From 70929905652a7b90d669f5724e204cef02fd32f9 Mon Sep 17 00:00:00 2001 From: = Date: Wed, 25 Oct 2017 14:36:20 -0400 Subject: [PATCH] tested code with jupyter notebook and local TAXII server --- docs/guide/taxii.ipynb | 2357 +--------------------------------------- stix2/sources/taxii.py | 25 +- 2 files changed, 69 insertions(+), 2313 deletions(-) diff --git a/docs/guide/taxii.ipynb b/docs/guide/taxii.ipynb index 2890659..ef2cb73 100644 --- a/docs/guide/taxii.ipynb +++ b/docs/guide/taxii.ipynb @@ -71,7 +71,7 @@ }, { "cell_type": "code", - "execution_count": 1, + "execution_count": 18, "metadata": {}, "outputs": [ { @@ -79,21 +79,27 @@ "output_type": "stream", "text": [ "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--fb2c0e55-52a0-423c-b544-8b09622cafc1\",\n", - " \"created\": \"2017-10-02T19:26:30.000Z\",\n", - " \"modified\": \"2017-10-02T19:26:30.000Z\",\n", + " \"type\": \"malware\",\n", + " \"id\": \"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\",\n", + " \"created\": \"2017-01-27T13:49:53.997Z\",\n", + " \"modified\": \"2017-01-27T13:49:53.997Z\",\n", + " \"name\": \"Poison Ivy\",\n", + " \"description\": \"Poison Ivy\",\n", " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n", - " \"valid_from\": \"2017-10-02T19:26:30Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", + " \"remote-access-trojan\"\n", + " ]\n", + "}\n", + "-------\n", + "{\n", + " \"type\": \"indicator\",\n", + " \"id\": \"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\",\n", + " \"created\": \"2014-05-08T09:00:00.000Z\",\n", + " \"modified\": \"2014-05-08T09:00:00.000Z\",\n", + " \"name\": \"File hash for Poison Ivy variant\",\n", + " \"pattern\": \"[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']\",\n", + " \"valid_from\": \"2014-05-08T09:00:00Z\",\n", + " \"labels\": [\n", + " \"file-hash-watchlist\"\n", " ]\n", "}\n" ] @@ -104,2293 +110,41 @@ "from taxii2client import Collection\n", "\n", "# establish TAXII2 Collection instance\n", - "collection = Collection(\"https://test.freetaxii.com:8000/api1/collections/9cfa669c-ee94-4ece-afd2-f8edac37d8fd/\")\n", + "collection = Collection(\"http://127.0.0.1:5000/trustgroup1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116/\", user=\"admin\", password=\"password\")\n", "# supply the TAXII2 collection to TAXIICollection\n", "tc_source = TAXIICollectionSource(collection)\n", "\n", - "#retrieve STIX object by id\n", - "stix_obj = tc_source.get(\"indicator--0f63229c-07a2-46dd-939d-312c7bf6d114\")\n", + "#retrieve STIX objects by id\n", + "stix_obj = tc_source.get(\"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\")\n", + "stix_obj_versions = tc_source.all_versions(\"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\")\n", "\n", "#for visual purposes\n", - "print(stix_obj)\n" + "print(stix_obj)\n", + "print(\"-------\")\n", + "for so in stix_obj_versions:\n", + " print(so)\n" ] }, { "cell_type": "code", - "execution_count": 11, + "execution_count": 12, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ - "indicators: 126\n", + "indicators: 1\n", "{\n", " \"type\": \"indicator\",\n", - " \"id\": \"indicator--569b8969-bfce-4ab4-9a45-06ce78799a35\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", + " \"id\": \"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\",\n", + " \"created\": \"2014-05-08T09:00:00.000Z\",\n", + " \"modified\": \"2014-05-08T09:00:00.000Z\",\n", + " \"name\": \"File hash for Poison Ivy variant\",\n", + " \"pattern\": \"[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']\",\n", + " \"valid_from\": \"2014-05-08T09:00:00Z\",\n", " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '207.158.1.150' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9c418633-9970-424e-8030-2c3dfa3105da\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.4.30.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9d7cdfc1-94c3-49b5-b124-ebdce709fd99\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.67.22' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--37390a22-5d82-4ebc-9b90-7368a5efc8f7\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.16.172.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--30731d72-64b0-4851-bd97-c3d164d2fd2b\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '194.24.188.100' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a4eb3524-992c-4b50-9729-99be3048625e\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.232.93.3' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--c00fb599-7e7b-4033-a6c2-d279212578a0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.45' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e7273b13-847c-4a69-8faf-08fc24af5ef0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '89.16.176.16' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--b8d21867-c812-4ff9-866b-182a801b88ce\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '130.239.18.172' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--4c39b1a0-17f0-4cf1-9e48-250f0dd1f75c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.166.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--8eeff049-f7da-45d9-89bb-713063baed2c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.92.8.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e3981158-1934-4236-8454-4dcfc27ac248\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.87.120.111' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--206c2a0c-149f-426f-a734-c0c534aa396b\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.93.243.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--58d7aa16-8baf-4026-b3d7-328267ed4bab\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.165.191.52' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e6fd4a21-8290-40e5-9b1c-701f6f11e260\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.204.1.132' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--cca5ce5f-4c0e-4031-9997-063eb3badead\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '209.177.146.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--43a7784e-f11c-4739-91a8-dc87d05ddbb6\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '145.220.21.40' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5716d954-e5b1-4bec-ba43-80b1053dee61\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '50.7.55.82' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9135d4ab-a807-495b-8fff-b8433342501f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '82.165.47.254' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e070c86b-40e5-49ea-8d83-56bcae10b303\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.166.3' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f4125383-930c-42ae-b57f-2c36f898d0b5\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.71.169.36' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--fa063c6a-1a9f-4a58-9470-ed80a23cc943\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '204.152.221.218' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--41b3ba86-dd1b-4f3d-a156-5dc27f31fb40\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '78.40.125.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a9fcaba5-cd50-447d-8540-2dfe4e3c6c88\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.68' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--30b68eff-3c38-4c74-9783-1114a7759066\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.197.175.21' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f10fa7c0-7a10-434e-908f-59a7e25e18c0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '194.14.236.50' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--183f8cd7-2e6f-4073-bbe8-d5dc6b570fac\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.16.172.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--dd95ff3a-3ef1-409e-827b-087eb9cc3b2c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.166.3' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a97dc9cb-2b9f-4c1d-92cc-2fc15100e3ed\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '91.205.185.104' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5552096e-b2b8-4057-bf5e-ccf300b8276e\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.163.220.3' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--0cc30ea9-eeaf-4f39-ab8d-3d2664c2b75e\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.202.189.170' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--7582ed02-c78d-451d-b0a5-065ae511f3ae\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '86.65.39.15' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--37fde688-ca75-4c1e-b5e1-1acb5bbfb23c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.167.98' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e967d3a0-0cfe-482c-b53a-390c0bb564f4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '199.16.156.6' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--fda4f25d-8252-4593-bd8b-0a90764a561f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '217.168.95.245' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--109b3de1-2353-42dc-8316-e2f7c0b5c67d\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '192.99.16.195' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--1efa50e4-ed2c-4fb5-ae9b-cb347bd4ad24\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.18.128.86' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--c7b60a1a-4c93-451f-b7c1-993c0dc14391\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '194.109.129.220' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--469381d9-c24e-4cf4-b25b-18a48975ef14\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.99.193.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--c5694bbd-3a11-4c16-ae73-eeed55acf9cc\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '70.84.101.150' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a9b4301e-0327-4edc-b407-b7915bb0e7bc\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.4.30.62' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f5ac23ca-8ab4-4597-837b-3d5e48d325cb\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.4.30.61' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--1a2a539b-d3f3-410b-a32c-4d1a5599364e\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '66.186.59.50' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--585e6f7b-7bad-45b0-a36b-9f3b3bff72c6\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '93.152.160.101' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--0a7dd603-d826-428f-b5f7-c82ff8bb60f3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.46' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--cb2cebd2-c11f-43b1-a9a1-3c4b9893f38a\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '192.99.150.27' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--6a6c81df-7cb9-48b3-a4ea-db6924e47b5d\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.107.206.21' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--45177dce-6cfe-44b5-ac41-cbc1bee80527\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.16.172.40' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--6f58bdf5-1f26-4a17-8ba3-14c023e73a0f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '72.51.18.254' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--d5731bef-623c-4793-994c-a6f3840bc2cf\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.190.67.98' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--4e8ac337-2e00-4d71-8526-bbfdb105e77f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.166.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--b681b1fc-7cce-473e-81e9-f5f3657cf85b\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '130.237.188.200' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--08453fee-f3b8-449a-95a8-abc0d79710c3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.155.130.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--79e2a4f6-ee8d-4466-8e82-ecb928e87c0d\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.71.169.36' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--2d3326c5-c112-4670-b6bd-6de667f4280b\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.47' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--4adc0666-89d1-4c67-a3c8-3b02fc351442\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.161.196.11' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--dc1e9fec-6d1e-46a1-902c-dc170424a23f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.47.220.2' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--2d7480b1-ded5-4466-a1dd-470110eacdba\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '152.3.102.53' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f06d6873-1538-4951-a069-d6af0dd0f8ed\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '84.208.29.17' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--4eaf258d-28d8-48d8-98f8-0d8442ba83fa\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '82.96.64.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--d7e4bba4-485d-4c1f-95c0-55e7d8a015f8\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.179.58.83' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5c060dc8-a8cd-4067-985d-52d85ab3f256\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '128.237.157.136' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--d397fccb-3dbb-47c3-84ae-aa09f4223eca\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.110.95.1' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--d37d0928-c86b-474a-85ef-46e942fff510\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5e6dd813-58bd-454e-9be7-246f3db01999\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.16.172.40' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--adb3c6bc-9694-471e-bf1f-0d0a02d70876\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '137.226.34.46' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--3ce88e57-edfb-45fa-81be-ed95d4564316\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '67.198.195.194' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--fbce496c-e9a6-4246-ad12-73b8f5a12a2a\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '149.9.1.16' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--efce84a3-0d17-4ae8-88be-86c86aa80bbd\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.109.122.77' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--20789570-8c07-42c4-8a45-b3ab170cf6ee\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '209.126.116.149' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5c1b2889-6fec-4276-83e0-173938934ba9\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.250.116.136' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--bdad2fdb-71bd-49c3-8bf2-50d396fa55d5\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '163.172.17.231' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--07fd3e36-5500-4652-935f-23a2955b19f3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '38.114.116.5' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9e70a102-3440-4ad0-ab1d-653144632668\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '66.186.59.50' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f566b659-ca36-42a9-8ebf-9476e6b651ab\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.204.1.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--40c0d87c-287a-4692-8227-b4976d14a5f0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '212.27.60.27' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--da56b536-6ac7-44d5-a036-0db986926016\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.236.208.178' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--95f9c0f4-351b-43c9-81da-c5fdcfe4fa6d\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '94.125.182.252' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5007db19-0906-4aec-b18b-e0819b3f13de\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.83.20.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9e0667cd-9a83-4e19-b16f-78c3ed33bfc5\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.18.228.34' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f170e9a9-abb8-4919-9902-7a5214e95cde\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '192.99.150.28' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a30f883d-956d-4fdd-b926-db81d1893d81\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '178.79.132.147' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--8fc0e9c0-4d4d-4c4f-86a7-2f6c07cd69a4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.109.122.67' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--586dc7e8-a08e-4ec2-8365-e2ee897d9ca3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.47.220.2' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--16c9900c-ce48-4306-b8fa-a2de726be847\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '208.83.20.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--13f73e28-acf7-45b8-a5e9-6c37af914ef2\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '174.143.119.91' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a09c4e42-8843-4c84-a75f-684bf90c5207\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '74.208.174.239' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--76646197-18a2-4513-8465-ccf72734a2e1\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.48' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--1169c1db-fd5b-4dcf-b4cb-9c0101ef0ea2\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '212.117.163.190' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--cdeb6ddb-5151-49ea-a488-23d806063eff\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.155.130.130' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--05d1ab76-d0a1-4a58-8137-98f5fdbc777c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '90.147.160.69' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--876d7d09-248a-45ad-bcce-d92c73ad5aa3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '89.16.176.16' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--ae1f860d-dc4f-4953-9e74-d4d7c389fdef\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '85.188.1.26' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--91bb4edc-f29f-41ba-87d9-d6a81ac8fdba\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '130.239.18.172' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f006d048-f24f-46fa-837b-8f7fa41b43ca\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '8.7.233.233' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--436dcbec-48e2-4dc2-90f0-0876a876a38a\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.66.54' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--ff18364d-99f6-4d3d-b267-8401518af42c\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '194.68.45.50' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--8b26f167-b0ad-469b-b221-12896e2a0966\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.4.30.33' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--171268fb-f6a7-4085-adf5-2055a461cb93\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.161.254.20' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--b56c7a58-71cb-47c2-b615-f4e8a89a0732\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '141.213.238.252' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--bf09ce9a-3bb9-47c8-a686-ea1d8e1adbe8\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '213.92.8.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--42490e45-7350-4f48-884b-5d1610794a32\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '72.14.191.81' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--c28e91bf-a9a1-4bac-b3f3-cda89c7d28b8\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.16.172.2' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--ebe624b5-fb73-420a-a110-c1dc82baa6e4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '69.61.21.115' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--ef65505f-4898-4968-82b4-f980e9705d21\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.18.128.86' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--b33c35ce-20f6-4fba-912c-dbf7756113f9\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '161.53.178.240' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--b3785934-f4f0-4ce7-b20c-e4384886ec45\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '204.11.244.21' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--10bbe70c-7bd3-443a-8f2c-1e56cd7a8a54\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.93.242.10' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--bcb54665-3461-43e2-8dbf-6b92c2413f67\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '216.152.67.23' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a407b16b-cf5b-4f3a-a153-ba4dac5ce0e0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '205.188.234.121' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e7e50d3a-802d-41c8-b667-a27d29871098\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '82.96.64.4' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--017dfb8c-84b9-402f-8401-428477af7be4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '80.88.108.18' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--84664128-cc14-480b-8d90-735727fd4b9f\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '154.35.200.44' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--f0aa750f-82cb-47f9-9c74-ace584fdadcb\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.68.221.222' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--9461c426-6404-4b7a-8552-c29dc60c9123\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.197.175.21' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--ba59cc70-03e4-47f4-871e-d40b727267f3\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '78.129.164.123' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--1b48b107-92e2-487f-9eae-3496eb64e125\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '140.211.167.99' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--e9aea5e2-9ef6-40b6-8f12-dff6ccd8eff4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '85.25.43.27' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--cdbd95b1-17fb-4b2f-89b6-8c0f865b9e4d\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '193.219.128.49' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--afe4738d-bd3c-47de-9cc5-97e248291571\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '195.40.6.37' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5eecb66e-f8fa-4ab9-85e4-599db7790edf\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '173.252.110.27' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--40b6b332-9a5a-42a7-8b25-6e3eb6d371d4\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '38.229.70.20' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--a16905d7-4452-4e9f-88a3-fc9338ea5116\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '38.99.64.210' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--5fcfa412-514f-43b5-b873-ed8c9b70bbb0\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '192.99.200.113' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--8259bca6-7c9c-4967-b048-a6f13f333f90\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '68.168.184.57' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", - " ]\n", - "}\n", - "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--96763c7c-4f52-436a-919a-8b09c841f6bd\",\n", - " \"created\": \"2017-10-02T20:40:44.000Z\",\n", - " \"modified\": \"2017-10-02T20:40:44.000Z\",\n", - " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '64.237.34.150' ]\",\n", - " \"valid_from\": \"2017-10-02T20:40:44Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", + " \"file-hash-watchlist\"\n", " ]\n", "}\n" ] @@ -2457,7 +211,7 @@ }, { "cell_type": "code", - "execution_count": 8, + "execution_count": 13, "metadata": {}, "outputs": [ { @@ -2465,21 +219,14 @@ "output_type": "stream", "text": [ "{\n", - " \"type\": \"indicator\",\n", - " \"id\": \"indicator--d8e1cd37-4a6c-4088-aded-ed79c4ea2caa\",\n", - " \"created\": \"2017-10-02T20:24:03.000Z\",\n", - " \"modified\": \"2017-10-02T20:24:03.000Z\",\n", + " \"type\": \"malware\",\n", + " \"id\": \"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\",\n", + " \"created\": \"2017-01-27T13:49:53.997Z\",\n", + " \"modified\": \"2017-01-27T13:49:53.997Z\",\n", + " \"name\": \"Poison Ivy\",\n", + " \"description\": \"Poison Ivy\",\n", " \"labels\": [\n", - " \"malicious-activity\"\n", - " ],\n", - " \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n", - " \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n", - " \"valid_from\": \"2017-10-02T20:24:03Z\",\n", - " \"kill_chain_phases\": [\n", - " {\n", - " \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n", - " \"phase_name\": \"delivery\"\n", - " }\n", + " \"remote-access-trojan\"\n", " ]\n", "}\n" ] @@ -2494,7 +241,7 @@ "\n", "# retrieve STIX object by id from TAXII Collection through\n", "# TAXIICollectionStore\n", - "stix_obj2 = tc_source.get(\"indicator--6850d393-36b6-4a67-ad45-f9e4d512c799\")\n", + "stix_obj2 = tc_source.get(\"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\")\n", "\n", "print(stix_obj2)" ] @@ -2520,21 +267,21 @@ ], "metadata": { "kernelspec": { - "display_name": "Python 3", + "display_name": "cti-python-stix2", "language": "python", - "name": "python3" + "name": "cti-python-stix2" }, "language_info": { "codemirror_mode": { "name": "ipython", - "version": 3 + "version": 2 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", - "pygments_lexer": "ipython3", - "version": "3.5.2" + "pygments_lexer": "ipython2", + "version": "2.7.12" } }, "nbformat": 4, diff --git a/stix2/sources/taxii.py b/stix2/sources/taxii.py index 7ecedca..3d8dcaa 100644 --- a/stix2/sources/taxii.py +++ b/stix2/sources/taxii.py @@ -1,8 +1,9 @@ """ -Python STIX 2.0 TAXII Source/Sink - -TODO: - Test everything +Python STIX 2.x +Classes: + TAXIICollectionStore + TAXIICollectionSink + TAXIICollectionSource """ @@ -121,11 +122,13 @@ class TAXIICollectionSource(DataSource): # as directly retrieveing a STIX object by ID stix_objs = self.collection.get_object(stix_id)["objects"] - stix_obj = list(apply_common_filters(stix_objs, query)) + stix_obj = [apply_common_filters(stix_objs, query)] if len(stix_obj): - stix_obj = stix_obj[0] - stix_obj = parse(stix_obj) + stix_obj = parse(stix_obj[0]) + if stix_obj.id != stix_id: + # check - was added to handle erroneous TAXII servers + stix_obj = None else: stix_obj = None @@ -153,7 +156,13 @@ class TAXIICollectionSource(DataSource): all_data = self.query(query=query, _composite_filters=_composite_filters) - return all_data + # parse STIX objects from TAXII returned json + all_data = [parse(stix_obj) for stix_obj in all_data] + + # check - was added to handle erroneous TAXII servers + all_data_clean = [stix_obj for stix_obj in all_data if stix_obj.id == stix_id] + + return all_data_clean def query(self, query=None, _composite_filters=None): """search and retreive STIX objects based on the complete query