-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.json
60 lines (60 loc) · 1.9 KB
/
config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
"Subscribers": [
{"name": "BDE", "ip": "127.0.0.1", "port": "1337", "api_key": "1234567890"},
{"name": "DIV", "ip": "127.0.0.1", "port": "1337", "api_key": "1234567890"},
{"name": "Corps", "ip": "127.0.0.2", "port": "4444", "api_key": "1234567890"},
{"name": "NEC", "ip": "127.0.0.1", "port": "1337", "api_key": "1234567890"},
{"name": "RCC", "ip": "127.0.0.1", "port": "1337", "api_key": "1234567890"},
{"name": "ACOIC", "ip": "127.0.0.1", "port": "4444", "api_key": "1234567890"}
],
"Locations": [
"Ziwa",
"Seattle",
"El Paso",
"Augusta",
"Lawton"
],
"Organizations": [
"Weyland-Yutani Corp",
"Cyberdyne Systems",
"Evil Corp"
],
"ObserverTypes": [
"Firewall",
"IDS",
"SIEM Server",
"EDR Agent",
"Person"
],
"ObservationTypes": [
"Reconnaissance",
"Initial Access",
"Execution",
"Persistence",
"Privilege Escalation",
"Defense Evasion",
"Credential Access",
"Discovery",
"Lateral Movement",
"Collection",
"Command and Control",
"Exfiltration",
"Impact"
],
"Indicators": [
{"IndicatorType": "ipv4-addr", "ValueType": "ipv4"},
{"IndicatorType": "ipv6-addr", "ValueType": "ipv6"},
{"IndicatorType": "directory", "ValueType": "string"},
{"IndicatorType": "domain-name", "ValueType": "string"},
{"IndicatorType": "email-addr", "ValueType": "string"},
{"IndicatorType": "file", "ValueType": "string"},
{"IndicatorType": "mac-addr", "ValueType": "mac"},
{"IndicatorType": "mutex", "ValueType": "string"},
{"IndicatorType": "port", "ValueType": "int"},
{"IndicatorType": "process", "ValueType": "string"},
{"IndicatorType": "software", "ValueType": "string"},
{"IndicatorType": "url", "ValueType": "string"},
{"IndicatorType": "user-account", "ValueType": "string"},
{"IndicatorType": "windows-registry-key", "ValueType": "string"}
]
}