916d5175d162dc2b823763b' AND file:hashes.SHA256 = 'c76d2a8c1c8865b1aa6512e13b77cbc7446022b7be3378f7233c5ca4a5e58116' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T16:41:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--47454068-928d-409e-9165-60a495c71ad0",
"created": "2017-12-06T16:05:17.000Z",
"modified": "2017-12-06T16:05:17.000Z",
"relationship_type": "included-in",
"source_ref": "indicator--5a28150d-ea50-4358-b92b-4570950d210f",
"target_ref": "indicator--5a281339-37b0-4576-98d7-4262950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--baf14b7c-d346-4032-946a-6c9d09ed9153",
"created": "2017-12-06T16:08:14.000Z",
"modified": "2017-12-06T16:08:14.000Z",
"relationship_type": "included-in",
"source_ref": "indicator--5a2815be-5734-430d-b413-4b67950d210f",
"target_ref": "indicator--5a28139e-373c-4efa-b88b-4894950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6ce6eb61-f511-40ee-aa9d-2d4e2d8c3529",
"created": "2017-12-06T16:41:14.000Z",
"modified": "2017-12-06T16:41:14.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--5a281d6d-10b0-4008-9a73-4548950d210f",
"target_ref": "indicator--5a281d17-7db4-4902-b4eb-a867950d210f"
}
]
}
Reference in a new issue View git blame Copy permalink