Skip to content

Instantly share code, notes, and snippets.

@michaelkeevildown

michaelkeevildown/alienthreat-api-request.txt

Last active June 15, 2016 08:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michaelkeevildown/477df47353153a30de667e85a47433a5 to your computer and use it in GitHub Desktop.
Save michaelkeevildown/477df47353153a30de667e85a47433a5 to your computer and use it in GitHub Desktop.
Download ZIP
AlienTheat API Example
Raw
alienthreat-api-request.txt
/api/v1/pulses/activity/?modified_since=2016-04-25T22:49:03.704867&limit=10&page=1
{
"count": 487,
"next": "https://otx.alienvault.com/api/v1/pulses/activity?page=2",
"previous": null,
"results": [
{
"id": "5760336e2957b90134ede223",
"name": "Intrusion into the Democratic National Committee",
"public": true,
"TLP": "green",
"description": "CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team andtechnologyand immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.",
"tags": [
"cozy bear",
"powershell",
"aek",
"sofacy",
"apt",
"defense",
"china",
"energy",
"fancy bear",
"government",
"mimikatz",
"russia",
"cozyduke",
"crowdstrike",
"mexico",
"democratic party"
],
"references": [
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
],
"subscriber_count": 15634,
"follower_count": 0,
"validator_count": 0,
"comment_count": 0,
"indicator_count": 19,
"author": {
"id": "55003d1d13432a7f96c2be0a",
"username": "AlienVault",
"avatar_url": "https://otx20-web-media.s3.amazonaws.com/media/avatars/AlienVault/resized/80/unnamed (1).jpg"
},
"modified": "2016-06-14T16:40:13.826000",
"created": "2016-06-14T16:40:13.826000",
"modified_text": "14 hours ago ",
"is_modified": false,
"is_subscribing": true,
"is_following": false,
"is_author": false,
"cloned_from": null,
"vote": 0,
"upvotes_count": 6,
"downvotes_count": 0,
"votes_count": 6,
"export_count": 33,
"indicator_type_counts": {
"URL": 7,
"SHA256": 5,
"IPv4": 7
}
},
{repeated N times}
]
}
api/v1/pulses/5760336e2957b90134ede223
{
"id": "5760336e2957b90134ede223",
"name": "Intrusion into the Democratic National Committee",
"description": "CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team andtechnologyand immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.",
"author_name": "AlienVault",
"modified": "2016-06-14T16:40:13.826000",
"created": "2016-06-14T16:40:13.826000",
"tags": [
"cozy bear",
"powershell",
"aek",
"sofacy",
"apt",
"defense",
"china",
"energy",
"fancy bear",
"government",
"mimikatz",
"russia",
"cozyduke",
"crowdstrike",
"mexico",
"democratic party"
],
"references": [
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
],
"revision": 1,
"indicators": [
{
"indicator": "6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536",
"_id": "5760336d2957b90134ede210",
"type": "FileHash-SHA256",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae",
"_id": "5760336d2957b90134ede211",
"type": "FileHash-SHA256",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976",
"_id": "5760336d2957b90134ede212",
"type": "FileHash-SHA256",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f",
"_id": "5760336d2957b90134ede213",
"type": "FileHash-SHA256",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5",
"_id": "5760336d2957b90134ede214",
"type": "FileHash-SHA256",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://58.49.58.58:443",
"_id": "5760336d2957b90134ede215",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://45.32.129.185:443",
"_id": "5760336d2957b90134ede216",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://185.100.84.134:443",
"_id": "5760336d2957b90134ede217",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://187.33.33.8:80",
"_id": "5760336d2957b90134ede218",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://218.1.98.203:80",
"_id": "5760336d2957b90134ede219",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://23.227.196.217:443",
"_id": "5760336d2957b90134ede21a",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "http://185.86.148.227:443",
"_id": "5760336d2957b90134ede21b",
"type": "URL",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "23.227.196.217",
"_id": "5760336d2957b90134ede21c",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "45.32.129.185",
"_id": "5760336d2957b90134ede21d",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "185.86.148.227",
"_id": "5760336d2957b90134ede21e",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "218.1.98.203",
"_id": "5760336d2957b90134ede21f",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "185.100.84.134",
"_id": "5760336d2957b90134ede220",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "187.33.33.8",
"_id": "5760336d2957b90134ede221",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
},
{
"indicator": "58.49.58.58",
"_id": "5760336d2957b90134ede222",
"type": "IPv4",
"description": "",
"created": "2016-06-14T16:40:13.826"
}
],
"TLP": "green",
"public": true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment