misp-circl-feed/feeds/circl/stix-2.1/5464a711-55dc-4416-aad2-4aba950d210b.json

681 lines
No EOL
28 KiB
JSON

{
"type": "bundle",
"id": "bundle--5464a711-55dc-4416-aad2-4aba950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-05T15:42:47.000Z",
"modified": "2015-10-05T15:42:47.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5464a711-55dc-4416-aad2-4aba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-05T15:42:47.000Z",
"modified": "2015-10-05T15:42:47.000Z",
"name": "OSINT Black Energy 2 malware analysis blog post by Joseph Mlodzianowski",
"published": "2015-10-05T15:42:54Z",
"object_refs": [
"observed-data--5464a71f-6484-4c06-be36-49d4950d210b",
"url--5464a71f-6484-4c06-be36-49d4950d210b",
"x-misp-attribute--5464a728-9560-4fa9-b497-4daf950d210b",
"indicator--5464a78f-c6e4-4074-92d5-4d5f950d210b",
"indicator--5464a78f-3430-4010-9490-4f4e950d210b",
"indicator--5464a78f-43e8-4a60-857f-47c8950d210b",
"indicator--5464a78f-ec18-4bca-89c6-4b7a950d210b",
"indicator--5464a790-85b4-460e-b87f-49a9950d210b",
"indicator--5464a790-8d88-499d-99bf-408c950d210b",
"indicator--5464a790-abdc-4659-af76-41d6950d210b",
"indicator--5464a790-0038-4117-b2c4-452b950d210b",
"indicator--5464a790-a3e8-4914-8375-43d2950d210b",
"indicator--5464a790-0c8c-4def-9609-4b8d950d210b",
"indicator--5464a790-a85c-4beb-94cd-43f3950d210b",
"indicator--5464a790-180c-4281-a965-492b950d210b",
"indicator--5464a790-f2a8-4332-8318-48a9950d210b",
"indicator--5464a790-0f34-44b7-b699-4b00950d210b",
"indicator--5464a790-355c-484d-91db-445b950d210b",
"indicator--5464a790-e3ec-4ae5-b50b-45ca950d210b",
"indicator--5464a790-dd60-4fb1-918a-4a2f950d210b",
"indicator--5464a790-d79c-4070-8085-4050950d210b",
"indicator--5464a791-6cac-4bd9-8f22-47d9950d210b",
"indicator--5464a791-5748-4632-82c8-4b1b950d210b",
"indicator--5464a7ca-a034-44c3-ba38-43d9950d210b",
"indicator--5464a7ed-9588-4885-be90-4c22950d210b",
"indicator--5464a89b-8480-4502-bdaa-4ea8950d210b",
"indicator--5464a8a9-9704-47f3-9d30-445a950d210b",
"x-misp-attribute--56129a77-a6c4-4e25-a213-42d0950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5464a71f-6484-4c06-be36-49d4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:42:07.000Z",
"modified": "2014-11-13T12:42:07.000Z",
"first_observed": "2014-11-13T12:42:07Z",
"last_observed": "2014-11-13T12:42:07Z",
"number_observed": 1,
"object_refs": [
"url--5464a71f-6484-4c06-be36-49d4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5464a71f-6484-4c06-be36-49d4950d210b",
"value": "http://sub0day.com/2014/10/black-energy-ii-ii/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464a728-9560-4fa9-b497-4daf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:42:16.000Z",
"modified": "2014-11-13T12:42:16.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a78f-c6e4-4074-92d5-4d5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:43:59.000Z",
"modified": "2014-11-13T12:43:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.79.80.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a78f-3430-4010-9490-4f4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:43:59.000Z",
"modified": "2014-11-13T12:43:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.38.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a78f-43e8-4a60-857f-47c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:43:59.000Z",
"modified": "2014-11-13T12:43:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.87.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a78f-ec18-4bca-89c6-4b7a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:43:59.000Z",
"modified": "2014-11-13T12:43:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.220.34.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-85b4-460e-b87f-49a9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.165.222.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-8d88-499d-99bf-408c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.165.222.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-abdc-4659-af76-41d6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.4.28.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-0038-4117-b2c4-452b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '4.65.222.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-a3e8-4914-8375-43d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.46.40.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-0c8c-4def-9609-4b8d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.19.161.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-a85c-4beb-94cd-43f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.94.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-180c-4281-a965-492b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.149.223.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-f2a8-4332-8318-48a9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.143.193.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-0f34-44b7-b699-4b00950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.122.36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-355c-484d-91db-445b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.236.88.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-e3ec-4ae5-b50b-45ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.217.253.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-dd60-4fb1-918a-4a2f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.205.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a790-d79c-4070-8085-4050950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:00.000Z",
"modified": "2014-11-13T12:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.227.176.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a791-6cac-4bd9-8f22-47d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:01.000Z",
"modified": "2014-11-13T12:44:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.28.172.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a791-5748-4632-82c8-4b1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:01.000Z",
"modified": "2014-11-13T12:44:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.124.110.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a7ca-a034-44c3-ba38-43d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:44:58.000Z",
"modified": "2014-11-13T12:44:58.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\ControlSet001\\\\Services\\\\xliigeobghmg\\\\ImagePath' AND windows-registry-key:values.data = '\\\\%TEMP\\\\%\\\\ristialm.sys']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a7ed-9588-4885-be90-4c22950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:45:33.000Z",
"modified": "2014-11-13T12:45:33.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\ristialm.sys']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:45:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a89b-8480-4502-bdaa-4ea8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:48:27.000Z",
"modified": "2014-11-13T12:48:27.000Z",
"pattern": "[domain-name:value = 'agxxgle.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:48:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464a8a9-9704-47f3-9d30-445a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T12:48:41.000Z",
"modified": "2014-11-13T12:48:41.000Z",
"description": "POST",
"pattern": "[url:value = 'http://agxxgle.in/good/getcfg.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T12:48:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56129a77-a6c4-4e25-a213-42d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-05T15:42:47.000Z",
"modified": "2015-10-05T15:42:47.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "BlackEnergy"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}