misp-circl-feed/feeds/circl/misp/58f14a17-4e68-433a-bac0-451a02de0b81.json

197 lines
No EOL
8.1 KiB
JSON

{
"type": "bundle",
"id": "bundle--58f14a17-4e68-433a-bac0-451a02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-15T16:25:14.000Z",
"modified": "2017-04-15T16:25:14.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--58f14a17-4e68-433a-bac0-451a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-15T16:25:14.000Z",
"modified": "2017-04-15T16:25:14.000Z",
"name": "OSINT - swift from theshadowbrokers",
"context": "suspicious-activity",
"object_refs": [
"indicator--58f14a59-8e84-43a4-8494-4bd402de0b81",
"indicator--58f14a5a-d534-4f5c-8d98-453902de0b81",
"indicator--58f14a5b-2094-4051-b571-453202de0b81",
"indicator--58f14a5c-3604-4662-a271-42b202de0b81",
"indicator--58f14a5e-0614-49d3-85d9-42ee02de0b81",
"indicator--58f14a5f-d174-4c8b-b3e9-401002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"information-leak\"",
"admiralty-scale:information-credibility=\"6\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a59-8e84-43a4-8494-4bd402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:19:52.000Z",
"modified": "2017-04-14T22:19:52.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'cis.cc.kurume-it.ac.jp' AND domain-name:resolves_to_refs[*].value = '133.94.1.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:19:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a5a-d534-4f5c-8d98-453902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:20:14.000Z",
"modified": "2017-04-14T22:20:14.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'isun02.informatik.uni-leipzig.de' AND domain-name:resolves_to_refs[*].value = '139.18.13.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:20:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a5b-2094-4051-b571-453202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:20:35.000Z",
"modified": "2017-04-14T22:20:35.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'ns.itte.kz' AND domain-name:resolves_to_refs[*].value = '212.19.128.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:20:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a5c-3604-4662-a271-42b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:20:53.000Z",
"modified": "2017-04-14T22:20:53.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'euclid.csie.cnu.edu.tw' AND domain-name:resolves_to_refs[*].value = '163.22.20.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:20:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a5e-0614-49d3-85d9-42ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:22:05.000Z",
"modified": "2017-04-14T22:22:05.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'sunblade.kouku-dai.ac.jp' AND domain-name:resolves_to_refs[*].value = '202.145.16.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:22:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58f14a5f-d174-4c8b-b3e9-401002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-14T22:22:21.000Z",
"modified": "2017-04-14T22:22:21.000Z",
"description": "Entry point to the SWIFT network",
"pattern": "[domain-name:value = 'cnt1.din.or.jp' AND domain-name:resolves_to_refs[*].value = '210.135.90.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-14T22:22:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}