|
| 1 | +{"threat": {"indicator": {"id": "aaaa0001-0001-0001-0001-000000000001", "confidence": "High", "description": "Test IPv4 malicious IP.", "first_seen": "2026-05-01T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "ip": "192.0.2.10", "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "192.0.2.10", "provider": "Ticura", "type": ["ipv4-addr"]}, "feed": [{"name": "Ticura Curated", "reference": "https://www.ticura.io", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 80}, "ticura": {"indicator": {"uuid": "aaaa0001-0001-0001-0001-000000000001", "main_type": "IPV4", "sub_type": "IPV4", "is_inbound": false, "confidence": 75, "risk": 80, "risk_category": "high", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "fingerprint": "4210a52f45deada10decb7547d4f5804155ffe7e6ab179d9ce517ec3a849468d"}}, "tags": ["type:Curated"]} |
| 2 | +{"threat": {"indicator": {"id": "aaaa0002-0002-0002-0002-000000000002", "confidence": "High", "description": "Test IPv4+Port C2 indicator.", "first_seen": "2026-05-02T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "ip": "198.51.100.10", "port": 4444, "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "198.51.100.10:4444", "provider": "Ticura", "type": ["ipv4-addr", "port"]}, "feed": [{"name": "ThreatFox Curated", "reference": "https://threatfox.abuse.ch", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 90}, "ticura": {"indicator": {"uuid": "aaaa0002-0002-0002-0002-000000000002", "main_type": "IPV4", "sub_type": "IPV4PORT", "is_inbound": false, "confidence": 80, "risk": 90, "risk_category": "high", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "fingerprint": "09ff9ff8dac9539042ebb9c104078a17342155bf1638af75ec233ac628eaed11"}}, "tags": ["C2", "type:Curated"]} |
| 3 | +{"threat": {"indicator": {"id": "aaaa0003-0003-0003-0003-000000000003", "confidence": "High", "description": "Test malicious domain.", "first_seen": "2026-05-03T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "url": {"domain": "malicious-test-domain.example.com"}, "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "malicious-test-domain.example.com", "provider": "Ticura", "type": ["domain-name"]}, "feed": [{"name": "CIRCL OSINT Feed", "reference": "https://www.circl.lu/doc/misp/feed-osint/", "description": "License: n/a"}], "technique": {"id": ["T1566"], "name": ["Phishing"], "reference": ["https://attack.mitre.org/techniques/T1566"]}}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 70}, "ticura": {"indicator": {"uuid": "aaaa0003-0003-0003-0003-000000000003", "main_type": "DOMAIN", "sub_type": "DOMAIN", "is_inbound": false, "confidence": 65, "risk": 70, "risk_category": "high", "confidence_category": "medium", "ages_out": "2026-06-28T12:00:00Z", "technique": {"id": ["T1566"], "name": ["Phishing"], "reference": ["https://attack.mitre.org/techniques/T1566"]}, "additional_info": {"valid_from": "2026-05-03T10:00:00Z", "dns_first_seen": "2025-12-01T10:00:00Z", "dns_last_seen": "2026-05-28T09:00:00Z", "threat_types": ["Phishing"]}, "fingerprint": "5957ed7c69197334d3925cc11d0dd865286f4556686bba14c3651ba22bef8b40"}}, "dns": {"answers": [{"class": "IN", "data": "192.0.2.100", "name": "malicious-test-domain.example.com", "type": "A"}], "question": {"class": "IN", "name": "malicious-test-domain.example.com", "registered_domain": "example.com", "top_level_domain": "com"}, "op_code": "QUERY", "resolved_ip": ["192.0.2.100"], "response_code": "NOERROR", "type": ["query", "answer"]}, "tags": ["Phishing", "type:OSINT"]} |
| 4 | +{"threat": {"indicator": {"id": "aaaa0004-0004-0004-0004-000000000004", "confidence": "High", "description": "Test phishing URL.", "first_seen": "2026-05-04T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "url": {"full": "http://phishing-test.example.com/steal-creds", "domain": "phishing-test.example.com", "scheme": "http", "path": "/steal-creds", "original": "http://phishing-test.example.com/steal-creds"}, "marking": {"tlp": "AMBER", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "http://phishing-test.example.com/steal-creds", "provider": "Ticura", "type": ["url"]}, "feed": [{"name": "URLhaus-Recent Additions", "reference": "https://urlhaus.abuse.ch", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 85}, "ticura": {"indicator": {"uuid": "aaaa0004-0004-0004-0004-000000000004", "main_type": "URL", "sub_type": "IPV4", "is_inbound": false, "confidence": 80, "risk": 85, "risk_category": "high", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "additional_info": {"valid_from": "2026-05-04T10:00:00Z", "threat_types": ["Phishing"], "online": {"is_online": true, "last_online": "2026-05-28T09:00:00Z"}}, "fingerprint": "482ad3e7483b4e6ea2ac218977d8359e7ebbb20e7fe18110d74439bce4a0fbfe"}}, "tags": ["Phishing", "type:Curated"]} |
| 5 | +{"threat": {"indicator": {"id": "aaaa0005-0005-0005-0005-000000000005", "confidence": "High", "description": "Test SHA-256 malware hash.", "first_seen": "2026-04-01T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "file": {"hash": {"sha256": "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"}, "name": "test-malware.exe", "size": 204800}, "marking": {"tlp": "RED", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", "provider": "Ticura", "type": ["file"]}, "feed": [{"name": "MalwareBazaar-Recent Additions", "reference": "https://bazaar.abuse.ch", "description": "License: n/a"}], "technique": {"id": ["T1486"], "name": ["Data Encrypted for Impact"], "reference": ["https://attack.mitre.org/techniques/T1486"]}}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 95}, "ticura": {"indicator": {"uuid": "aaaa0005-0005-0005-0005-000000000005", "main_type": "HASH", "sub_type": "HASHSHA256", "is_inbound": false, "confidence": 90, "risk": 95, "risk_category": "critical", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "technique": {"id": ["T1486"], "name": ["Data Encrypted for Impact"], "reference": ["https://attack.mitre.org/techniques/T1486"]}, "additional_info": {"valid_from": "2026-04-01T10:00:00Z", "malware": {"name": "TestRansomware"}, "threat_types": ["Malware"]}, "fingerprint": "791327782be0c0a61a42367dc4bb8ad1324786987803473377b0536f1790583f"}}, "tags": ["Ransomware", "Malware"]} |
| 6 | +{"threat": {"indicator": {"id": "aaaa0006-0006-0006-0006-000000000006", "confidence": "Medium", "description": "Test MD5 trojan dropper hash.", "first_seen": "2026-04-10T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "file": {"hash": {"md5": "5d41402abc4b2a76b9719d911017c592"}, "name": "dropper-test.dll"}, "marking": {"tlp": "AMBER", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "5d41402abc4b2a76b9719d911017c592", "provider": "Ticura", "type": ["file"]}, "feed": [{"name": "MalwareBazaar-Recent Additions", "reference": "https://bazaar.abuse.ch", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 65}, "ticura": {"indicator": {"uuid": "aaaa0006-0006-0006-0006-000000000006", "main_type": "HASH", "sub_type": "HASHMD5", "is_inbound": false, "confidence": 60, "risk": 65, "risk_category": "high", "confidence_category": "medium", "ages_out": "2026-06-28T12:00:00Z", "additional_info": {"valid_from": "2026-04-10T10:00:00Z", "threat_types": ["Malware"]}, "fingerprint": "321f63206fb7b0512bf61a93b554f68af9ee2d6829a4776207abd10bacd54d4b"}}, "tags": ["Trojan", "Malware"]} |
| 7 | +{"threat": {"indicator": {"id": "aaaa0007-0007-0007-0007-000000000007", "confidence": "Medium", "description": "Test malicious IPv6 C2.", "first_seen": "2026-05-05T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "ip": "2001:db8::1", "marking": {"tlp": "GREEN", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "2001:db8::1", "provider": "Ticura", "type": ["ipv6-addr"]}, "feed": [{"name": "Ticura Curated", "reference": "https://www.ticura.io", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 60}, "ticura": {"indicator": {"uuid": "aaaa0007-0007-0007-0007-000000000007", "main_type": "IPV6", "sub_type": "IPV6", "is_inbound": false, "confidence": 55, "risk": 60, "risk_category": "medium", "confidence_category": "medium", "ages_out": "2026-06-28T12:00:00Z", "fingerprint": "1c07df86dc03e81ded56f2b0e1bf8ae98bc5bece52e0abb7f85ed20618934d26"}}, "tags": ["type:Curated"]} |
| 8 | +{"threat": {"indicator": {"id": "aaaa0008-0008-0008-0008-000000000008", "confidence": "High", "description": "APT test indicator with MITRE group.", "first_seen": "2026-05-06T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "ip": "192.0.2.20", "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "192.0.2.20", "provider": "Ticura", "type": ["ipv4-addr"]}, "feed": [{"name": "Ticura Curated", "reference": "https://www.ticura.io", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 88}, "ticura": {"indicator": {"uuid": "aaaa0008-0008-0008-0008-000000000008", "main_type": "IPV4", "sub_type": "IPV4", "is_inbound": true, "confidence": 85, "risk": 88, "risk_category": "high", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "actors": ["TestAPTGroup"], "group": {"id": ["G0001"], "name": ["Test Threat Group"], "reference": ["https://attack.mitre.org/groups/G0001"]}, "additional_info": {"valid_from": "2026-05-06T10:00:00Z", "actors": ["TestAPTGroup"], "threat_types": ["Command and Control Server"]}, "fingerprint": "ab9130f26a4ea6cd89b5ffc93ac6088a1cddaeec4bac773e214fbb2ece4e836d"}}, "tags": ["APT", "type:Curated"]} |
| 9 | +{"threat": {"indicator": {"id": "aaaa0009-0009-0009-0009-000000000009", "confidence": "High", "description": "Sinkholed malicious domain.", "first_seen": "2026-04-15T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "url": {"domain": "sinkholed-test.example.com"}, "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "sinkholed-test.example.com", "provider": "Ticura", "type": ["domain-name"]}, "feed": [{"name": "CIRCL OSINT Feed", "reference": "https://www.circl.lu/doc/misp/feed-osint/", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 50}, "ticura": {"indicator": {"uuid": "aaaa0009-0009-0009-0009-000000000009", "main_type": "DOMAIN", "sub_type": "DOMAIN", "is_inbound": false, "confidence": 50, "risk": 50, "risk_category": "medium", "confidence_category": "medium", "ages_out": "2026-06-28T12:00:00Z", "additional_info": {"valid_from": "2026-04-15T10:00:00Z", "sinkhole": {"owner": "TestSinkhole"}}, "fingerprint": "d7faaf800cf15e38e21b637447ca7a0964a5b06a212a0d41580fbe5b853bbeb9"}}, "tags": ["type:OSINT"]} |
| 10 | +{"threat": {"indicator": {"id": "aaaa000a-000a-000a-000a-00000000000a", "confidence": "High", "description": "Critical-risk C2 test indicator.", "first_seen": "2026-05-10T10:00:00Z", "last_seen": "2026-05-28T10:00:00Z", "ip": "203.0.113.10", "marking": {"tlp": "RED", "tlp_version": "2.0"}, "modified_at": "2026-05-28T12:00:00Z", "name": "203.0.113.10", "provider": "Ticura", "type": ["ipv4-addr"]}, "feed": [{"name": "ThreatFox Curated", "reference": "https://threatfox.abuse.ch", "description": "License: n/a"}], "technique": {"id": ["T1071"], "name": ["Application Layer Protocol"], "reference": ["https://attack.mitre.org/techniques/T1071"]}}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 100}, "ticura": {"indicator": {"uuid": "aaaa000a-000a-000a-000a-00000000000a", "main_type": "IPV4", "sub_type": "IPV4", "is_inbound": false, "confidence": 95, "risk": 100, "risk_category": "critical", "confidence_category": "high", "ages_out": "2026-06-28T12:00:00Z", "technique": {"id": ["T1071"], "name": ["Application Layer Protocol"], "reference": ["https://attack.mitre.org/techniques/T1071"]}, "industries": ["Finance", "Government"], "countries": ["RU", "CN"], "additional_info": {"valid_from": "2026-05-10T10:00:00Z", "threat_types": ["Command and Control Server"], "countries": ["RU"], "industries": ["Finance"]}, "fingerprint": "506563e3688a83070c7daa448ee6f41b4a6f470279adfe2777fa62765cfb69a6"}}, "tags": ["C2", "type:Curated"]} |
| 11 | +{"threat": {"indicator": {"id": "aaaa000e-000e-000e-000e-00000000000e", "confidence": "Low", "description": "Already-expired test indicator.", "first_seen": "2025-01-01T00:00:00Z", "last_seen": "2026-01-15T00:00:00Z", "ip": "192.0.2.99", "marking": {"tlp": "CLEAR", "tlp_version": "2.0"}, "modified_at": "2026-01-15T00:00:00Z", "name": "192.0.2.99", "provider": "Ticura", "type": ["ipv4-addr"]}, "feed": [{"name": "Ticura Curated", "reference": "https://www.ticura.io", "description": "License: n/a"}]}, "event": {"kind": "enrichment", "category": "threat", "type": "indicator", "risk_score": 20}, "ticura": {"indicator": {"uuid": "aaaa000e-000e-000e-000e-00000000000e", "main_type": "IPV4", "sub_type": "IPV4", "is_inbound": false, "confidence": 20, "risk": 20, "risk_category": "low", "confidence_category": "low", "ages_out": "2026-01-16T00:00:00Z", "fingerprint": "d569fbaaf82d7c34a0ae8f2a6b9dc14c4c254184345dc7f21ee4ba79036dff96"}}, "tags": ["type:Curated"]} |
0 commit comments