mirror of https://github.com/MISP/misp-modules
313 lines
10 KiB
JSON
313 lines
10 KiB
JSON
{
|
|
"Event": {
|
|
"id": "625",
|
|
"orgc_id": "2",
|
|
"org_id": "1",
|
|
"date": "2017-05-24",
|
|
"threat_level_id": "3",
|
|
"info": "M2M - Fwd: IMG_3428.pdf",
|
|
"published": false,
|
|
"uuid": "59259036-fcd0-4749-8a6c-4d88950d210f",
|
|
"attribute_count": "2",
|
|
"analysis": "1",
|
|
"timestamp": "1500496265",
|
|
"distribution": "3",
|
|
"proposal_email_lock": false,
|
|
"user_id": "1",
|
|
"locked": false,
|
|
"publish_timestamp": "0",
|
|
"sharing_group_id": "0",
|
|
"disable_correlation": false
|
|
},
|
|
"User": {
|
|
"email": "admin@misp.training",
|
|
"id": "1"
|
|
},
|
|
"ThreatLevel": {
|
|
"name": "Low",
|
|
"id": "3"
|
|
},
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "2",
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Attribute": [{
|
|
"id": "157835",
|
|
"type": "attachment",
|
|
"category": "Artifacts dropped",
|
|
"to_ids": false,
|
|
"uuid": "59259037-1014-4669-96b1-46af950d210f",
|
|
"event_id": "625",
|
|
"distribution": "5",
|
|
"timestamp": "1495633975",
|
|
"comment": "IMG_3428.pdf",
|
|
"sharing_group_id": "0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"value": "tmpzuni0skf",
|
|
"AttributeTag": [],
|
|
"ShadowAttribute": []
|
|
}, {
|
|
"id": "164191",
|
|
"type": "domain|ip",
|
|
"category": "Network activity",
|
|
"to_ids": false,
|
|
"uuid": "59430251-e6a4-4900-b78b-060dc0a83832",
|
|
"event_id": "625",
|
|
"distribution": "5",
|
|
"timestamp": "1497563729",
|
|
"comment": "Test data",
|
|
"sharing_group_id": "0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"value": "google.com|127.0.0.1",
|
|
"AttributeTag": [],
|
|
"ShadowAttribute": []
|
|
}, {
|
|
"id": "164192",
|
|
"type": "yara",
|
|
"category": "Artifacts dropped",
|
|
"to_ids": false,
|
|
"uuid": "59430251-e6a4-4900-b78b-060dc0a81112",
|
|
"event_id": "625",
|
|
"distribution": "5",
|
|
"timestamp": "1497563729",
|
|
"comment": "Test data",
|
|
"sharing_group_id": "0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"value": "rule MetadataExample\n{\n meta:\n my_identifier_1 = \"Some string data\"\n my_identifier_2 = 24\n my_identifier_3 = true\n\n strings:\n $my_text_string = \"text here\"\n $my_hex_string = { E2 34 A1 C8 23 FB }\n\n condition:\n $my_text_string or $my_hex_string\n}",
|
|
"AttributeTag": [],
|
|
"ShadowAttribute": []
|
|
}],
|
|
"ShadowAttribute": [],
|
|
"EventTag": [{
|
|
"id": "1482",
|
|
"event_id": "625",
|
|
"tag_id": "2",
|
|
"Tag": {
|
|
"id": "2",
|
|
"name": "tlp:white",
|
|
"colour": "#ffffff",
|
|
"exportable": true,
|
|
"org_id": "0",
|
|
"hide_tag": false
|
|
}
|
|
}],
|
|
"Galaxy": [],
|
|
"RelatedEvent": [{
|
|
"Event": {
|
|
"id": "226",
|
|
"date": "2015-11-05",
|
|
"threat_level_id": "4",
|
|
"info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman",
|
|
"published": true,
|
|
"uuid": "563b3ea6-b26c-401f-a68b-4d84950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1487757679",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "207",
|
|
"date": "2015-04-03",
|
|
"threat_level_id": "4",
|
|
"info": "OSINT The Dyre Wolf report from IBM",
|
|
"published": true,
|
|
"uuid": "551e8745-ace0-461c-b9eb-ce36950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1428070986",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "209",
|
|
"date": "2015-01-26",
|
|
"threat_level_id": "2",
|
|
"info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation",
|
|
"published": true,
|
|
"uuid": "54c60f43-b084-453a-a162-4e08950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1422356942",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "214",
|
|
"date": "2014-12-18",
|
|
"threat_level_id": "4",
|
|
"info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014",
|
|
"published": true,
|
|
"uuid": "54932a3e-7284-4753-b95c-4e08950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1442489489",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "208",
|
|
"date": "2014-11-20",
|
|
"threat_level_id": "4",
|
|
"info": "Import of CitizenLab public DB of malware indicators",
|
|
"published": true,
|
|
"uuid": "546e08ce-3134-4892-997b-73ff950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1487758220",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "373",
|
|
"date": "2014-11-18",
|
|
"threat_level_id": "4",
|
|
"info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC",
|
|
"published": true,
|
|
"uuid": "546bc3e8-d498-4e0c-b169-f2ea950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1487758281",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}, {
|
|
"Event": {
|
|
"id": "230",
|
|
"date": "2014-10-02",
|
|
"threat_level_id": "3",
|
|
"info": "OSINT ShellShock scanning IPs from OpenDNS",
|
|
"published": true,
|
|
"uuid": "542e4c9c-cadc-4f8f-bb11-6d13950d210b",
|
|
"analysis": "2",
|
|
"timestamp": "1442489604",
|
|
"distribution": "3",
|
|
"org_id": "1",
|
|
"orgc_id": "3",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "MISP",
|
|
"uuid": "56ef3277-1ad4-42f6-b90b-04e5c0a83832"
|
|
},
|
|
"Orgc": {
|
|
"id": "3",
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
}
|
|
}
|
|
}],
|
|
"RelatedAttribute": {
|
|
"164191": [{
|
|
"id": "207",
|
|
"org_id": "1",
|
|
"info": "OSINT The Dyre Wolf report from IBM",
|
|
"value": "google.com"
|
|
}, {
|
|
"id": "208",
|
|
"org_id": "1",
|
|
"info": "Import of CitizenLab public DB of malware indicators",
|
|
"value": "127.0.0.1"
|
|
}, {
|
|
"id": "209",
|
|
"org_id": "1",
|
|
"info": "OSINT I Know You Want Me - Unplugging PlugX from Takahiro Haruyama & Hiroshi Suzuki Black Hat Asia 2014 presentation",
|
|
"value": "127.0.0.1"
|
|
}, {
|
|
"id": "214",
|
|
"org_id": "1",
|
|
"info": "Expansion on two IPs listed in OSINT IOCs from various campaigns listed in Detecting Bleeding Edge Malware presentation at hack.lu 2014",
|
|
"value": "127.0.0.1"
|
|
}, {
|
|
"id": "226",
|
|
"org_id": "1",
|
|
"info": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman",
|
|
"value": "127.0.0.1"
|
|
}, {
|
|
"id": "230",
|
|
"org_id": "1",
|
|
"info": "OSINT ShellShock scanning IPs from OpenDNS",
|
|
"value": "127.0.0.1"
|
|
}, {
|
|
"id": "373",
|
|
"org_id": "1",
|
|
"info": "OSINT Expansion on Additional indicators relating to Sofacy (APT28) phishing blog post by PWC",
|
|
"value": "127.0.0.1"
|
|
}]
|
|
},
|
|
"RelatedShadowAttribute": [],
|
|
"Sighting": []
|
|
} |