{ "Event": { "id": "625", "orgc_id": "2", "org_id": "1", "date": "2017-05-24", "threat_level_id": "3", "info": "M2M - Fwd: IMG_3428.pdf", "published": false, "uuid": "59259036-fcd0-4749-8a6c-4d88950d210f", "attribute_count": "2", "analysis": "1", "timestamp": "1500496265", "distribution": "3", "proposal_email_lock": false, "user_id": "1", "locked": false, "publish_timestamp": "0", "sharing_group_id": "0", "disable_correlation": false }, "User": { "email": "admin@misp.training", "id": "1" }, "ThreatLevel": { "name": "Low", "id": "3" }, "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Attribute": [{ "id": "157835", "type": "attachment", "category": "Artifacts dropped", "to_ids": false, "uuid": "59259037-1014-4669-96b1-46af950d210f", "event_id": "625", "distribution": "5", "timestamp": "1495633975", "comment": "IMG_3428.pdf", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "value": "tmpzuni0skf", "AttributeTag": [], "ShadowAttribute": [] }, { "id": "164191", "type": "domain|ip", "category": "Network activity", "to_ids": false, "uuid": "59430251-e6a4-4900-b78b-060dc0a83832", "event_id": "625", "distribution": "5", "timestamp": "1497563729", "comment": "Test data", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "value": "google.com|", "AttributeTag": [], "ShadowAttribute": [] }, { "id": "164192", "type": "yara", "category": "Artifacts dropped", "to_ids": false, "uuid": "59430251-e6a4-4900-b78b-060dc0a81112", "event_id": "625", "distribution": "5", "timestamp": "1497563729", "comment": "Test data", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "value": "rule MetadataExample\n{\n meta:\n my_identifier_1 = \"Some string data\"\n my_identifier_2 = 24\n my_identifier_3 = true\n\n strings:\n $my_text_string = \"text here\"\n $my_hex_string = { E2 34 A1 C8 23 FB }\n\n condition:\n $my_text_string or $my_hex_string\n}", "AttributeTag": [], "ShadowAttribute": [] }], "ShadowAttribute": [], "EventTag": [{ "id": "1482", "event_id": "625", "tag_id": "2", "Tag": { "id": "2", "name": "tlp:white", "colour": "#ffffff", "exportable": true, "org_id": "0", "hide_tag": false } }], "Galaxy": [], "RelatedEvent": [{ "Event": { "id": "226", "date": "2015-11-05", "threat_level_id": "4", "info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", "published": true, "uuid": "563b3ea6-b26c-401f-a68b-4d84950d210b", "analysis": "2", "timestamp": "1487757679", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "207", "date": "2015-04-03", "threat_level_id": "4", "info": "OSINT The Dyre Wolf report from IBM", "published": true, "uuid": "551e8745-ace0-461c-b9eb-ce36950d210b", "analysis": "2", "timestamp": "1428070986", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "209", "date": "2015-01-26", "threat_level_id": "2", "info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation", "published": true, "uuid": "54c60f43-b084-453a-a162-4e08950d210b", "analysis": "2", "timestamp": "1422356942", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "214", "date": "2014-12-18", "threat_level_id": "4", "info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014", "published": true, "uuid": "54932a3e-7284-4753-b95c-4e08950d210b", "analysis": "2", "timestamp": "1442489489", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "208", "date": "2014-11-20", "threat_level_id": "4", "info": "Import of CitizenLab public DB of malware indicators", "published": true, "uuid": "546e08ce-3134-4892-997b-73ff950d210b", "analysis": "2", "timestamp": "1487758220", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "373", "date": "2014-11-18", "threat_level_id": "4", "info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC", "published": true, "uuid": "546bc3e8-d498-4e0c-b169-f2ea950d210b", "analysis": "2", "timestamp": "1487758281", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }, { "Event": { "id": "230", "date": "2014-10-02", "threat_level_id": "3", "info": "OSINT ShellShock scanning IPs from OpenDNS", "published": true, "uuid": "542e4c9c-cadc-4f8f-bb11-6d13950d210b", "analysis": "2", "timestamp": "1442489604", "distribution": "3", "org_id": "1", "orgc_id": "3", "Org": { "id": "1", "name": "MISP", "uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" }, "Orgc": { "id": "3", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" } } }], "RelatedAttribute": { "164191": [{ "id": "207", "org_id": "1", "info": "OSINT The Dyre Wolf report from IBM", "value": "google.com" }, { "id": "208", "org_id": "1", "info": "Import of CitizenLab public DB of malware indicators", "value": "" }, { "id": "209", "org_id": "1", "info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation", "value": "" }, { "id": "214", "org_id": "1", "info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014", "value": "" }, { "id": "226", "org_id": "1", "info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", "value": "" }, { "id": "230", "org_id": "1", "info": "OSINT ShellShock scanning IPs from OpenDNS", "value": "" }, { "id": "373", "org_id": "1", "info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC", "value": "" }] }, "RelatedShadowAttribute": [], "Sighting": [] }