Skip to content

Instantly share code, notes, and snippets.

View ikiril01's full-sized avatar

Ivan Kirillov ikiril01

56 followers · 2 following
View GitHub Profile
@ikiril01
ikiril01 / infrastructure_example_opt_1.json
Last active October 1, 2018 13:47
Infrastructure Example Option 1 prime
{
"type": "bundle",
"id": "bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version": "2.1",
"objects": [
{
"type": "observed-data",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"spec_version": "2.1",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
@ikiril01
ikiril01 / example.json
Created February 28, 2017 18:55
MAEC Behavior w/ Implementation
{
"type":"behavior",
"id":"behavior--2099d4c1-0e8a-49d2-8d32-f0427e1ff817",
"name":"detect sandbox environment",
"implementation":"Looks for known filepaths where sandboxes execute samples"
}
@ikiril01
ikiril01 / example.json
Last active January 11, 2017 16:28
MAEC 5.0 Strawman - Flattened Capabilities/Structural Features
{
"id":"package--2d42dac8-c416-42c6-bc5c-7b6dcf576fc5",
"schema_version":"5.0",
"malware_instances":[
{
"id":"malware_instance--19863c16-503e-493f-8841-16c68e39c26e",
"instance_object_refs":[
"object--1"
],
"metadata":{
@ikiril01
ikiril01 / example.json
Created November 15, 2016 16:12
Cyber Observable Object w/ Custom Property and Extension
{"0": {
"type": "file",
"hashes": {"MD5": "3773a88f65a5e780c8dff9cdc3a056f3"},
"size": 25537,
"x_foobar": "this is a custom property value",
"extended_properties": {
"ntfs-ext": {"sid": "1234567"},
"x-custom-ext": {
"foo": 456,
"bar": "test"
@ikiril01
ikiril01 / example.json
Last active July 13, 2016 17:15
CybOX Relationships (as reference) - Domain Redirection/Resolution
{
"type": "package",
"spec_version": "stix-2.0",
"observed_data": [{
"type": "observation",
"id": "observation--4",
"spec_version": "stix-2.0",
"created_at": "2016-03-21T01:01:01Z",
"observed_at": "2016-03-21T01:01:01Z",
"cybox": {
@ikiril01
ikiril01 / example.json
Last active June 6, 2016 18:38
CybOX Relationships (as reference) - Metadata
{
"type": "package",
"spec_version": "stix-2.0",
"observations": [{
"type": "observation",
"id": "observation--4",
"spec_version": "stix-2.0",
"created_at": "2016-03-21T01:01:01Z",
"observed_at": "2016-03-21T01:01:01Z",
"cybox": {
@ikiril01
ikiril01 / maec_5.0_example.xml
Created June 1, 2016 18:11
MAEC 5.0 Example (XML)
<maecPackage:MAEC_Package
xmlns:maecVocabs="http://maec.mitre.org/XMLSchema/default_vocabularies-1"
xmlns:maecCore="http://maec.mitre.org/XMLSchema/maec-core-1"
xmlns:maecPackage="http://maec.mitre.org/XMLSchema/maec-package-5"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:WinExecutableFileObj="http://cybox.mitre.org/objects#WinExecutableFileObject-2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@ikiril01
ikiril01 / example.json
Created May 13, 2016 16:21
CybOX Relationships (as reference) - File Contains Another File
{
"type": "package",
"spec_version": "stix-2.0",
"observations": [{
"type": "observation",
"id": "observation--4",
"spec_version": "stix-2.0",
"created_at": "2016-03-21T01:01:01Z",
"observed_at": "2016-03-21T01:01:01Z",
"cybox": {"objects": [
@ikiril01
ikiril01 / example.json
Last active May 3, 2016 15:55
CybOX Relationships - Domain Redirection/Resolution
{
"type": "package",
"spec_version": "stix-2.0",
"observations": [{
"type": "observation",
"id": "observation--4",
"spec_version": "stix-2.0",
"created_at": "2016-03-21T01:01:01Z",
"observed_at": "2016-03-21T01:01:01Z",
"cybox": {
@ikiril01
ikiril01 / example.json
Last active May 2, 2016 13:17
CybOX Actions - Read Registry Key Value
{
"actions": [{
"id": "action--1",
"type": "cybox-action",
"name": "read registry key value",
"associated_objects": [{
"type": "associated-object",
"object_ref": "registry-key-object--1",
"association": "input"
}]