Skip to content

Instantly share code, notes, and snippets.

🏠
Working from home

Roberto Rodriguez Cyb3rWard0g

🏠
Working from home
Block or report user

Report or block Cyb3rWard0g

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View sigmac_nbformat_notebook.py
#!/usr/bin/env python3
# Author: Roberto Rodriguez (@Cyb3rWard0g)
# License: GPL-3.0
import nbformat as nbf
import yaml
import subprocess
import argparse
from os import path
View es_notebook_nbformat.py
#!/usr/bin/env python3
# Author: Roberto Rodriguez (@Cyb3rWard0g)
# License: GPL-3.0
import nbformat as nbf
# Initializing Notebooks Cells
nb = nbf.v4.new_notebook()
nb['cells'] = []
View yaml_to_notebook.py
import nbformat as nbf
import yaml
# *** Read YAML file ***
analytic = yaml.safe_load(open("WIN-190815181010.yaml").read())
# *** Create Notebook object ***
nb = nbf.v4.new_notebook()
nb['cells'] = []
View WIN-190813181020.yaml
title: Remote Service creation
id: WIN-190815181010
author: Roberto Rodriguez @Cyb3rWard0g
playbook_link: WIN-190813181020
creation_date: 19/08/15
platform: Windows
permissions_required:
- Administrator
attack_coverage:
- technique: T1035
View threathunter_playbook_format.md

Title

Metadata

id
author
creation date
platform
playbook link
View Navigator-Group-Dynamic-layer-template.text
{
"description": ("Enterprise techniques used by {0}, ATT&CK group {1} v1.0".format(k,v[0]['group_id'])),
"name": ("{0} ({1})".format(k,v[0]['group_id'])),
"domain": "mitre-enterprise",
"version": "2.2",
"techniques": [
{
"score": 1,
"techniqueID" : technique['techniqueId'],
"techniqueName" : technique['techniqueName'],
View Navigator-Group-Layer-Template.json
{
"description": "Enterprise techniques used by ATT&CK group",
"name": "Group Name",
"domain": "mitre-enterprise",
"version": "2.2",
"techniques": [],
"gradient": {
"colors": [
"#ffffff",
"#ff6666"
View G0096-technique-relationship.txt
{'aliases': ['APT41'],
'type': 'intrusion-set',
'name': 'APT41',
'description': '[APT41](https://attack.mitre.org/groups/G0096) is a group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity. [APT41](https://attack.mitre.org/groups/G0096) has been active since as early as 2012. The group has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries.(Citation: FireEye APT41 Aug 2019)',
'external_references': [{'external_id': 'G0096',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0096'},
{'description': '(Citation: FireEye APT41 2019)', 'source_name': 'APT41'},
{'description': 'Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.',
'source_name': 'FireEye APT41 Aug 2019',
View G0095-relationship.json
{
"type": "relationship",
"id": "relationship--0f880e99-efaa-4e85-91c3-cac3d81d6b9a",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"created": "2019-10-15T22:28:40.394Z",
"modified": "2019-10-15T22:28:40.394Z",
"relationship_type": "uses",
"description": "[Machete](https://attack.mitre.org/groups/G0095) has has relied on users opening malicious links or attachments delivered through spearphishing to execute malware.",
"source_ref": "intrusion-set--38863958-a201-4ce1-9dbe-539b0b6804e0",
"target_ref": "attack-pattern--8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
View G0096-relationship.json
{
"type": "relationship",
"id": "relationship--4d1d7045-4492-492c-9522-2885d6bd96f6",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"created": "2019-09-24T13:01:20.471Z",
"modified": "2019-09-24T13:01:20.472Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--18854f55-ac7c-4634-bd9a-352dd07613b7",
"target_ref": "malware--cfc75b0d-e579-40ae-ad07-a1ce00d49a6c",
"external_references": [
You can’t perform that action at this time.