{ "type": "bundle", "id": "bundle--564e4138-6e64-4a52-8388-4531950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-20T14:35:30.000Z", "modified": "2015-11-20T14:35:30.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--564e4138-6e64-4a52-8388-4531950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-20T14:35:30.000Z", "modified": "2015-11-20T14:35:30.000Z", "name": "OSINT Enrichment on OSINT - STRONTIUM: A profile of a persistent and motivated adversary", "published": "2016-07-11T14:16:30Z", "object_refs": [ "x-misp-attribute--564e445b-939c-426b-b8b1-4bdb950d210b", "indicator--564e454c-51e4-4e90-86ce-4be6950d210b", "indicator--564e454d-87e4-4829-9b8b-440a950d210b", "indicator--564e454d-a170-4182-9716-48d5950d210b", "indicator--564e454e-5b60-4c65-b4de-4f86950d210b", "indicator--564e454e-d738-4999-a484-48f2950d210b", "indicator--564e454e-ede4-4b50-93f8-47ba950d210b", "indicator--564e454f-8bcc-42a1-acc3-4a73950d210b", "indicator--564e454f-cb1c-4225-a51d-4adf950d210b", "indicator--564e4550-0c80-4a5e-bb38-4aad950d210b", "indicator--564e4550-3b20-4de7-81e9-4cfa950d210b", "indicator--564e4550-1394-4d3b-9ab5-45b9950d210b", "indicator--564e4551-9e28-43b6-aa63-4799950d210b", "indicator--564e4551-fb6c-446b-b771-4d87950d210b", "indicator--564e4552-d8dc-49dd-957f-46d8950d210b", "indicator--564e4552-b198-435b-b9a1-4b21950d210b", "indicator--564e4552-c45c-469f-983d-4fee950d210b", "indicator--564e4553-20ec-408e-b394-4f6d950d210b", "indicator--564e4553-2c6c-484f-ba52-47db950d210b", "indicator--564e4554-d370-4fd5-bbbf-48bc950d210b", "indicator--564e4554-7e24-41d0-b2b9-44c9950d210b", "indicator--564e4555-cb38-4f0d-bdc9-4a77950d210b", "indicator--564e4555-fe68-4875-ab78-4f62950d210b", "indicator--564e4555-87f4-410c-a08a-46ad950d210b", "indicator--564e4556-de54-4e82-b850-402b950d210b", "indicator--564e4556-ab40-4395-a085-469d950d210b", "indicator--564e4557-222c-41d4-8749-4e76950d210b", "indicator--564e4557-9278-4152-90db-43a3950d210b", "indicator--564e4557-80b4-42f6-9008-47da950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--564e445b-939c-426b-b8b1-4bdb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:51:23.000Z", "modified": "2015-11-19T21:51:23.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Strontium" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454c-51e4-4e90-86ce-4be6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:24.000Z", "modified": "2015-11-19T21:55:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.178.232.99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454d-87e4-4829-9b8b-440a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:25.000Z", "modified": "2015-11-19T21:55:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.74.176.167']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454d-a170-4182-9716-48d5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:25.000Z", "modified": "2015-11-19T21:55:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.172.227.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454e-5b60-4c65-b4de-4f86950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:26.000Z", "modified": "2015-11-19T21:55:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.59.111.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454e-d738-4999-a484-48f2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:26.000Z", "modified": "2015-11-19T21:55:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.254.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454e-ede4-4b50-93f8-47ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:26.000Z", "modified": "2015-11-19T21:55:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.222.136.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454f-8bcc-42a1-acc3-4a73950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:27.000Z", "modified": "2015-11-19T21:55:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.99.40.223']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e454f-cb1c-4225-a51d-4adf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:27.000Z", "modified": "2015-11-19T21:55:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.231.86.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4550-0c80-4a5e-bb38-4aad950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:28.000Z", "modified": "2015-11-19T21:55:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.197.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4550-3b20-4de7-81e9-4cfa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:28.000Z", "modified": "2015-11-19T21:55:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.82.202.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4550-1394-4d3b-9ab5-45b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:28.000Z", "modified": "2015-11-19T21:55:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.59.109.165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4551-9e28-43b6-aa63-4799950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:29.000Z", "modified": "2015-11-19T21:55:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.53.179.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4551-fb6c-446b-b771-4d87950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:29.000Z", "modified": "2015-11-19T21:55:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.99.40.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4552-d8dc-49dd-957f-46d8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:30.000Z", "modified": "2015-11-19T21:55:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.211.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4552-b198-435b-b9a1-4b21950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:30.000Z", "modified": "2015-11-19T21:55:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.125.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4552-c45c-469f-983d-4fee950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:30.000Z", "modified": "2015-11-19T21:55:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.74.223.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4553-20ec-408e-b394-4f6d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:31.000Z", "modified": "2015-11-19T21:55:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.53.179.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4553-2c6c-484f-ba52-47db950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:31.000Z", "modified": "2015-11-19T21:55:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.122.183']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4554-d370-4fd5-bbbf-48bc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:32.000Z", "modified": "2015-11-19T21:55:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.32.26.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4554-7e24-41d0-b2b9-44c9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:32.000Z", "modified": "2015-11-19T21:55:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.238.26.208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4555-cb38-4f0d-bdc9-4a77950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:33.000Z", "modified": "2015-11-19T21:55:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.158.177.102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4555-fe68-4875-ab78-4f62950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:33.000Z", "modified": "2015-11-19T21:55:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.183.217.194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4555-87f4-410c-a08a-46ad950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:33.000Z", "modified": "2015-11-19T21:55:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.63.202.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4556-de54-4e82-b850-402b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:34.000Z", "modified": "2015-11-19T21:55:34.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.168.221.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4556-ab40-4395-a085-469d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:34.000Z", "modified": "2015-11-19T21:55:34.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.136.57.160']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4557-222c-41d4-8749-4e76950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:35.000Z", "modified": "2015-11-19T21:55:35.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.68.16.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4557-9278-4152-90db-43a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:35.000Z", "modified": "2015-11-19T21:55:35.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.82.202.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--564e4557-80b4-42f6-9008-47da950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-19T21:55:35.000Z", "modified": "2015-11-19T21:55:35.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.244.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-19T21:55:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }