misp-circl-feed/feeds/circl/stix-2.1/56c18ccb-4c10-49ee-bf65-4b54950d210f.json

{
    "type": "bundle",
    "id": "bundle--56c18ccb-4c10-49ee-bf65-4b54950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2017-06-22T20:13:45.000Z",
            "modified": "2017-06-22T20:13:45.000Z",
            "name": "CthulhuSPRL.be",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--56c18ccb-4c10-49ee-bf65-4b54950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2017-06-22T20:13:45.000Z",
            "modified": "2017-06-22T20:13:45.000Z",
            "name": "Additional IPs for Turla/Uroburos from CIRCL Passive SSL",
            "published": "2017-06-22T20:14:23Z",
            "object_refs": [
                "indicator--56c18d0a-3044-4a60-851e-4aad950d210f",
                "indicator--56c18d0a-85b8-47d7-b18e-4571950d210f",
                "indicator--56c18d0a-8ebc-4383-8e80-4ffb950d210f",
                "indicator--56c18d0b-4234-4cdc-90d3-41f8950d210f",
                "indicator--56c18d0b-25ec-4494-b7ce-4d59950d210f",
                "indicator--56c18d0b-3198-4b66-9b4e-49cb950d210f",
                "indicator--56c18d0c-2774-40fe-94bd-4668950d210f",
                "indicator--56c18d0c-8cc8-4764-aa30-4e2c950d210f",
                "indicator--56c18d0c-8620-44a9-acce-4b0a950d210f",
                "indicator--56c18d0d-eec8-4f07-928c-41d5950d210f",
                "indicator--56c18d0d-ed24-4783-bcaf-48b1950d210f",
                "indicator--56c18d0d-8c50-4300-92b4-456c950d210f",
                "indicator--56c18d0e-5834-491e-b8bf-4caf950d210f",
                "indicator--56c18d0e-b86c-41cf-9917-47c2950d210f",
                "indicator--56c18d0e-8bcc-42a5-a11a-4801950d210f",
                "indicator--56c18d0e-d274-485d-b855-402b950d210f",
                "indicator--56c18d0f-4ffc-4160-8c0c-435d950d210f",
                "indicator--56c18d0f-2cf8-4a49-a84d-411a950d210f",
                "indicator--56c18d0f-39dc-4ea2-b99f-4460950d210f",
                "indicator--56c18d10-41f4-49eb-8644-44da950d210f",
                "indicator--56c18d10-b688-477c-93be-47a8950d210f",
                "indicator--56c18d10-9e50-4c2d-ace2-41d3950d210f",
                "indicator--56c18d10-bed4-40bb-800b-4f50950d210f",
                "indicator--56c18d11-2cbc-49fc-8277-432c950d210f",
                "indicator--56c18d11-cea8-4af3-bddc-4557950d210f",
                "indicator--56c18d11-d9a0-4c9e-ac83-40b7950d210f",
                "indicator--56c18d12-9a4c-4346-87db-46db950d210f",
                "indicator--56c18d12-25c8-4479-a395-488b950d210f",
                "indicator--56c18d12-d7f4-44b9-8b1a-4cf9950d210f",
                "indicator--56c18d12-6cd8-4eed-a84f-47cb950d210f",
                "indicator--56c18d13-c59c-4e66-8720-4ddc950d210f",
                "indicator--56c18d13-7228-4aa5-bf37-4a65950d210f",
                "indicator--56c18d13-4594-426f-bbae-4244950d210f",
                "indicator--56c18d13-f7ec-4b92-a29d-42ed950d210f",
                "indicator--56c18d14-99fc-41d8-8bf9-48dc950d210f",
                "indicator--56c18d14-91e8-4402-9d1a-4013950d210f",
                "observed-data--56c18d35-4654-4518-9bfa-468b950d210f",
                "url--56c18d35-4654-4518-9bfa-468b950d210f",
                "observed-data--56c18d35-bad0-4968-baf4-4da0950d210f",
                "url--56c18d35-bad0-4968-baf4-4da0950d210f",
                "indicator--56c192b4-cbf0-4bf1-9ac8-48e7950d210f",
                "x-misp-attribute--56c192fc-3ccc-48e7-b8c2-4b18950d210f",
                "x-misp-attribute--56c19315-7a94-421a-8066-4523950d210f"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:threat-actor=\"Turla Group\""
            ],
            "object_marking_refs": [
                "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0a-3044-4a60-851e-4aad950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:10.000Z",
            "modified": "2016-02-15T08:32:10.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.29']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0a-85b8-47d7-b18e-4571950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:10.000Z",
            "modified": "2016-02-15T08:32:10.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.103.133']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0a-8ebc-4383-8e80-4ffb950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:10.000Z",
            "modified": "2016-02-15T08:32:10.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.222']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:10Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0b-4234-4cdc-90d3-41f8950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:11.000Z",
            "modified": "2016-02-15T08:32:11.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.25.29']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0b-25ec-4494-b7ce-4d59950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:11.000Z",
            "modified": "2016-02-15T08:32:11.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.240']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0b-3198-4b66-9b4e-49cb950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:11.000Z",
            "modified": "2016-02-15T08:32:11.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.179']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0c-2774-40fe-94bd-4668950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:12.000Z",
            "modified": "2016-02-15T08:32:12.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.220.55.6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0c-8cc8-4764-aa30-4e2c950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:12.000Z",
            "modified": "2016-02-15T08:32:12.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.212']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0c-8620-44a9-acce-4b0a950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:12.000Z",
            "modified": "2016-02-15T08:32:12.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.152']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0d-eec8-4f07-928c-41d5950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:13.000Z",
            "modified": "2016-02-15T08:32:13.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.33']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0d-ed24-4783-bcaf-48b1950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:13.000Z",
            "modified": "2016-02-15T08:32:13.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.174.40']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0d-8c50-4300-92b4-456c950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:13.000Z",
            "modified": "2016-02-15T08:32:13.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.209.133.125']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0e-5834-491e-b8bf-4caf950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:14.000Z",
            "modified": "2016-02-15T08:32:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.52']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0e-b86c-41cf-9917-47c2950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:14.000Z",
            "modified": "2016-02-15T08:32:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.48']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0e-8bcc-42a5-a11a-4801950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:14.000Z",
            "modified": "2016-02-15T08:32:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.75.141']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0e-d274-485d-b855-402b950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:14.000Z",
            "modified": "2016-02-15T08:32:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.246.76.19']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0f-4ffc-4160-8c0c-435d950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:15.000Z",
            "modified": "2016-02-15T08:32:15.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.239.79.125']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0f-2cf8-4a49-a84d-411a950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:15.000Z",
            "modified": "2016-02-15T08:32:15.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.31']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d0f-39dc-4ea2-b99f-4460950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:15.000Z",
            "modified": "2016-02-15T08:32:15.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.102.246']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d10-41f4-49eb-8644-44da950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:16.000Z",
            "modified": "2016-02-15T08:32:16.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.235']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d10-b688-477c-93be-47a8950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:16.000Z",
            "modified": "2016-02-15T08:32:16.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.58']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d10-9e50-4c2d-ace2-41d3950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:16.000Z",
            "modified": "2016-02-15T08:32:16.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.149.111']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d10-bed4-40bb-800b-4f50950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:16.000Z",
            "modified": "2016-02-15T08:32:16.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.102.110']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d11-2cbc-49fc-8277-432c950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:17.000Z",
            "modified": "2016-02-15T08:32:17.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.100.122']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d11-cea8-4af3-bddc-4557950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:17.000Z",
            "modified": "2016-02-15T08:32:17.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.255.101.65']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d11-d9a0-4c9e-ac83-40b7950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:17.000Z",
            "modified": "2016-02-15T08:32:17.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.48']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d12-9a4c-4346-87db-46db950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:18.000Z",
            "modified": "2016-02-15T08:32:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.208.81.55']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d12-25c8-4479-a395-488b950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:18.000Z",
            "modified": "2016-02-15T08:32:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.166.61']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d12-d7f4-44b9-8b1a-4cf9950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:18.000Z",
            "modified": "2016-02-15T08:32:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.36.239']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d12-6cd8-4eed-a84f-47cb950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:18.000Z",
            "modified": "2016-02-15T08:32:18.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.210']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d13-c59c-4e66-8720-4ddc950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:19.000Z",
            "modified": "2016-02-15T08:32:19.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.62.221.47']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d13-7228-4aa5-bf37-4a65950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:19.000Z",
            "modified": "2016-02-15T08:32:19.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.69']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d13-4594-426f-bbae-4244950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:19.000Z",
            "modified": "2016-02-15T08:32:19.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.175.29']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d13-f7ec-4b92-a29d-42ed950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:19.000Z",
            "modified": "2016-02-15T08:32:19.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.62.249']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d14-99fc-41d8-8bf9-48dc950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:20.000Z",
            "modified": "2016-02-15T08:32:20.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.203.79.74']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c18d14-91e8-4402-9d1a-4013950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:20.000Z",
            "modified": "2016-02-15T08:32:20.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.150.22']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:32:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56c18d35-4654-4518-9bfa-468b950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:53.000Z",
            "modified": "2016-02-15T08:32:53.000Z",
            "first_observed": "2016-02-15T08:32:53Z",
            "last_observed": "2016-02-15T08:32:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56c18d35-4654-4518-9bfa-468b950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56c18d35-4654-4518-9bfa-468b950d210f",
            "value": "https://twitter.com/circl_lu/status/698524566763806720"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56c18d35-bad0-4968-baf4-4da0950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:32:53.000Z",
            "modified": "2016-02-15T08:32:53.000Z",
            "first_observed": "2016-02-15T08:32:53Z",
            "last_observed": "2016-02-15T08:32:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--56c18d35-bad0-4968-baf4-4da0950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56c18d35-bad0-4968-baf4-4da0950d210f",
            "value": "http://pastebin.lu/oteminohod.cs"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56c192b4-cbf0-4bf1-9ac8-48e7950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:56:20.000Z",
            "modified": "2016-02-15T08:56:20.000Z",
            "pattern": "[x509-certificate:hashes.SHA1 = 'f415844680ed9118ea74e0c7712b35044f0cc20d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-15T08:56:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"x509-fingerprint-sha1\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--56c192fc-3ccc-48e7-b8c2-4b18950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:57:32.000Z",
            "modified": "2016-02-15T08:57:32.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Turla"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--56c19315-7a94-421a-8066-4523950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-15T08:57:57.000Z",
            "modified": "2016-02-15T08:57:57.000Z",
            "labels": [
                "misp:type=\"threat-actor\"",
                "misp:category=\"Attribution\""
            ],
            "x_misp_category": "Attribution",
            "x_misp_type": "threat-actor",
            "x_misp_value": "Turla"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:GREEN",
            "definition": {
                "tlp": "green"
            }
        }
    ]
}