-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dd459b0
commit 1545988
Showing
7 changed files
with
7 additions
and
7 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"description": "md5 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "md5:\"415e5cc23e106483711abe70ad78c8e2\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":43296329999.98284,\"updated-perf\":43296329999.98284,\"type\":\"collect\",\"created\":\"2020-12-02T13:40:44.039Z\",\"state\":\"ok\",\"arg\":\"md5:415e5cc23e106483711abe70ad78c8e2\",\"result\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"id\":\"collect-2998cabe\",\"uuid\":\"2b0e0774-8095-47d8-a637-72fed05c0af5\"},{\"created-perf\":43715079999.994484,\"updated-perf\":43715079999.994484,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:44.458Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ba58ab94\",\"uuid\":\"4d32cbcf-af33-4de3-b38b-cdde04938182\"},{\"created-perf\":45724350000.00405,\"updated-perf\":45724354999.98392,\"type\":\"investigate\",\"created\":\"2020-12-02T13:40:46.467Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"id\":\"transient:relationship-cf9f24d8-8ade-4e43-b885-9a88f9987ee5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-6c088feb-1f2b-4de9-bb66-f329794f0d60\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-5d9bd911-0e49-450f-b1ca-807d447a934d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"id\":\"transient:relationship-47c60d32-27fc-4a66-8bfc-bd6b10560c72\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-11d06008-2d66-4e92-9bf4-9df687a3683e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-06-29T15:00:23.015Z\",\"end_time\":\"2023-07-06T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Hacktool.PwDump\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-06-29T15:00:23.015Z\",\"end_time\":\"2023-07-06T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"415e5cc23e106483711abe70ad78c8e2\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-07-03T23:37:27.000Z\",\"end_time\":\"2022-07-03T23:37:27.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-07-03T23:37:27.000Z\",\"end_time\":\"2022-07-03T23:37:27.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-84faa9d9\",\"uuid\":\"cbdc960b-1935-4c16-bd22-bef448a587b4\"},{\"created-perf\":46235779999.98815,\"updated-perf\":46235779999.98815,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:46.978Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-fe2808c4\",\"uuid\":\"7cd391e9-92ee-4389-938c-002254824533\"}]", "short_description": "Snapshot @ 20201202 13:42:49", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-945d2e3f-8682-48d4-a390-9003acf3f920", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:43:05.094Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"} | ||
| {"description": "md5 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "md5:\"415e5cc23e106483711abe70ad78c8e2\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":43296329999.98284,\"updated-perf\":43296329999.98284,\"type\":\"collect\",\"created\":\"2020-12-02T13:40:44.039Z\",\"state\":\"ok\",\"arg\":\"md5:415e5cc23e106483711abe70ad78c8e2\",\"result\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"id\":\"collect-2998cabe\",\"uuid\":\"2b0e0774-8095-47d8-a637-72fed05c0af5\"},{\"created-perf\":43715079999.994484,\"updated-perf\":43715079999.994484,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:44.458Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ba58ab94\",\"uuid\":\"4d32cbcf-af33-4de3-b38b-cdde04938182\"},{\"created-perf\":45724350000.00405,\"updated-perf\":45724354999.98392,\"type\":\"investigate\",\"created\":\"2020-12-02T13:40:46.467Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"id\":\"transient:relationship-cf9f24d8-8ade-4e43-b885-9a88f9987ee5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-6c088feb-1f2b-4de9-bb66-f329794f0d60\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-5d9bd911-0e49-450f-b1ca-807d447a934d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"id\":\"transient:relationship-47c60d32-27fc-4a66-8bfc-bd6b10560c72\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-11d06008-2d66-4e92-9bf4-9df687a3683e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-07-06T15:00:23.015Z\",\"end_time\":\"2023-07-13T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Hacktool.PwDump\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-07-06T15:00:23.015Z\",\"end_time\":\"2023-07-13T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"415e5cc23e106483711abe70ad78c8e2\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-07-10T23:37:27.000Z\",\"end_time\":\"2022-07-10T23:37:27.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-07-10T23:37:27.000Z\",\"end_time\":\"2022-07-10T23:37:27.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-84faa9d9\",\"uuid\":\"cbdc960b-1935-4c16-bd22-bef448a587b4\"},{\"created-perf\":46235779999.98815,\"updated-perf\":46235779999.98815,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:46.978Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-fe2808c4\",\"uuid\":\"7cd391e9-92ee-4389-938c-002254824533\"}]", "short_description": "Snapshot @ 20201202 13:42:49", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-945d2e3f-8682-48d4-a390-9003acf3f920", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:43:05.094Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"} |
Oops, something went wrong.