Sample output of intelmq fix

colorbook · colorbook · commit 7caca947de23 · 2016-09-05T15:21:32.000+08:00
diff --git a/SecurityResearch/Ponmocup_Botnet.md b/SecurityResearch/Ponmocup_Botnet.md
@@ -24,6 +24,28 @@ web-servers.
 * Comments
  - Website not found.
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "time":{
+    "observation":"2016-07-07T12:48:53+00:00"
+  },
+  "source":{
+    "fqdn":"-sso.anbtr.com"
+  },
+  "raw":"MTI3LjAuMC4xCS1zc28uYW5idHIuY29t",
+  "classification":{
+    "type":"blacklist"
+  },
+  "feed":{
+    "accuracy":100.0,
+    "url":"http://hosts-file.net/download/hosts.txt",
+    "name":"HpHosts"
+  }
+}
+```
+
 There's only Url information in  in http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt. It looks like:
 
     # 
diff --git a/Spamhaus/Dont_Route_Or_Peer_Lists.md b/Spamhaus/Dont_Route_Or_Peer_Lists.md
@@ -28,6 +28,36 @@ AFRINIC, APNIC, LACNIC or KRNIC or direct RIR allocations.
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "event_description":{
+    "text":"has malicious code redirecting to malicious host"
+  },
+  "time":{
+    "observation":"2016-07-07T12:18:38+00:00",
+    "source":"2016-07-07T07:44:04+00:00"
+  },
+  "raw":"LyAyODU2MC5wb2xpdGNhbG5ld3MuY29tIGh0dHA6Ly8yODU2MC5wb2xpdGNhbG5ld3MuY29tL3VybCBtLmtmYy5mcg==",
+  "feed":{
+    "url":"http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt",
+    "accuracy":100.0,
+    "name":"DynDNS ponmocup Domains"
+  },
+  "source":{
+    "url":"http://28560.politcalnews.com/url",
+    "fqdn":"28560.politcalnews.com"
+  },
+  "destination":{
+    "fqdn":"m.kfc.fr"
+  },
+  "classification":{
+    "type":"malware"
+  }
+}
+```
+
 There's only IP information in https://www.spamhaus.org/drop/drop.txt
 It looks like:
 
diff --git a/SpamhausCERTInsightPortal/Botnet.md b/SpamhausCERTInsightPortal/Botnet.md
@@ -27,3 +27,11 @@ the specific country or region that the CERT or CSIRT is responsible for.
  - Error
 * Comments
  - No API Key
+
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  null
+}
+```
diff --git a/TaichungBlocklist/Malicious_Activities.md b/TaichungBlocklist/Malicious_Activities.md
@@ -23,6 +23,32 @@ A public blocklist of IP addresses suspected in malicious activities on-line.
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "time":{
+    "source":"2016-05-18T01:33:43+00:00",
+    "observation":"2016-07-07T14:46:02+00:00"
+  },
+  "raw":"PHRkPjE8L3RkPjx0ZD48aW1nIHNyYz0iL2ltYWdlcy9mbGFncy9qcC5naWYiIGFsdD0iIj48c3BhbiBzdHlsZT0iY29sb3I6IGJsYWNrOyI+MTA2LjE4NC4yLjI5PC9zcGFuPjwvdGQ+PHRkPlNTSCBBdHRhY2s8L3RkPgogICAgICAgIDx0ZD7miYvli5XoqK3lrpo8L3RkPjx0ZD4yMDE2LTA1LTE4IDA5OjMzOjQzPC90ZD48dGQ+NTAuNTc8L3RkPgogICAgICAgIDx0ZCBzdHlsZT0iY29sb3I6cmVkOyI+5bCB6Y6WPC90ZD48L3RyPiAgICAgICAg",
+  "event_description":{
+    "text":"SSH Attack"
+  },
+  "classification":{
+    "type":"unknown"
+  },
+  "source":{
+    "ip":"106.184.2.29"
+  },
+  "feed":{
+    "accuracy":100.0,
+    "name":"Taichung",
+    "url":"https://www.tc.edu.tw/net/netflow/lkout/recent/30"
+  }
+}
+```
+
 There's only IP information in https://www.openbl.org/lists/date_all.txt
 It looks like:
 
diff --git a/TeamCymru/Bogons.md b/TeamCymru/Bogons.md
@@ -27,6 +27,29 @@ commonly found as the source addresses of DDoS attacks.
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "feed":{
+    "accuracy":100.0,
+    "url":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
+    "name":"Cymru"
+  },
+  "classification":{
+    "type":"blacklist"
+  },
+  "source":{
+    "network":"0.0.0.0/8"
+  },
+  "time":{
+    "observation":"2016-07-07T11:40:52+00:00",
+    "source":"2016-07-07T08:50:01+00:00"
+  },
+  "raw":"MC4wLjAuMC84"
+}
+```
+
 There's only IP information in https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
 It looks like:
 
diff --git a/TurrisGreylist/Scanning_Attack.md b/TurrisGreylist/Scanning_Attack.md
@@ -25,6 +25,31 @@ help of a special router.
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "classification":{
+    "type":"scanner"
+  },
+  "time":{
+    "observation":"2016-07-07T14:53:37+00:00"
+  },
+  "raw":"MS4xMS40NS41LEtSLG5ldGlzLDE4MzEz",
+  "feed":{
+    "url":"https://www.turris.cz/greylist-data/greylist-latest.csv",
+    "name":"Turris Greylist",
+    "accuracy":100.0
+  },
+  "event_description":{
+    "text":"netis"
+  },
+  "source":{
+    "ip":"1.11.45.5"
+  }
+}
+```
+
 There's not only IP information in https://www.turris.cz/greylist-data/greylist-latest.csv, but also more information like:
 
 * Country
diff --git a/URLVir/Malware.md b/URLVir/Malware.md
@@ -24,6 +24,28 @@ Monitor Malicious Executable URLs
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "feed":{
+    "url":"http://www.urlvir.com/export-ip-addresses/",
+    "name":"URLVir",
+    "accuracy":100.0
+  },
+  "raw":"MTAzLjI2Ljk5LjE0Nw==",
+  "source":{
+    "ip":"103.26.99.147"
+  },
+  "time":{
+    "observation":"2016-07-07T14:57:12+00:00"
+  },
+  "classification":{
+    "type":"malware"
+  }
+}
+```
+
 #### IP Address
 >
 * Website
@@ -41,6 +63,28 @@ Monitor Malicious Executable URLs
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "time":{
+    "observation":"2016-07-07T14:55:14+00:00"
+  },
+  "raw":"aW5kaXJsaXZleHN0b3JlLmNvbQ==",
+  "classification":{
+    "type":"malware"
+  },
+  "source":{
+    "fqdn":"indirlivexstore.com"
+  },
+  "feed":{
+    "accuracy":100.0,
+    "name":"URLVir",
+    "url":"http://www.urlvir.com/export-hosts/"
+  }
+}
+```
+
 There's only Domain information in  in http://www.urlvir.com/export-hosts/. It looks like:
 
     ################################################################## #URLVir Active Malicious Hosts #Updated on August 29, 2016, 4:40 am #Free for noncommercial use only, contact us for more information ################################################################## indirlivexstore.com smoon.co.kr 217.199.161.78 mytnoc.com w3.gazi.edu.tr expoperfumes.com.mx strangeduckfilms.com relimar.com setar.info testtralala.xorg.pl cs8.my harshwhispers.com stdtelecom.com.br iffschool.in pegdev.be motosrc.com arizontennisdomes.com appimmobilier.com 
diff --git a/hpHosts/Malicious_Activities.md b/hpHosts/Malicious_Activities.md
@@ -48,6 +48,34 @@ website.
 * Comments
  - No comment
 
+##### Sample Output of IntelMQ
+
+```javascript
+{
+  "source":{
+    "ip":"1.34.139.38"
+  },
+  "time":{
+    "observation":"2016-07-07T08:46:43+00:00"
+  },
+  "event_description":{
+    "text":"IP reported as having run attacks on the service Apache, Apache-DDoS, RFI-Attacks"
+  },
+  "classification":{
+    "type":"ids alert"
+  },
+  "raw":"MS4zNC4xMzkuMzg=",
+  "feed":{
+    "name":"BlockList.de",
+    "accuracy":100.0,
+    "url":"https://lists.blocklist.de/lists/apache.txt"
+  },
+  "protocol":{
+    "application":"http"
+  }
+}
+```
+
 There's only Domain information in  in http://hosts-file.net/download/hosts.txt. It looks like:
 
     # hpHosts last updated on:      06/08/2016
