{ "type": "bundle", "id": "bundle--56bf4797-aaf4-4e08-ab5f-6cf102de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-16T10:36:34.000Z", "modified": "2016-02-16T10:36:34.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56bf4797-aaf4-4e08-ab5f-6cf102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-16T10:36:34.000Z", "modified": "2016-02-16T10:36:34.000Z", "name": "OSINT - Turla - Harnessing SSL Certificates Using Infrastructure Chaining", "published": "2016-02-29T09:22:55Z", "object_refs": [ "observed-data--56bf47b1-a480-4f4c-b51e-6cf302de0b81", "url--56bf47b1-a480-4f4c-b51e-6cf302de0b81", "indicator--56bf47ce-9408-4be2-b1f1-4a7e02de0b81", "indicator--56bf47ce-7a38-4646-9e20-4a4802de0b81", "indicator--56bf47ce-fd88-48ff-89b3-4b6e02de0b81", "indicator--56bf47cf-4a8c-4f7e-bb54-4ff502de0b81", "indicator--56bf47cf-c7ac-4e9d-aafc-426c02de0b81", "indicator--56bf47cf-0eec-4450-bf9a-407702de0b81", "indicator--56bf47cf-c290-46d7-80bb-424402de0b81", "indicator--56bf47d0-d180-453e-b465-438402de0b81", "indicator--56bf47d0-f90c-4550-9f18-479a02de0b81", "indicator--56bf47d0-906c-4350-9fcc-4b0002de0b81", "indicator--56bf47e6-bf18-42f0-97aa-6cf202de0b81", "indicator--56bf47e8-50d0-46b5-b1bb-6cf202de0b81", "indicator--56bf47e8-f8d8-4498-8844-6cf202de0b81", "indicator--56bf47e9-debc-47cd-b05b-6cf202de0b81", "indicator--56bf47e9-6574-436a-a15f-6cf202de0b81", "indicator--56bf47e9-6f98-4861-889c-6cf202de0b81", "indicator--56bf47ea-8778-4212-bfc3-6cf202de0b81", "indicator--56bf47ea-5ae0-444d-9981-6cf202de0b81", "indicator--56bf47ea-e64c-47d2-a5b5-6cf202de0b81", "indicator--56bf47eb-5afc-4b77-a1a8-6cf202de0b81", "indicator--56bf47eb-dc6c-46a9-9320-6cf202de0b81", "indicator--56bf47eb-9b38-4c8d-9839-6cf202de0b81", "indicator--56bf47ec-7348-41ed-9136-6cf202de0b81", "indicator--56bf47ec-98b8-4ef1-ac54-6cf202de0b81", "indicator--56bf47ec-f608-44c6-b46a-6cf202de0b81", "indicator--56bf47ed-734c-4275-ba91-6cf202de0b81", "indicator--56bf47ed-bae8-4120-a550-6cf202de0b81", "indicator--56bf47ed-a55c-4289-9e7e-6cf202de0b81", "indicator--56bf47ee-9ef8-411a-8317-6cf202de0b81", "indicator--56bf47ee-5aa0-42a2-b509-6cf202de0b81", "indicator--56bf47ee-63a8-43ed-927b-6cf202de0b81", "indicator--56bf47ef-2cb8-4b68-990c-6cf202de0b81", "indicator--56bf47ef-30d0-4a1f-bdcc-6cf202de0b81", "indicator--56bf47ef-113c-48d4-b593-6cf202de0b81", "indicator--56bf47f0-67c0-4232-acad-6cf202de0b81", "indicator--56bf47f0-f9d0-45e1-a374-6cf202de0b81", "indicator--56bf47f0-3650-46bc-b9e7-6cf202de0b81", "indicator--56bf5021-3dac-4cbd-9927-6cf502de0b81", "x-misp-attribute--56c1930e-8fc8-4167-950b-4989950d210f", "x-misp-attribute--56c192ee-73d8-4bd5-9b37-47af950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56bf47b1-a480-4f4c-b51e-6cf302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:11:45.000Z", "modified": "2016-02-13T15:11:45.000Z", "first_observed": "2016-02-13T15:11:45Z", "last_observed": "2016-02-13T15:11:45Z", "number_observed": 1, "object_refs": [ "url--56bf47b1-a480-4f4c-b51e-6cf302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56bf47b1-a480-4f4c-b51e-6cf302de0b81", "value": "http://blog.passivetotal.org/harnessing-ssl-certificates-using-infrastructure-chaining/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ce-9408-4be2-b1f1-4a7e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:14.000Z", "modified": "2016-02-13T15:12:14.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'trytowin.ignorelist.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ce-7a38-4646-9e20-4a4802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:14.000Z", "modified": "2016-02-13T15:12:14.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'treesofter.mooo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ce-fd88-48ff-89b3-4b6e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:14.000Z", "modified": "2016-02-13T15:12:14.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'sportinfo.yourtrap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47cf-4a8c-4f7e-bb54-4ff502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:15.000Z", "modified": "2016-02-13T15:12:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'profound.zzux.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47cf-c7ac-4e9d-aafc-426c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:15.000Z", "modified": "2016-02-13T15:12:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'badget.ignorelist.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47cf-0eec-4450-bf9a-407702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:15.000Z", "modified": "2016-02-13T15:12:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'norwaynews.mooo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47cf-c290-46d7-80bb-424402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:15.000Z", "modified": "2016-02-13T15:12:15.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'dellservice.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47d0-d180-453e-b465-438402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:16.000Z", "modified": "2016-02-13T15:12:16.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'priceline.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47d0-f90c-4550-9f18-479a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:16.000Z", "modified": "2016-02-13T15:12:16.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'forumgeek.zzux.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47d0-906c-4350-9fcc-4b0002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:16.000Z", "modified": "2016-02-13T15:12:16.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'mouses.strangled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e6-bf18-42f0-97aa-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:38.000Z", "modified": "2016-02-13T15:12:38.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e8-50d0-46b5-b1bb-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:40.000Z", "modified": "2016-02-13T15:12:40.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e8-f8d8-4498-8844-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:40.000Z", "modified": "2016-02-13T15:12:40.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e9-debc-47cd-b05b-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:41.000Z", "modified": "2016-02-13T15:12:41.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.220.55.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e9-6574-436a-a15f-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:41.000Z", "modified": "2016-02-13T15:12:41.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47e9-6f98-4861-889c-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:41.000Z", "modified": "2016-02-13T15:12:41.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ea-8778-4212-bfc3-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:42.000Z", "modified": "2016-02-13T15:12:42.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ea-5ae0-444d-9981-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:42.000Z", "modified": "2016-02-13T15:12:42.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ea-e64c-47d2-a5b5-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:42.000Z", "modified": "2016-02-13T15:12:42.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47eb-5afc-4b77-a1a8-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:43.000Z", "modified": "2016-02-13T15:12:43.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47eb-dc6c-46a9-9320-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:43.000Z", "modified": "2016-02-13T15:12:43.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.75.141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47eb-9b38-4c8d-9839-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:43.000Z", "modified": "2016-02-13T15:12:43.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.246.76.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ec-7348-41ed-9136-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:44.000Z", "modified": "2016-02-13T15:12:44.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ec-98b8-4ef1-ac54-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:44.000Z", "modified": "2016-02-13T15:12:44.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ec-f608-44c6-b46a-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:44.000Z", "modified": "2016-02-13T15:12:44.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ed-734c-4275-ba91-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:45.000Z", "modified": "2016-02-13T15:12:45.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ed-bae8-4120-a550-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:45.000Z", "modified": "2016-02-13T15:12:45.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.149.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ed-a55c-4289-9e7e-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:45.000Z", "modified": "2016-02-13T15:12:45.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ee-9ef8-411a-8317-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:46.000Z", "modified": "2016-02-13T15:12:46.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ee-5aa0-42a2-b509-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:46.000Z", "modified": "2016-02-13T15:12:46.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ee-63a8-43ed-927b-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:46.000Z", "modified": "2016-02-13T15:12:46.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.36.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ef-2cb8-4b68-990c-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:47.000Z", "modified": "2016-02-13T15:12:47.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ef-30d0-4a1f-bdcc-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:47.000Z", "modified": "2016-02-13T15:12:47.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47ef-113c-48d4-b593-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:47.000Z", "modified": "2016-02-13T15:12:47.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47f0-67c0-4232-acad-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:48.000Z", "modified": "2016-02-13T15:12:48.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.203.79.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47f0-f9d0-45e1-a374-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:48.000Z", "modified": "2016-02-13T15:12:48.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.73.187.223']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf47f0-3650-46bc-b9e7-6cf202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-13T15:12:48.000Z", "modified": "2016-02-13T15:12:48.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-13T15:12:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56bf5021-3dac-4cbd-9927-6cf502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-16T10:36:34.000Z", "modified": "2016-02-16T10:36:34.000Z", "pattern": "[x509-certificate:hashes.SHA1 = 'f415844680ed9118ea74e0c7712b35044f0cc20d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-16T10:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--56c1930e-8fc8-4167-950b-4989950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-15T08:57:50.000Z", "modified": "2016-02-15T08:57:50.000Z", "labels": [ "misp:type=\"threat-actor\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "threat-actor", "x_misp_value": "Turla" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--56c192ee-73d8-4bd5-9b37-47af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-15T08:57:18.000Z", "modified": "2016-02-15T08:57:18.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Turla" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }