{ "type": "bundle", "id": "bundle--57b58ade-2da0-4f50-98b3-4846950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:11:00.000Z", "modified": "2017-06-22T20:11:00.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57b58ade-2da0-4f50-98b3-4846950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:11:00.000Z", "modified": "2017-06-22T20:11:00.000Z", "name": "OSINT Snakes in the Satellites: On-going Turla Infrastructure by PassiveTotal", "published": "2017-06-22T20:12:13Z", "object_refs": [ "observed-data--57b58af5-e464-4247-8dd6-49bf950d210f", "url--57b58af5-e464-4247-8dd6-49bf950d210f", "observed-data--57b58b24-6fa0-4635-afae-4967950d210f", "url--57b58b24-6fa0-4635-afae-4967950d210f", "observed-data--57b58b24-2e74-4f4a-bcca-4828950d210f", "url--57b58b24-2e74-4f4a-bcca-4828950d210f", "indicator--57b58b39-6908-4c93-a1a2-4ede950d210f", "indicator--57b58b39-446c-44aa-ac48-4e53950d210f", "indicator--57b58b39-b48c-421a-a961-4925950d210f", "indicator--57b58b3a-97ec-42ba-aa33-41ea950d210f", "indicator--57b58b3a-2058-4664-800c-41f4950d210f", "indicator--57b58b3a-6114-4cc2-b78c-4c3e950d210f", "indicator--57b58b3a-c77c-467c-8f1e-443e950d210f", "indicator--57b58b3a-d778-4887-ac6b-4d18950d210f", "indicator--57b58b3b-bf38-436e-91c1-412e950d210f", "indicator--57b58b3b-ed54-42b4-8c7f-45aa950d210f", "indicator--57b58b3b-9dfc-4969-ab37-48fd950d210f", "indicator--57b58b3b-4d18-45b3-a328-4523950d210f", "indicator--57b58b3b-b9b4-4bce-bfc9-436d950d210f", "indicator--57b58b3c-c184-4be0-8a4d-4122950d210f", "indicator--57b58b3c-9728-4b19-a732-4f43950d210f", "indicator--57b58b3c-d080-46a2-856f-4e22950d210f", "indicator--57b58b3c-a79c-47ad-ba73-4be3950d210f", "indicator--57b58b3c-706c-4384-bd4c-42e0950d210f", "indicator--57b58b3d-b06c-412a-b18b-4051950d210f", "indicator--57b58b3d-4450-44af-b0ca-4716950d210f", "indicator--57b58b3d-803c-4865-9cd6-4f25950d210f", "indicator--57b58b3d-21c4-44c0-a947-42b7950d210f", "indicator--57b58b4f-b4b4-41c2-88dc-4008950d210f", "indicator--57b58b5e-e504-4074-9821-4e70950d210f", "indicator--57b58b5f-1704-4cb0-b442-4f7b950d210f", "indicator--57b58b5f-bce0-45dc-b0b6-496f950d210f", "indicator--57b58b5f-493c-4c96-b4eb-4559950d210f", "indicator--57b58b5f-6ec4-47f3-8ea7-4ff0950d210f", "indicator--57b58b60-0c68-4c3f-8f92-45a0950d210f", "indicator--57b58b60-d500-4bfd-9a46-405d950d210f", "indicator--57b58b60-30a8-47d3-ada9-4ed6950d210f", "indicator--57b58b60-6ac4-4254-ae01-4cf0950d210f", "indicator--57b58b60-1f54-46de-ba85-44f7950d210f", "indicator--57b58b61-b30c-4466-89c5-44c7950d210f", "indicator--57b58b61-a974-4b66-afc7-4e00950d210f", "indicator--57b58b61-1570-455b-b88a-4f20950d210f", "indicator--57b58b61-b22c-459b-8c7e-4fa4950d210f", "indicator--57b58b62-d4e4-4611-8313-4535950d210f", "indicator--57b58b62-8e10-43cf-a6cf-47a8950d210f", "indicator--57b58b62-2750-4e56-9f2d-4e04950d210f", "indicator--57b58b62-3528-4e44-8459-4455950d210f", "indicator--57b58b63-1988-4343-a4fa-4852950d210f", "indicator--57b58b63-a5b0-4e20-b51d-4405950d210f", "indicator--57b58b63-ad58-4704-8807-4049950d210f", "indicator--57b58b63-9928-4c5a-aa35-439b950d210f", "indicator--57b58b63-57dc-4d6e-a284-458c950d210f", "indicator--57b58b64-3b7c-48bf-ba42-4d2d950d210f", "indicator--57b58b64-1d04-43bf-b310-4618950d210f", "indicator--57b58b64-6620-4096-9835-493c950d210f", "indicator--57b58b64-df98-4d09-adbb-462c950d210f", "indicator--57b58b64-1f5c-4771-9a2a-4d64950d210f", "indicator--57b58b65-51f4-4bc7-ae9a-40ab950d210f", "indicator--57b58b79-5578-4825-a05c-4377950d210f", "x-misp-attribute--57b58b88-c9f8-482e-bcfc-42f4950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "OSINT", "misp-galaxy:threat-actor=\"Turla Group\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b58af5-e464-4247-8dd6-49bf950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:16:21.000Z", "modified": "2016-08-18T10:16:21.000Z", "first_observed": "2016-08-18T10:16:21Z", "last_observed": "2016-08-18T10:16:21Z", "number_observed": 1, "object_refs": [ "url--57b58af5-e464-4247-8dd6-49bf950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57b58af5-e464-4247-8dd6-49bf950d210f", "value": "http://blog.passivetotal.org/snakes-in-the-satellites-on-going-turla-infrastructure/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b58b24-6fa0-4635-afae-4967950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:08.000Z", "modified": "2016-08-18T10:17:08.000Z", "first_observed": "2016-08-18T10:17:08Z", "last_observed": "2016-08-18T10:17:08Z", "number_observed": 1, "object_refs": [ "url--57b58b24-6fa0-4635-afae-4967950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57b58b24-6fa0-4635-afae-4967950d210f", "value": "https://www.passivetotal.org/certificate/sha1/f415844680ed9118ea74e0c7712b35044f0cc20d" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b58b24-2e74-4f4a-bcca-4828950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:08.000Z", "modified": "2016-08-18T10:17:08.000Z", "first_observed": "2016-08-18T10:17:08Z", "last_observed": "2016-08-18T10:17:08Z", "number_observed": 1, "object_refs": [ "url--57b58b24-2e74-4f4a-bcca-4828950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57b58b24-2e74-4f4a-bcca-4828950d210f", "value": "https://www.passivetotal.org/certificate/sha1/fccaea742ed154c9e512da0495a30d79a1b16afd" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b39-6908-4c93-a1a2-4ede950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:29.000Z", "modified": "2016-08-18T10:17:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.25.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b39-446c-44aa-ac48-4e53950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:29.000Z", "modified": "2016-08-18T10:17:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.103.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b39-b48c-421a-a961-4925950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:29.000Z", "modified": "2016-08-18T10:17:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.25.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3a-97ec-42ba-aa33-41ea950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:30.000Z", "modified": "2016-08-18T10:17:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3a-2058-4664-800c-41f4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:30.000Z", "modified": "2016-08-18T10:17:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3a-6114-4cc2-b78c-4c3e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:30.000Z", "modified": "2016-08-18T10:17:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.75.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3a-c77c-467c-8f1e-443e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:30.000Z", "modified": "2016-08-18T10:17:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.25.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3a-d778-4887-ac6b-4d18950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:30.000Z", "modified": "2016-08-18T10:17:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.102.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3b-bf38-436e-91c1-412e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:31.000Z", "modified": "2016-08-18T10:17:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.56.130.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3b-ed54-42b4-8c7f-45aa950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:31.000Z", "modified": "2016-08-18T10:17:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.199.160.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3b-9dfc-4969-ab37-48fd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:31.000Z", "modified": "2016-08-18T10:17:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3b-4d18-45b3-a328-4523950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:31.000Z", "modified": "2016-08-18T10:17:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.102.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3b-b9b4-4bce-bfc9-436d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:31.000Z", "modified": "2016-08-18T10:17:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.3.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3c-c184-4be0-8a4d-4122950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:32.000Z", "modified": "2016-08-18T10:17:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.102.110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3c-9728-4b19-a732-4f43950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:32.000Z", "modified": "2016-08-18T10:17:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3c-d080-46a2-856f-4e22950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:32.000Z", "modified": "2016-08-18T10:17:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3c-a79c-47ad-ba73-4be3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:32.000Z", "modified": "2016-08-18T10:17:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3c-706c-4384-bd4c-42e0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:32.000Z", "modified": "2016-08-18T10:17:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.103.140']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3d-b06c-412a-b18b-4051950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:33.000Z", "modified": "2016-08-18T10:17:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3d-4450-44af-b0ca-4716950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:33.000Z", "modified": "2016-08-18T10:17:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.206']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3d-803c-4865-9cd6-4f25950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:33.000Z", "modified": "2016-08-18T10:17:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b3d-21c4-44c0-a947-42b7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:33.000Z", "modified": "2016-08-18T10:17:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.199.118.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b4f-b4b4-41c2-88dc-4008950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:17:51.000Z", "modified": "2016-08-18T10:17:51.000Z", "pattern": "[x509-certificate:hashes.SHA1 = 'fccaea742ed154c9e512da0495a30d79a1b16afd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:17:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Attribution" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b5e-e504-4074-9821-4e70950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:06.000Z", "modified": "2016-08-18T10:18:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b5f-1704-4cb0-b442-4f7b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:07.000Z", "modified": "2016-08-18T10:18:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b5f-bce0-45dc-b0b6-496f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:07.000Z", "modified": "2016-08-18T10:18:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b5f-493c-4c96-b4eb-4559950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:07.000Z", "modified": "2016-08-18T10:18:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b5f-6ec4-47f3-8ea7-4ff0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:07.000Z", "modified": "2016-08-18T10:18:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b60-0c68-4c3f-8f92-45a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:08.000Z", "modified": "2016-08-18T10:18:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.220.55.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b60-d500-4bfd-9a46-405d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:08.000Z", "modified": "2016-08-18T10:18:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b60-30a8-47d3-ada9-4ed6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:08.000Z", "modified": "2016-08-18T10:18:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b60-6ac4-4254-ae01-4cf0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:08.000Z", "modified": "2016-08-18T10:18:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b60-1f54-46de-ba85-44f7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:08.000Z", "modified": "2016-08-18T10:18:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b61-b30c-4466-89c5-44c7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:09.000Z", "modified": "2016-08-18T10:18:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b61-a974-4b66-afc7-4e00950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:09.000Z", "modified": "2016-08-18T10:18:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.246.76.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b61-1570-455b-b88a-4f20950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:09.000Z", "modified": "2016-08-18T10:18:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b61-b22c-459b-8c7e-4fa4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:09.000Z", "modified": "2016-08-18T10:18:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b62-d4e4-4611-8313-4535950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:10.000Z", "modified": "2016-08-18T10:18:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b62-8e10-43cf-a6cf-47a8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:10.000Z", "modified": "2016-08-18T10:18:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b62-2750-4e56-9f2d-4e04950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:10.000Z", "modified": "2016-08-18T10:18:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.149.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b62-3528-4e44-8459-4455950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:10.000Z", "modified": "2016-08-18T10:18:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.220.30.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b63-1988-4343-a4fa-4852950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:11.000Z", "modified": "2016-08-18T10:18:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.246.78.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b63-a5b0-4e20-b51d-4405950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:11.000Z", "modified": "2016-08-18T10:18:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.62.221.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b63-ad58-4704-8807-4049950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:11.000Z", "modified": "2016-08-18T10:18:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b63-9928-4c5a-aa35-439b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:11.000Z", "modified": "2016-08-18T10:18:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.209.133.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b63-57dc-4d6e-a284-458c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:11.000Z", "modified": "2016-08-18T10:18:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.36.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b64-3b7c-48bf-ba42-4d2d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:12.000Z", "modified": "2016-08-18T10:18:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b64-1d04-43bf-b310-4618950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:12.000Z", "modified": "2016-08-18T10:18:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b64-6620-4096-9835-493c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:12.000Z", "modified": "2016-08-18T10:18:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b64-df98-4d09-adbb-462c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:12.000Z", "modified": "2016-08-18T10:18:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.203.79.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b64-1f5c-4771-9a2a-4d64950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:12.000Z", "modified": "2016-08-18T10:18:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.73.187.223']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b65-51f4-4bc7-ae9a-40ab950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:13.000Z", "modified": "2016-08-18T10:18:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b58b79-5578-4825-a05c-4377950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:33.000Z", "modified": "2016-08-18T10:18:33.000Z", "pattern": "[x509-certificate:hashes.SHA1 = 'f415844680ed9118ea74e0c7712b35044f0cc20d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T10:18:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Attribution" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--57b58b88-c9f8-482e-bcfc-42f4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-08-18T10:18:48.000Z", "modified": "2016-08-18T10:18:48.000Z", "labels": [ "misp:type=\"threat-actor\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "threat-actor", "x_misp_value": "Turla" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }