{ "type": "bundle", "id": "bundle--55bb3422-c610-4b66-aa54-4533950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:41.000Z", "modified": "2015-07-31T08:40:41.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55bb3422-c610-4b66-aa54-4533950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:41.000Z", "modified": "2015-07-31T08:40:41.000Z", "name": "OSINT Angler's best friends by SANS ISC Diary", "published": "2015-07-31T09:12:05Z", "object_refs": [ "observed-data--55bb3433-f880-4cde-92de-42af950d210b", "url--55bb3433-f880-4cde-92de-42af950d210b", "indicator--55bb3449-07b8-46ca-914a-468e950d210b", "indicator--55bb3449-5030-426e-9922-4ee4950d210b", "indicator--55bb3449-a088-49f3-81f9-4f08950d210b", "indicator--55bb3449-6ed4-4535-9abc-45a1950d210b", "indicator--55bb344a-d914-47a7-a818-4d69950d210b", "indicator--55bb344a-ba18-4092-8a61-4e26950d210b", "indicator--55bb344a-4ff0-4637-b379-4a88950d210b", "indicator--55bb344a-bc58-42fa-8efc-487a950d210b", "indicator--55bb344a-fbf8-4b51-ae7e-4d39950d210b", "indicator--55bb344a-6d84-41dd-b3c8-4878950d210b", "indicator--55bb344a-3fa8-4b20-9f00-416a950d210b", "indicator--55bb344b-216c-4ca8-a4bd-46d7950d210b", "indicator--55bb344b-8cb0-42e9-8aeb-447e950d210b", "indicator--55bb344b-2dc0-4b12-a36e-479d950d210b", "indicator--55bb344b-c82c-491f-8bb1-4aec950d210b", "indicator--55bb344b-8198-4ee3-a21b-491f950d210b", "indicator--55bb344b-1e38-4e4b-94a7-4d10950d210b", "indicator--55bb344b-6428-4bcc-9fdd-47c3950d210b", "indicator--55bb344c-95a4-42bf-9598-48d2950d210b", "indicator--55bb3486-c200-4ad6-88bd-49e2950d210b", "indicator--55bb3486-13c0-4acc-b1d6-4e09950d210b", "indicator--55bb3487-34bc-4922-990a-4d12950d210b", "indicator--55bb3487-2894-44f2-af41-405c950d210b", "indicator--55bb3487-4638-4383-ba51-482a950d210b", "indicator--55bb3487-2e80-4a7f-806b-4242950d210b", "indicator--55bb3487-d9d0-4d55-b4c8-4b05950d210b", "indicator--55bb3487-3954-497e-84ff-48e2950d210b", "indicator--55bb3487-f4ac-492e-a677-433d950d210b", "indicator--55bb3488-680c-4bc6-b732-4d22950d210b", "indicator--55bb3488-38dc-4270-891e-4077950d210b", "indicator--55bb3488-e6d4-4c22-8629-4128950d210b", "indicator--55bb3488-f10c-48e1-999d-41fc950d210b", "indicator--55bb3488-8604-48da-ac56-4b17950d210b", "indicator--55bb3488-b9f4-43cc-be29-45b3950d210b", "indicator--55bb3488-f18c-4459-ba59-4984950d210b", "indicator--55bb3489-77e8-47db-8ccc-476b950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55bb3433-f880-4cde-92de-42af950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:15.000Z", "modified": "2015-07-31T08:39:15.000Z", "first_observed": "2015-07-31T08:39:15Z", "last_observed": "2015-07-31T08:39:15Z", "number_observed": 1, "object_refs": [ "url--55bb3433-f880-4cde-92de-42af950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55bb3433-f880-4cde-92de-42af950d210b", "value": "https://isc.sans.edu/forums/diary/Anglers+best+friends/19959/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3449-07b8-46ca-914a-468e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:37.000Z", "modified": "2015-07-31T08:39:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.167.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3449-5030-426e-9922-4ee4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:37.000Z", "modified": "2015-07-31T08:39:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.167.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3449-a088-49f3-81f9-4f08950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:37.000Z", "modified": "2015-07-31T08:39:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.245.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3449-6ed4-4535-9abc-45a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:37.000Z", "modified": "2015-07-31T08:39:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.245.140']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-d914-47a7-a818-4d69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.245.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-ba18-4092-8a61-4e26950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.190.134.189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-4ff0-4637-b379-4a88950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.48.58.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-bc58-42fa-8efc-487a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.190.134.188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-fbf8-4b51-ae7e-4d39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.190.134.190']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-6d84-41dd-b3c8-4878950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.90.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344a-3fa8-4b20-9f00-416a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:38.000Z", "modified": "2015-07-31T08:39:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.64.156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-216c-4ca8-a4bd-46d7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.116.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-8cb0-42e9-8aeb-447e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.43.223.165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-2dc0-4b12-a36e-479d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.116.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-c82c-491f-8bb1-4aec950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.245.213.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-8198-4ee3-a21b-491f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.86.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-1e38-4e4b-94a7-4d10950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.64.158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344b-6428-4bcc-9fdd-47c3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:39.000Z", "modified": "2015-07-31T08:39:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.245.213.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb344c-95a4-42bf-9598-48d2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:39:40.000Z", "modified": "2015-07-31T08:39:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.43.223.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3486-c200-4ad6-88bd-49e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:38.000Z", "modified": "2015-07-31T08:40:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.96.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3486-13c0-4acc-b1d6-4e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:38.000Z", "modified": "2015-07-31T08:40:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.167.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-34bc-4922-990a-4d12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.167.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-2894-44f2-af41-405c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.167.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-4638-4383-ba51-482a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.245.139']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-2e80-4a7f-806b-4242950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.63.173.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-d9d0-4d55-b4c8-4b05950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.48.58.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-3954-497e-84ff-48e2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.190.51.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3487-f4ac-492e-a677-433d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:39.000Z", "modified": "2015-07-31T08:40:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.190.51.214']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-680c-4bc6-b732-4d22950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.144.244.147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-38dc-4270-891e-4077950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.144.244.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-e6d4-4c22-8629-4128950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.4.213.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-f10c-48e1-999d-41fc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.79.85.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-8604-48da-ac56-4b17950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '63.143.53.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-b9f4-43cc-be29-45b3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.162.73.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3488-f18c-4459-ba59-4984950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:40.000Z", "modified": "2015-07-31T08:40:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.217.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3489-77e8-47db-8ccc-476b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:40:41.000Z", "modified": "2015-07-31T08:40:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.237.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:40:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }