chg: [doc] country search example

2020-05-28 10:37:56 +02:00 · 2020-05-28 10:37:56 +02:00 · 93208eca90
parent d883cea43a
commit 93208eca90
1 changed files with 53 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -27,7 +27,7 @@ python tai-server.py
 ~~~

 By the default, the server is listening on TCP port 8889.
- 
+
 # API and public API

 The API is simple and can be queried on the `/query` entry point by POSTing a simple query in JSON format. The query format is 
@ -84,6 +84,58 @@ curl --silent -d '{"name":"APT34"}' -H "Content-Type: application/json" -X POST
  }
 ]
 ~~~
+## Example to query threat-actors by country
+
+~~~json
+curl --silent -d '{"country":"FR"}' -H "Content-Type: application/json" -X POST http://127.0.0.1:8889/query | jq .
+[
+  {
+    "description": "In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulnerabilities are associated with an advanced threat actor we call Animal Farm. Over the past few years, Animal Farm has targeted a wide range of global organizations. The group has been active since at least 2009 and there are signs that earlier malware versions  were developed as far back as 2007.",
+    "meta": {
+      "attribution-confidence": "50",
+      "cfr-suspected-state-sponsor": "France",
+      "cfr-suspected-victims": [
+        "Syria",
+        "United States",
+        "Netherlands",
+        "Russia",
+        "Spain",
+        "Iran",
+        "China",
+        "Germany",
+        "Algeria",
+        "Norway",
+        "Malaysia",
+        "Turkey",
+        "United Kingdom",
+        "Ivory Coast",
+        "Greece"
+      ],
+      "cfr-target-category": [
+        "Government",
+        "Private sector"
+      ],
+      "cfr-type-of-incident": "Espionage",
+      "country": "FR",
+      "refs": [
+        "https://securelist.com/blog/research/69114/animals-in-the-apt-farm/",
+        "https://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france",
+        "http://www.cyphort.com/evilbunny-malware-instrumented-lua/",
+        "http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/",
+        "https://www.gdatasoftware.com/blog/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope",
+        "https://www.cfr.org/interactive/cyber-operations/snowglobe",
+        "https://resources.infosecinstitute.com/animal-farm-apt-and-the-shadow-of-france-intelligence/"
+      ],
+      "synonyms": [
+        "Animal Farm",
+        "Snowglobe"
+      ]
+    },
+    "uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab",
+    "value": "SNOWGLOBE"
+  }
+]
+~~~

 ## Example to query a threat-actor by UUID