adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/543cf0a2-e1d8-4c20-bb05-9177950d210b.json

783 lines
No EOL
32 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--543cf0a2-e1d8-4c20-bb05-9177950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:53:20.000Z",
"modified": "2014-10-14T09:53:20.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--543cf0a2-e1d8-4c20-bb05-9177950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:53:20.000Z",
"modified": "2014-10-14T09:53:20.000Z",
"name": "OSINT Shellshock exploitation from Red Sky Weekly blog post",
"published": "2014-10-15T11:55:33Z",
"object_refs": [
"x-misp-attribute--543cf0af-1304-42f8-9cf7-42b4950d210b",
"observed-data--543cf0b9-c5c0-42e6-b945-46bb950d210b",
"url--543cf0b9-c5c0-42e6-b945-46bb950d210b",
"indicator--543cf18e-6100-428f-864a-4de7950d210b",
"indicator--543cf18e-f66c-40da-98ad-4de7950d210b",
"indicator--543cf18f-8fac-4e40-9326-4de7950d210b",
"indicator--543cf18f-b118-4936-9543-4de7950d210b",
"indicator--543cf18f-0728-4008-9466-4de7950d210b",
"indicator--543cf18f-5528-4b05-bdf2-4de7950d210b",
"indicator--543cf18f-3d48-4092-a4bc-4de7950d210b",
"indicator--543cf18f-6e78-49f0-8b5e-4de7950d210b",
"indicator--543cf18f-dca4-47c7-842a-4de7950d210b",
"indicator--543cf18f-e554-4f24-854c-4de7950d210b",
"indicator--543cf18f-bff0-41bd-8694-4de7950d210b",
"indicator--543cf18f-c6ac-47f7-b5ca-4de7950d210b",
"indicator--543cf18f-3230-4742-a4a7-4de7950d210b",
"indicator--543cf18f-f10c-4936-953b-4de7950d210b",
"indicator--543cf18f-645c-4977-ab04-4de7950d210b",
"indicator--543cf18f-242c-42d9-9cac-4de7950d210b",
"indicator--543cf18f-d94c-45cd-af72-4de7950d210b",
"indicator--543cf18f-c1d0-4f85-83d4-4de7950d210b",
"indicator--543cf18f-cc10-4c57-ace5-4de7950d210b",
"x-misp-attribute--543cf211-4a54-4093-8a47-4de7950d210b",
"x-misp-attribute--543cf211-65bc-49c8-8e04-4de7950d210b",
"x-misp-attribute--543cf211-fb30-4c8c-ba0f-4de7950d210b",
"indicator--543cf23e-5c20-4500-b707-d188950d210b",
"indicator--543cf254-72d4-49fa-9efc-451b950d210b",
"indicator--543cf25c-bbb4-4960-ae47-4d43950d210b",
"observed-data--543cf27d-4270-4d4e-8c62-4246950d210b",
"url--543cf27d-4270-4d4e-8c62-4246950d210b",
"indicator--543cf290-1650-4d10-9448-4eaf950d210b",
"indicator--543cf2ba-5b48-4477-a48b-9177950d210b",
"indicator--543cf2ba-5774-4371-ae45-9177950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--543cf0af-1304-42f8-9cf7-42b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:45:19.000Z",
"modified": "2014-10-14T09:45:19.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data encoded by David Andr\u00c3\u00a9"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--543cf0b9-c5c0-42e6-b945-46bb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:45:28.000Z",
"modified": "2014-10-14T09:45:28.000Z",
"first_observed": "2014-10-14T09:45:28Z",
"last_observed": "2014-10-14T09:45:28Z",
"number_observed": 1,
"object_refs": [
"url--543cf0b9-c5c0-42e6-b945-46bb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--543cf0b9-c5c0-42e6-b945-46bb950d210b",
"value": "http://henrybasset.blogspot.be/2014/10/red-sky-weekly-faq-and-shellshock.html"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18e-6100-428f-864a-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:02.000Z",
"modified": "2014-10-14T09:49:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.163.12.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18e-f66c-40da-98ad-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:02.000Z",
"modified": "2014-10-14T09:49:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.29.189.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-8fac-4e40-9326-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.15.20.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-b118-4936-9543-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.161.195.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-0728-4008-9466-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.136.130.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-5528-4b05-bdf2-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.253.229.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-3d48-4092-a4bc-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.139.212.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-6e78-49f0-8b5e-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.227.100.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-dca4-47c7-842a-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.156.18.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-e554-4f24-854c-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.171.116.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-bff0-41bd-8694-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.218.186.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-c6ac-47f7-b5ca-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.172.123.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-3230-4742-a4a7-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.130.114.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-f10c-4936-953b-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.123.75.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-645c-4977-ab04-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.120.175.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-242c-42d9-9cac-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.121.79.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-d94c-45cd-af72-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.49.241.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-c1d0-4f85-83d4-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.82.114.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf18f-cc10-4c57-ace5-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:49:03.000Z",
"modified": "2014-10-14T09:49:03.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.206.54.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:49:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--543cf211-4a54-4093-8a47-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:51:13.000Z",
"modified": "2014-10-14T09:51:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "Goga Gastoyan"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--543cf211-65bc-49c8-8e04-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:51:13.000Z",
"modified": "2014-10-14T09:51:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "bash@blogbuddy.ru"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--543cf211-fb30-4c8c-ba0f-4de7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:51:13.000Z",
"modified": "2014-10-14T09:51:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "+7.4957452002"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf23e-5c20-4500-b707-d188950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:51:58.000Z",
"modified": "2014-10-14T09:51:58.000Z",
"pattern": "[domain-name:value = 'google-traffic-analytics.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:51:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf254-72d4-49fa-9efc-451b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:52:20.000Z",
"modified": "2014-10-14T09:52:20.000Z",
"pattern": "[domain-name:value = 'stats.google-traffic-analytics.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:52:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf25c-bbb4-4960-ae47-4d43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:52:28.000Z",
"modified": "2014-10-14T09:52:28.000Z",
"pattern": "[url:value = 'http://google-traffic-analytics.com/cl.py']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:52:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--543cf27d-4270-4d4e-8c62-4246950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:53:01.000Z",
"modified": "2014-10-14T09:53:01.000Z",
"first_observed": "2014-10-14T09:53:01Z",
"last_observed": "2014-10-14T09:53:01Z",
"number_observed": 1,
"object_refs": [
"url--543cf27d-4270-4d4e-8c62-4246950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--543cf27d-4270-4d4e-8c62-4246950d210b",
"value": "https://www.virustotal.com/en/file/052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf290-1650-4d10-9448-4eaf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:53:20.000Z",
"modified": "2014-10-14T09:53:20.000Z",
"pattern": "[file:hashes.MD5 = '7847e83ad52b8b32ae14522e1a960370']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:53:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf2ba-5b48-4477-a48b-9177950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:54:02.000Z",
"modified": "2014-10-14T09:54:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA1 = '24b24379c3a6e554d77428faa22b4176d78499b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--543cf2ba-5774-4371-ae45-9177950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-10-14T09:54:02.000Z",
"modified": "2014-10-14T09:54:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = '052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-10-14T09:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue View git blame Copy permalink