Skip to content

Instantly share code, notes, and snippets.

View himynamesdave's full-sized avatar

David G himynamesdave

View GitHub Profile
@himynamesdave
himynamesdave / capec-attack-data.csv
Created January 24, 2024 09:38
capec-attack-data.csv
View capec-attack-data.csv
id count of objects containing this ref id attck id is linked to this many attck object expected SROs arango_cti_processor_products
T1001.002 1 T1001.002 1 1
T1003 1 T1003 2 2
T1005 4 T1005 2 8
T1007 1 T1007 2 2
T1012 1 T1012 2 2
T1014 1 T1014 2 2
T1016 1 T1016 2 2
T1018 1 T1018 2 2
T1021 1 T1021 1 1
@himynamesdave
himynamesdave / capec-attack-data.csv
Created January 23, 2024 14:09
capec-attack-data.csv
View capec-attack-data.csv
capec id count of objects containing this ref attck id is linked to this many attck object count expected SROs arango_cti_processor_products
T1001.002 1 T1001.002 1 1
T1003 1 T1003 2 2
T1005 4 T1005 2 8
T1007 1 T1007 2 2
T1012 1 T1012 2 2
T1014 1 T1014 2 2
T1016 1 T1016 2 2
T1018 1 T1018 2 2
T1021 1 T1021 1 1
View gist:e3245abb79fd6150ec96e3f5b05a6a89
{
"id": "10296991-439b-4202-90a3-e38812613ad5",
"name": "Signals Corps",
"description": "Just some demo content",
"created": "2022-05-24T14:00:00.188Z",
"modified": "2022-05-24T14:00:00.188000+00:00",
"collections": [
{
"id": "x-mitre-collection--402e24b4-436e-4936-b19b-2038648f90",
"created": "2022-05-24T14:00:00.188Z",
View bundle--2c73efd0-2b59-4234-b3dc-2961f4b2e8e6.json
{
"type": "bundle",
"id": "bundle--2c73efd0-2b59-4234-b3dc-2961f4b2e8e6",
"objects": [
{
"x_mitre_domains": [],
"object_marking_refs": [],
"type": "x-mitre-collection",
"id": "x-mitre-collection--e302a053-8f05-4992-8b11-3432b8894600",
"created": "2022-07-02T14:59:30.565Z",
View example-long-pattern-fix.py
import sys
from stix2patterns.validator import run_validator
sys.setrecursionlimit(1500)
pattern = "([(software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*') AND (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*:
View example-long-pattern.py
from stix2patterns.validator import run_validator
pattern = "[software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:c
View APT28-Center-of-Storm-2017.txt
FIREEYE ISIGHT INTELLIGENCE
APT28:
AT THE CENTER
OF THE STORIE
RUSSIA STRATEGICALLY EVOLVES
ITS CYBER OPERATIONS :
SPECIAL REPORT / JANUARY 2017
View GS028542-exif.xml
This file has been truncated, but you can view the full file.
<?xml version='1.0' encoding='UTF-8'?>
<rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
<rdf:Description rdf:about='GS028542.mp4'
xmlns:et='http://ns.exiftool.org/1.0/' et:toolkit='Image::ExifTool 12.36'
xmlns:ExifTool='http://ns.exiftool.org/ExifTool/1.0/'
xmlns:System='http://ns.exiftool.org/File/System/1.0/'
xmlns:File='http://ns.exiftool.org/File/1.0/'
xmlns:QuickTime='http://ns.exiftool.org/QuickTime/QuickTime/1.0/'
xmlns:Track1='http://ns.exiftool.org/QuickTime/Track1/1.0/'
View GS028542-print_video_atoms_detail.txt
This file has been truncated, but you can view the full file.
b'DEVC\x00\x01)\xf4DVIDL\x04\x00\x01\x00\x00\x00\x01DVNMc\t\x00\x01GoPro Max\x00\x00\x00STRM\x00\x01\x05\\STMPJ\x08\x00\x01\x00\x00\x00\x00\x1c\xc4\xc4\x19TSMPL\x04\x00\x01\x00\x01z\xe8STNMc\r\x00\x01Accelerometer\x00\x00\x00MTRXf$\x00\x01\x00\x00\x00\x00\xbf\x80\x00\x00\x00\x00\x00\x00?\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x80\x00\x00ORINc\x03\x00\x01XzY\x00ORIOc\x03\x00\x01ZXY\x00SIUNc\x04\x00\x01m/s\xb2SCALs\x02\x00\x01\x01\xa1\x00\x00TMPCf\x04\x00\x01A\xfd\x84\x00ACCLs\x06\x00\xc9\xfa\xf0\xf5\xd4\x01u\xfa\x7f\xf5\xcf\x01\xf8\xf9\xf5\xf5\x8b\x02\xc2\xf9\x96\xf5c\x03\xd9\xf9\xbd\xf5r\x04\x85\xf9\xc1\xf5E\x05\'\xf9Y\xf4\xbe\x05\xa8\xf9\x83\xf4R\x05\xa9\xf9\xcb\xf4\x14\x05\xdf\xfa\x1c\xf3\xb0\x06[\xfaT\xf3H\x06\xc5\xfay\xf2\xa1\x06\x95\xfa\xe5\xf2S\x06J\xfbA\xf2\x1d\x068\xfb\xdf\xf1\xcc\x06\x16\xfc\x81\xf1B\x06\x07\xfd\x0e\xf0\xc5\x05\xd9\xfd\xe7\xf0S\x05,\xfey\xef\xa1\x03\xd5\xfe\xe7\xee\xba\x02\x9a\xff\x81\xed\xf1\x01\xc0\xff\xd7\xed!\x01\x1d\x00\r\xec\xad\x00\x98\x0
View example-camm5-telemetry.py
import struct
# header
reserved = struct.pack('<H', 0)
camm_case = struct.pack('<H', 5)
header = (reserved+camm_case)
# sample 0