Skip to content

Instantly share code, notes, and snippets.

@sbarnum

sbarnum/observable-uc10-objects.json

Created October 16, 2018 14:47
Show Gist options
  • Save sbarnum/3eb9e52636a7aeb27c6904281149d25c to your computer and use it in GitHub Desktop.
Save sbarnum/3eb9e52636a7aeb27c6904281149d25c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
observable-uc10-objects.json
{
"type": "bundle",
"id": "bundle--2849158e-0b4e-4d2b-95c7-b18a20e6707a",
"objects": [
{
"type": "file",
"id": "file--c65cea3e-c75f-45b5-a14b-76777fae78d6",
"spec_version": "2.1",
"created": "2017-07-01T00:00:00.000Z",
"modified": "2017-07-01T00:00:00.000Z",
"name": "Windows-Error-Report.zip",
"magic_number_hex": "504B0304",
"hashes": {
"SHA-256": "fe90a7e910cb3a4739bed9180e807e93fa70c90f25a8915476f5e4bfbac681db"
}
},
{
"type": "malware",
"id": "malware--5369a472-2edd-4797-8f9e-290774bf1b9d",
"spec_version": "2.1",
"created": "2017-07-02T00:00:00.000Z",
"modified": "2017-07-02T00:00:00.000Z",
"name": "foo-57",
"is_family": false,
"sample_refs": [
"file--c65cea3e-c75f-45b5-a14b-76777fae78d6"
],
"static_features": [
{
"feature_name": "certificate",
"feature_structured_value_ref": "x509-certificate--7ac95f28-0761-4c28-9ec8-407f4c9aa073"
},
{
"feature_name": "file",
"feature_structured_value_ref": "file--3d427051-389d-435d-8a08-ad3c1b045943"
}
],
"dynamic_features": [
{
"feature_name": "os-feature",
"feature_value": "powershell"
},
{
"feature_name": "network-traffic",
"feature_structured_value_ref": "network-traffic--33088ebe-26ba-4990-90b0-02386190af00"
}
]
},
{
"type": "x509-certificate",
"id": "x509-certificate--7ac95f28-0761-4c28-9ec8-407f4c9aa073",
"spec_version": "2.1",
"issuer": "C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com",
"validity_not_before": "2016-03-12T12:00:00Z",
"validity_not_after": "2016-08-21T12:00:00Z",
"subject": "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org"
},
{
"type": "file",
"id": "file--3d427051-389d-435d-8a08-ad3c1b045943",
"spec_version": "2.1",
"created": "2010-07-01T00:00:00.000Z",
"modified": "2010-07-01T00:00:00.000Z",
"name": "rebar.ps1",
"hashes": {
"SHA-256": "9B7ECC6EEB83ABF9ADE10FE38865DF4499BE3568DCC507AE2EC3B44989CB0093"
}
},
{
"type": "network-traffic",
"id": "network-traffic--33088ebe-26ba-4990-90b0-02386190af00",
"spec_version": "2.1",
"created": "2017-07-02T00:00:00.000Z",
"modified": "2017-07-02T00:00:00.000Z",
"dst_ref": "ipv4-addr--f3a176da-d66f-446f-860d-30569346486d",
"protocols": "HTTP"
},
{
"type": "ipv4-addr",
"id": "ipv4-addr--f3a176da-d66f-446f-860d-30569346486d",
"spec_version": "2.1",
"created": "2016-04-06T20:30:48.000Z",
"modified": "2016-04-06T20:30:48.000Z",
"value": "223.166.2.54"
},
{
"type": "infrastructure",
"id": "infrastructure--26a3ce9f-bcdd-43b2-b6c0-08d6f80d0020",
"spec_version": "2.1",
"created": "2016-04-06T20:03:50.000Z",
"modified": "2016-04-06T20:03:50.000Z",
"name": "c2-beacon"
},
{
"type": "relationship",
"id": "relationship--00905777-6c27-4efa-9c3d-195fa5e750d6",
"spec_version": "2.1",
"created": "2016-04-06T20:20:50.000Z",
"modified": "2016-09-06T20:20:50.000Z",
"source_ref": "infrastructure--26a3ce9f-bcdd-43b2-b6c0-08d6f80d0020",
"target_ref": "ipv4-addr--f3a176da-d66f-446f-860d-30569346486d",
"relationship_type": "has-element",
"start_time": "2016-04-06T20:30:50.000Z"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment