fixtures/threatfox.json · CTI Detection Automation

75 lines · json

{
  "query_status": "ok",
  "data": [
    {
      "ioc": "45.137.21.9:443",
      "ioc_type": "ip:port",
      "threat_type": "botnet_cc",
      "malware_printable": "Cobalt Strike",
      "confidence_level": 100,
      "first_seen": "2026-05-26 08:14:03 UTC",
      "tags": ["CobaltStrike", "c2"],
      "reference": "https://threatfox.abuse.ch/ioc/1287431/"
    },
    {
      "ioc": "193.149.176.12:8080",
      "ioc_type": "ip:port",
      "threat_type": "botnet_cc",
      "malware_printable": "AsyncRAT",
      "confidence_level": 90,
      "first_seen": "2026-05-26 11:02:55 UTC",
      "tags": ["AsyncRAT"],
      "reference": "https://threatfox.abuse.ch/ioc/1287510/"
    },
    {
      "ioc": "cdn-jquery-min.net",
      "ioc_type": "domain",
      "threat_type": "botnet_cc",
      "malware_printable": "AgentTesla",
      "confidence_level": 85,
      "first_seen": "2026-05-25 19:47:11 UTC",
      "tags": ["AgentTesla", "exfil"],
      "reference": "https://threatfox.abuse.ch/ioc/1286992/"
    },
    {
      "ioc": "http://update-flashplayer.org/payload/load.php",
      "ioc_type": "url",
      "threat_type": "payload_delivery",
      "malware_printable": "RedLine Stealer",
      "confidence_level": 80,
      "first_seen": "2026-05-26 02:31:40 UTC",
      "tags": ["RedLineStealer", "exploit"],
      "reference": "https://threatfox.abuse.ch/ioc/1287205/"
    },
    {
      "ioc": "5d41402abc4b2a76b9719d911017c592e1b2c3d4f5a6978899aabbccddeeff00",
      "ioc_type": "sha256_hash",
      "threat_type": "payload_delivery",
      "malware_printable": "AgentTesla",
      "confidence_level": 95,
      "first_seen": "2026-05-26 06:18:22 UTC",
      "tags": ["AgentTesla"],
      "reference": "https://threatfox.abuse.ch/ioc/1287388/"
    },
    {
      "ioc": "9b74c9897bac770ffc029102a200c5de7f3b88a0a3f7f0d7c1f2e3d4c5b6a798",
      "ioc_type": "sha256_hash",
      "threat_type": "payload_delivery",
      "malware_printable": "RedLine Stealer",
      "confidence_level": 92,
      "first_seen": "2026-05-26 07:55:09 UTC",
      "tags": ["RedLineStealer"],
      "reference": "https://threatfox.abuse.ch/ioc/1287402/"
    },
    {
      "ioc": "20.50.13.7:80",
      "ioc_type": "ip:port",
      "threat_type": "scanner",
      "malware_printable": null,
      "confidence_level": 40,
      "first_seen": "2026-05-26 09:12:00 UTC",
      "tags": ["scanner"],
      "reference": "https://threatfox.abuse.ch/ioc/1287455/"
    }
  ]
}

1	{
2	"query_status": "ok",
3	"data": [
4	{
5	"ioc": "45.137.21.9:443",
6	"ioc_type": "ip:port",
7	"threat_type": "botnet_cc",
8	"malware_printable": "Cobalt Strike",
9	"confidence_level": 100,
10	"first_seen": "2026-05-26 08:14:03 UTC",
11	"tags": ["CobaltStrike", "c2"],
12	"reference": "https://threatfox.abuse.ch/ioc/1287431/"
13	},
14	{
15	"ioc": "193.149.176.12:8080",
16	"ioc_type": "ip:port",
17	"threat_type": "botnet_cc",
18	"malware_printable": "AsyncRAT",
19	"confidence_level": 90,
20	"first_seen": "2026-05-26 11:02:55 UTC",
21	"tags": ["AsyncRAT"],
22	"reference": "https://threatfox.abuse.ch/ioc/1287510/"
23	},
24	{
25	"ioc": "cdn-jquery-min.net",
26	"ioc_type": "domain",
27	"threat_type": "botnet_cc",
28	"malware_printable": "AgentTesla",
29	"confidence_level": 85,
30	"first_seen": "2026-05-25 19:47:11 UTC",
31	"tags": ["AgentTesla", "exfil"],
32	"reference": "https://threatfox.abuse.ch/ioc/1286992/"
33	},
34	{
35	"ioc": "http://update-flashplayer.org/payload/load.php",
36	"ioc_type": "url",
37	"threat_type": "payload_delivery",
38	"malware_printable": "RedLine Stealer",
39	"confidence_level": 80,
40	"first_seen": "2026-05-26 02:31:40 UTC",
41	"tags": ["RedLineStealer", "exploit"],
42	"reference": "https://threatfox.abuse.ch/ioc/1287205/"
43	},
44	{
45	"ioc": "5d41402abc4b2a76b9719d911017c592e1b2c3d4f5a6978899aabbccddeeff00",
46	"ioc_type": "sha256_hash",
47	"threat_type": "payload_delivery",
48	"malware_printable": "AgentTesla",
49	"confidence_level": 95,
50	"first_seen": "2026-05-26 06:18:22 UTC",
51	"tags": ["AgentTesla"],
52	"reference": "https://threatfox.abuse.ch/ioc/1287388/"
53	},
54	{
55	"ioc": "9b74c9897bac770ffc029102a200c5de7f3b88a0a3f7f0d7c1f2e3d4c5b6a798",
56	"ioc_type": "sha256_hash",
57	"threat_type": "payload_delivery",
58	"malware_printable": "RedLine Stealer",
59	"confidence_level": 92,
60	"first_seen": "2026-05-26 07:55:09 UTC",
61	"tags": ["RedLineStealer"],
62	"reference": "https://threatfox.abuse.ch/ioc/1287402/"
63	},
64	{
65	"ioc": "20.50.13.7:80",
66	"ioc_type": "ip:port",
67	"threat_type": "scanner",
68	"malware_printable": null,
69	"confidence_level": 40,
70	"first_seen": "2026-05-26 09:12:00 UTC",
71	"tags": ["scanner"],
72	"reference": "https://threatfox.abuse.ch/ioc/1287455/"
73	}
74	]
75	}