Skip to content

Instantly share code, notes, and snippets.

Ivan Kirillov ikiril01

Block or report user

Report or block ikiril01

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ikiril01
ikiril01 / malware_example_opt_1.json
Created Oct 19, 2018
Malware Example (Option 1`)
View malware_example_opt_1.json
{
"type":"bundle",
"id":"bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version":"2.1",
"objects":[
{
"type":"malware",
"spec_version":"2.1",
"id":"malware--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created":"2016-05-12T08:17:27.000000Z",
@ikiril01
ikiril01 / network_traffic_example_opt_7.json
Created Oct 2, 2018
Network Traffic Example Option 7
View network_traffic_example_opt_7.json
{
"type": "bundle",
"id": "bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version": "2.1",
"objects": [
{
"type": "observed-data",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"spec_version": "2.1",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
@ikiril01
ikiril01 / network_traffic_example_opt_1.json
Created Oct 2, 2018
Network Traffic Example Option 1 Prime
View network_traffic_example_opt_1.json
{
"type": "bundle",
"id": "bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version": "2.1",
"objects": [
{
"type": "observed-data",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"spec_version": "2.1",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
@ikiril01
ikiril01 / infrastructure_example_opt_1.json
Last active Oct 1, 2018
Infrastructure Example Option 1 prime
View infrastructure_example_opt_1.json
{
"type": "bundle",
"id": "bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version": "2.1",
"objects": [
{
"type": "observed-data",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"spec_version": "2.1",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
@ikiril01
ikiril01 / infrastructure_example_opt_7.json
Last active Oct 10, 2018
Infrastructure Example Option 7
View infrastructure_example_opt_7.json
{
"type":"bundle",
"id":"bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version":"2.1",
"objects":[
{
"type":"observed-data",
"id":"observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"spec_version":"2.1",
"created_by_ref":"identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
@ikiril01
ikiril01 / example.json
Created Feb 28, 2017
MAEC Behavior w/ Implementation
View example.json
{
"type":"behavior",
"id":"behavior--2099d4c1-0e8a-49d2-8d32-f0427e1ff817",
"name":"detect sandbox environment",
"implementation":"Looks for known filepaths where sandboxes execute samples"
}
@ikiril01
ikiril01 / example.json
Last active Jan 11, 2017
MAEC 5.0 Strawman - Flattened Capabilities/Structural Features
View example.json
{
"id":"package--2d42dac8-c416-42c6-bc5c-7b6dcf576fc5",
"schema_version":"5.0",
"malware_instances":[
{
"id":"malware_instance--19863c16-503e-493f-8841-16c68e39c26e",
"instance_object_refs":[
"object--1"
],
"metadata":{
@ikiril01
ikiril01 / example.json
Created Nov 15, 2016
Cyber Observable Object w/ Custom Property and Extension
View example.json
{"0": {
"type": "file",
"hashes": {"MD5": "3773a88f65a5e780c8dff9cdc3a056f3"},
"size": 25537,
"x_foobar": "this is a custom property value",
"extended_properties": {
"ntfs-ext": {"sid": "1234567"},
"x-custom-ext": {
"foo": 456,
"bar": "test"
@ikiril01
ikiril01 / example.json
Last active Jun 6, 2016
CybOX Relationships (as reference) - Metadata
View example.json
{
"type": "package",
"spec_version": "stix-2.0",
"observations": [{
"type": "observation",
"id": "observation--4",
"spec_version": "stix-2.0",
"created_at": "2016-03-21T01:01:01Z",
"observed_at": "2016-03-21T01:01:01Z",
"cybox": {
@ikiril01
ikiril01 / maec_5.0_example.xml
Created Jun 1, 2016
MAEC 5.0 Example (XML)
View maec_5.0_example.xml
<maecPackage:MAEC_Package
xmlns:maecVocabs="http://maec.mitre.org/XMLSchema/default_vocabularies-1"
xmlns:maecCore="http://maec.mitre.org/XMLSchema/maec-core-1"
xmlns:maecPackage="http://maec.mitre.org/XMLSchema/maec-package-5"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:WinExecutableFileObj="http://cybox.mitre.org/objects#WinExecutableFileObject-2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
You can’t perform that action at this time.