mirror of https://github.com/MISP/misp-modules
Modules for expansion services, import and export in MISP
http://misp.github.io/misp-modules
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
297 lines
9.4 KiB
297 lines
9.4 KiB
{ |
|
"Event": { |
|
"id": "625", |
|
"orgc_id": "2", |
|
"org_id": "1", |
|
"date": "2017-05-24", |
|
"threat_level_id": "3", |
|
"info": "M2M - Fwd: IMG_3428.pdf", |
|
"published": false, |
|
"uuid": "59259036-fcd0-4749-8a6c-4d88950d210f", |
|
"attribute_count": "2", |
|
"analysis": "1", |
|
"timestamp": "1500496265", |
|
"distribution": "3", |
|
"proposal_email_lock": false, |
|
"user_id": "1", |
|
"locked": false, |
|
"publish_timestamp": "0", |
|
"sharing_group_id": "0", |
|
"disable_correlation": false |
|
}, |
|
"User": { |
|
"email": "admin@misp.training", |
|
"id": "1" |
|
}, |
|
"ThreatLevel": { |
|
"name": "Low", |
|
"id": "3" |
|
}, |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "2", |
|
"name": "CIRCL", |
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" |
|
}, |
|
"Attribute": [{ |
|
"id": "157835", |
|
"type": "attachment", |
|
"category": "Artifacts dropped", |
|
"to_ids": false, |
|
"uuid": "59259037-1014-4669-96b1-46af950d210f", |
|
"event_id": "625", |
|
"distribution": "5", |
|
"timestamp": "1495633975", |
|
"comment": "IMG_3428.pdf", |
|
"sharing_group_id": "0", |
|
"deleted": false, |
|
"disable_correlation": false, |
|
"value": "tmpzuni0skf", |
|
"AttributeTag": [], |
|
"ShadowAttribute": [] |
|
}, { |
|
"id": "164191", |
|
"type": "domain|ip", |
|
"category": "Network activity", |
|
"to_ids": false, |
|
"uuid": "59430251-e6a4-4900-b78b-060dc0a83832", |
|
"event_id": "625", |
|
"distribution": "5", |
|
"timestamp": "1497563729", |
|
"comment": "Test data", |
|
"sharing_group_id": "0", |
|
"deleted": false, |
|
"disable_correlation": false, |
|
"value": "google.com|127.0.0.1", |
|
"AttributeTag": [], |
|
"ShadowAttribute": [] |
|
}], |
|
"ShadowAttribute": [], |
|
"EventTag": [{ |
|
"id": "1482", |
|
"event_id": "625", |
|
"tag_id": "2", |
|
"Tag": { |
|
"id": "2", |
|
"name": "tlp:white", |
|
"colour": "#ffffff", |
|
"exportable": true, |
|
"org_id": "0", |
|
"hide_tag": false |
|
} |
|
}], |
|
"Galaxy": [], |
|
"RelatedEvent": [{ |
|
"Event": { |
|
"id": "226", |
|
"date": "2015-11-05", |
|
"threat_level_id": "4", |
|
"info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", |
|
"published": true, |
|
"uuid": "563b3ea6-b26c-401f-a68b-4d84950d210b", |
|
"analysis": "2", |
|
"timestamp": "1487757679", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "207", |
|
"date": "2015-04-03", |
|
"threat_level_id": "4", |
|
"info": "OSINT The Dyre Wolf report from IBM", |
|
"published": true, |
|
"uuid": "551e8745-ace0-461c-b9eb-ce36950d210b", |
|
"analysis": "2", |
|
"timestamp": "1428070986", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "209", |
|
"date": "2015-01-26", |
|
"threat_level_id": "2", |
|
"info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation", |
|
"published": true, |
|
"uuid": "54c60f43-b084-453a-a162-4e08950d210b", |
|
"analysis": "2", |
|
"timestamp": "1422356942", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "214", |
|
"date": "2014-12-18", |
|
"threat_level_id": "4", |
|
"info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014", |
|
"published": true, |
|
"uuid": "54932a3e-7284-4753-b95c-4e08950d210b", |
|
"analysis": "2", |
|
"timestamp": "1442489489", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "208", |
|
"date": "2014-11-20", |
|
"threat_level_id": "4", |
|
"info": "Import of CitizenLab public DB of malware indicators", |
|
"published": true, |
|
"uuid": "546e08ce-3134-4892-997b-73ff950d210b", |
|
"analysis": "2", |
|
"timestamp": "1487758220", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "373", |
|
"date": "2014-11-18", |
|
"threat_level_id": "4", |
|
"info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC", |
|
"published": true, |
|
"uuid": "546bc3e8-d498-4e0c-b169-f2ea950d210b", |
|
"analysis": "2", |
|
"timestamp": "1487758281", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}, { |
|
"Event": { |
|
"id": "230", |
|
"date": "2014-10-02", |
|
"threat_level_id": "3", |
|
"info": "OSINT ShellShock scanning IPs from OpenDNS", |
|
"published": true, |
|
"uuid": "542e4c9c-cadc-4f8f-bb11-6d13950d210b", |
|
"analysis": "2", |
|
"timestamp": "1442489604", |
|
"distribution": "3", |
|
"org_id": "1", |
|
"orgc_id": "3", |
|
"Org": { |
|
"id": "1", |
|
"name": "MISP", |
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832" |
|
}, |
|
"Orgc": { |
|
"id": "3", |
|
"name": "CthulhuSPRL.be", |
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" |
|
} |
|
} |
|
}], |
|
"RelatedAttribute": { |
|
"164191": [{ |
|
"id": "207", |
|
"org_id": "1", |
|
"info": "OSINT The Dyre Wolf report from IBM", |
|
"value": "google.com" |
|
}, { |
|
"id": "208", |
|
"org_id": "1", |
|
"info": "Import of CitizenLab public DB of malware indicators", |
|
"value": "127.0.0.1" |
|
}, { |
|
"id": "209", |
|
"org_id": "1", |
|
"info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation", |
|
"value": "127.0.0.1" |
|
}, { |
|
"id": "214", |
|
"org_id": "1", |
|
"info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014", |
|
"value": "127.0.0.1" |
|
}, { |
|
"id": "226", |
|
"org_id": "1", |
|
"info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman", |
|
"value": "127.0.0.1" |
|
}, { |
|
"id": "230", |
|
"org_id": "1", |
|
"info": "OSINT ShellShock scanning IPs from OpenDNS", |
|
"value": "127.0.0.1" |
|
}, { |
|
"id": "373", |
|
"org_id": "1", |
|
"info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC", |
|
"value": "127.0.0.1" |
|
}] |
|
}, |
|
"RelatedShadowAttribute": [], |
|
"Sighting": [] |
|
} |