[
{
"id": 1,
"type": "Malware",
"summary": "Unsolicited Bulk Email",
"description": "EvilScheme test message",
"score": 4200,
"state": "Open",
"created_at": "2018-05-26T21:07:17Z",
"event_count": 3,
"event_sources": [
"Proofpoint TAP"
],
"users": [
"nbadguy"
],
"assignee": "Unassigned",
"team": "Unassigned",
"hosts": {
"attacker": [
"54.214.13.31",
"http://tapdemo.evilscheme.org/files/313532373336373133382e33.pdf"
],
"forensics": [
"http://tapdemo.evilscheme.org/files/313532373336373133382e33.pdf",
"tapdemo.evilscheme.org"
]
},
"incident_field_values": [
{
"name": "Attack Vector",
"value": "Email"
},
{
"name": "Classification",
"value": "Spam"
},
{
"name": "Severity",
"value": "Critical"
}
],
"events": [
{
"id": 3,
"category": "malware",
"severity": "Info",
"source": "Proofpoint TAP",
"threatname": "Infection.PDF.File.Exploit.CVE-2010-0188_LibTIFF.",
"classified": false,
"state": "Linked",
"description": "Infection.PDF.File.Exploit.CVE-2010-0188_LibTIFF.",
"attackDirection": "inbound",
"received": "2018-05-26T21:07:17Z",
"malwareName": "Infection.PDF.File.Exploit.CVE-2010-0188_LibTIFF."
},
{
"id": 1,
"category": "spam",
"severity": "Critical",
"source": "Proofpoint TAP",
"threatname": "Unsolicited Bulk Email",
"classified": false,
"state": "Linked",
"attackDirection": "inbound",
"received": "2018-05-26T21:07:17Z"
},
{
"id": 2,
"category": "spam",
"severity": "Critical",
"source": "Proofpoint TAP",
"threatname": "Unsolicited Bulk Email",
"classified": false,
"state": "Linked",
"attackDirection": "inbound",
"received": "2018-05-26T21:07:17Z"
}
],
"quarantine_results": [],
"successful_quarantines": 0,
"failed_quarantines": 0,
"pending_quarantines": 0
},
{
"id": 2,
"type": "Reported-abuse",
"summary": "Unsolicited Bulk Email",
"description": "",
"score": 5200,
"state": "Open",
"created_at": "2018-06-01T17:57:09Z",
"event_count": 2,
"event_sources": [
"Abuse Mailbox 1",
"Proofpoint TAP"
],
"users": [],
"assignee": "Unassigned",
"team": "Unassigned",
"hosts": {
"attacker": [
"54.214.13.31",
"http://tapdemo.evilscheme.org/files/313532373837353631342e3137.pdf"
],
"cnc": [
"54.214.13.31"
],
"url": [
"http://tapdemo.evilscheme.org/files/313532373837353631342e3137.pdf",
"https://urldefense.proofpoint.com/v2/url?u=http-3A__tapdemo.evilscheme.org_files_313532373837353631342e3137.pdf&d=DwMBAg&c=iwluXPtBMDye_7UHm8BbHNhgJ2spJfG0G_Q5BwBe3AQ&r=zo9nQ1F7O9QiDphB0J9hvAhz521RbrdV9nCXSkiNU_g&m=7wroSca_eZ7TP3t47x-Q6n9tm1ABRvkUGBwwUvdvb6I&s=xTtBtrXodsTPyBwCFIDGBJxCvLCJXaYaiPQa1uSx6cs&e="
],
"forensics": [
"http://tapdemo.evilscheme.org/files/313532373837353631342e3137.pdf",
"tapdemo.evilscheme.org"
]
},
"incident_field_values": [
{
"name": "Attack Vector",
"value": "Email"
},
{
"name": "Severity",
"value": "Critical"
},
{
"name": "Classification",
"value": "Reported Abuse"
},
{
"name": "Abuse Disposition",
"value": "Malicious"
}
],
"events": [
{
"id": 8,
"category": "malware",
"severity": "Info",
"source": "Proofpoint TAP",
"threatname": "Malicious content dropped during execution",
"classified": false,
"state": "Linked",
"description": "Malicious content dropped during execution",
"attackDirection": "inbound",
"received": "2018-06-01T18:02:10Z",
"malwareName": "Malicious content dropped during execution"
},
{
"id": 6,
"category": "malware",
"severity": "Info",
"source": "Proofpoint TAP",
"threatname": "Example signature to fire on TAP demo evilness",
"classified": false,
"state": "Linked",
"description": "Example signature to fire on TAP demo evilness",
"attackDirection": "inbound",
"received": "2018-06-01T17:57:10Z",
"malwareName": "Example signature to fire on TAP demo evilness"
},
],
"quarantine_results": [
{
"alertSource": "Not Available",
"startTime": "2018-06-01T18:17:43.941Z",
"endTime": "2018-06-01T18:17:44.001Z",
"status": "successful",
"recipientType": "Search",
"recipient": "jsmith@company.com",
"messageId": "<20180601175356.GA30914@tapdemo.evilscheme.org>"
"isRead": "true",
"wasUndone": "true",
"details": "Success"
}
],
"successful_quarantines": 1,
"failed_quarantines": 0,
"pending_quarantines": 0
}