chrisdoman
We can make this file beautiful and searchable if this error is corrected: It looks like row 7 should actually have 3 columns, instead of 1. in line 6.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title,reference,created | |
| Continued PassCV Malware,https://drive.google.com/file/d/1pzZT7Stig6i8hTqjxUUgxDSmGEJ7W9ak/view,2018-08-06 | |
| Blackgear Cyberespionage Campaign Resurfaces Abuses Social Media for C and C Communication,https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/,2018-07-18 | |
| Golden Rat long-term espionage campaign in Syria is still ongoing,http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf,2018-07-23 | |
| Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally,https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html,2018-07-11 | |
| Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign,https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/,2018-07-09 | |
| NavRAT Uses US-North Korea Summit As Decoy |
chrisdoman
/ getReports.py
Last active
August 6, 2018 14:46
Quick example to pull reports from OTX with tagged Adversaries (i.e. probably APT)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Quick example to pull reports with tagged Adversaries (i.e. probably APT) | |
| ''' | |
| from OTXv2 import OTXv2, IndicatorTypes | |
| # This is the API key for the user "api_example" | |
| otx = OTXv2('766ba1df3ab54db9c0fcbf62ef048c3a04c260e8ca65b6c25346084b7b4719ad') | |
| pulses = otx.getall() |
chrisdoman
/ openioc2csv.py
Created
March 26, 2018 14:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Script to convert openioc to csv | |
| # Forked from PyMisp | |
| # -*- coding: utf-8 -*- | |
| import os | |
| try: | |
| from bs4 import BeautifulSoup | |
| has_bs4 = True | |
| except ImportError: |
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Trojan:Win32/AgentBypass,92bc9fe6a053916317d1ea78aa342265e32c0c8e70f51e9af0028e6fcc7f917a|,Trojan.Win32.Demp.cxoswz|TrojanDropper.Demp.aao|Trojan[Dropper]/Win32.Injector| | |
| :FileSizeLE10000,34575189df0d1e5a1c7f1d505cc6eb0c41ac9e8a7edcb72eae2298d25cb4e6f2|,Android.Shedun.E|Android.Trojan-Dropper.Shedun.b|Other:Android.Reputation.2|A.L.Rog.SexVideo.EI|Trojan.Android.MLW.ebzlbe|Android.DownLoader.329.origin|Trojan[Dropper]/Android.Shedun.v|Android-PUP/SmsPay.72a8b|a.gray.tatic|Trojan-Dropper.AndroidOS.Shedun|Android/Piom.JO!tr|Win32/Trojan.ecf| | |
| Backdoor:MSIL/Lizarbot,fb3a52e70eedcc6cab0ddde2fe47b5729a6c96f83fecf0b06b3b8ee9942eef2f|40c95b2afb8d7e4e4252968d5234f24c71181c0252819d850694b4489a43ca28|c80d3e483e423b271a2fd7dc89ffa7612409f13ed66dc3faa5b40d0bcf725f72|177cd95dcc500338d433455461d8ce0a2c159657a287baae01de8ffc77155291|,Backdoor.Lizarbot.FC.2716|Backdoor.IRCBot|BKDR_LIZARBOT.SMVJ18|Win32.Trojan.WisdomEyes.16070401.9500.9998|W32/Trojan.QJOG-5659|Backdoor.IRC.Bot|BKDR_LIZARBOT.SMVJ18|Win.Trojan.Lizarbot-1|MSIL.T |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Script to enumerate bit.ly data - suffers from strict rate limits | |
| import requests, base62 | |
| #start = "1dstjX5" | |
| start = 93340621247 | |
| def getUrl(url): | |
| try: | |
| r = requests.get(url) |
chrisdoman
/ OTX Example API Calls
Created
November 29, 2017 19:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| = Examples of how OTX API calls relate different indicator types = | |
| Official documentation is available at https://otx.alienvault.com/api but may be missing a couple of the newer calls | |
| These are some unofficial notes | |
| The API key below is for a dummy demo account. It should work but I would suggest using your own. | |
| Some of the JSON responses are quite nested, and editor such as http://jsoneditoronline.org/ may be useful | |
| == Input: Hostname / Domain == | |
| The following calls can be made for both domains and hostname, ie you can swap 'hostname' with 'domain' below. |
chrisdoman
/ Create Pulse
Created
November 7, 2017 11:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from OTXv2 import OTXv2 | |
| # API key for the user api_example | |
| # Pulses will appear at https://otx.alienvault.com/user/api_example/pulses | |
| otx = OTXv2("766ba1df3ab54db9c0fcbf62ef048c3a04c260e8ca65b6c25346084b7b4719ad") | |
| name = 'Test Pulse' | |
| indicators = [ | |
| {'indicator': '69.73.130.198', 'type': 'IPv4'}, | |
| {'indicator': 'aoldaily.com', 'type': 'Domain'} | |
| ] |
NewerOlder