We can make this file beautiful and searchable if this error is corrected: It looks like row 7 should actually have 3 columns, instead of 1. in line 6.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title,reference,created | |
Continued PassCV Malware,https://drive.google.com/file/d/1pzZT7Stig6i8hTqjxUUgxDSmGEJ7W9ak/view,2018-08-06 | |
Blackgear Cyberespionage Campaign Resurfaces Abuses Social Media for C and C Communication,https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/,2018-07-18 | |
Golden Rat long-term espionage campaign in Syria is still ongoing,http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf,2018-07-23 | |
Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally,https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html,2018-07-11 | |
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign,https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/,2018-07-09 | |
NavRAT Uses US-North Korea Summit As Decoy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
North Korean Cyber-Attacks and Collateral Damage | |
February 15, 2018 | Chris Doman | |
WannaCry was incredibly destructive. The attackers made about $150,000 - but the total damage caused by WannaCry has been estimated in the billions of dollars. | |
There is strong evidence linking WannaCry to a group of hackers known as ‘Lazarus’, reportedly operating out of the DPRK (North Korea). Whilst WannaCry is perhaps the most famous attack by Lazarus, it isn’t the only ‘collateral damage’ caused by the DPRK’s cyber actions. | |
Below we disclose new details on three attacks that have spread out of control. Two likely originating from the DPRK - and one targeting the DPRK. | |
The Voice of Korea and the Rivts Virus | |
This section describes a piece of malware that may have been created within the DPRK as part of a test project - and accidentally leaked out onto the wider internet. |
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Trojan:Win32/AgentBypass,92bc9fe6a053916317d1ea78aa342265e32c0c8e70f51e9af0028e6fcc7f917a|,Trojan.Win32.Demp.cxoswz|TrojanDropper.Demp.aao|Trojan[Dropper]/Win32.Injector| | |
:FileSizeLE10000,34575189df0d1e5a1c7f1d505cc6eb0c41ac9e8a7edcb72eae2298d25cb4e6f2|,Android.Shedun.E|Android.Trojan-Dropper.Shedun.b|Other:Android.Reputation.2|A.L.Rog.SexVideo.EI|Trojan.Android.MLW.ebzlbe|Android.DownLoader.329.origin|Trojan[Dropper]/Android.Shedun.v|Android-PUP/SmsPay.72a8b|a.gray.tatic|Trojan-Dropper.AndroidOS.Shedun|Android/Piom.JO!tr|Win32/Trojan.ecf| | |
Backdoor:MSIL/Lizarbot,fb3a52e70eedcc6cab0ddde2fe47b5729a6c96f83fecf0b06b3b8ee9942eef2f|40c95b2afb8d7e4e4252968d5234f24c71181c0252819d850694b4489a43ca28|c80d3e483e423b271a2fd7dc89ffa7612409f13ed66dc3faa5b40d0bcf725f72|177cd95dcc500338d433455461d8ce0a2c159657a287baae01de8ffc77155291|,Backdoor.Lizarbot.FC.2716|Backdoor.IRCBot|BKDR_LIZARBOT.SMVJ18|Win32.Trojan.WisdomEyes.16070401.9500.9998|W32/Trojan.QJOG-5659|Backdoor.IRC.Bot|BKDR_LIZARBOT.SMVJ18|Win.Trojan.Lizarbot-1|MSIL.T |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
differentia.ru CNAME . | |
*.differentia.ru CNAME . | |
disorderstatus.ru CNAME . | |
*.disorderstatus.ru CNAME . | |
gvaq70s7he.ru CNAME . | |
*.gvaq70s7he.ru CNAME . | |
atomictrivia.ru CNAME . | |
*.atomictrivia.ru CNAME . | |
4nbizac8.ru CNAME . | |
*.4nbizac8.ru CNAME . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
= Examples of how OTX API calls relate different indicator types = | |
Official documentation is available at https://otx.alienvault.com/api but may be missing a couple of the newer calls | |
These are some unofficial notes | |
The API key below is for a dummy demo account. It should work but I would suggest using your own. | |
Some of the JSON responses are quite nested, and editor such as http://jsoneditoronline.org/ may be useful | |
== Input: Hostname / Domain == | |
The following calls can be made for both domains and hostname, ie you can swap 'hostname' with 'domain' below. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
Gets possible Great Cannon injections from UrlScan | |
''' | |
import requests | |
import json | |
# Insert your urlscan API Key | |
api_key = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import urllib3 | |
import requests | |
import datetime | |
import random | |
import string | |
import logging | |
def lambda_handler(event, context): |
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
indicator,indicator_type,pulse_title,pulse_author,tlp | |
ihracat.myq-see.com,hostname,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
phantom101.duckdns.org,hostname,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
goodattack.duckdns.org,hostname,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
http://www.tempinfo.96.lt/wras/savekey.php,url,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
http://www.tempinfo.96.lt/wras/createkeys.php,url,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
http://www.tempinfo.96.lt/wras/RANSOM20.jpg,url,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
www.tempinfo.96.lt,hostname,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326,file,Multiple covid-19 related malware threats - March 25t/26h,AlienVault,white | |
62d38f19e67013ce7b2a84cb17362c77e2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[default] | |
aws_access_key_id = AKIAXYZDQCENYTNALZP5 | |
aws_secret_access_key = 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 | |
output = json | |
region = us-east-2 | |
* This is just a honey token to detect automated scanners looking for AWS keys - this is not a real AWS account! * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Short demonstration script to write OTX hostnames to a RPZ format text-file | |
from OTXv2 import OTXv2 | |
import os | |
# This is the API key for the user "api_example" | |
otx = OTXv2('766ba1df3ab54db9c0fcbf62ef048c3a04c260e8ca65b6c25346084b7b4719ad') | |
events = otx.get_all_indicators(author_name='alienvault') | |
output = '' |
NewerOlder