Qodex.ai

Delete: CozyDuke

DELETE {{CTIA_casebook_ID}}

Request Body

{"description"=>"Notes for my Threat Emulation Testing\n\n- [x] SecureX module\n- [x] Groups and policies\n- [x] Prevelance feature and automated actions-\n- [x] Endpoint configured right and is a fresh installation\n\nNotes during the Threat Emulation Test\n\n- Several IOCs have been generated\n- Engines XYZ generated block events\n- Several forensic snapshots have been generated and are visible in the Device Trajectory\n- Incident Manager shows relation with the other host\n- Several MITRE indicators have been outlined, needs to be checked after the Pen Test run.\n- some possible changes on the endpoint will be verified with Orbital\n\nAdvanced Malware Analytics Report: https://panacea.threatgrid.com/mask/samples/4a71abed8003ed6e38998be7324f3d87\n\n", "schema_version"=>"1.1.3", "observables"=>[{"value"=>"b86923a9d13d2e4c07bef3c15b940c17af3318b52f2edb598b66c2ea640eefd9", "type"=>"sha256"}, {"value"=>"f8f1c210a8c863efc0f6b8ac3553030a14a702ce8cf573cb5e9cd58f70c7c622", "type"=>"sha256"}, {"value"=>"6c8eea3ba31463a04d041f4c9ff50b50d9b5945d3306fee35fb4b5bfd292692b", "type"=>"sha256"}, {"value"=>"41270685a7496961e625773bcfe1ac50727847c66de69a9b2a2bf34699c30f54", "type"=>"sha256"}, {"value"=>"loki\\carl", "type"=>"user"}, {"value"=>"examplemalwaredomain.com", "type"=>"domain"}, {"value"=>"http://146.112.62.39", "type"=>"url"}, {"value"=>"146.112.62.39", "type"=>"ip"}, {"value"=>"mim.exe", "type"=>"file_name"}, {"value"=>"c:\\windows\\system32\\netsh.exe", "type"=>"file_path"}, {"value"=>"administrator", "type"=>"user"}, {"value"=>"carl.minion@acme.demo", "type"=>"email"}, {"value"=>"http://10.10.10.200:8000/bin/Installer.msi", "type"=>"url"}, {"value"=>"10.10.10.200", "type"=>"ip"}, {"value"=>"4a71abed8003ed6e38998be7324f3d87", "type"=>"md5"}, {"value"=>"python.exe", "type"=>"file_name"}, {"value"=>"msiexec.exe", "type"=>"file_name"}, {"value"=>"a979a84649b0e0ee43f295e7bc8d0dc6520512d007119973b4cbb4db0af26e3a", "type"=>"sha256"}, {"value"=>"wmic.exe", "type"=>"file_name"}, {"value"=>"raw.githubusercontent.com", "type"=>"domain"}, {"value"=>"https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps", "type"=>"url"}], "type"=>"casebook", "short_description"=>"Generated using the API", "title"=>"API-generated Casebook", "tlp"=>"amber"}