Azure-Sentinel/Sample Data/intel471_titan_API_malware_...

{
  "cursorNext": "MF8xMTFiZGE1MW",
  "indicatorTotalCount": 10,
  "indicators": [
    {
      "activity": {
        "first": 1674645821694,
        "last": 1674645821694
      },
      "data": {
        "confidence": "low",
        "context": {
          "description": "hermit download location URL"
        },
        "expiration": 1582429809000,
        "indicator_data": {
          "url": "tcp://63.217.113.184:79"
        },
        "indicator_type": "url",
        "intel_requirements": [
          "1.0",
          "1.1"
        ],
        "mitre_tactics": "initial_access",
        "source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",
        "threat": {
          "data": {
            "family": "hermit",
            "malware_family_profile_uid": "fd64bb7cc9394929aa6d8a566f51408c",
            "version": "2020"
          },
          "type": "malware",
          "uid": "fd64bb7cc9394929aa6d8a566f51408c"
        },
        "uid": "fd64bb7cc9394929aa6d8a566f51408c"
      },
      "isEmpty": false,
      "last_updated": 1674645821694,
      "meta": {
        "version": "0.1"
      },
      "uid": "8434301625df15a8e4f02a82f6c2ae8f"
    },
    {
      "activity": {
        "first": 1674645821694,
        "last": 1674645821694
      },
      "data": {
        "confidence": "medium",
        "context": {
          "description": "backspace controller IPv4"
        },
        "expiration": 1678838400000,
        "indicator_data": {
          "address": "140.32.141.70",
          "geo_ip": {
            "city": "Sofia",
            "country": "Bulgaria",
            "country_code": "BG",
            "isp": {
              "autonomous_system": "AS1234 ACME limited",
              "isp": "ACME limited",
              "network": "1.1.1.1/22",
              "organization": "ACME limited"
            },
            "subdivision": [
              "Sofia-Capital"
            ]
          }
        },
        "indicator_type": "ipv4",
        "intel_requirements": [
          "1.0",
          "1.1"
        ],
        "mitre_tactics": "initial_access",
        "source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",
        "threat": {
          "data": {
            "family": "backspace",
            "malware_family_profile_uid": "44eb171c99e6e284d5764310be740829",
            "version": "2020"
          },
          "type": "malware",
          "uid": "44eb171c99e6e284d5764310be740829"
        },
        "uid": "44eb171c99e6e284d5764310be740829"
      },
      "isEmpty": false,
      "last_updated": 1674645821694,
      "meta": {
        "version": "0.1"
      },
      "uid": "acbb90cda5e8fff82e886814f6d9ce32"
    },
    {
      "activity": {
        "first": 1674645821694,
        "last": 1674645821694
      },
      "data": {
        "confidence": "high",
        "context": {
          "description": "executable downloaded by bangat"
        },
        "expiration": 1678492800000,
        "indicator_data": {
          "file": {
            "md5": "f1adb31e7ce007f898acb557f962a506",
            "sha1": "649cf2a5e7de17b0b92f07131d635796eb8fe1c4",
            "sha256": "01604e49ff232b127b34696f86cb49d2d52c0602c84b2490e0129edcedf80f3c",
            "size": 15554,
            "ssdeep": "12345:dsf897d9f3298f:78h328r7h2f3h",
            "type": "PEEXE_x86"
          }
        },
        "indicator_type": "file",
        "intel_requirements": [
          "1.0",
          "1.1"
        ],
        "mitre_tactics": "command_and_control",
        "source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",
        "threat": {
          "data": {
            "family": "bangat",
            "malware_family_profile_uid": "66dedc6c4354d31f1fbc480164b2d071",
            "version": "2020"
          },
          "type": "malware",
          "uid": "66dedc6c4354d31f1fbc480164b2d071"
        },
        "uid": "66dedc6c4354d31f1fbc480164b2d071"
      },
      "isEmpty": false,
      "last_updated": 1674645821694,
      "meta": {
        "version": "0.1"
      },
      "uid": "f1adb31e7ce007f898acb557f962a506"
    }
  ]
}
Intel 471 integration - initial commit 2023-01-25 14:44:43 +03:00			`{`
			`"cursorNext": "MF8xMTFiZGE1MW",`
			`"indicatorTotalCount": 10,`
			`"indicators": [`
			`{`
			`"activity": {`
			`"first": 1674645821694,`
			`"last": 1674645821694`
			`},`
			`"data": {`
			`"confidence": "low",`
			`"context": {`
			`"description": "hermit download location URL"`
			`},`
			`"expiration": 1582429809000,`
			`"indicator_data": {`
			`"url": "tcp://63.217.113.184:79"`
			`},`
			`"indicator_type": "url",`
			`"intel_requirements": [`
			`"1.0",`
			`"1.1"`
			`],`
			`"mitre_tactics": "initial_access",`
			`"source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",`
			`"threat": {`
			`"data": {`
			`"family": "hermit",`
			`"malware_family_profile_uid": "fd64bb7cc9394929aa6d8a566f51408c",`
			`"version": "2020"`
			`},`
			`"type": "malware",`
			`"uid": "fd64bb7cc9394929aa6d8a566f51408c"`
			`},`
			`"uid": "fd64bb7cc9394929aa6d8a566f51408c"`
			`},`
			`"isEmpty": false,`
			`"last_updated": 1674645821694,`
			`"meta": {`
			`"version": "0.1"`
			`},`
			`"uid": "8434301625df15a8e4f02a82f6c2ae8f"`
			`},`
			`{`
			`"activity": {`
			`"first": 1674645821694,`
			`"last": 1674645821694`
			`},`
			`"data": {`
			`"confidence": "medium",`
			`"context": {`
			`"description": "backspace controller IPv4"`
			`},`
			`"expiration": 1678838400000,`
			`"indicator_data": {`
			`"address": "140.32.141.70",`
			`"geo_ip": {`
			`"city": "Sofia",`
			`"country": "Bulgaria",`
			`"country_code": "BG",`
			`"isp": {`
			`"autonomous_system": "AS1234 ACME limited",`
			`"isp": "ACME limited",`
			`"network": "1.1.1.1/22",`
			`"organization": "ACME limited"`
			`},`
			`"subdivision": [`
			`"Sofia-Capital"`
			`]`
			`}`
			`},`
			`"indicator_type": "ipv4",`
			`"intel_requirements": [`
			`"1.0",`
			`"1.1"`
			`],`
			`"mitre_tactics": "initial_access",`
			`"source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",`
			`"threat": {`
			`"data": {`
			`"family": "backspace",`
			`"malware_family_profile_uid": "44eb171c99e6e284d5764310be740829",`
			`"version": "2020"`
			`},`
			`"type": "malware",`
			`"uid": "44eb171c99e6e284d5764310be740829"`
			`},`
			`"uid": "44eb171c99e6e284d5764310be740829"`
			`},`
			`"isEmpty": false,`
			`"last_updated": 1674645821694,`
			`"meta": {`
			`"version": "0.1"`
			`},`
			`"uid": "acbb90cda5e8fff82e886814f6d9ce32"`
			`},`
			`{`
			`"activity": {`
			`"first": 1674645821694,`
			`"last": 1674645821694`
			`},`
			`"data": {`
			`"confidence": "high",`
			`"context": {`
			`"description": "executable downloaded by bangat"`
			`},`
			`"expiration": 1678492800000,`
			`"indicator_data": {`
			`"file": {`
			`"md5": "f1adb31e7ce007f898acb557f962a506",`
			`"sha1": "649cf2a5e7de17b0b92f07131d635796eb8fe1c4",`
			`"sha256": "01604e49ff232b127b34696f86cb49d2d52c0602c84b2490e0129edcedf80f3c",`
			`"size": 15554,`
			`"ssdeep": "12345:dsf897d9f3298f:78h328r7h2f3h",`
			`"type": "PEEXE_x86"`
			`}`
			`},`
			`"indicator_type": "file",`
			`"intel_requirements": [`
			`"1.0",`
			`"1.1"`
			`],`
			`"mitre_tactics": "command_and_control",`
			`"source_id": "a7ce37b6cd95e84f6ae897e78bf67d22",`
			`"threat": {`
			`"data": {`
			`"family": "bangat",`
			`"malware_family_profile_uid": "66dedc6c4354d31f1fbc480164b2d071",`
			`"version": "2020"`
			`},`
			`"type": "malware",`
			`"uid": "66dedc6c4354d31f1fbc480164b2d071"`
			`},`
			`"uid": "66dedc6c4354d31f1fbc480164b2d071"`
			`},`
			`"isEmpty": false,`
			`"last_updated": 1674645821694,`
			`"meta": {`
			`"version": "0.1"`
			`},`
			`"uid": "f1adb31e7ce007f898acb557f962a506"`
			`}`
			`]`
			`}`