stix sample rhc

1. {
2.     "type": "bundle",
3.     "id": "bundle--c9567f73-3803-415c-b06e-2b0622830e5d",
4.     "spec_version": "2.0",
5.     "objects": [
6.       {
7.         "type": "threat-actor",
8.         "id": "null-apt",
9.         "created": "2020-04-5T23:00:00.000Z",
10.         "modified": "2020-04-5T23:00:00.000Z",
11.         "name": "APT1",
12.         "description": "APT1 is a sample APT.",
13.         "labels": [
14.           "???"
15.         ],
16.         "roles": [
17.           "agent, ???"
18.         ],
19.         "goals": [
20.           "Compromise hosts using STARSYPOUND."
21.         ],
22.         "sophistication": "advanced",
23.         "primary_motivation": "???"
24.       },
25.       {
26.         "type": "indicator",
27.         "id": "null-ind1",
28.         "created": "2020-04-5T23:00:00.000Z",
29.         "modified": "2020-04-5T23:00:00.000Z",
30.         "name": "Malicious site",
31.         "description": "A potential callback to a C2C.",
32.         "indicator_types": [
33.           "malicious-activity"
34.       ],
35.       "pattern": "[url:value = 'http://www.ueopen.com/test.html']",
36.       "pattern_type": "stix",
37.       "valid_from": "2020-04-5T23:00:00.000Z"
38.       },
39.       {
40.         "type": "indicator",
41.         "spec_version": "2.1",
42.         "id": "null-ind2",
43.         "created": "2020-04-5T23:00:00.000Z",
44.         "modified": "2020-04-5T23:00:00.000Z",
45.         "name": "File hash for STARSYSPOUND variant.",
46.         "description": "This file hash is indicative of STARSYSPOUND presence.",
47.         "indicator_types": [
48.             "malicious-activity"
49.         ],
50.         "pattern": "[file:hashes.'MD5' = '6576C196385407B0F7F4B1B537D88983']",
51.         "pattern_type": "stix",
52.         "valid_from": "2014-02-20T09:00:00Z"
53.     },
54.     {
55.         "type": "malware",
56.         "spec_version": "2.1",
57.         "id": "null-malware",
58.         "created": "2020-04-5T23:00:00.000Z",
59.         "modified": "2020-04-5T23:00:00.000Z",
60.         "name": "STARSYPOUND",
61.         "malware_types": [
62.             "remote-access-trojan"
63.         ],
64.         "is_family": true
65.     },
66.       {
67.       "type": "relationship",
68.       "id": "null-relationship",
69.       "created": "2020-04-5T23:00:00.000Z",
70.       "modified": "2020-04-5T23:00:00.000Z",
71.       "relationship_type": "found-in",
72.       "target_ref": "null-ind1",
73.       "source_ref": "null-ind2"
74.     },
75.     {
76.         "type": "relationship",
77.         "id": "null-relationship",
78.         "created": "2020-04-5T23:00:00.000Z",
79.         "modified": "2020-04-5T23:00:00.000Z",
80.         "relationship_type": "attributed-to",
81.         "target_ref": "null-apt",
82.         "source_ref": "null-ind1"
83.       },
84.       {
85.         "type": "relationship",
86.         "id": "null-relationship",
87.         "created": "2020-04-5T23:00:00.000Z",
88.         "modified": "2020-04-5T23:00:00.000Z",
89.         "relationship_type": "attributed-to",
90.         "target_ref": "null-apt",
91.         "source_ref": "null-ind2"
92.       },
93.       {
94.         "type": "relationship",
95.         "id": "null-relationship",
96.         "created": "2020-04-5T23:00:00.000Z",
97.         "modified": "2020-04-5T23:00:00.000Z",
98.         "relationship_type": "in-family",
99.         "target_ref": "null-malware",
100.         "source_ref": "null-ind2"
101.       }
102.     ]
103.   }