MISP
The ESET Malware Information Sharing Platform (MISP) server contains IoCs described in the reports. Every time a new report is available, the administrator receives an email notification. Historical reports are also available.
Scripts to interact with the ESET MISP instance
A collection of scripts has been developed to help users interact with the ESET MISP instance. Currently, the YARA extractor script is available. The YARA extractor script enables users to retrieve the YARA rules from the reports published on MISP and utilize these rules in their system.
The script and usage examples are available on GitHub.
PDFs in MISP
The reports are in PDF format.
PDF attachments are present as a plain attribute in the MISP Event. In addition, the ETI (ESET Threat Intelligence) Portal download link to PDF and ETI Portal Report UUID have been added as object attributes in the Report object of the MISP Event. See the example below.
•ETI Portal Report ID:
type: other
category: External analysis
comment: ETI Portal Report ID
value: ETI Portal Report ID in the format of UUID, for example, 1351b9c3-b176-4de3-9234-2fe03c2913d5
•ETI Portal download link (PDF):
type: other
category: External analysis
comment: ETI Portal download link (PDF)
value: ETI Portal download link to PDF, for example, https://preview-eti.eset.com/reports/apt/download/1351b9c3-b176-4de3-9234-2fe03c2913d5
Only customers migrated to the ESET Threat Intelligence Portal can use the ETI Portal download link (PDF) and ETI Portal ID from the MISP event. |
ETI Portal Report ID
ETI Portal Report ID can be used with the ESET Threat Intelligence APIv2.
The ESET Threat Intelligence API documentation (Swagger/OpenAPI) is available through the provided link. To use the ESET Threat Intelligence API, you must have the ESET Threat Intelligence Portal API credentials generated.
To get the APT (Advanced Persistent Threat) report download PDF link, use the https://preview-eti.eset.com/v2/apt-reports/{reportUuid}/files endpoint. Alternatively, you can use the direct API download link: https://preview-eti.eset.com/v2/apt-reports/{reportUuid}/download/pdf.
ETI Portal download link (PDF)
The ETI Portal download link (PDF) directs to the ESET Threat Intelligence Portal UI, which requires authentication using your ESET Business Account/ESET PROTECT Hub login credentials. MISP UI and ESET Threat Intelligence Portal UI users can use the link to download PDFs in the browser.
The detailed MISP changes list is available in the MISP changes—impact on users and steps to take chapter and the Release Notes under Version 2.3.0.0.
JSON
Below is an example of a MISP Event in JSON format.
{ "Event": { "id": "189", "info": "TA-2022-0029 APT35 - Sponsoring New Access", "Attribute": [ { "id": "107444", "type": "attachment", "category": "External analysis", "to_ids": false, "uuid": "073f3ccc-93fc-41c8-b3be-4793fe683426", "event_id": "189", "distribution": "5", "timestamp": "1663350203", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "first_seen": null, "last_seen": null, "value": "TA-2022-0029 APT35 Sponsoring Access campaign introduces new backdoor.pdf", "Galaxy": [], "data": "", "ShadowAttribute": [] } ], "Object": [ { "id": "31040", "name": "report", "meta-category": "misc", "description": "Report object to describe a report along with its metadata.", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "8", "event_id": "189", "uuid": "267fbc00-82ac-4f63-a231-67276f1673a8", "timestamp": "1730846965", "distribution": "5", "sharing_group_id": "0", "comment": "", "deleted": false, "first_seen": null, "last_seen": null, "ObjectReference": [], "Attribute": [ { "id": "162578", "type": "other", "category": "External analysis", "to_ids": false, "uuid": "9897f9a5-9fb8-4cc4-91d3-4043529bc695", "event_id": "189", "distribution": "5", "timestamp": "1730846959", "comment": "ETI Portal Report ID", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "31040", "object_relation": "title", "first_seen": null, "last_seen": null, "value": "1351b9c3-b176-4de3-9234-2fe03c2913d5", "Galaxy": [], "ShadowAttribute": [] }, { "id": "162579", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "293a1f2b-402f-4a79-bcc2-b43e6950c5f5", "event_id": "189", "distribution": "5", "timestamp": "1730846965", "comment": "ETI Portal download link (PDF)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "31040", "object_relation": "link", "first_seen": null, "last_seen": null, "value": "https://preview-eti.eset.com/reports/apt/download/1351b9c3-b176-4de3-9234-2fe03c2913d5", "Galaxy": [], "ShadowAttribute": [] } ] } ] } } |