Last active
June 15, 2016 08:50
-
-
Save michaelkeevildown/477df47353153a30de667e85a47433a5 to your computer and use it in GitHub Desktop.
AlienTheat API Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/api/v1/pulses/activity/?modified_since=2016-04-25T22:49:03.704867&limit=10&page=1 | |
{ | |
"count": 487, | |
"next": "https://otx.alienvault.com/api/v1/pulses/activity?page=2", | |
"previous": null, | |
"results": [ | |
{ | |
"id": "5760336e2957b90134ede223", | |
"name": "Intrusion into the Democratic National Committee", | |
"public": true, | |
"TLP": "green", | |
"description": "CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team andtechnologyand immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.", | |
"tags": [ | |
"cozy bear", | |
"powershell", | |
"aek", | |
"sofacy", | |
"apt", | |
"defense", | |
"china", | |
"energy", | |
"fancy bear", | |
"government", | |
"mimikatz", | |
"russia", | |
"cozyduke", | |
"crowdstrike", | |
"mexico", | |
"democratic party" | |
], | |
"references": [ | |
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/" | |
], | |
"subscriber_count": 15634, | |
"follower_count": 0, | |
"validator_count": 0, | |
"comment_count": 0, | |
"indicator_count": 19, | |
"author": { | |
"id": "55003d1d13432a7f96c2be0a", | |
"username": "AlienVault", | |
"avatar_url": "https://otx20-web-media.s3.amazonaws.com/media/avatars/AlienVault/resized/80/unnamed (1).jpg" | |
}, | |
"modified": "2016-06-14T16:40:13.826000", | |
"created": "2016-06-14T16:40:13.826000", | |
"modified_text": "14 hours ago ", | |
"is_modified": false, | |
"is_subscribing": true, | |
"is_following": false, | |
"is_author": false, | |
"cloned_from": null, | |
"vote": 0, | |
"upvotes_count": 6, | |
"downvotes_count": 0, | |
"votes_count": 6, | |
"export_count": 33, | |
"indicator_type_counts": { | |
"URL": 7, | |
"SHA256": 5, | |
"IPv4": 7 | |
} | |
}, | |
{repeated N times} | |
] | |
} | |
api/v1/pulses/5760336e2957b90134ede223 | |
{ | |
"id": "5760336e2957b90134ede223", | |
"name": "Intrusion into the Democratic National Committee", | |
"description": "CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team andtechnologyand immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.", | |
"author_name": "AlienVault", | |
"modified": "2016-06-14T16:40:13.826000", | |
"created": "2016-06-14T16:40:13.826000", | |
"tags": [ | |
"cozy bear", | |
"powershell", | |
"aek", | |
"sofacy", | |
"apt", | |
"defense", | |
"china", | |
"energy", | |
"fancy bear", | |
"government", | |
"mimikatz", | |
"russia", | |
"cozyduke", | |
"crowdstrike", | |
"mexico", | |
"democratic party" | |
], | |
"references": [ | |
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/" | |
], | |
"revision": 1, | |
"indicators": [ | |
{ | |
"indicator": "6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536", | |
"_id": "5760336d2957b90134ede210", | |
"type": "FileHash-SHA256", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae", | |
"_id": "5760336d2957b90134ede211", | |
"type": "FileHash-SHA256", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976", | |
"_id": "5760336d2957b90134ede212", | |
"type": "FileHash-SHA256", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f", | |
"_id": "5760336d2957b90134ede213", | |
"type": "FileHash-SHA256", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5", | |
"_id": "5760336d2957b90134ede214", | |
"type": "FileHash-SHA256", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://58.49.58.58:443", | |
"_id": "5760336d2957b90134ede215", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://45.32.129.185:443", | |
"_id": "5760336d2957b90134ede216", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://185.100.84.134:443", | |
"_id": "5760336d2957b90134ede217", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://187.33.33.8:80", | |
"_id": "5760336d2957b90134ede218", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://218.1.98.203:80", | |
"_id": "5760336d2957b90134ede219", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://23.227.196.217:443", | |
"_id": "5760336d2957b90134ede21a", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "http://185.86.148.227:443", | |
"_id": "5760336d2957b90134ede21b", | |
"type": "URL", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "23.227.196.217", | |
"_id": "5760336d2957b90134ede21c", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "45.32.129.185", | |
"_id": "5760336d2957b90134ede21d", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "185.86.148.227", | |
"_id": "5760336d2957b90134ede21e", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "218.1.98.203", | |
"_id": "5760336d2957b90134ede21f", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "185.100.84.134", | |
"_id": "5760336d2957b90134ede220", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "187.33.33.8", | |
"_id": "5760336d2957b90134ede221", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
}, | |
{ | |
"indicator": "58.49.58.58", | |
"_id": "5760336d2957b90134ede222", | |
"type": "IPv4", | |
"description": "", | |
"created": "2016-06-14T16:40:13.826" | |
} | |
], | |
"TLP": "green", | |
"public": true | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment