adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56bf4797-aaf4-4e08-ab5f-6cf102de0b81.json

1053 lines
No EOL
44 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--56bf4797-aaf4-4e08-ab5f-6cf102de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-16T10:36:34.000Z",
"modified": "2016-02-16T10:36:34.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56bf4797-aaf4-4e08-ab5f-6cf102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-16T10:36:34.000Z",
"modified": "2016-02-16T10:36:34.000Z",
"name": "OSINT - Turla - Harnessing SSL Certificates Using Infrastructure Chaining",
"published": "2016-02-29T09:22:55Z",
"object_refs": [
"observed-data--56bf47b1-a480-4f4c-b51e-6cf302de0b81",
"url--56bf47b1-a480-4f4c-b51e-6cf302de0b81",
"indicator--56bf47ce-9408-4be2-b1f1-4a7e02de0b81",
"indicator--56bf47ce-7a38-4646-9e20-4a4802de0b81",
"indicator--56bf47ce-fd88-48ff-89b3-4b6e02de0b81",
"indicator--56bf47cf-4a8c-4f7e-bb54-4ff502de0b81",
"indicator--56bf47cf-c7ac-4e9d-aafc-426c02de0b81",
"indicator--56bf47cf-0eec-4450-bf9a-407702de0b81",
"indicator--56bf47cf-c290-46d7-80bb-424402de0b81",
"indicator--56bf47d0-d180-453e-b465-438402de0b81",
"indicator--56bf47d0-f90c-4550-9f18-479a02de0b81",
"indicator--56bf47d0-906c-4350-9fcc-4b0002de0b81",
"indicator--56bf47e6-bf18-42f0-97aa-6cf202de0b81",
"indicator--56bf47e8-50d0-46b5-b1bb-6cf202de0b81",
"indicator--56bf47e8-f8d8-4498-8844-6cf202de0b81",
"indicator--56bf47e9-debc-47cd-b05b-6cf202de0b81",
"indicator--56bf47e9-6574-436a-a15f-6cf202de0b81",
"indicator--56bf47e9-6f98-4861-889c-6cf202de0b81",
"indicator--56bf47ea-8778-4212-bfc3-6cf202de0b81",
"indicator--56bf47ea-5ae0-444d-9981-6cf202de0b81",
"indicator--56bf47ea-e64c-47d2-a5b5-6cf202de0b81",
"indicator--56bf47eb-5afc-4b77-a1a8-6cf202de0b81",
"indicator--56bf47eb-dc6c-46a9-9320-6cf202de0b81",
"indicator--56bf47eb-9b38-4c8d-9839-6cf202de0b81",
"indicator--56bf47ec-7348-41ed-9136-6cf202de0b81",
"indicator--56bf47ec-98b8-4ef1-ac54-6cf202de0b81",
"indicator--56bf47ec-f608-44c6-b46a-6cf202de0b81",
"indicator--56bf47ed-734c-4275-ba91-6cf202de0b81",
"indicator--56bf47ed-bae8-4120-a550-6cf202de0b81",
"indicator--56bf47ed-a55c-4289-9e7e-6cf202de0b81",
"indicator--56bf47ee-9ef8-411a-8317-6cf202de0b81",
"indicator--56bf47ee-5aa0-42a2-b509-6cf202de0b81",
"indicator--56bf47ee-63a8-43ed-927b-6cf202de0b81",
"indicator--56bf47ef-2cb8-4b68-990c-6cf202de0b81",
"indicator--56bf47ef-30d0-4a1f-bdcc-6cf202de0b81",
"indicator--56bf47ef-113c-48d4-b593-6cf202de0b81",
"indicator--56bf47f0-67c0-4232-acad-6cf202de0b81",
"indicator--56bf47f0-f9d0-45e1-a374-6cf202de0b81",
"indicator--56bf47f0-3650-46bc-b9e7-6cf202de0b81",
"indicator--56bf5021-3dac-4cbd-9927-6cf502de0b81",
"x-misp-attribute--56c1930e-8fc8-4167-950b-4989950d210f",
"x-misp-attribute--56c192ee-73d8-4bd5-9b37-47af950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56bf47b1-a480-4f4c-b51e-6cf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:11:45.000Z",
"modified": "2016-02-13T15:11:45.000Z",
"first_observed": "2016-02-13T15:11:45Z",
"last_observed": "2016-02-13T15:11:45Z",
"number_observed": 1,
"object_refs": [
"url--56bf47b1-a480-4f4c-b51e-6cf302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56bf47b1-a480-4f4c-b51e-6cf302de0b81",
"value": "http://blog.passivetotal.org/harnessing-ssl-certificates-using-infrastructure-chaining/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ce-9408-4be2-b1f1-4a7e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:14.000Z",
"modified": "2016-02-13T15:12:14.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'trytowin.ignorelist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ce-7a38-4646-9e20-4a4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:14.000Z",
"modified": "2016-02-13T15:12:14.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'treesofter.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ce-fd88-48ff-89b3-4b6e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:14.000Z",
"modified": "2016-02-13T15:12:14.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'sportinfo.yourtrap.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47cf-4a8c-4f7e-bb54-4ff502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:15.000Z",
"modified": "2016-02-13T15:12:15.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'profound.zzux.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47cf-c7ac-4e9d-aafc-426c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:15.000Z",
"modified": "2016-02-13T15:12:15.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'badget.ignorelist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47cf-0eec-4450-bf9a-407702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:15.000Z",
"modified": "2016-02-13T15:12:15.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'norwaynews.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47cf-c290-46d7-80bb-424402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:15.000Z",
"modified": "2016-02-13T15:12:15.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'dellservice.publicvm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47d0-d180-453e-b465-438402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:16.000Z",
"modified": "2016-02-13T15:12:16.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'priceline.publicvm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47d0-f90c-4550-9f18-479a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:16.000Z",
"modified": "2016-02-13T15:12:16.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'forumgeek.zzux.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47d0-906c-4350-9fcc-4b0002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:16.000Z",
"modified": "2016-02-13T15:12:16.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'mouses.strangled.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e6-bf18-42f0-97aa-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:38.000Z",
"modified": "2016-02-13T15:12:38.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e8-50d0-46b5-b1bb-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:40.000Z",
"modified": "2016-02-13T15:12:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e8-f8d8-4498-8844-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:40.000Z",
"modified": "2016-02-13T15:12:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e9-debc-47cd-b05b-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:41.000Z",
"modified": "2016-02-13T15:12:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.220.55.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e9-6574-436a-a15f-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:41.000Z",
"modified": "2016-02-13T15:12:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47e9-6f98-4861-889c-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:41.000Z",
"modified": "2016-02-13T15:12:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.152']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ea-8778-4212-bfc3-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:42.000Z",
"modified": "2016-02-13T15:12:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ea-5ae0-444d-9981-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:42.000Z",
"modified": "2016-02-13T15:12:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ea-e64c-47d2-a5b5-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:42.000Z",
"modified": "2016-02-13T15:12:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47eb-5afc-4b77-a1a8-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:43.000Z",
"modified": "2016-02-13T15:12:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47eb-dc6c-46a9-9320-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:43.000Z",
"modified": "2016-02-13T15:12:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.75.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47eb-9b38-4c8d-9839-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:43.000Z",
"modified": "2016-02-13T15:12:43.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.246.76.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ec-7348-41ed-9136-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:44.000Z",
"modified": "2016-02-13T15:12:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ec-98b8-4ef1-ac54-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:44.000Z",
"modified": "2016-02-13T15:12:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ec-f608-44c6-b46a-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:44.000Z",
"modified": "2016-02-13T15:12:44.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ed-734c-4275-ba91-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:45.000Z",
"modified": "2016-02-13T15:12:45.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ed-bae8-4120-a550-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:45.000Z",
"modified": "2016-02-13T15:12:45.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.149.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ed-a55c-4289-9e7e-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:45.000Z",
"modified": "2016-02-13T15:12:45.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ee-9ef8-411a-8317-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:46.000Z",
"modified": "2016-02-13T15:12:46.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ee-5aa0-42a2-b509-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:46.000Z",
"modified": "2016-02-13T15:12:46.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ee-63a8-43ed-927b-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:46.000Z",
"modified": "2016-02-13T15:12:46.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.36.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ef-2cb8-4b68-990c-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:47.000Z",
"modified": "2016-02-13T15:12:47.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ef-30d0-4a1f-bdcc-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:47.000Z",
"modified": "2016-02-13T15:12:47.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47ef-113c-48d4-b593-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:47.000Z",
"modified": "2016-02-13T15:12:47.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47f0-67c0-4232-acad-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:48.000Z",
"modified": "2016-02-13T15:12:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.203.79.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47f0-f9d0-45e1-a374-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:48.000Z",
"modified": "2016-02-13T15:12:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.73.187.223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf47f0-3650-46bc-b9e7-6cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-13T15:12:48.000Z",
"modified": "2016-02-13T15:12:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-13T15:12:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56bf5021-3dac-4cbd-9927-6cf502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-16T10:36:34.000Z",
"modified": "2016-02-16T10:36:34.000Z",
"pattern": "[x509-certificate:hashes.SHA1 = 'f415844680ed9118ea74e0c7712b35044f0cc20d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-16T10:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"x509-fingerprint-sha1\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56c1930e-8fc8-4167-950b-4989950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-15T08:57:50.000Z",
"modified": "2016-02-15T08:57:50.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Turla"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56c192ee-73d8-4bd5-9b37-47af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-15T08:57:18.000Z",
"modified": "2016-02-15T08:57:18.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Turla"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink