-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
45bd7a3
commit 625bd9f
Showing
2 changed files
with
2 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"schema_version": "1.0.23", "type": "investigation", "search-txt": "domain:\"the.omas.in\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":14635275000.000547,\"updated-perf\":14635275000.000547,\"type\":\"collect\",\"created\":\"2020-12-18T12:31:10.826Z\",\"state\":\"ok\",\"arg\":\"the.omas.in\",\"result\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"id\":\"collect-b1b61a56\",\"uuid\":\"3f7d6cd9-9a15-4300-a6be-bbcd21240d15\"},{\"created-perf\":15166535000.000294,\"updated-perf\":15166535000.000294,\"type\":\"deliberate\",\"created\":\"2020-12-18T12:31:11.358Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"the.omas.in\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-78760619\",\"uuid\":\"b7f901fd-81dc-440f-9bdd-c63be7b6ac8b\"},{\"created-perf\":16053455000.001122,\"updated-perf\":16053460000.002815,\"type\":\"investigate\",\"created\":\"2020-12-18T12:31:12.245Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"the.omas.in\"},\"result\":{\"data\":[{\"module\":\"APIVoid\",\"module_instance_id\":\"a23ffa9e-e71e-4101-889c-7974cf8b7341\",\"module_type_id\":\"0c96e5cd-2f93-4986-8042-4e26e664a032\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: Threat Sourcing\",\"title\":\"Feed: Threat Sourcing\",\"id\":\"transient:indicator-a8c36453-d9fb-5633-bba9-d899f1ffdd4d\",\"tlp\":\"white\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: CRDF\",\"title\":\"Feed: CRDF\",\"id\":\"transient:indicator-e8309f4e-fec7-58c5-8fd3-e8b373eed39f\",\"tlp\":\"white\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-a8c36453-d9fb-5633-bba9-d899f1ffdd4d\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-2c63ec9a-a750-4db0-90cf-ee8e190bf6c7\",\"id\":\"transient:relationship-fdeb4da4-725f-49c1-833d-fa835e77fc5a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e8309f4e-fec7-58c5-8fd3-e8b373eed39f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-ad10d812-86f3-4c18-92f7-4077f4e273bd\",\"id\":\"transient:relationship-405e36da-ea3b-4951-8923-9248f172bba2\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"CRDF\",\"source_uri\":\"https://threatcenter.crdf.fr/check.html\",\"id\":\"transient:sighting-ad10d812-86f3-4c18-92f7-4077f4e273bd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-09T12:31:12.232Z\",\"end_time\":\"2024-08-09T12:31:12.232Z\"}},{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Threat Sourcing\",\"source_uri\":\"https://www.threatsourcing.com/\",\"id\":\"transient:sighting-2c63ec9a-a750-4db0-90cf-ee8e190bf6c7\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-09T12:31:12.233Z\",\"end_time\":\"2024-08-09T12:31:12.233Z\"}}]}}}]},\"id\":\"investigate-3d327d64\",\"uuid\":\"f0df4cbf-3df2-4d0a-8c3a-53ace2a553d6\"}]", "short_description": "Snapshot_APIVoid_Domain", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-7759d60a-1ba4-4b76-9d16-3b53143823be", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2020-12-18T12:32:01.680Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} | ||
| {"schema_version": "1.0.23", "type": "investigation", "search-txt": "domain:\"the.omas.in\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":14635275000.000547,\"updated-perf\":14635275000.000547,\"type\":\"collect\",\"created\":\"2020-12-18T12:31:10.826Z\",\"state\":\"ok\",\"arg\":\"the.omas.in\",\"result\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"id\":\"collect-b1b61a56\",\"uuid\":\"3f7d6cd9-9a15-4300-a6be-bbcd21240d15\"},{\"created-perf\":15166535000.000294,\"updated-perf\":15166535000.000294,\"type\":\"deliberate\",\"created\":\"2020-12-18T12:31:11.358Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"the.omas.in\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-78760619\",\"uuid\":\"b7f901fd-81dc-440f-9bdd-c63be7b6ac8b\"},{\"created-perf\":16053455000.001122,\"updated-perf\":16053460000.002815,\"type\":\"investigate\",\"created\":\"2020-12-18T12:31:12.245Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"the.omas.in\"},\"result\":{\"data\":[{\"module\":\"APIVoid\",\"module_instance_id\":\"a23ffa9e-e71e-4101-889c-7974cf8b7341\",\"module_type_id\":\"0c96e5cd-2f93-4986-8042-4e26e664a032\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: Threat Sourcing\",\"title\":\"Feed: Threat Sourcing\",\"id\":\"transient:indicator-a8c36453-d9fb-5633-bba9-d899f1ffdd4d\",\"tlp\":\"white\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: CRDF\",\"title\":\"Feed: CRDF\",\"id\":\"transient:indicator-e8309f4e-fec7-58c5-8fd3-e8b373eed39f\",\"tlp\":\"white\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-a8c36453-d9fb-5633-bba9-d899f1ffdd4d\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-2c63ec9a-a750-4db0-90cf-ee8e190bf6c7\",\"id\":\"transient:relationship-fdeb4da4-725f-49c1-833d-fa835e77fc5a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e8309f4e-fec7-58c5-8fd3-e8b373eed39f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-ad10d812-86f3-4c18-92f7-4077f4e273bd\",\"id\":\"transient:relationship-405e36da-ea3b-4951-8923-9248f172bba2\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"CRDF\",\"source_uri\":\"https://threatcenter.crdf.fr/check.html\",\"id\":\"transient:sighting-ad10d812-86f3-4c18-92f7-4077f4e273bd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-16T12:31:12.232Z\",\"end_time\":\"2024-08-16T12:31:12.232Z\"}},{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"the.omas.in\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Threat Sourcing\",\"source_uri\":\"https://www.threatsourcing.com/\",\"id\":\"transient:sighting-2c63ec9a-a750-4db0-90cf-ee8e190bf6c7\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-16T12:31:12.233Z\",\"end_time\":\"2024-08-16T12:31:12.233Z\"}}]}}}]},\"id\":\"investigate-3d327d64\",\"uuid\":\"f0df4cbf-3df2-4d0a-8c3a-53ace2a553d6\"}]", "short_description": "Snapshot_APIVoid_Domain", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-7759d60a-1ba4-4b76-9d16-3b53143823be", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2020-12-18T12:32:01.680Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"schema_version": "1.0.23", "type": "investigation", "search-txt": "ip:\"46.101.218.221\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":4641135000.001668,\"updated-perf\":4641135000.001668,\"type\":\"collect\",\"created\":\"2020-12-18T12:29:07.123Z\",\"state\":\"ok\",\"arg\":\"46.101.218.221\",\"result\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"id\":\"collect-f48aee1f\",\"uuid\":\"b0e41768-670f-477c-b78c-9c6a0a85f891\"},{\"created-perf\":5117830000.002869,\"updated-perf\":5117835000.000923,\"type\":\"deliberate\",\"created\":\"2020-12-18T12:29:07.602Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"46.101.218.221\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-e13fcee5\",\"uuid\":\"0fc2685b-e1cb-4522-9c0f-071399c5c474\"},{\"created-perf\":6328790000.003209,\"updated-perf\":6328790000.003209,\"type\":\"investigate\",\"created\":\"2020-12-18T12:29:08.813Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"46.101.218.221\"},\"result\":{\"data\":[{\"module\":\"APIVoid\",\"module_instance_id\":\"a23ffa9e-e71e-4101-889c-7974cf8b7341\",\"module_type_id\":\"0c96e5cd-2f93-4986-8042-4e26e664a032\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: S5hbl\",\"title\":\"Feed: S5hbl\",\"id\":\"transient:indicator-bb8b34e4-fa53-5a78-ab53-13bd8a865381\",\"tlp\":\"white\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: CSpace Hostings IP BL\",\"title\":\"Feed: CSpace Hostings IP BL\",\"id\":\"transient:indicator-9031a5e1-c8ea-53d8-bac5-5f1e7a3a60b2\",\"tlp\":\"white\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-9031a5e1-c8ea-53d8-bac5-5f1e7a3a60b2\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-19991307-3d92-402a-8644-4c578b1db41d\",\"id\":\"transient:relationship-c3f2f252-e9e7-46ed-9424-4499d9e7c54a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-bb8b34e4-fa53-5a78-ab53-13bd8a865381\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-d5864e40-c76f-4f0d-a6e8-5b9c9ac41f2c\",\"id\":\"transient:relationship-14478ba8-8203-41ee-9bdc-309bb6c5b2e7\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"CSpace Hostings IP BL\",\"source_uri\":\"https://cspacehostings.com/\",\"id\":\"transient:sighting-19991307-3d92-402a-8644-4c578b1db41d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-09T12:29:08.795Z\",\"end_time\":\"2024-08-09T12:29:08.795Z\"}},{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"S5hbl\",\"source_uri\":\"http://www.usenix.org.uk/content/rbl.html\",\"id\":\"transient:sighting-d5864e40-c76f-4f0d-a6e8-5b9c9ac41f2c\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-09T12:29:08.795Z\",\"end_time\":\"2024-08-09T12:29:08.795Z\"}}]}}}]},\"id\":\"investigate-6226094a\",\"uuid\":\"02f1b145-ca3b-4030-ba19-f37b40cc84aa\"}]", "short_description": "Snapshot_APIVoid_IP", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1a23f5e0-c324-4b6d-82a9-3410db35016b", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2020-12-18T12:30:31.353Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} | ||
| {"schema_version": "1.0.23", "type": "investigation", "search-txt": "ip:\"46.101.218.221\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":4641135000.001668,\"updated-perf\":4641135000.001668,\"type\":\"collect\",\"created\":\"2020-12-18T12:29:07.123Z\",\"state\":\"ok\",\"arg\":\"46.101.218.221\",\"result\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"id\":\"collect-f48aee1f\",\"uuid\":\"b0e41768-670f-477c-b78c-9c6a0a85f891\"},{\"created-perf\":5117830000.002869,\"updated-perf\":5117835000.000923,\"type\":\"deliberate\",\"created\":\"2020-12-18T12:29:07.602Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"46.101.218.221\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-e13fcee5\",\"uuid\":\"0fc2685b-e1cb-4522-9c0f-071399c5c474\"},{\"created-perf\":6328790000.003209,\"updated-perf\":6328790000.003209,\"type\":\"investigate\",\"created\":\"2020-12-18T12:29:08.813Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"46.101.218.221\"},\"result\":{\"data\":[{\"module\":\"APIVoid\",\"module_instance_id\":\"a23ffa9e-e71e-4101-889c-7974cf8b7341\",\"module_type_id\":\"0c96e5cd-2f93-4986-8042-4e26e664a032\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: S5hbl\",\"title\":\"Feed: S5hbl\",\"id\":\"transient:indicator-bb8b34e4-fa53-5a78-ab53-13bd8a865381\",\"tlp\":\"white\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"APIVoid\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"Feed: CSpace Hostings IP BL\",\"title\":\"Feed: CSpace Hostings IP BL\",\"id\":\"transient:indicator-9031a5e1-c8ea-53d8-bac5-5f1e7a3a60b2\",\"tlp\":\"white\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-9031a5e1-c8ea-53d8-bac5-5f1e7a3a60b2\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-19991307-3d92-402a-8644-4c578b1db41d\",\"id\":\"transient:relationship-c3f2f252-e9e7-46ed-9424-4499d9e7c54a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-bb8b34e4-fa53-5a78-ab53-13bd8a865381\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-d5864e40-c76f-4f0d-a6e8-5b9c9ac41f2c\",\"id\":\"transient:relationship-14478ba8-8203-41ee-9bdc-309bb6c5b2e7\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"CSpace Hostings IP BL\",\"source_uri\":\"https://cspacehostings.com/\",\"id\":\"transient:sighting-19991307-3d92-402a-8644-4c578b1db41d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-16T12:29:08.795Z\",\"end_time\":\"2024-08-16T12:29:08.795Z\"}},{\"description\":\"Detected on blocklist\",\"schema_version\":\"1.0.17\",\"observables\":[{\"value\":\"46.101.218.221\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"S5hbl\",\"source_uri\":\"http://www.usenix.org.uk/content/rbl.html\",\"id\":\"transient:sighting-d5864e40-c76f-4f0d-a6e8-5b9c9ac41f2c\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-08-16T12:29:08.795Z\",\"end_time\":\"2024-08-16T12:29:08.795Z\"}}]}}}]},\"id\":\"investigate-6226094a\",\"uuid\":\"02f1b145-ca3b-4030-ba19-f37b40cc84aa\"}]", "short_description": "Snapshot_APIVoid_IP", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1a23f5e0-c324-4b6d-82a9-3410db35016b", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2020-12-18T12:30:31.353Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} |