Skip to content

Examples

Jump to bottom
dgenzer edited this page Mar 26, 2019 · 2 revisions

Handling output from armbues/ioc-parser

  1. Get some reports from CyberMonitor/APT_CyberCriminal_Campagin_Collections 
$ curl -O https://raw.githubusercontent.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/master/2019/2019.03.13.Operation_Sheep/Operation_Sheep.pdf
  1. Checkout the output
$ iocp -o json -d Operation_Sheep.pdf

will produce a JSON (-o json) and remove duplicates (-d)

{"path": "Operation_Sheep.pdf", "match": "https://research.checkpoint.com/operation-sheep-pilfer-analytics-sdk-in-action", "type": "URL", "page": 1, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "research.checkpoint.com", "type": "Host", "page": 1, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "mbl.shunwang.com", "type": "Host", "page": 6, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "com.syezon.lab.net", "type": "Host", "page": 8, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "com.live91y.tv", "type": "Host", "page": 9, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "chandashi.com", "type": "Host", "page": 9, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "https://research.checkpoint.com/androids-man-in-the-disk", "type": "URL", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "https://en.wikipedia.org/wiki/Thirty-Six_Stratagems", "type": "URL", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "https://www.buzzfeednews.com/article/craigsilverman/android-apps-cheetah-mobile-kika", "type": "URL", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "https://www.prnewswire.com/news-releases/cheetah-mobile-responds-to-kochavas", "type": "URL", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "misleading-statements-300757227.html", "type": "Filename", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "www.buzzfeednews.com", "type": "Host", "page": 10, "file": "Operation_Sheep.pdf"}
{"path": "Operation_Sheep.pdf", "match": "www.prnewswire.com", "type": "Host", "page": 10, "file": "Operation_Sheep.pdf"}
  1. Write the output to a file (or pipe to surify-cli)

...tbc

Clone this wiki locally