Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@johnwunder

johnwunder/option-1-tlos-definition.json

Created May 27, 2016 15:57
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save johnwunder/80f66746cc42134e6a42c98df6cdf18f to your computer and use it in GitHub Desktop.
Save johnwunder/80f66746cc42134e6a42c98df6cdf18f to your computer and use it in GitHub Desktop.
Download ZIP
Kill chain options
Raw
option-1-tlos-definition.json
{
"type": "bundle",
"kill_chains": [
{
"type": "kill-chain",
"id": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"spec_version": "2.0",
"created_time": "2016-05-27T15:35:07Z",
"modified_time": "2016-05-27T15:35:07Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "LMCO"
}
],
"kill_chain_phases": [
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--693dc829-4ca1-48c6-aabd-a38763e13ea5",
"spec_version": "2.0",
"created_time": "2016-05-27T15:36:54Z",
"modified_time": "2016-05-27T15:36:54Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Reconnaissance"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--ac910ac4-9984-42a9-a12b-7f4feb98ffdc",
"spec_version": "2.0",
"created_time": "2016-05-27T15:38:02Z",
"modified_time": "2016-05-27T15:38:02Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Weaponization"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--aabf860d-9545-44f9-a935-c9c580ef88b6",
"spec_version": "2.0",
"created_time": "2016-05-27T15:38:51Z",
"modified_time": "2016-05-27T15:38:51Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Delivery"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--016915a3-0963-4ba0-b0f7-d01c1f79a9bc",
"spec_version": "2.0",
"created_time": "2016-05-27T15:39:25Z",
"modified_time": "2016-05-27T15:39:25Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Exploitation"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--8a2dc251-28c3-4a8c-afef-7d71fa014209",
"spec_version": "2.0",
"created_time": "2016-05-27T15:40:06Z",
"modified_time": "2016-05-27T15:40:06Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Installation"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--872effca-6ad3-4b4a-acf9-357f1e779404",
"spec_version": "2.0",
"created_time": "2016-05-27T15:40:51Z",
"modified_time": "2016-05-27T15:40:51Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Command & Control"
},
{
"type": "kill-chain-phase",
"id": "kill-chain-phase--0606c0a7-745b-4e40-8d63-b98f524b3459",
"spec_version": "2.0",
"created_time": "2016-05-27T15:41:27Z",
"modified_time": "2016-05-27T15:41:27Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Actions on Objectives"
}
],
"relationships": [
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--693dc829-4ca1-48c6-aabd-a38763e13ea5",
"extensions": {"cardinality": 1},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--ac910ac4-9984-42a9-a12b-7f4feb98ffdc",
"extensions": {"cardinality": 2},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--aabf860d-9545-44f9-a935-c9c580ef88b6",
"extensions": {"cardinality": 3},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--016915a3-0963-4ba0-b0f7-d01c1f79a9bc",
"extensions": {"cardinality": 4},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--8a2dc251-28c3-4a8c-afef-7d71fa014209",
"extensions": {"cardinality": 5},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--872effca-6ad3-4b4a-acf9-357f1e779404",
"extensions": {"cardinality": 6},
"kind_of_relationship": "has-phase"
},
{
"type": "relationship",
"id": "relationship--a77eb186-c5e1-4c32-92d2-597d018d217a",
"spec_version": "2.0",
"created_time": "2016-05-27T15:42:23Z",
"modified_time": "2016-05-27T15:42:23Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "kill-chain--47cbe0e4-c4f6-4e0f-a67e-1851168c492b",
"target_ref": "kill-chain-phase--0606c0a7-745b-4e40-8d63-b98f524b3459",
"extensions": {"cardinality": 7},
"kind_of_relationship": "has-phase"
}
]
}
Raw
option-1-usage.json
{
"type": "bundle",
"indicators": [
{
"type": "indicator",
"id": "indicator--8445a039-6ba6-4e42-9011-467093d5b29e",
"spec_version": "2.0",
"created_time": "2016-05-27T15:47:14Z",
"modified_time": "2016-05-27T15:47:14Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Downloader URLs",
"labels": ["malicious-activity"],
"pattern": "url.value = 'http://example.com/download.exe'"
}
],
"relationships": [
{
"type": "relationship",
"id": "relationship--e74be748-e577-4e3e-9d4c-1db1dab8d5ba",
"spec_version": "2.0",
"created_time": "2016-05-27T15:54:08Z",
"modified_time": "2016-05-27T15:54:08Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"source_ref": "indicator--8445a039-6ba6-4e42-9011-467093d5b29e",
"target_ref": "kill-chain-phase--aabf860d-9545-44f9-a935-c9c580ef88b6"
}
]
}
Raw
option-2-reference.json
{
"type": "bundle",
"indicators": [
{
"type": "indicator",
"id": "indicator--8445a039-6ba6-4e42-9011-467093d5b29e",
"spec_version": "2.0",
"created_time": "2016-05-27T15:47:14Z",
"modified_time": "2016-05-27T15:47:14Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"revision": 1,
"title": "Downloader URLs",
"labels": ["malicious-activity"],
"pattern": "url.value = 'http://example.com/download.exe'",
"kill_chain_phases": [
{
"kill_chain_name": "lockheed-martin-cyber-kill-chain",
"phase_name": "delivery"
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment