We can make this file beautiful and searchable if this error is corrected: It looks like row 7 should actually have 3 columns, instead of 1. in line 6.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title,reference,created | |
Continued PassCV Malware,https://drive.google.com/file/d/1pzZT7Stig6i8hTqjxUUgxDSmGEJ7W9ak/view,2018-08-06 | |
Blackgear Cyberespionage Campaign Resurfaces Abuses Social Media for C and C Communication,https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/,2018-07-18 | |
Golden Rat long-term espionage campaign in Syria is still ongoing,http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf,2018-07-23 | |
Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally,https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html,2018-07-11 | |
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign,https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/,2018-07-09 | |
NavRAT Uses US-North Korea Summit As Decoy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
Quick example to pull reports with tagged Adversaries (i.e. probably APT) | |
''' | |
from OTXv2 import OTXv2, IndicatorTypes | |
# This is the API key for the user "api_example" | |
otx = OTXv2('766ba1df3ab54db9c0fcbf62ef048c3a04c260e8ca65b6c25346084b7b4719ad') | |
pulses = otx.getall() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script to convert openioc to csv | |
# Forked from PyMisp | |
# -*- coding: utf-8 -*- | |
import os | |
try: | |
from bs4 import BeautifulSoup | |
has_bs4 = True | |
except ImportError: |
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Trojan:Win32/AgentBypass,92bc9fe6a053916317d1ea78aa342265e32c0c8e70f51e9af0028e6fcc7f917a|,Trojan.Win32.Demp.cxoswz|TrojanDropper.Demp.aao|Trojan[Dropper]/Win32.Injector| | |
:FileSizeLE10000,34575189df0d1e5a1c7f1d505cc6eb0c41ac9e8a7edcb72eae2298d25cb4e6f2|,Android.Shedun.E|Android.Trojan-Dropper.Shedun.b|Other:Android.Reputation.2|A.L.Rog.SexVideo.EI|Trojan.Android.MLW.ebzlbe|Android.DownLoader.329.origin|Trojan[Dropper]/Android.Shedun.v|Android-PUP/SmsPay.72a8b|a.gray.tatic|Trojan-Dropper.AndroidOS.Shedun|Android/Piom.JO!tr|Win32/Trojan.ecf| | |
Backdoor:MSIL/Lizarbot,fb3a52e70eedcc6cab0ddde2fe47b5729a6c96f83fecf0b06b3b8ee9942eef2f|40c95b2afb8d7e4e4252968d5234f24c71181c0252819d850694b4489a43ca28|c80d3e483e423b271a2fd7dc89ffa7612409f13ed66dc3faa5b40d0bcf725f72|177cd95dcc500338d433455461d8ce0a2c159657a287baae01de8ffc77155291|,Backdoor.Lizarbot.FC.2716|Backdoor.IRCBot|BKDR_LIZARBOT.SMVJ18|Win32.Trojan.WisdomEyes.16070401.9500.9998|W32/Trojan.QJOG-5659|Backdoor.IRC.Bot|BKDR_LIZARBOT.SMVJ18|Win.Trojan.Lizarbot-1|MSIL.T |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script to enumerate bit.ly data - suffers from strict rate limits | |
import requests, base62 | |
#start = "1dstjX5" | |
start = 93340621247 | |
def getUrl(url): | |
try: | |
r = requests.get(url) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
= Examples of how OTX API calls relate different indicator types = | |
Official documentation is available at https://otx.alienvault.com/api but may be missing a couple of the newer calls | |
These are some unofficial notes | |
The API key below is for a dummy demo account. It should work but I would suggest using your own. | |
Some of the JSON responses are quite nested, and editor such as http://jsoneditoronline.org/ may be useful | |
== Input: Hostname / Domain == | |
The following calls can be made for both domains and hostname, ie you can swap 'hostname' with 'domain' below. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from OTXv2 import OTXv2 | |
# API key for the user api_example | |
# Pulses will appear at https://otx.alienvault.com/user/api_example/pulses | |
otx = OTXv2("766ba1df3ab54db9c0fcbf62ef048c3a04c260e8ca65b6c25346084b7b4719ad") | |
name = 'Test Pulse' | |
indicators = [ | |
{'indicator': '69.73.130.198', 'type': 'IPv4'}, | |
{'indicator': 'aoldaily.com', 'type': 'Domain'} | |
] |
NewerOlder