You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: blog/mozin-about/README.MD
+15-3Lines changed: 15 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,11 +6,23 @@ The Mozi botnet is an ongoing malware campaign targeting unsecured and vulnerabl
6
6
## URL
7
7
https://www.elastic.co/blog/[tbd]
8
8
9
+
## Usage
10
+
11
+
To load the sample data, you need a local instance of Elasticsearch and Kibana. If you are using anything beyond a default local deployment, you'll need to modify `collection.sh` to match your deployment.
12
+
13
+
```
14
+
git clone https://github.com/elastic/examples
15
+
cd examples/blog/mozin-about
16
+
sh clollection.sh
17
+
```
18
+
Log into your Kibana instance to explore the data in the `indicators` Index Pattern.
19
+
9
20
## Artifacts
10
21
Artifacts and code snippets from the blog post.
11
22
12
23
| Artifact | Description | Note |
13
24
| - | - | - |
14
-
|[Mozi Collection Script](./collection.sh)| Script to collect Mozi samples and send to Elasticsearch | NA |
15
-
|[Ingest Node Pipeline](./ingest-node-pipeline.json)| ThreatFox Ingest Node Pipeline | NA |
16
-
|[YARA Signature](./mozi-obfuscation-technique.yara)| Mozi obfuscation technique YARA signature | NA |
25
+
|[Mozi Collection Script](./collection.sh)| Script to collect Mozi samples and send to Elasticsearch |
0 commit comments