MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity
cti-python-stix2/docs/guide/TAXIICollection.ipynb

2507 lines
105 KiB
Plaintext
Raw Blame History

{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## TAXIICollection\n",
"\n",
"The TAXIICollection suite contains **TAXIICollectionStore**, **TAXIICollectionSource**, and **TAXIICollectionSink**. **TAXIICollectionStore** for pushing and retrieving STIX content to local/remote TAXII Collection(s). **TAXIICollectionSource** for retrieving STIX content to local/remote TAXII Collection(s). **TAXIICollectionSink** for pushing STIX content to local/remote TAXII Collection(s). Each of the interfaces is designed to be binded to a Collection from the taxii2client library (taxii2client.Collection), where all **TAXIICollection** API calls will be executed through that Collection instance.\n",
"\n",
"A note on TAXII2 searching/filtering of STIX content. TAXII2 server implementations natively support searching on the STIX2 object properties: id, type and version; API requests made to TAXII2 can contain filter arguments for those 3 properties. However, the **TAXIICollection** suite supports searching on all STIX2 common object properties (see **Filters** documentation for full listing). This works simply by augmenting the filtering that is done remotely at the TAXII2 server instance. **TAXIICollection** will seperate any supplied queries into TAXII supported filters and non-supported filters. During a **TAXIICollection** API call, TAXII2 supported filters get inserted into the TAXII2 server request (to be evaluated at the server). The rest of the filters are kept locally and then applied to the STIX2 content that is returned from the TAXII2 server, before being returned from the **TAXIICollection** API call. \n",
"\n",
"### TAXIICollection API\n",
"\n",
"### TAXIICollectionSource\n",
"* **get()** - search/retrieve most current STIX SDO/SRO via its ID\n",
"* **all_versions()** - search/retrieve all versions of STIX SDO/SRO via its id\n",
"* **query()** - search/retrieve STIX SDO/SRO(s) via search filters\n",
"\n",
"### TAXIICollectionSink\n",
"* **add()** - add a set of STIX SDO/SRO to a TAXII Collection endpoint.\n",
"\n",
"### TAXIICollectionStore\n",
"\n",
"(super set of TAXIICollectionSource and TAXIICollectionSink)\n",
"* **get()**\n",
"* **all_versions()**\n",
"* **query()**\n",
"* **add()**\n",
"\n",
"### TAXIICollection Examples\n",
"\n",
"#### TAXIICollectionSource"
]
},
{
"cell_type": "code",
"execution_count": 1,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--fb2c0e55-52a0-423c-b544-8b09622cafc1\",\n",
" \"created\": \"2017-10-02T19:26:30.000Z\",\n",
" \"modified\": \"2017-10-02T19:26:30.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n",
" \"valid_from\": \"2017-10-02T19:26:30Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n"
]
}
],
"source": [
"from stix2 import TAXIICollectionSource\n",
"from taxii2client import Collection\n",
"\n",
"# establish TAXII2 Collection instance\n",
"collection = Collection(\"https://test.freetaxii.com:8000/api1/collections/9cfa669c-ee94-4ece-afd2-f8edac37d8fd/\")\n",
"# supply the TAXII2 collection to TAXIICollection\n",
"tc_source = TAXIICollectionSource(collection)\n",
"\n",
"#retrieve STIX object by id\n",
"stix_obj = tc_source.get(\"indicator--0f63229c-07a2-46dd-939d-312c7bf6d114\")\n",
"\n",
"#for visual purposes\n",
"print(stix_obj)\n"
]
},
{
"cell_type": "code",
"execution_count": 11,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"indicators: 126\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--569b8969-bfce-4ab4-9a45-06ce78799a35\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '207.158.1.150' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9c418633-9970-424e-8030-2c3dfa3105da\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.4.30.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9d7cdfc1-94c3-49b5-b124-ebdce709fd99\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.67.22' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--37390a22-5d82-4ebc-9b90-7368a5efc8f7\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.16.172.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--30731d72-64b0-4851-bd97-c3d164d2fd2b\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '194.24.188.100' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a4eb3524-992c-4b50-9729-99be3048625e\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.232.93.3' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--c00fb599-7e7b-4033-a6c2-d279212578a0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.45' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e7273b13-847c-4a69-8faf-08fc24af5ef0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '89.16.176.16' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--b8d21867-c812-4ff9-866b-182a801b88ce\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '130.239.18.172' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--4c39b1a0-17f0-4cf1-9e48-250f0dd1f75c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.166.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--8eeff049-f7da-45d9-89bb-713063baed2c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.92.8.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e3981158-1934-4236-8454-4dcfc27ac248\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.87.120.111' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--206c2a0c-149f-426f-a734-c0c534aa396b\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.93.243.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--58d7aa16-8baf-4026-b3d7-328267ed4bab\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.165.191.52' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e6fd4a21-8290-40e5-9b1c-701f6f11e260\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.204.1.132' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--cca5ce5f-4c0e-4031-9997-063eb3badead\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '209.177.146.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--43a7784e-f11c-4739-91a8-dc87d05ddbb6\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '145.220.21.40' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5716d954-e5b1-4bec-ba43-80b1053dee61\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '50.7.55.82' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9135d4ab-a807-495b-8fff-b8433342501f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '82.165.47.254' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e070c86b-40e5-49ea-8d83-56bcae10b303\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.166.3' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f4125383-930c-42ae-b57f-2c36f898d0b5\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.71.169.36' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--fa063c6a-1a9f-4a58-9470-ed80a23cc943\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '204.152.221.218' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--41b3ba86-dd1b-4f3d-a156-5dc27f31fb40\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '78.40.125.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a9fcaba5-cd50-447d-8540-2dfe4e3c6c88\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.68' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--30b68eff-3c38-4c74-9783-1114a7759066\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.197.175.21' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f10fa7c0-7a10-434e-908f-59a7e25e18c0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '194.14.236.50' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--183f8cd7-2e6f-4073-bbe8-d5dc6b570fac\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.16.172.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--dd95ff3a-3ef1-409e-827b-087eb9cc3b2c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.166.3' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a97dc9cb-2b9f-4c1d-92cc-2fc15100e3ed\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '91.205.185.104' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5552096e-b2b8-4057-bf5e-ccf300b8276e\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.163.220.3' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--0cc30ea9-eeaf-4f39-ab8d-3d2664c2b75e\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.202.189.170' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--7582ed02-c78d-451d-b0a5-065ae511f3ae\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '86.65.39.15' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--37fde688-ca75-4c1e-b5e1-1acb5bbfb23c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.167.98' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e967d3a0-0cfe-482c-b53a-390c0bb564f4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '199.16.156.6' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--fda4f25d-8252-4593-bd8b-0a90764a561f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '217.168.95.245' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--109b3de1-2353-42dc-8316-e2f7c0b5c67d\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '192.99.16.195' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--1efa50e4-ed2c-4fb5-ae9b-cb347bd4ad24\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.18.128.86' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--c7b60a1a-4c93-451f-b7c1-993c0dc14391\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '194.109.129.220' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--469381d9-c24e-4cf4-b25b-18a48975ef14\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.99.193.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--c5694bbd-3a11-4c16-ae73-eeed55acf9cc\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '70.84.101.150' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a9b4301e-0327-4edc-b407-b7915bb0e7bc\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.4.30.62' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f5ac23ca-8ab4-4597-837b-3d5e48d325cb\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.4.30.61' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--1a2a539b-d3f3-410b-a32c-4d1a5599364e\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '66.186.59.50' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--585e6f7b-7bad-45b0-a36b-9f3b3bff72c6\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '93.152.160.101' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--0a7dd603-d826-428f-b5f7-c82ff8bb60f3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.46' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--cb2cebd2-c11f-43b1-a9a1-3c4b9893f38a\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '192.99.150.27' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--6a6c81df-7cb9-48b3-a4ea-db6924e47b5d\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.107.206.21' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--45177dce-6cfe-44b5-ac41-cbc1bee80527\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.16.172.40' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--6f58bdf5-1f26-4a17-8ba3-14c023e73a0f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '72.51.18.254' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--d5731bef-623c-4793-994c-a6f3840bc2cf\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.190.67.98' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--4e8ac337-2e00-4d71-8526-bbfdb105e77f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.166.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--b681b1fc-7cce-473e-81e9-f5f3657cf85b\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '130.237.188.200' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--08453fee-f3b8-449a-95a8-abc0d79710c3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.155.130.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--79e2a4f6-ee8d-4466-8e82-ecb928e87c0d\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.71.169.36' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--2d3326c5-c112-4670-b6bd-6de667f4280b\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.47' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--4adc0666-89d1-4c67-a3c8-3b02fc351442\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.161.196.11' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--dc1e9fec-6d1e-46a1-902c-dc170424a23f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.47.220.2' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--2d7480b1-ded5-4466-a1dd-470110eacdba\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '152.3.102.53' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f06d6873-1538-4951-a069-d6af0dd0f8ed\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '84.208.29.17' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--4eaf258d-28d8-48d8-98f8-0d8442ba83fa\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '82.96.64.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--d7e4bba4-485d-4c1f-95c0-55e7d8a015f8\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.179.58.83' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5c060dc8-a8cd-4067-985d-52d85ab3f256\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '128.237.157.136' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--d397fccb-3dbb-47c3-84ae-aa09f4223eca\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.110.95.1' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--d37d0928-c86b-474a-85ef-46e942fff510\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5e6dd813-58bd-454e-9be7-246f3db01999\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.16.172.40' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--adb3c6bc-9694-471e-bf1f-0d0a02d70876\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '137.226.34.46' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--3ce88e57-edfb-45fa-81be-ed95d4564316\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '67.198.195.194' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--fbce496c-e9a6-4246-ad12-73b8f5a12a2a\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '149.9.1.16' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--efce84a3-0d17-4ae8-88be-86c86aa80bbd\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.109.122.77' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--20789570-8c07-42c4-8a45-b3ab170cf6ee\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '209.126.116.149' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5c1b2889-6fec-4276-83e0-173938934ba9\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.250.116.136' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--bdad2fdb-71bd-49c3-8bf2-50d396fa55d5\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '163.172.17.231' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--07fd3e36-5500-4652-935f-23a2955b19f3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '38.114.116.5' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9e70a102-3440-4ad0-ab1d-653144632668\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '66.186.59.50' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f566b659-ca36-42a9-8ebf-9476e6b651ab\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.204.1.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--40c0d87c-287a-4692-8227-b4976d14a5f0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '212.27.60.27' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--da56b536-6ac7-44d5-a036-0db986926016\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.236.208.178' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--95f9c0f4-351b-43c9-81da-c5fdcfe4fa6d\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '94.125.182.252' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5007db19-0906-4aec-b18b-e0819b3f13de\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.83.20.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9e0667cd-9a83-4e19-b16f-78c3ed33bfc5\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.18.228.34' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f170e9a9-abb8-4919-9902-7a5214e95cde\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '192.99.150.28' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a30f883d-956d-4fdd-b926-db81d1893d81\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '178.79.132.147' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--8fc0e9c0-4d4d-4c4f-86a7-2f6c07cd69a4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.109.122.67' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--586dc7e8-a08e-4ec2-8365-e2ee897d9ca3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.47.220.2' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--16c9900c-ce48-4306-b8fa-a2de726be847\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '208.83.20.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--13f73e28-acf7-45b8-a5e9-6c37af914ef2\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '174.143.119.91' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a09c4e42-8843-4c84-a75f-684bf90c5207\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '74.208.174.239' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--76646197-18a2-4513-8465-ccf72734a2e1\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.48' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--1169c1db-fd5b-4dcf-b4cb-9c0101ef0ea2\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '212.117.163.190' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--cdeb6ddb-5151-49ea-a488-23d806063eff\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.155.130.130' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--05d1ab76-d0a1-4a58-8137-98f5fdbc777c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '90.147.160.69' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--876d7d09-248a-45ad-bcce-d92c73ad5aa3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '89.16.176.16' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ae1f860d-dc4f-4953-9e74-d4d7c389fdef\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '85.188.1.26' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--91bb4edc-f29f-41ba-87d9-d6a81ac8fdba\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '130.239.18.172' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f006d048-f24f-46fa-837b-8f7fa41b43ca\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '8.7.233.233' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--436dcbec-48e2-4dc2-90f0-0876a876a38a\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.66.54' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ff18364d-99f6-4d3d-b267-8401518af42c\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '194.68.45.50' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--8b26f167-b0ad-469b-b221-12896e2a0966\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.4.30.33' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--171268fb-f6a7-4085-adf5-2055a461cb93\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.161.254.20' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--b56c7a58-71cb-47c2-b615-f4e8a89a0732\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '141.213.238.252' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--bf09ce9a-3bb9-47c8-a686-ea1d8e1adbe8\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '213.92.8.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--42490e45-7350-4f48-884b-5d1610794a32\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '72.14.191.81' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--c28e91bf-a9a1-4bac-b3f3-cda89c7d28b8\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.16.172.2' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ebe624b5-fb73-420a-a110-c1dc82baa6e4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '69.61.21.115' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ef65505f-4898-4968-82b4-f980e9705d21\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.18.128.86' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--b33c35ce-20f6-4fba-912c-dbf7756113f9\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '161.53.178.240' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--b3785934-f4f0-4ce7-b20c-e4384886ec45\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '204.11.244.21' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--10bbe70c-7bd3-443a-8f2c-1e56cd7a8a54\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.93.242.10' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--bcb54665-3461-43e2-8dbf-6b92c2413f67\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '216.152.67.23' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a407b16b-cf5b-4f3a-a153-ba4dac5ce0e0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '205.188.234.121' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e7e50d3a-802d-41c8-b667-a27d29871098\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '82.96.64.4' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--017dfb8c-84b9-402f-8401-428477af7be4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '80.88.108.18' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--84664128-cc14-480b-8d90-735727fd4b9f\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '154.35.200.44' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--f0aa750f-82cb-47f9-9c74-ace584fdadcb\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.68.221.222' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--9461c426-6404-4b7a-8552-c29dc60c9123\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.197.175.21' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ba59cc70-03e4-47f4-871e-d40b727267f3\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '78.129.164.123' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--1b48b107-92e2-487f-9eae-3496eb64e125\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '140.211.167.99' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--e9aea5e2-9ef6-40b6-8f12-dff6ccd8eff4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '85.25.43.27' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--cdbd95b1-17fb-4b2f-89b6-8c0f865b9e4d\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '193.219.128.49' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--afe4738d-bd3c-47de-9cc5-97e248291571\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '195.40.6.37' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5eecb66e-f8fa-4ab9-85e4-599db7790edf\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '173.252.110.27' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--40b6b332-9a5a-42a7-8b25-6e3eb6d371d4\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '38.229.70.20' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a16905d7-4452-4e9f-88a3-fc9338ea5116\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '38.99.64.210' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--5fcfa412-514f-43b5-b873-ed8c9b70bbb0\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '192.99.200.113' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--8259bca6-7c9c-4967-b048-a6f13f333f90\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '68.168.184.57' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--96763c7c-4f52-436a-919a-8b09c841f6bd\",\n",
" \"created\": \"2017-10-02T20:40:44.000Z\",\n",
" \"modified\": \"2017-10-02T20:40:44.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '64.237.34.150' ]\",\n",
" \"valid_from\": \"2017-10-02T20:40:44Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n"
]
}
],
"source": [
"from stix2 import Filter\n",
"\n",
"# retrieve multiple object from TAXIICollectionSource\n",
"# by using filters\n",
"f1 = Filter(\"type\",\"=\", \"indicator\")\n",
"\n",
"indicators = tc_source.query([f1])\n",
"\n",
"#for visual purposes\n",
"print(\"indicators: {0}\").format(str(len(indicators)))\n",
"for indicator in indicators:\n",
" print(indicator)"
]
},
{
"cell_type": "markdown",
"metadata": {
"collapsed": true
},
"source": [
"#### TAXIICollectionSink"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"from stix2 import TAXIICollectionSink, ThreatActor\n",
"\n",
"#create TAXIICollectionSINK and push STIX content to it\n",
"tc_sink = TAXIICollectionSink(collection)\n",
"\n",
"# create new STIX threat-actor\n",
"ta = ThreatActor(name=\"Teddy Bear\",\n",
" labels=[\"nation-state\"],\n",
" sophistication=\"innovator\",\n",
" resource_level=\"government\",\n",
" goals=[\n",
" \"compromising environment NGOs\",\n",
" \"water-hole attacks geared towards energy sector\",\n",
" ])\n",
"\n",
"tc_sink.add(ta)\n",
"\n",
"\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### TAXIICollectionStore"
]
},
{
"cell_type": "code",
"execution_count": 8,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--d8e1cd37-4a6c-4088-aded-ed79c4ea2caa\",\n",
" \"created\": \"2017-10-02T20:24:03.000Z\",\n",
" \"modified\": \"2017-10-02T20:24:03.000Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"Emerging Threats - Block Rules - Compromised IPs\",\n",
" \"pattern\": \"[ ipv4-addr:value = '98.138.19.88' ]\",\n",
" \"valid_from\": \"2017-10-02T20:24:03Z\",\n",
" \"kill_chain_phases\": [\n",
" {\n",
" \"kill_chain_name\": \"lockheed-martin-cyber-kill-chain\",\n",
" \"phase_name\": \"delivery\"\n",
" }\n",
" ]\n",
"}\n"
]
}
],
"source": [
"from stix2 import TAXIICollectionStore\n",
"\n",
"# create TAXIICollectionStore - note the same collection instance can\n",
"# be used for the store\n",
"tc_store = TAXIICollectionStore(collection)\n",
"\n",
"# retrieve STIX object by id from TAXII Collection through\n",
"# TAXIICollectionStore\n",
"stix_obj2 = tc_source.get(\"indicator--6850d393-36b6-4a67-ad45-f9e4d512c799\")\n",
"\n",
"print(stix_obj2)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"from stix2 import indicator\n",
"\n",
"# add STIX object to TAXIICollectionStore\n",
"ind = Indicator(description=\"Smokey Bear implant\",\n",
" labels=[\"malicious-activity\"],\n",
" pattern=\"[file:hashes.'SHA-256' = '09c7e05a39a59428743635242e4a867c932140a909f12a1e54fa7ee6a440c73b']\")\n",
"\n",
"tc_store.add(ind)\n"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 2
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython2",
"version": "2.7.12"
}
},
"nbformat": 4,
"nbformat_minor": 2
}
Reference in New Issue View Git Blame Copy Permalink