From 13882237164ea65c9fb50520f341423dc658c08a Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 4 Oct 2023 09:27:34 +0000 Subject: [PATCH] Update MISP snapshots --- MISP/Snapshot-with-IP.json | 2 +- MISP/Snapshot-with-MD5.json | 2 +- MISP/Snapshot-with-SHA1.json | 2 +- MISP/Snapshot-with-SHA256.json | 2 +- MISP/Snapshot-with-URL.json | 2 +- MISP/Snapshot-with-domain.json | 2 +- MISP/Snapshot-with-hostname.json | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/MISP/Snapshot-with-IP.json b/MISP/Snapshot-with-IP.json index bba99505..1088db44 100644 --- a/MISP/Snapshot-with-IP.json +++ b/MISP/Snapshot-with-IP.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "ip:\"192.168.56.101\"", "actions": "[{\"created-perf\":1783155000.000079,\"updated-perf\":1783155000.000079,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:35.375Z\",\"state\":\"ok\",\"arg\":\"ip:\\\"192.168.56.101\\\"\",\"result\":[{\"value\":\"192.168.56.101\",\"type\":\"ip\"}],\"id\":\"collect-a4b8c7ba\",\"uuid\":\"6dff455d-7c22-4213-9b60-b817d52ec32b\"},{\"created-perf\":32042210000.000523,\"updated-perf\":32042210000.000523,\"type\":\"investigate\",\"created\":\"2021-05-12T09:27:05.635Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"192.168.56.101\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"The Dukes: 7 Years of Russian Espionage\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"192.168.56.101\",\"type\":\"ip\"},\"judgement_id\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:36.000Z\",\"end_time\":\"2023-09-27T09:26:36.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-382fcf04-25a6-4cf2-b252-2659415cc875\",\"id\":\"transient:relationship-d7e4223e-9a5a-4f9f-a438-06678b8371c2\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"id\":\"transient:relationship-c5193a62-1a0e-4752-a308-7778dcdf321b\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:36.000Z\",\"end_time\":\"2023-09-27T09:26:36.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"192.168.56.101\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"192.168.56.101\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:sighting-382fcf04-25a6-4cf2-b252-2659415cc875\",\"count\":1,\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-6d456bdc\",\"uuid\":\"77d536d4-daac-481d-bc1e-bc1ac7409bec\"}]", "short_description": "Snapshot-with-IP", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-5c105434-c01a-4fcf-bd34-fe9b56143d4c", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:28:42.121Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "ip:\"192.168.56.101\"", "actions": "[{\"created-perf\":1783155000.000079,\"updated-perf\":1783155000.000079,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:35.375Z\",\"state\":\"ok\",\"arg\":\"ip:\\\"192.168.56.101\\\"\",\"result\":[{\"value\":\"192.168.56.101\",\"type\":\"ip\"}],\"id\":\"collect-a4b8c7ba\",\"uuid\":\"6dff455d-7c22-4213-9b60-b817d52ec32b\"},{\"created-perf\":32042210000.000523,\"updated-perf\":32042210000.000523,\"type\":\"investigate\",\"created\":\"2021-05-12T09:27:05.635Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"192.168.56.101\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"The Dukes: 7 Years of Russian Espionage\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"192.168.56.101\",\"type\":\"ip\"},\"judgement_id\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:36.000Z\",\"end_time\":\"2023-10-04T09:26:36.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-382fcf04-25a6-4cf2-b252-2659415cc875\",\"id\":\"transient:relationship-d7e4223e-9a5a-4f9f-a438-06678b8371c2\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"id\":\"transient:relationship-c5193a62-1a0e-4752-a308-7778dcdf321b\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:36.000Z\",\"end_time\":\"2023-10-04T09:26:36.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"192.168.56.101\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-badeb937-8276-445c-becb-c00141a5397f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"192.168.56.101\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:sighting-382fcf04-25a6-4cf2-b252-2659415cc875\",\"count\":1,\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-6d456bdc\",\"uuid\":\"77d536d4-daac-481d-bc1e-bc1ac7409bec\"}]", "short_description": "Snapshot-with-IP", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-5c105434-c01a-4fcf-bd34-fe9b56143d4c", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:28:42.121Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-MD5.json b/MISP/Snapshot-with-MD5.json index e205bb09..f28671ea 100644 --- a/MISP/Snapshot-with-MD5.json +++ b/MISP/Snapshot-with-MD5.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "md5:\"d2e9412428c3bcf3ec98dba8a78adb7b\"", "actions": "[{\"created-perf\":1592360000.0005536,\"updated-perf\":1592365000.0004272,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:30.268Z\",\"state\":\"ok\",\"arg\":\"md5:\\\"d2e9412428c3bcf3ec98dba8a78adb7b\\\"\",\"result\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"id\":\"collect-c19dc30f\",\"uuid\":\"f32171eb-059b-4efe-ab0a-f1e21f2af85e\"},{\"created-perf\":3306005000.0003686,\"updated-perf\":3306010000.000242,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:31.982Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"tags\":[\"type:OSINT\",\"tlp:green\"],\"valid_time\":{\"start_time\":\"2017-03-30T00:00:00.000Z\",\"end_time\":\"2017-03-30T00:00:00.000Z\"},\"producer\":\"CthulhuSPRL.be\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"Import of CitizenLab public DB of malware indicators\",\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"id\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"timestamp\":\"2018-02-05T07:53:58.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\",\"type:OSINT\"],\"valid_time\":{\"start_time\":\"2018-07-19T00:00:00.000Z\",\"end_time\":\"2018-07-19T00:00:00.000Z\"},\"producer\":\"CIRCL\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload installation\",\"title\":\"OSINT - Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans\",\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"id\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"timestamp\":\"2016-03-10T13:58:30.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-07-19T00:00:00.000Z\",\"end_time\":\"2018-07-19T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload delivery\",\"title\":\"Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans\",\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"id\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"timestamp\":\"2016-12-15T11:41:08.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"judgement_id\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:31.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-494a62bc-0fb5-4f21-b465-f5c00f4c80af\",\"id\":\"transient:relationship-a338435a-a37e-4cee-8425-353feb730c12\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"id\":\"transient:relationship-29e02fda-e954-4ec4-96c6-a63128bbb13a\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-c767f9f4-cc1a-4f6e-bb4f-4005f1773bd3\",\"id\":\"transient:relationship-a5371397-aacf-42e5-b6ed-9d0e7a15491f\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-2b0ff969-0d54-49a7-b22f-cd649ad5354a\",\"id\":\"transient:relationship-d2c6b0d7-11b2-46c8-8e00-49836e81748d\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-c8be4806-5c68-48c2-9f78-e2161db114e9\",\"id\":\"transient:relationship-1be76568-e637-4e2d-b5cd-e686c1da0ba3\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-62195dc9-ae03-4422-a16a-979567f400b4\",\"id\":\"transient:relationship-e403ccce-b2cd-45bd-add5-7d1d14bda76b\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:31.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":5,\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"disposition_name\":\"Unknown\",\"priority\":85,\"id\":\"transient:judgement-494a62bc-0fb5-4f21-b465-f5c00f4c80af\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:31.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-2b0ff969-0d54-49a7-b22f-cd649ad5354a\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:31.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":3,\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"description\":\"Category: Payload installation\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"id\":\"transient:sighting-c767f9f4-cc1a-4f6e-bb4f-4005f1773bd3\",\"count\":1,\"timestamp\":\"2016-03-10T13:58:30.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-07-19T00:00:00.000Z\",\"end_time\":\"2018-07-19T00:00:00.000Z\"}},{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"id\":\"transient:sighting-62195dc9-ae03-4422-a16a-979567f400b4\",\"count\":1,\"timestamp\":\"2018-02-05T07:53:58.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-03-30T00:00:00.000Z\",\"end_time\":\"2017-03-30T00:00:00.000Z\"}},{\"description\":\"Category: Payload delivery\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"id\":\"transient:sighting-c8be4806-5c68-48c2-9f78-e2161db114e9\",\"count\":1,\"timestamp\":\"2016-12-15T11:41:08.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-07-19T00:00:00.000Z\",\"end_time\":\"2018-07-19T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-a49a83ba\",\"uuid\":\"b040fd86-bf99-473c-8e90-dae834f51b24\"}]", "short_description": "Snapshot-with-MD5", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-da5d0740-3c45-4bfb-9e37-7c5acf3e7a67", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:29:14.732Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "md5:\"d2e9412428c3bcf3ec98dba8a78adb7b\"", "actions": "[{\"created-perf\":1592360000.0005536,\"updated-perf\":1592365000.0004272,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:30.268Z\",\"state\":\"ok\",\"arg\":\"md5:\\\"d2e9412428c3bcf3ec98dba8a78adb7b\\\"\",\"result\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"id\":\"collect-c19dc30f\",\"uuid\":\"f32171eb-059b-4efe-ab0a-f1e21f2af85e\"},{\"created-perf\":3306005000.0003686,\"updated-perf\":3306010000.000242,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:31.982Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"tags\":[\"type:OSINT\",\"tlp:green\"],\"valid_time\":{\"start_time\":\"2017-04-06T00:00:00.000Z\",\"end_time\":\"2017-04-06T00:00:00.000Z\"},\"producer\":\"CthulhuSPRL.be\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"Import of CitizenLab public DB of malware indicators\",\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"id\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"timestamp\":\"2018-02-05T07:53:58.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\",\"type:OSINT\"],\"valid_time\":{\"start_time\":\"2018-07-26T00:00:00.000Z\",\"end_time\":\"2018-07-26T00:00:00.000Z\"},\"producer\":\"CIRCL\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload installation\",\"title\":\"OSINT - Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans\",\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"id\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"timestamp\":\"2016-03-10T13:58:30.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-07-26T00:00:00.000Z\",\"end_time\":\"2018-07-26T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload delivery\",\"title\":\"Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans\",\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"id\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"timestamp\":\"2016-12-15T11:41:08.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"judgement_id\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:31.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-494a62bc-0fb5-4f21-b465-f5c00f4c80af\",\"id\":\"transient:relationship-a338435a-a37e-4cee-8425-353feb730c12\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"id\":\"transient:relationship-29e02fda-e954-4ec4-96c6-a63128bbb13a\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e177ef-38cc-441b-a398-4f66950d210f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-c767f9f4-cc1a-4f6e-bb4f-4005f1773bd3\",\"id\":\"transient:relationship-a5371397-aacf-42e5-b6ed-9d0e7a15491f\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-2b0ff969-0d54-49a7-b22f-cd649ad5354a\",\"id\":\"transient:relationship-d2c6b0d7-11b2-46c8-8e00-49836e81748d\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56e1d652-a310-47a3-9017-b527c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-c8be4806-5c68-48c2-9f78-e2161db114e9\",\"id\":\"transient:relationship-1be76568-e637-4e2d-b5cd-e686c1da0ba3\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-546e08ce-3134-4892-997b-73ff950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-62195dc9-ae03-4422-a16a-979567f400b4\",\"id\":\"transient:relationship-e403ccce-b2cd-45bd-add5-7d1d14bda76b\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:31.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":5,\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"disposition_name\":\"Unknown\",\"priority\":85,\"id\":\"transient:judgement-494a62bc-0fb5-4f21-b465-f5c00f4c80af\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:31.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-2b0ff969-0d54-49a7-b22f-cd649ad5354a\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:31.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":3,\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-2dc3d11d-95b5-4723-a07c-52c8f2a4cf84\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"description\":\"Category: Payload installation\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56e177ef-38cc-441b-a398-4f66950d210f\",\"id\":\"transient:sighting-c767f9f4-cc1a-4f6e-bb4f-4005f1773bd3\",\"count\":1,\"timestamp\":\"2016-03-10T13:58:30.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-07-26T00:00:00.000Z\",\"end_time\":\"2018-07-26T00:00:00.000Z\"}},{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/546e08ce-3134-4892-997b-73ff950d210b\",\"id\":\"transient:sighting-62195dc9-ae03-4422-a16a-979567f400b4\",\"count\":1,\"timestamp\":\"2018-02-05T07:53:58.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-04-06T00:00:00.000Z\",\"end_time\":\"2017-04-06T00:00:00.000Z\"}},{\"description\":\"Category: Payload delivery\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"d2e9412428c3bcf3ec98dba8a78adb7b\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56e1d652-a310-47a3-9017-b527c0a8ab16\",\"id\":\"transient:sighting-c8be4806-5c68-48c2-9f78-e2161db114e9\",\"count\":1,\"timestamp\":\"2016-12-15T11:41:08.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-07-26T00:00:00.000Z\",\"end_time\":\"2018-07-26T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-a49a83ba\",\"uuid\":\"b040fd86-bf99-473c-8e90-dae834f51b24\"}]", "short_description": "Snapshot-with-MD5", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-da5d0740-3c45-4bfb-9e37-7c5acf3e7a67", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:29:14.732Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-SHA1.json b/MISP/Snapshot-with-SHA1.json index a8e21645..0df9adff 100644 --- a/MISP/Snapshot-with-SHA1.json +++ b/MISP/Snapshot-with-SHA1.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "sha1:\"42e6da9a08802b5ce5d1f754d4567665637b47bc\"", "actions": "[{\"created-perf\":1802010000.0003366,\"updated-perf\":1802015000.0002105,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:20.475Z\",\"state\":\"ok\",\"arg\":\"sha1:\\\"42e6da9a08802b5ce5d1f754d4567665637b47bc\\\"\",\"result\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"id\":\"collect-8bd58245\",\"uuid\":\"7f882bbb-c0cd-46ee-8795-46d2564ba93f\"},{\"created-perf\":3540470000.0008235,\"updated-perf\":3540475000.000697,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:22.214Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha1\",\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2018-10-31T00:00:00.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-02-18T00:00:00.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-03-10T03:26:57.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"relationships\":{\"count\":4,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-08b69d01688d8965db5ab09f988e3ab8258b5901\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9370e99d-afc0-48b1-895f-9e5758a5e5c9\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.195Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-871ae7e48c1c768565235448dee9bc5632f36cca\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e9e8ac57-0c90-4f4e-b32c-aca33a71a0d3\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cf4e0138b46e8efb3c2892429bd2ec6a1d9e823a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-52860bc5-b198-4e4f-a8eb-c4224c8f108c\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.150Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99ce9b71b33936eaca48bcb99f47302e7b09f339\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9b4e6cd8-0622-4b74-ac7f-4d9b15badb3a\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.238Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-03-10T03:26:57.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/fb9d7ead920c8be662d36f6541676d32\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha1-42e6da9a08802b5ce5d1f754d4567665637b47bc\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"severity\":\"High\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.021Z\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fb9d7ead920c8be662d36f6541676d32\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.103Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-10T03:20:45.000Z\",\"end_time\":\"2023-03-10T03:26:57.000Z\"}}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"The Dukes: 7 Years of Russian Espionage\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\",\"type:OSINT\"],\"valid_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"},\"producer\":\"CIRCL\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload installation\",\"title\":\"OSINT - THE DUKES 7 years of Russian cyberespionage\",\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"id\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"timestamp\":\"2016-03-08T00:26:46.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2017-11-08T00:00:00.000Z\",\"end_time\":\"2017-11-08T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"APT29 HammerToss - FireEye\",\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"id\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"timestamp\":\"2016-02-23T22:46:23.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"judgement_id\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:22.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-cf1aac2e-37ae-486c-a578-f48c0e751400\",\"id\":\"transient:relationship-eee4f5fb-7ceb-4d70-8a9d-75f7fa0dbb41\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-698b661e-642e-4254-b467-a95beb81ac2d\",\"id\":\"transient:relationship-308b8b01-2569-4d0e-80ae-e33dd0b05b99\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"id\":\"transient:relationship-c7a43c77-c506-458a-8128-d872e75c7222\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-982f4faf-5b3a-4013-afe6-94aa2d380736\",\"id\":\"transient:relationship-152192b3-d747-4982-ae3b-5e52910bc7ce\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-735f08fd-d981-442d-a655-c8d291414098\",\"id\":\"transient:relationship-c8c36095-e314-42b0-a278-34c338bfd786\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-eed589c3-af7d-4214-ba00-0ee2456ad8fd\",\"id\":\"transient:relationship-a9e5af09-43aa-4f05-b28a-cd753bc570e4\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:22.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-982f4faf-5b3a-4013-afe6-94aa2d380736\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:22.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:22.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-698b661e-642e-4254-b467-a95beb81ac2d\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"id\":\"transient:sighting-cf1aac2e-37ae-486c-a578-f48c0e751400\",\"count\":1,\"timestamp\":\"2016-02-23T22:46:23.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-11-08T00:00:00.000Z\",\"end_time\":\"2017-11-08T00:00:00.000Z\"}},{\"description\":\"Category: Payload installation\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"id\":\"transient:sighting-eed589c3-af7d-4214-ba00-0ee2456ad8fd\",\"count\":1,\"timestamp\":\"2016-03-08T00:26:46.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"}},{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:sighting-735f08fd-d981-442d-a655-c8d291414098\",\"count\":1,\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-01-25T00:00:00.000Z\",\"end_time\":\"2018-01-25T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-e942ec36\",\"uuid\":\"da4ae3a6-5d18-410f-9316-d12c228b2d4c\"}]", "short_description": "Snapshot-with-SHA1", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-62195dd4-bf3e-4168-bfd4-0f45ec4ab8e0", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:09.992Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "sha1:\"42e6da9a08802b5ce5d1f754d4567665637b47bc\"", "actions": "[{\"created-perf\":1802010000.0003366,\"updated-perf\":1802015000.0002105,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:20.475Z\",\"state\":\"ok\",\"arg\":\"sha1:\\\"42e6da9a08802b5ce5d1f754d4567665637b47bc\\\"\",\"result\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"id\":\"collect-8bd58245\",\"uuid\":\"7f882bbb-c0cd-46ee-8795-46d2564ba93f\"},{\"created-perf\":3540470000.0008235,\"updated-perf\":3540475000.000697,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:22.214Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha1\",\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2018-11-07T00:00:00.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-02-25T00:00:00.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-03-17T03:26:57.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"relationships\":{\"count\":4,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-08b69d01688d8965db5ab09f988e3ab8258b5901\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9370e99d-afc0-48b1-895f-9e5758a5e5c9\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.195Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-871ae7e48c1c768565235448dee9bc5632f36cca\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e9e8ac57-0c90-4f4e-b32c-aca33a71a0d3\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cf4e0138b46e8efb3c2892429bd2ec6a1d9e823a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-52860bc5-b198-4e4f-a8eb-c4224c8f108c\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.150Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99ce9b71b33936eaca48bcb99f47302e7b09f339\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9b4e6cd8-0622-4b74-ac7f-4d9b15badb3a\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.238Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-03-17T03:26:57.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/fb9d7ead920c8be662d36f6541676d32\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha1-42e6da9a08802b5ce5d1f754d4567665637b47bc\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-b8c2ce76-4a8e-4cdf-af6d-dd03866e6a98\",\"severity\":\"High\",\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.021Z\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fb9d7ead920c8be662d36f6541676d32\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-703f308a-662f-4eeb-b58a-c67fa457ab2d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-01T04:49:10.103Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-17T03:20:45.000Z\",\"end_time\":\"2023-03-17T03:26:57.000Z\"}}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"The Dukes: 7 Years of Russian Espionage\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\",\"type:OSINT\"],\"valid_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"},\"producer\":\"CIRCL\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload installation\",\"title\":\"OSINT - THE DUKES 7 years of Russian cyberespionage\",\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"id\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"timestamp\":\"2016-03-08T00:26:46.000Z\",\"confidence\":\"High\"},{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2017-11-15T00:00:00.000Z\",\"end_time\":\"2017-11-15T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Artifacts dropped\",\"title\":\"APT29 HammerToss - FireEye\",\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"id\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"timestamp\":\"2016-02-23T22:46:23.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"judgement_id\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:22.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-cf1aac2e-37ae-486c-a578-f48c0e751400\",\"id\":\"transient:relationship-eee4f5fb-7ceb-4d70-8a9d-75f7fa0dbb41\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56cce132-8560-4858-8af4-52809062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-698b661e-642e-4254-b467-a95beb81ac2d\",\"id\":\"transient:relationship-308b8b01-2569-4d0e-80ae-e33dd0b05b99\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"id\":\"transient:relationship-c7a43c77-c506-458a-8128-d872e75c7222\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-982f4faf-5b3a-4013-afe6-94aa2d380736\",\"id\":\"transient:relationship-152192b3-d747-4982-ae3b-5e52910bc7ce\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ca367a-5a88-4925-a309-4cd69062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-735f08fd-d981-442d-a655-c8d291414098\",\"id\":\"transient:relationship-c8c36095-e314-42b0-a278-34c338bfd786\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-55fa6843-4594-454d-bc79-4b0c950d210b\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-eed589c3-af7d-4214-ba00-0ee2456ad8fd\",\"id\":\"transient:relationship-a9e5af09-43aa-4f05-b28a-cd753bc570e4\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:22.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-982f4faf-5b3a-4013-afe6-94aa2d380736\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:22.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-11e7ec44-92e2-4c62-bc78-d75dcab8090e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:22.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-698b661e-642e-4254-b467-a95beb81ac2d\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56cce132-8560-4858-8af4-52809062e56a\",\"id\":\"transient:sighting-cf1aac2e-37ae-486c-a578-f48c0e751400\",\"count\":1,\"timestamp\":\"2016-02-23T22:46:23.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-11-15T00:00:00.000Z\",\"end_time\":\"2017-11-15T00:00:00.000Z\"}},{\"description\":\"Category: Payload installation\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/55fa6843-4594-454d-bc79-4b0c950d210b\",\"id\":\"transient:sighting-eed589c3-af7d-4214-ba00-0ee2456ad8fd\",\"count\":1,\"timestamp\":\"2016-03-08T00:26:46.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"}},{\"description\":\"Category: Artifacts dropped\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"42e6da9a08802b5ce5d1f754d4567665637b47bc\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ca367a-5a88-4925-a309-4cd69062e56a\",\"id\":\"transient:sighting-735f08fd-d981-442d-a655-c8d291414098\",\"count\":1,\"timestamp\":\"2016-06-21T11:52:43.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2018-02-01T00:00:00.000Z\",\"end_time\":\"2018-02-01T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-e942ec36\",\"uuid\":\"da4ae3a6-5d18-410f-9316-d12c228b2d4c\"}]", "short_description": "Snapshot-with-SHA1", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-62195dd4-bf3e-4168-bfd4-0f45ec4ab8e0", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:09.992Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-SHA256.json b/MISP/Snapshot-with-SHA256.json index 8ba9e5e4..4b86a376 100644 --- a/MISP/Snapshot-with-SHA256.json +++ b/MISP/Snapshot-with-SHA256.json @@ -1 +1 @@ -{"description": "SHA256", "schema_version": "1.1.3", "type": "investigation", "search-txt": "sha256:\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"", "actions": "[{\"created-perf\":2119920000.0000927,\"updated-perf\":2119920000.0000927,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:42.000Z\",\"state\":\"ok\",\"arg\":\"sha256:\\\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\\\"\",\"result\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"id\":\"collect-693ed84\",\"uuid\":\"dc4b4510-d91d-428c-91c4-8f48bb658ca7\"},{\"created-perf\":3744685000.0005727,\"updated-perf\":3744685000.0005727,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:43.625Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"description\":\"The submitted document contains minimal content, embedded material, and was seen establishing outbound network communications. The combination of these anomalies is often associated with malicious behaviours.\",\"tags\":[\"dropper\",\"macro\",\"embedded\",\"low content\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-11-06T00:00:00.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7e7ecc9cba7349998bca269159018973bbe89d3b1ffdf3d669f438025d1a193c\"],\"short_description\":\"A Document File with Embedded and Minimal Content Established Network Communications\",\"title\":\"document-min-and-embedded-network-traffic\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-06-06T13:38:17.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2b424b6ce6c10e51e0f9f14eee566f0f910222b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ad737cbd-3b5b-468f-bdb7-164a47def13f\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.709Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2d14091eead78df17578d86e648fb86b7cfaf0cb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-56e44d90-4898-4508-b960-3b321960fda5\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-732b21e3-4964-4e3f-bf75-c33023cfe37f\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.759Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-06-06T13:38:17.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.0.23\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/322355a54dbdb1c1c55edd3bf10fa9d9\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha256-17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"severity\":\"High\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.600Z\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-322355a54dbdb1c1c55edd3bf10fa9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-56e44d90-4898-4508-b960-3b321960fda5\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.655Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-06-06T13:31:49.000Z\",\"end_time\":\"2023-06-06T13:38:17.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:42.645Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:42.645Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"AMP Protect DB\",\"disposition\":2,\"reason\":\"AMP ProtectDB Conviction\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:b481282b-2e66-4b15-b631-ddb19616d0f1\",\"severity\":\"High\",\"tlp\":\"amber\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"misp-galaxy:banker=\\\"Qakbot\\\"\",\"tlp:white\"],\"valid_time\":{\"start_time\":\"2023-06-08T00:00:00.000Z\",\"end_time\":\"2023-06-08T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload delivery\",\"title\":\"TA551 (Shathak) Word docs push Qakbot (Qbot)\",\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"id\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"timestamp\":\"2021-01-28T20:34:16.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"judgement_id\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:43.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-1981b1e5-88fb-4286-b0f3-8470c5a26fdc\",\"id\":\"transient:relationship-6fee1698-4873-4d69-9deb-18a71014d429\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"id\":\"transient:relationship-6b947205-2d7c-4437-8f2e-0e2069ba58c0\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:43.000Z\",\"end_time\":\"2527-05-12T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Payload delivery\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"id\":\"transient:sighting-1981b1e5-88fb-4286-b0f3-8470c5a26fdc\",\"count\":1,\"timestamp\":\"2021-01-28T20:34:16.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-06-08T00:00:00.000Z\",\"end_time\":\"2023-06-08T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-2fc82e98\",\"uuid\":\"827ebd21-60c8-4ee6-b32b-0eba8e6256c1\"}]", "short_description": "Snapshot-with-SHA-256", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1966d92b-7d9a-4b9d-a980-a61bf3021d83", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:28:11.080Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"description": "SHA256", "schema_version": "1.1.3", "type": "investigation", "search-txt": "sha256:\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"", "actions": "[{\"created-perf\":2119920000.0000927,\"updated-perf\":2119920000.0000927,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:42.000Z\",\"state\":\"ok\",\"arg\":\"sha256:\\\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\\\"\",\"result\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"id\":\"collect-693ed84\",\"uuid\":\"dc4b4510-d91d-428c-91c4-8f48bb658ca7\"},{\"created-perf\":3744685000.0005727,\"updated-perf\":3744685000.0005727,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:43.625Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"description\":\"The submitted document contains minimal content, embedded material, and was seen establishing outbound network communications. The combination of these anomalies is often associated with malicious behaviours.\",\"tags\":[\"dropper\",\"macro\",\"embedded\",\"low content\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-11-13T00:00:00.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7e7ecc9cba7349998bca269159018973bbe89d3b1ffdf3d669f438025d1a193c\"],\"short_description\":\"A Document File with Embedded and Minimal Content Established Network Communications\",\"title\":\"document-min-and-embedded-network-traffic\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-06-13T13:38:17.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2b424b6ce6c10e51e0f9f14eee566f0f910222b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ad737cbd-3b5b-468f-bdb7-164a47def13f\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.709Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-6d57babb-0598-4c35-9b8f-d82ff2eaedca\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2d14091eead78df17578d86e648fb86b7cfaf0cb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-56e44d90-4898-4508-b960-3b321960fda5\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-732b21e3-4964-4e3f-bf75-c33023cfe37f\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.759Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-06-13T13:38:17.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.0.23\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/322355a54dbdb1c1c55edd3bf10fa9d9\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha256-17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-abbfea0f-3ddf-4270-9cff-1771a981e6e1\",\"severity\":\"High\",\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.600Z\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-322355a54dbdb1c1c55edd3bf10fa9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-56e44d90-4898-4508-b960-3b321960fda5\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2021-01-27T06:10:02.655Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-06-13T13:31:49.000Z\",\"end_time\":\"2023-06-13T13:38:17.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:42.645Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:42.645Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"AMP Protect DB\",\"disposition\":2,\"reason\":\"AMP ProtectDB Conviction\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:b481282b-2e66-4b15-b631-ddb19616d0f1\",\"severity\":\"High\",\"tlp\":\"amber\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"misp-galaxy:banker=\\\"Qakbot\\\"\",\"tlp:white\"],\"valid_time\":{\"start_time\":\"2023-06-15T00:00:00.000Z\",\"end_time\":\"2023-06-15T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Payload delivery\",\"title\":\"TA551 (Shathak) Word docs push Qakbot (Qbot)\",\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"id\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"timestamp\":\"2021-01-28T20:34:16.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"judgement_id\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:43.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-1981b1e5-88fb-4286-b0f3-8470c5a26fdc\",\"id\":\"transient:relationship-6fee1698-4873-4d69-9deb-18a71014d429\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"id\":\"transient:relationship-6b947205-2d7c-4437-8f2e-0e2069ba58c0\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:43.000Z\",\"end_time\":\"2527-05-19T00:00:00.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-fe9965bc-7ced-43f2-b886-aa618c6bbc75\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Payload delivery\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/60131f2d-2c34-4101-90e2-f98ec0a8ab16\",\"id\":\"transient:sighting-1981b1e5-88fb-4286-b0f3-8470c5a26fdc\",\"count\":1,\"timestamp\":\"2021-01-28T20:34:16.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-06-15T00:00:00.000Z\",\"end_time\":\"2023-06-15T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-2fc82e98\",\"uuid\":\"827ebd21-60c8-4ee6-b32b-0eba8e6256c1\"}]", "short_description": "Snapshot-with-SHA-256", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1966d92b-7d9a-4b9d-a980-a61bf3021d83", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:28:11.080Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-URL.json b/MISP/Snapshot-with-URL.json index cf3bf5c0..51f817f0 100644 --- a/MISP/Snapshot-with-URL.json +++ b/MISP/Snapshot-with-URL.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "url:\"https://portal.sbn.co.th/rss.php\"", "actions": "[{\"created-perf\":1637365000.0005,\"updated-perf\":1637370000.0003736,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:25.558Z\",\"state\":\"ok\",\"arg\":\"url:\\\"https://portal.sbn.co.th/rss.php\\\"\",\"result\":[{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"}],\"id\":\"collect-b0a19367\",\"uuid\":\"670ea189-2bc2-47e2-bfda-4dbada25592b\"},{\"created-perf\":2873975000.0004277,\"updated-perf\":2873975000.0004277,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:26.794Z\",\"state\":\"ok\",\"arg\":{\"type\":\"url\",\"value\":\"https://portal.sbn.co.th/rss.php\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"judgement_id\":\"transient:b40c4502-c2f1-4c74-a858-70b2e92a6f10\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:26.175Z\",\"end_time\":\"2023-10-20T09:26:26.175Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:26.175Z\",\"end_time\":\"2023-10-20T09:26:26.175Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=https%3A%2F%2Fportal.sbn.co.th%2Frss.php\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:b40c4502-c2f1-4c74-a858-70b2e92a6f10\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2017-11-08T00:00:00.000Z\",\"end_time\":\"2017-11-08T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"Duke Cloud Linux - F-Secure\",\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"id\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"timestamp\":\"2016-02-23T22:34:35.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"judgement_id\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:26.000Z\",\"end_time\":\"2023-09-27T09:26:26.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"id\":\"transient:relationship-3157e662-07e4-4102-b90e-4e6fd31b80da\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-4aff1f27-6d7f-4df9-80f2-d4699c088a80\",\"id\":\"transient:relationship-839ed4b0-181b-458d-97ac-6da501804b75\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:26.000Z\",\"end_time\":\"2023-09-27T09:26:26.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"id\":\"transient:sighting-4aff1f27-6d7f-4df9-80f2-d4699c088a80\",\"count\":1,\"timestamp\":\"2016-02-23T22:34:35.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-11-08T00:00:00.000Z\",\"end_time\":\"2017-11-08T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-1b868101\",\"uuid\":\"3486a235-e8aa-4bb1-af5f-52dc71a493ef\"}]", "short_description": "Snapshot-with-URL", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1a9e02bb-4375-4de0-9091-286a0537bcd1", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:29:50.616Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "url:\"https://portal.sbn.co.th/rss.php\"", "actions": "[{\"created-perf\":1637365000.0005,\"updated-perf\":1637370000.0003736,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:25.558Z\",\"state\":\"ok\",\"arg\":\"url:\\\"https://portal.sbn.co.th/rss.php\\\"\",\"result\":[{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"}],\"id\":\"collect-b0a19367\",\"uuid\":\"670ea189-2bc2-47e2-bfda-4dbada25592b\"},{\"created-perf\":2873975000.0004277,\"updated-perf\":2873975000.0004277,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:26.794Z\",\"state\":\"ok\",\"arg\":{\"type\":\"url\",\"value\":\"https://portal.sbn.co.th/rss.php\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"judgement_id\":\"transient:b40c4502-c2f1-4c74-a858-70b2e92a6f10\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:26.175Z\",\"end_time\":\"2023-10-27T09:26:26.175Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:26.175Z\",\"end_time\":\"2023-10-27T09:26:26.175Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=https%3A%2F%2Fportal.sbn.co.th%2Frss.php\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:b40c4502-c2f1-4c74-a858-70b2e92a6f10\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\"],\"valid_time\":{\"start_time\":\"2017-11-15T00:00:00.000Z\",\"end_time\":\"2017-11-15T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"Duke Cloud Linux - F-Secure\",\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"id\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"timestamp\":\"2016-02-23T22:34:35.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":4,\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"judgement_id\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"disposition_name\":\"Common\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:26.000Z\",\"end_time\":\"2023-10-04T09:26:26.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"id\":\"transient:relationship-3157e662-07e4-4102-b90e-4e6fd31b80da\",\"relationship_type\":\"element-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-56ccde59-af1c-437c-a9f5-51269062e56a\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-4aff1f27-6d7f-4df9-80f2-d4699c088a80\",\"id\":\"transient:relationship-839ed4b0-181b-458d-97ac-6da501804b75\",\"relationship_type\":\"member-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:26.000Z\",\"end_time\":\"2023-10-04T09:26:26.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":4,\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"disposition_name\":\"Common\",\"priority\":85,\"id\":\"transient:judgement-230a3359-60a0-4c5f-a93c-9e237e54aa5f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"https://portal.sbn.co.th/rss.php\",\"type\":\"url\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/56ccde59-af1c-437c-a9f5-51269062e56a\",\"id\":\"transient:sighting-4aff1f27-6d7f-4df9-80f2-d4699c088a80\",\"count\":1,\"timestamp\":\"2016-02-23T22:34:35.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2017-11-15T00:00:00.000Z\",\"end_time\":\"2017-11-15T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-1b868101\",\"uuid\":\"3486a235-e8aa-4bb1-af5f-52dc71a493ef\"}]", "short_description": "Snapshot-with-URL", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1a9e02bb-4375-4de0-9091-286a0537bcd1", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:29:50.616Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-domain.json b/MISP/Snapshot-with-domain.json index bff2b9b5..f2357f3e 100644 --- a/MISP/Snapshot-with-domain.json +++ b/MISP/Snapshot-with-domain.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "domain:\"oudax.com\"", "actions": "[{\"created-perf\":1488524999.9997542,\"updated-perf\":1488524999.9997542,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:12.988Z\",\"state\":\"ok\",\"arg\":\"domain:\\\"oudax.com\\\"\",\"result\":[{\"value\":\"oudax.com\",\"type\":\"domain\"}],\"id\":\"collect-5533532f\",\"uuid\":\"765a8f9a-34c9-4390-92fc-1a54edde6e70\"},{\"created-perf\":2866594999.9995065,\"updated-perf\":2866594999.9995065,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:14.366Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"oudax.com\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:57ef6c5a-0325-40d0-8c5c-17f16ccc453c\",\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:13.697Z\",\"end_time\":\"2023-10-20T09:26:13.697Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:13.697Z\",\"end_time\":\"2023-10-20T09:26:13.697Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":3,\"reason\":\"Low Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=oudax.com\",\"disposition_name\":\"Suspicious\",\"priority\":90,\"id\":\"transient:57ef6c5a-0325-40d0-8c5c-17f16ccc453c\",\"severity\":\"Medium\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\",\"misp-galaxy:mitre-intrusion-set=\\\"OilRig\\\"\",\"misp-galaxy:mitre-enterprise-attack-intrusion-set=\\\"OilRig - G0049\\\"\"],\"valid_time\":{\"start_time\":\"2022-12-04T00:00:00.000Z\",\"end_time\":\"2022-12-04T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:14.000Z\",\"end_time\":\"2023-09-27T09:26:14.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e12287ac-96d5-414f-850e-fa5c30d2a9bf\",\"id\":\"transient:relationship-40489764-9cf5-42bc-8c3c-dbd482133672\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"id\":\"transient:relationship-1ff93635-af5e-4f70-a2c6-7eee70a87728\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:14.000Z\",\"end_time\":\"2023-09-27T09:26:14.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"oudax.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:sighting-e12287ac-96d5-414f-850e-fa5c30d2a9bf\",\"count\":1,\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-12-04T00:00:00.000Z\",\"end_time\":\"2022-12-04T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-d8a57e82\",\"uuid\":\"ee579c6a-8e26-4de6-8e9e-306205e5a42b\"}]", "short_description": "Snapshot-with-domain", "omittedObservables": [], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-f1006c93-6b97-44df-a860-1fe82ddfedeb", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:32.688Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "domain:\"oudax.com\"", "actions": "[{\"created-perf\":1488524999.9997542,\"updated-perf\":1488524999.9997542,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:12.988Z\",\"state\":\"ok\",\"arg\":\"domain:\\\"oudax.com\\\"\",\"result\":[{\"value\":\"oudax.com\",\"type\":\"domain\"}],\"id\":\"collect-5533532f\",\"uuid\":\"765a8f9a-34c9-4390-92fc-1a54edde6e70\"},{\"created-perf\":2866594999.9995065,\"updated-perf\":2866594999.9995065,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:14.366Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"oudax.com\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:57ef6c5a-0325-40d0-8c5c-17f16ccc453c\",\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:13.697Z\",\"end_time\":\"2023-10-27T09:26:13.697Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:13.697Z\",\"end_time\":\"2023-10-27T09:26:13.697Z\"},\"schema_version\":\"1.1.3\",\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":3,\"reason\":\"Low Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=oudax.com\",\"disposition_name\":\"Suspicious\",\"priority\":90,\"id\":\"transient:57ef6c5a-0325-40d0-8c5c-17f16ccc453c\",\"severity\":\"Medium\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\",\"misp-galaxy:mitre-intrusion-set=\\\"OilRig\\\"\",\"misp-galaxy:mitre-enterprise-attack-intrusion-set=\\\"OilRig - G0049\\\"\"],\"valid_time\":{\"start_time\":\"2022-12-11T00:00:00.000Z\",\"end_time\":\"2022-12-11T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:14.000Z\",\"end_time\":\"2023-10-04T09:26:14.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e12287ac-96d5-414f-850e-fa5c30d2a9bf\",\"id\":\"transient:relationship-40489764-9cf5-42bc-8c3c-dbd482133672\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"id\":\"transient:relationship-1ff93635-af5e-4f70-a2c6-7eee70a87728\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:14.000Z\",\"end_time\":\"2023-10-04T09:26:14.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"oudax.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-880f1018-56c9-4b6f-a2dd-c4f5a6cd506f\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"oudax.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:sighting-e12287ac-96d5-414f-850e-fa5c30d2a9bf\",\"count\":1,\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-12-11T00:00:00.000Z\",\"end_time\":\"2022-12-11T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-d8a57e82\",\"uuid\":\"ee579c6a-8e26-4de6-8e9e-306205e5a42b\"}]", "short_description": "Snapshot-with-domain", "omittedObservables": [], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-f1006c93-6b97-44df-a860-1fe82ddfedeb", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:32.688Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file diff --git a/MISP/Snapshot-with-hostname.json b/MISP/Snapshot-with-hostname.json index 073a623e..d196817b 100644 --- a/MISP/Snapshot-with-hostname.json +++ b/MISP/Snapshot-with-hostname.json @@ -1 +1 @@ -{"schema_version": "1.1.3", "type": "investigation", "search-txt": "hostname:\"digi.shanx.icu\"", "actions": "[{\"created-perf\":1641224999.9993947,\"updated-perf\":1641249999.9996727,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:46.986Z\",\"state\":\"ok\",\"arg\":\"hostname:\\\"digi.shanx.icu\\\"\",\"result\":[{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"}],\"id\":\"collect-e2f2217d\",\"uuid\":\"db7a4a7b-e9b3-463d-82c0-2b3b3cffb355\"},{\"created-perf\":2798855000.0000033,\"updated-perf\":2798855000.0000033,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:48.144Z\",\"state\":\"ok\",\"arg\":{\"type\":\"hostname\",\"value\":\"digi.shanx.icu\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\",\"misp-galaxy:mitre-intrusion-set=\\\"OilRig\\\"\",\"misp-galaxy:mitre-enterprise-attack-intrusion-set=\\\"OilRig - G0049\\\"\"],\"valid_time\":{\"start_time\":\"2022-12-04T00:00:00.000Z\",\"end_time\":\"2022-12-04T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"},\"judgement_id\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-20T09:26:48.000Z\",\"end_time\":\"2023-09-27T09:26:48.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e1c64fda-d78d-447b-b382-97d74bbecaea\",\"id\":\"transient:relationship-6db8d72e-b07d-4cd3-b6ec-84b50b47d922\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"id\":\"transient:relationship-fadd05b3-fa57-4802-ae78-a7474e9a3a59\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-20T09:26:48.000Z\",\"end_time\":\"2023-09-27T09:26:48.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:sighting-e1c64fda-d78d-447b-b382-97d74bbecaea\",\"count\":1,\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-12-04T00:00:00.000Z\",\"end_time\":\"2022-12-04T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-2af299cf\",\"uuid\":\"7ab384cb-5ae3-47a6-8b01-41bf44e7db10\"}]", "short_description": "Snapshot-with-hostname", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-44b1080c-0646-42d9-b4eb-027c07af6165", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:58.339Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file +{"schema_version": "1.1.3", "type": "investigation", "search-txt": "hostname:\"digi.shanx.icu\"", "actions": "[{\"created-perf\":1641224999.9993947,\"updated-perf\":1641249999.9996727,\"type\":\"collect\",\"created\":\"2021-05-12T09:26:46.986Z\",\"state\":\"ok\",\"arg\":\"hostname:\\\"digi.shanx.icu\\\"\",\"result\":[{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"}],\"id\":\"collect-e2f2217d\",\"uuid\":\"db7a4a7b-e9b3-463d-82c0-2b3b3cffb355\"},{\"created-perf\":2798855000.0000033,\"updated-perf\":2798855000.0000033,\"type\":\"investigate\",\"created\":\"2021-05-12T09:26:48.144Z\",\"state\":\"ok\",\"arg\":{\"type\":\"hostname\",\"value\":\"digi.shanx.icu\"},\"result\":{\"data\":[{\"module\":\"QRadar\",\"module_instance_id\":\"7527fe44-6930-46eb-8506-8d9c2d1cd4fc\",\"module_type_id\":\"c1b64357-c493-402c-b1be-03bfd85e0f3e\",\"data\":{}},{\"module\":\"MISP\",\"module_instance_id\":\"d85fcbe3-8c2f-47ce-893e-e664db370ce6\",\"module_type_id\":\"6793ecd6-69ea-4ac8-ae5b-e0f12a5f317f\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"tlp:white\",\"misp-galaxy:mitre-intrusion-set=\\\"OilRig\\\"\",\"misp-galaxy:mitre-enterprise-attack-intrusion-set=\\\"OilRig - G0049\\\"\"],\"valid_time\":{\"start_time\":\"2022-12-11T00:00:00.000Z\",\"end_time\":\"2022-12-11T00:00:00.000Z\"},\"producer\":\"CUDESO\",\"schema_version\":\"1.1.5\",\"type\":\"indicator\",\"source\":\"MISP\",\"short_description\":\"Category: Network activity\",\"title\":\"OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"},\"judgement_id\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-27T09:26:48.000Z\",\"end_time\":\"2023-10-04T09:26:48.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e1c64fda-d78d-447b-b382-97d74bbecaea\",\"id\":\"transient:relationship-6db8d72e-b07d-4cd3-b6ec-84b50b47d922\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.5\",\"target_ref\":\"transient:indicator-5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"id\":\"transient:relationship-fadd05b3-fa57-4802-ae78-a7474e9a3a59\",\"relationship_type\":\"element-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-27T09:26:48.000Z\",\"end_time\":\"2023-10-04T09:26:48.000Z\"},\"schema_version\":\"1.1.5\",\"observable\":{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"},\"type\":\"judgement\",\"source\":\"MISP\",\"disposition\":2,\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-abe708af-1054-40fd-8ede-9dd0a5debf83\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Category: Network activity\",\"schema_version\":\"1.1.5\",\"observables\":[{\"value\":\"digi.shanx.icu\",\"type\":\"hostname\"}],\"type\":\"sighting\",\"source\":\"MISP\",\"source_uri\":\"https://13.59.71.207/events/view/5f1d893c-e2c0-4b44-a767-cc46c0a8ab16\",\"id\":\"transient:sighting-e1c64fda-d78d-447b-b382-97d74bbecaea\",\"count\":1,\"timestamp\":\"2020-07-26T13:50:11.000Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-12-11T00:00:00.000Z\",\"end_time\":\"2022-12-11T00:00:00.000Z\"}}]}}}]},\"id\":\"investigate-2af299cf\",\"uuid\":\"7ab384cb-5ae3-47a6-8b01-41bf44e7db10\"}]", "short_description": "Snapshot-with-hostname", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-44b1080c-0646-42d9-b4eb-027c07af6165", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-05-12T09:30:58.339Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d", "source": "Anastasiia Rozlyvan"} \ No newline at end of file