dorothy2 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1803 @@
1
+ --
2
+ -- PostgreSQL database dump
3
+ --
4
+
5
+ DROP DATABASE dorothive;
6
+
7
+
8
+ SET statement_timeout = 0;
9
+ SET client_encoding = 'UTF8';
10
+ SET standard_conforming_strings = off;
11
+ SET check_function_bodies = false;
12
+ SET client_min_messages = warning;
13
+ SET escape_string_warning = off;
14
+
15
+ --
16
+ -- Name: dorothive; Type: DATABASE; Schema: -; Owner: postgres
17
+ --
18
+
19
+ CREATE DATABASE dorothive WITH TEMPLATE = template0 ENCODING = 'UTF8' LC_COLLATE = 'C' LC_CTYPE = 'C';
20
+
21
+
22
+ ALTER DATABASE dorothive OWNER TO postgres;
23
+
24
+ \connect dorothive
25
+
26
+ SET statement_timeout = 0;
27
+ SET client_encoding = 'UTF8';
28
+ SET standard_conforming_strings = off;
29
+ SET check_function_bodies = false;
30
+ SET client_min_messages = warning;
31
+ SET escape_string_warning = off;
32
+
33
+ --
34
+ -- Name: dorothy; Type: SCHEMA; Schema: -; Owner: postgres
35
+ --
36
+
37
+ CREATE SCHEMA dorothy;
38
+
39
+
40
+ ALTER SCHEMA dorothy OWNER TO postgres;
41
+
42
+ --
43
+ -- Name: SCHEMA dorothy; Type: COMMENT; Schema: -; Owner: postgres
44
+ --
45
+
46
+ COMMENT ON SCHEMA dorothy IS 'standard public schema';
47
+
48
+
49
+ --
50
+ -- Name: plpgsql; Type: PROCEDURAL LANGUAGE; Schema: -; Owner: postgres
51
+ --
52
+
53
+ CREATE OR REPLACE PROCEDURAL LANGUAGE plpgsql;
54
+
55
+
56
+ ALTER PROCEDURAL LANGUAGE plpgsql OWNER TO postgres;
57
+
58
+ SET search_path = dorothy, pg_catalog;
59
+
60
+ --
61
+ -- Name: dns_queries; Type: TYPE; Schema: dorothy; Owner: postgres
62
+ --
63
+
64
+ CREATE TYPE dns_queries AS ENUM (
65
+ 'query',
66
+ 'axfr'
67
+ );
68
+
69
+
70
+ ALTER TYPE dorothy.dns_queries OWNER TO postgres;
71
+
72
+ --
73
+ -- Name: ftp_types; Type: TYPE; Schema: dorothy; Owner: postgres
74
+ --
75
+
76
+ CREATE TYPE ftp_types AS ENUM (
77
+ 'active',
78
+ 'passive',
79
+ 'fxp'
80
+ );
81
+
82
+
83
+ ALTER TYPE dorothy.ftp_types OWNER TO postgres;
84
+
85
+ --
86
+ -- Name: http_methods; Type: TYPE; Schema: dorothy; Owner: postgres
87
+ --
88
+
89
+ CREATE TYPE http_methods AS ENUM (
90
+ 'head',
91
+ 'get',
92
+ 'post',
93
+ 'put',
94
+ 'delete',
95
+ 'trace',
96
+ 'options',
97
+ 'connect',
98
+ 'patch'
99
+ );
100
+
101
+
102
+ ALTER TYPE dorothy.http_methods OWNER TO postgres;
103
+
104
+ --
105
+ -- Name: layer4_protocols; Type: TYPE; Schema: dorothy; Owner: postgres
106
+ --
107
+
108
+ CREATE TYPE layer4_protocols AS ENUM (
109
+ 'tcp',
110
+ 'udp'
111
+ );
112
+
113
+
114
+ ALTER TYPE dorothy.layer4_protocols OWNER TO postgres;
115
+
116
+ --
117
+ -- Name: layer7_protocols; Type: TYPE; Schema: dorothy; Owner: postgres
118
+ --
119
+
120
+ CREATE TYPE layer7_protocols AS ENUM (
121
+ 'http',
122
+ 'irc',
123
+ 'dns',
124
+ 'smtp',
125
+ 'other'
126
+ );
127
+
128
+
129
+ ALTER TYPE dorothy.layer7_protocols OWNER TO postgres;
130
+
131
+ --
132
+ -- Name: sample_type; Type: TYPE; Schema: dorothy; Owner: postgres
133
+ --
134
+
135
+ CREATE TYPE sample_type AS ENUM (
136
+ 'mz',
137
+ 'pe',
138
+ 'elf'
139
+ );
140
+
141
+
142
+ ALTER TYPE dorothy.sample_type OWNER TO postgres;
143
+
144
+ --
145
+ -- Name: TYPE sample_type; Type: COMMENT; Schema: dorothy; Owner: postgres
146
+ --
147
+
148
+ COMMENT ON TYPE sample_type IS 'Sample file type';
149
+
150
+
151
+ --
152
+ -- Name: sanbox_type; Type: TYPE; Schema: dorothy; Owner: postgres
153
+ --
154
+
155
+ CREATE TYPE sanbox_type AS ENUM (
156
+ 'virtual',
157
+ 'phisical',
158
+ 'mobile-virtual',
159
+ 'mobile-phisical',
160
+ 'external'
161
+ );
162
+
163
+
164
+ ALTER TYPE dorothy.sanbox_type OWNER TO postgres;
165
+
166
+ --
167
+ -- Name: sensor_type; Type: TYPE; Schema: dorothy; Owner: postgres
168
+ --
169
+
170
+ CREATE TYPE sensor_type AS ENUM (
171
+ 'low_honey',
172
+ 'high_honey',
173
+ 'mwcollect'
174
+ );
175
+
176
+
177
+ ALTER TYPE dorothy.sensor_type OWNER TO postgres;
178
+
179
+ --
180
+ -- Name: sensor_type2; Type: TYPE; Schema: dorothy; Owner: postgres
181
+ --
182
+
183
+ CREATE TYPE sensor_type2 AS ENUM (
184
+ 'lowint-honeypot',
185
+ 'highint-honeypot',
186
+ 'unknow',
187
+ 'client-honeypot',
188
+ 'external-source'
189
+ );
190
+
191
+
192
+ ALTER TYPE dorothy.sensor_type2 OWNER TO postgres;
193
+
194
+ SET default_tablespace = '';
195
+
196
+ SET default_with_oids = false;
197
+
198
+ --
199
+ -- Name: analyses; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
200
+ --
201
+
202
+ CREATE TABLE analyses (
203
+ id integer NOT NULL,
204
+ sample character(64) NOT NULL,
205
+ sandbox integer NOT NULL,
206
+ traffic_dump character(64) NOT NULL,
207
+ date timestamp without time zone
208
+ );
209
+
210
+
211
+ ALTER TABLE dorothy.analyses OWNER TO postgres;
212
+
213
+ --
214
+ -- Name: analyses_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
215
+ --
216
+
217
+ CREATE SEQUENCE analyses_id_seq
218
+ START WITH 1
219
+ INCREMENT BY 1
220
+ NO MINVALUE
221
+ NO MAXVALUE
222
+ CACHE 1;
223
+
224
+
225
+ ALTER TABLE dorothy.analyses_id_seq OWNER TO postgres;
226
+
227
+ --
228
+ -- Name: analyses_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
229
+ --
230
+
231
+ ALTER SEQUENCE analyses_id_seq OWNED BY analyses.id;
232
+
233
+
234
+ --
235
+ -- Name: analyses_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
236
+ --
237
+
238
+ SELECT pg_catalog.setval('analyses_id_seq', 1, true);
239
+
240
+
241
+ --
242
+ -- Name: samples; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
243
+ --
244
+
245
+ CREATE TABLE samples (
246
+ hash character(64) NOT NULL,
247
+ size integer NOT NULL,
248
+ type sample_type,
249
+ path character(256),
250
+ filename character(256),
251
+ md5 character(64),
252
+ long_type character varying,
253
+ CONSTRAINT size_notneg CHECK ((size >= 0))
254
+ );
255
+
256
+
257
+ ALTER TABLE dorothy.samples OWNER TO postgres;
258
+
259
+ --
260
+ -- Name: TABLE samples; Type: COMMENT; Schema: dorothy; Owner: postgres
261
+ --
262
+
263
+ COMMENT ON TABLE samples IS 'Acquired samples';
264
+
265
+
266
+ --
267
+ -- Name: COLUMN samples.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
268
+ --
269
+
270
+ COMMENT ON COLUMN samples.hash IS 'SHA256 checksum hash';
271
+
272
+
273
+ --
274
+ -- Name: COLUMN samples.size; Type: COMMENT; Schema: dorothy; Owner: postgres
275
+ --
276
+
277
+ COMMENT ON COLUMN samples.size IS 'Sample size';
278
+
279
+
280
+ --
281
+ -- Name: COLUMN samples.type; Type: COMMENT; Schema: dorothy; Owner: postgres
282
+ --
283
+
284
+ COMMENT ON COLUMN samples.type IS 'Sample type';
285
+
286
+
287
+ --
288
+ -- Name: CONSTRAINT size_notneg ON samples; Type: COMMENT; Schema: dorothy; Owner: postgres
289
+ --
290
+
291
+ COMMENT ON CONSTRAINT size_notneg ON samples IS 'Sample size must not be negative';
292
+
293
+
294
+ --
295
+ -- Name: traffic_dumps; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
296
+ --
297
+
298
+ CREATE TABLE traffic_dumps (
299
+ hash character(64) NOT NULL,
300
+ size integer NOT NULL,
301
+ pcapr_id character(64),
302
+ "binary" character varying,
303
+ parsed boolean
304
+ );
305
+
306
+
307
+ ALTER TABLE dorothy.traffic_dumps OWNER TO postgres;
308
+
309
+ --
310
+ -- Name: COLUMN traffic_dumps.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
311
+ --
312
+
313
+ COMMENT ON COLUMN traffic_dumps.hash IS 'SHA256 checksum hash';
314
+
315
+
316
+ --
317
+ -- Name: analysis_resume_view; Type: VIEW; Schema: dorothy; Owner: postgres
318
+ --
319
+
320
+ CREATE VIEW analysis_resume_view AS
321
+ SELECT analyses.id, samples.filename, samples.md5, samples.long_type, analyses.date, traffic_dumps.parsed FROM traffic_dumps, samples, analyses WHERE ((analyses.sample = samples.hash) AND (analyses.traffic_dump = traffic_dumps.hash)) ORDER BY analyses.id DESC;
322
+
323
+
324
+ ALTER TABLE dorothy.analysis_resume_view OWNER TO postgres;
325
+
326
+ --
327
+ -- Name: appdata_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
328
+ --
329
+
330
+ CREATE SEQUENCE appdata_id_seq
331
+ START WITH 1
332
+ INCREMENT BY 1
333
+ NO MINVALUE
334
+ NO MAXVALUE
335
+ CACHE 1;
336
+
337
+
338
+ ALTER TABLE dorothy.appdata_id_seq OWNER TO postgres;
339
+
340
+ --
341
+ -- Name: appdata_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
342
+ --
343
+
344
+ SELECT pg_catalog.setval('appdata_id_seq', 1, true);
345
+
346
+
347
+ --
348
+ -- Name: asns; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
349
+ --
350
+
351
+ CREATE TABLE asns (
352
+ handle character varying(10) NOT NULL,
353
+ owner character varying(15),
354
+ country character(2),
355
+ confidence integer,
356
+ id integer NOT NULL
357
+ );
358
+
359
+
360
+ ALTER TABLE dorothy.asns OWNER TO postgres;
361
+
362
+ --
363
+ -- Name: TABLE asns; Type: COMMENT; Schema: dorothy; Owner: postgres
364
+ --
365
+
366
+ COMMENT ON TABLE asns IS 'Autonomous systems';
367
+
368
+
369
+ --
370
+ -- Name: asns_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
371
+ --
372
+
373
+ CREATE SEQUENCE asns_id_seq
374
+ START WITH 1
375
+ INCREMENT BY 1
376
+ NO MINVALUE
377
+ NO MAXVALUE
378
+ CACHE 1;
379
+
380
+
381
+ ALTER TABLE dorothy.asns_id_seq OWNER TO postgres;
382
+
383
+ --
384
+ -- Name: asns_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
385
+ --
386
+
387
+ ALTER SEQUENCE asns_id_seq OWNED BY asns.id;
388
+
389
+
390
+ --
391
+ -- Name: asns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
392
+ --
393
+
394
+ SELECT pg_catalog.setval('asns_id_seq', 1, false);
395
+
396
+
397
+ --
398
+ -- Name: dns_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
399
+ --
400
+
401
+ CREATE SEQUENCE dns_id_seq
402
+ START WITH 1
403
+ INCREMENT BY 1
404
+ NO MINVALUE
405
+ NO MAXVALUE
406
+ CACHE 1;
407
+
408
+
409
+ ALTER TABLE dorothy.dns_id_seq OWNER TO postgres;
410
+
411
+ --
412
+ -- Name: dns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
413
+ --
414
+
415
+ SELECT pg_catalog.setval('dns_id_seq', 1, true);
416
+
417
+
418
+ --
419
+ -- Name: dns_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
420
+ --
421
+
422
+ CREATE TABLE dns_data (
423
+ id integer DEFAULT nextval('dns_id_seq'::regclass) NOT NULL,
424
+ name character varying(255),
425
+ class integer,
426
+ qry boolean NOT NULL,
427
+ ttl integer,
428
+ flow integer NOT NULL,
429
+ address inet,
430
+ data character varying(255),
431
+ type integer,
432
+ is_sinkholed boolean
433
+ );
434
+
435
+
436
+ ALTER TABLE dorothy.dns_data OWNER TO postgres;
437
+
438
+ --
439
+ -- Name: COLUMN dns_data.address; Type: COMMENT; Schema: dorothy; Owner: postgres
440
+ --
441
+
442
+ COMMENT ON COLUMN dns_data.address IS 'type A answer data ';
443
+
444
+
445
+ --
446
+ -- Name: COLUMN dns_data.data; Type: COMMENT; Schema: dorothy; Owner: postgres
447
+ --
448
+
449
+ COMMENT ON COLUMN dns_data.data IS 'in the case it is an answer different from TYPE A ';
450
+
451
+
452
+ --
453
+ -- Name: flows; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
454
+ --
455
+
456
+ CREATE TABLE flows (
457
+ source inet NOT NULL,
458
+ dest inet NOT NULL,
459
+ srcport integer,
460
+ dstport integer,
461
+ size integer NOT NULL,
462
+ traffic_dump character(64),
463
+ packets integer DEFAULT 0,
464
+ id bigint NOT NULL,
465
+ ip_protocol integer DEFAULT 1 NOT NULL,
466
+ service character(64) DEFAULT 0,
467
+ title character(256),
468
+ content character(128) DEFAULT 0,
469
+ duration double precision DEFAULT 0,
470
+ "time" double precision,
471
+ relative_id integer NOT NULL
472
+ );
473
+
474
+
475
+ ALTER TABLE dorothy.flows OWNER TO postgres;
476
+
477
+ --
478
+ -- Name: COLUMN flows.packets; Type: COMMENT; Schema: dorothy; Owner: postgres
479
+ --
480
+
481
+ COMMENT ON COLUMN flows.packets IS 'Number of the packets involved in the flow';
482
+
483
+
484
+ --
485
+ -- Name: COLUMN flows.service; Type: COMMENT; Schema: dorothy; Owner: postgres
486
+ --
487
+
488
+ COMMENT ON COLUMN flows.service IS 'flow service';
489
+
490
+
491
+ --
492
+ -- Name: COLUMN flows.title; Type: COMMENT; Schema: dorothy; Owner: postgres
493
+ --
494
+
495
+ COMMENT ON COLUMN flows.title IS 'Title of the flow';
496
+
497
+
498
+ --
499
+ -- Name: COLUMN flows.content; Type: COMMENT; Schema: dorothy; Owner: postgres
500
+ --
501
+
502
+ COMMENT ON COLUMN flows.content IS 'Link to pcapr-local RESTful platform . (URL)';
503
+
504
+
505
+ --
506
+ -- Name: COLUMN flows."time"; Type: COMMENT; Schema: dorothy; Owner: postgres
507
+ --
508
+
509
+ COMMENT ON COLUMN flows."time" IS 'Relative time (from the beginning) of the flow';
510
+
511
+
512
+ --
513
+ -- Name: host_ips; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
514
+ --
515
+
516
+ CREATE TABLE host_ips (
517
+ ip inet NOT NULL,
518
+ geoinfo integer,
519
+ sbl integer,
520
+ uptime time without time zone,
521
+ is_online boolean,
522
+ whois integer,
523
+ zone text,
524
+ last_update timestamp without time zone,
525
+ id integer NOT NULL,
526
+ dns_name integer,
527
+ migrated_from integer
528
+ );
529
+
530
+
531
+ ALTER TABLE dorothy.host_ips OWNER TO postgres;
532
+
533
+ --
534
+ -- Name: host_roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
535
+ --
536
+
537
+ CREATE TABLE host_roles (
538
+ role integer NOT NULL,
539
+ host_ip inet NOT NULL
540
+ );
541
+
542
+
543
+ ALTER TABLE dorothy.host_roles OWNER TO postgres;
544
+
545
+ --
546
+ -- Name: irc_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
547
+ --
548
+
549
+ CREATE TABLE irc_data (
550
+ id integer NOT NULL,
551
+ flow integer NOT NULL,
552
+ data bytea,
553
+ incoming boolean NOT NULL
554
+ );
555
+
556
+
557
+ ALTER TABLE dorothy.irc_data OWNER TO postgres;
558
+
559
+ --
560
+ -- Name: roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
561
+ --
562
+
563
+ CREATE TABLE roles (
564
+ id integer NOT NULL,
565
+ type character varying(10),
566
+ comment character varying
567
+ );
568
+
569
+
570
+ ALTER TABLE dorothy.roles OWNER TO postgres;
571
+
572
+ --
573
+ -- Name: ccprofile_view3; Type: VIEW; Schema: dorothy; Owner: postgres
574
+ --
575
+
576
+ CREATE VIEW ccprofile_view3 AS
577
+ SELECT DISTINCT host_ips.id AS hostid, host_ips.ip, flows.dstport, traffic_dumps.hash, irc_data.id, roles.type, dns_data.name, irc_data.data FROM roles, host_roles, host_ips, dns_data, flows, irc_data, traffic_dumps WHERE (((((((((roles.id = host_roles.role) AND (host_roles.host_ip = host_ips.ip)) AND (dns_data.id = host_ips.dns_name)) AND (flows.dest = host_ips.ip)) AND (flows.traffic_dump = traffic_dumps.hash)) AND (irc_data.flow = flows.id)) AND (irc_data.incoming = false)) AND (host_ips.is_online = true)) AND ((roles.type)::text = 'cc-irc'::text)) ORDER BY irc_data.id, host_ips.id, host_ips.ip, flows.dstport, traffic_dumps.hash, roles.type, dns_data.name, irc_data.data;
578
+
579
+
580
+ ALTER TABLE dorothy.ccprofile_view3 OWNER TO postgres;
581
+
582
+ --
583
+ -- Name: connections_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
584
+ --
585
+
586
+ CREATE SEQUENCE connections_id_seq
587
+ START WITH 1
588
+ INCREMENT BY 1
589
+ NO MINVALUE
590
+ NO MAXVALUE
591
+ CACHE 1;
592
+
593
+
594
+ ALTER TABLE dorothy.connections_id_seq OWNER TO postgres;
595
+
596
+ --
597
+ -- Name: connections_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
598
+ --
599
+
600
+ ALTER SEQUENCE connections_id_seq OWNED BY flows.id;
601
+
602
+
603
+ --
604
+ -- Name: connections_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
605
+ --
606
+
607
+ SELECT pg_catalog.setval('connections_id_seq', 1, true);
608
+
609
+
610
+ --
611
+ -- Name: downloads; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
612
+ --
613
+
614
+ CREATE TABLE downloads (
615
+ sample character(256) NOT NULL,
616
+ flow integer NOT NULL,
617
+ path character(128) NOT NULL,
618
+ filename character varying
619
+ );
620
+
621
+
622
+ ALTER TABLE dorothy.downloads OWNER TO postgres;
623
+
624
+ --
625
+ -- Name: TABLE downloads; Type: COMMENT; Schema: dorothy; Owner: postgres
626
+ --
627
+
628
+ COMMENT ON TABLE downloads IS 'Downloaded sample sighting';
629
+
630
+
631
+ --
632
+ -- Name: emails; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
633
+ --
634
+
635
+ CREATE TABLE emails (
636
+ "from" character(64),
637
+ "to" character(64),
638
+ subject character(128),
639
+ data bytea,
640
+ id integer NOT NULL,
641
+ flow bigint NOT NULL,
642
+ hcmd character varying,
643
+ hcont character varying,
644
+ rcode interval,
645
+ rcont character varying
646
+ );
647
+
648
+
649
+ ALTER TABLE dorothy.emails OWNER TO postgres;
650
+
651
+ --
652
+ -- Name: emails_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
653
+ --
654
+
655
+ CREATE SEQUENCE emails_id_seq
656
+ START WITH 1
657
+ INCREMENT BY 1
658
+ NO MINVALUE
659
+ NO MAXVALUE
660
+ CACHE 1;
661
+
662
+
663
+ ALTER TABLE dorothy.emails_id_seq OWNER TO postgres;
664
+
665
+ --
666
+ -- Name: emails_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
667
+ --
668
+
669
+ ALTER SEQUENCE emails_id_seq OWNED BY emails.id;
670
+
671
+
672
+ --
673
+ -- Name: emails_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
674
+ --
675
+
676
+ SELECT pg_catalog.setval('emails_id_seq', 1, true);
677
+
678
+
679
+ --
680
+ -- Name: ftp_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
681
+ --
682
+
683
+ CREATE TABLE ftp_data (
684
+ id integer DEFAULT nextval('appdata_id_seq'::regclass) NOT NULL,
685
+ banner text,
686
+ "user" character varying(50),
687
+ password character varying(50),
688
+ type ftp_types,
689
+ is_ssl boolean,
690
+ size integer,
691
+ data bytea
692
+ );
693
+
694
+
695
+ ALTER TABLE dorothy.ftp_data OWNER TO postgres;
696
+
697
+ --
698
+ -- Name: geoinfo; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
699
+ --
700
+
701
+ CREATE TABLE geoinfo (
702
+ id integer NOT NULL,
703
+ longlat point,
704
+ country character(2),
705
+ city character varying(255),
706
+ "last-update" timestamp without time zone,
707
+ asn integer
708
+ );
709
+
710
+
711
+ ALTER TABLE dorothy.geoinfo OWNER TO postgres;
712
+
713
+ --
714
+ -- Name: COLUMN geoinfo.longlat; Type: COMMENT; Schema: dorothy; Owner: postgres
715
+ --
716
+
717
+ COMMENT ON COLUMN geoinfo.longlat IS 'Spatial location (longitude, latitude)';
718
+
719
+
720
+ --
721
+ -- Name: geoinfo_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
722
+ --
723
+
724
+ CREATE SEQUENCE geoinfo_id_seq
725
+ START WITH 1
726
+ INCREMENT BY 1
727
+ NO MINVALUE
728
+ NO MAXVALUE
729
+ CACHE 1;
730
+
731
+
732
+ ALTER TABLE dorothy.geoinfo_id_seq OWNER TO postgres;
733
+
734
+ --
735
+ -- Name: geoinfo_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
736
+ --
737
+
738
+ ALTER SEQUENCE geoinfo_id_seq OWNED BY geoinfo.id;
739
+
740
+
741
+ --
742
+ -- Name: geoinfo_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
743
+ --
744
+
745
+ SELECT pg_catalog.setval('geoinfo_id_seq', 1, true);
746
+
747
+
748
+ --
749
+ -- Name: host_ips_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
750
+ --
751
+
752
+ CREATE SEQUENCE host_ips_id_seq
753
+ START WITH 1
754
+ INCREMENT BY 1
755
+ NO MINVALUE
756
+ NO MAXVALUE
757
+ CACHE 1;
758
+
759
+
760
+ ALTER TABLE dorothy.host_ips_id_seq OWNER TO postgres;
761
+
762
+ --
763
+ -- Name: host_ips_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
764
+ --
765
+
766
+ ALTER SEQUENCE host_ips_id_seq OWNED BY host_ips.id;
767
+
768
+
769
+ --
770
+ -- Name: host_ips_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
771
+ --
772
+
773
+ SELECT pg_catalog.setval('host_ips_id_seq', 1, true);
774
+
775
+
776
+ --
777
+ -- Name: http_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
778
+ --
779
+
780
+ CREATE TABLE http_data (
781
+ id integer DEFAULT nextval('appdata_id_seq'::regclass) NOT NULL,
782
+ method http_methods NOT NULL,
783
+ url text,
784
+ size integer,
785
+ is_ssl boolean,
786
+ flow integer NOT NULL,
787
+ data bytea
788
+ );
789
+
790
+
791
+ ALTER TABLE dorothy.http_data OWNER TO postgres;
792
+
793
+ --
794
+ -- Name: http_headers; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
795
+ --
796
+
797
+ CREATE TABLE http_headers (
798
+ http_data integer NOT NULL,
799
+ key character varying(255) NOT NULL,
800
+ value character varying(255)
801
+ );
802
+
803
+
804
+ ALTER TABLE dorothy.http_headers OWNER TO postgres;
805
+
806
+ --
807
+ -- Name: irc_data_connection_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
808
+ --
809
+
810
+ CREATE SEQUENCE irc_data_connection_seq
811
+ START WITH 1
812
+ INCREMENT BY 1
813
+ NO MINVALUE
814
+ NO MAXVALUE
815
+ CACHE 1;
816
+
817
+
818
+ ALTER TABLE dorothy.irc_data_connection_seq OWNER TO postgres;
819
+
820
+ --
821
+ -- Name: irc_data_connection_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
822
+ --
823
+
824
+ ALTER SEQUENCE irc_data_connection_seq OWNED BY irc_data.flow;
825
+
826
+
827
+ --
828
+ -- Name: irc_data_connection_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
829
+ --
830
+
831
+ SELECT pg_catalog.setval('irc_data_connection_seq', 1, true);
832
+
833
+
834
+ --
835
+ -- Name: malwares; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
836
+ --
837
+
838
+ CREATE TABLE malwares (
839
+ bin character(64) NOT NULL,
840
+ family character(64) NOT NULL,
841
+ vendor character(64),
842
+ version character(16),
843
+ rate character(8),
844
+ update integer,
845
+ detected boolean NOT NULL
846
+ );
847
+
848
+
849
+ ALTER TABLE dorothy.malwares OWNER TO postgres;
850
+
851
+ --
852
+ -- Name: reports; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
853
+ --
854
+
855
+ CREATE TABLE reports (
856
+ id integer NOT NULL,
857
+ sandbox integer NOT NULL,
858
+ sample character(64) NOT NULL,
859
+ data text NOT NULL
860
+ );
861
+
862
+
863
+ ALTER TABLE dorothy.reports OWNER TO postgres;
864
+
865
+ --
866
+ -- Name: reports_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
867
+ --
868
+
869
+ CREATE SEQUENCE reports_id_seq
870
+ START WITH 1
871
+ INCREMENT BY 1
872
+ NO MINVALUE
873
+ NO MAXVALUE
874
+ CACHE 1;
875
+
876
+
877
+ ALTER TABLE dorothy.reports_id_seq OWNER TO postgres;
878
+
879
+ --
880
+ -- Name: reports_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
881
+ --
882
+
883
+ ALTER SEQUENCE reports_id_seq OWNED BY reports.id;
884
+
885
+
886
+ --
887
+ -- Name: reports_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
888
+ --
889
+
890
+ SELECT pg_catalog.setval('reports_id_seq', 1, false);
891
+
892
+
893
+ --
894
+ -- Name: roles_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
895
+ --
896
+
897
+ CREATE SEQUENCE roles_id_seq
898
+ START WITH 1
899
+ INCREMENT BY 1
900
+ NO MINVALUE
901
+ NO MAXVALUE
902
+ CACHE 1;
903
+
904
+
905
+ ALTER TABLE dorothy.roles_id_seq OWNER TO postgres;
906
+
907
+ --
908
+ -- Name: roles_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
909
+ --
910
+
911
+ ALTER SEQUENCE roles_id_seq OWNED BY roles.id;
912
+
913
+
914
+ --
915
+ -- Name: roles_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
916
+ --
917
+
918
+ SELECT pg_catalog.setval('roles_id_seq', 1, false);
919
+
920
+
921
+ --
922
+ -- Name: sandboxes; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
923
+ --
924
+
925
+ CREATE TABLE sandboxes (
926
+ id integer NOT NULL,
927
+ hostname character varying(30) NOT NULL,
928
+ type sanbox_type NOT NULL,
929
+ "OS" character varying NOT NULL,
930
+ version character varying,
931
+ os_lang character(4),
932
+ ipaddress inet,
933
+ username character varying NOT NULL,
934
+ password character varying,
935
+ is_available boolean DEFAULT false NOT NULL
936
+ );
937
+
938
+
939
+ ALTER TABLE dorothy.sandboxes OWNER TO postgres;
940
+
941
+ --
942
+ -- Name: sandboxes_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
943
+ --
944
+
945
+ CREATE SEQUENCE sandboxes_id_seq
946
+ START WITH 1
947
+ INCREMENT BY 1
948
+ NO MINVALUE
949
+ NO MAXVALUE
950
+ CACHE 1;
951
+
952
+
953
+ ALTER TABLE dorothy.sandboxes_id_seq OWNER TO postgres;
954
+
955
+ --
956
+ -- Name: sandboxes_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
957
+ --
958
+
959
+ ALTER SEQUENCE sandboxes_id_seq OWNED BY sandboxes.id;
960
+
961
+
962
+ --
963
+ -- Name: sandboxes_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
964
+ --
965
+
966
+ SELECT pg_catalog.setval('sandboxes_id_seq', 1, true);
967
+
968
+
969
+ --
970
+ -- Name: sensors; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
971
+ --
972
+
973
+ CREATE TABLE sensors (
974
+ id integer NOT NULL,
975
+ name character varying(40) NOT NULL,
976
+ host integer NOT NULL,
977
+ type sensor_type2 NOT NULL
978
+ );
979
+
980
+
981
+ ALTER TABLE dorothy.sensors OWNER TO postgres;
982
+
983
+ --
984
+ -- Name: TABLE sensors; Type: COMMENT; Schema: dorothy; Owner: postgres
985
+ --
986
+
987
+ COMMENT ON TABLE sensors IS 'Malware sensors';
988
+
989
+
990
+ --
991
+ -- Name: sensors_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
992
+ --
993
+
994
+ CREATE SEQUENCE sensors_id_seq
995
+ START WITH 1
996
+ INCREMENT BY 1
997
+ NO MINVALUE
998
+ NO MAXVALUE
999
+ CACHE 1;
1000
+
1001
+
1002
+ ALTER TABLE dorothy.sensors_id_seq OWNER TO postgres;
1003
+
1004
+ --
1005
+ -- Name: sensors_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
1006
+ --
1007
+
1008
+ ALTER SEQUENCE sensors_id_seq OWNED BY sensors.id;
1009
+
1010
+
1011
+ --
1012
+ -- Name: sensors_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
1013
+ --
1014
+
1015
+ SELECT pg_catalog.setval('sensors_id_seq', 1, false);
1016
+
1017
+
1018
+ --
1019
+ -- Name: sightings; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
1020
+ --
1021
+
1022
+ CREATE TABLE sightings (
1023
+ sample character(64) NOT NULL,
1024
+ sensor integer NOT NULL,
1025
+ date timestamp without time zone NOT NULL,
1026
+ traffic_dump character(64)
1027
+ );
1028
+
1029
+
1030
+ ALTER TABLE dorothy.sightings OWNER TO postgres;
1031
+
1032
+ --
1033
+ -- Name: TABLE sightings; Type: COMMENT; Schema: dorothy; Owner: postgres
1034
+ --
1035
+
1036
+ COMMENT ON TABLE sightings IS 'Malware sample sightings on sensors';
1037
+
1038
+
1039
+ --
1040
+ -- Name: COLUMN sightings.sample; Type: COMMENT; Schema: dorothy; Owner: postgres
1041
+ --
1042
+
1043
+ COMMENT ON COLUMN sightings.sample IS 'Sample hash';
1044
+
1045
+
1046
+ --
1047
+ -- Name: COLUMN sightings.sensor; Type: COMMENT; Schema: dorothy; Owner: postgres
1048
+ --
1049
+
1050
+ COMMENT ON COLUMN sightings.sensor IS '
1051
+ ';
1052
+
1053
+
1054
+ --
1055
+ -- Name: whois; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
1056
+ --
1057
+
1058
+ CREATE TABLE whois (
1059
+ id integer NOT NULL,
1060
+ query character varying(255),
1061
+ data text,
1062
+ abuse character varying(255),
1063
+ "last-update" timestamp without time zone
1064
+ );
1065
+
1066
+
1067
+ ALTER TABLE dorothy.whois OWNER TO postgres;
1068
+
1069
+ --
1070
+ -- Name: COLUMN whois.abuse; Type: COMMENT; Schema: dorothy; Owner: postgres
1071
+ --
1072
+
1073
+ COMMENT ON COLUMN whois.abuse IS 'Abuse email address';
1074
+
1075
+
1076
+ --
1077
+ -- Name: whois_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
1078
+ --
1079
+
1080
+ CREATE SEQUENCE whois_id_seq
1081
+ START WITH 1
1082
+ INCREMENT BY 1
1083
+ NO MINVALUE
1084
+ NO MAXVALUE
1085
+ CACHE 1;
1086
+
1087
+
1088
+ ALTER TABLE dorothy.whois_id_seq OWNER TO postgres;
1089
+
1090
+ --
1091
+ -- Name: whois_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
1092
+ --
1093
+
1094
+ ALTER SEQUENCE whois_id_seq OWNED BY whois.id;
1095
+
1096
+
1097
+ --
1098
+ -- Name: whois_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
1099
+ --
1100
+
1101
+ SELECT pg_catalog.setval('whois_id_seq', 1, false);
1102
+
1103
+
1104
+ --
1105
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1106
+ --
1107
+
1108
+ ALTER TABLE ONLY analyses ALTER COLUMN id SET DEFAULT nextval('analyses_id_seq'::regclass);
1109
+
1110
+
1111
+ --
1112
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1113
+ --
1114
+
1115
+ ALTER TABLE ONLY asns ALTER COLUMN id SET DEFAULT nextval('asns_id_seq'::regclass);
1116
+
1117
+
1118
+ --
1119
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1120
+ --
1121
+
1122
+ ALTER TABLE ONLY emails ALTER COLUMN id SET DEFAULT nextval('emails_id_seq'::regclass);
1123
+
1124
+
1125
+ --
1126
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1127
+ --
1128
+
1129
+ ALTER TABLE ONLY flows ALTER COLUMN id SET DEFAULT nextval('connections_id_seq'::regclass);
1130
+
1131
+
1132
+ --
1133
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1134
+ --
1135
+
1136
+ ALTER TABLE ONLY geoinfo ALTER COLUMN id SET DEFAULT nextval('geoinfo_id_seq'::regclass);
1137
+
1138
+
1139
+ --
1140
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1141
+ --
1142
+
1143
+ ALTER TABLE ONLY host_ips ALTER COLUMN id SET DEFAULT nextval('host_ips_id_seq'::regclass);
1144
+
1145
+
1146
+ --
1147
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1148
+ --
1149
+
1150
+ ALTER TABLE ONLY irc_data ALTER COLUMN id SET DEFAULT nextval('irc_data_connection_seq'::regclass);
1151
+
1152
+
1153
+ --
1154
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1155
+ --
1156
+
1157
+ ALTER TABLE ONLY reports ALTER COLUMN id SET DEFAULT nextval('reports_id_seq'::regclass);
1158
+
1159
+
1160
+ --
1161
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1162
+ --
1163
+
1164
+ ALTER TABLE ONLY roles ALTER COLUMN id SET DEFAULT nextval('roles_id_seq'::regclass);
1165
+
1166
+
1167
+ --
1168
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1169
+ --
1170
+
1171
+ ALTER TABLE ONLY sandboxes ALTER COLUMN id SET DEFAULT nextval('sandboxes_id_seq'::regclass);
1172
+
1173
+
1174
+ --
1175
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1176
+ --
1177
+
1178
+ ALTER TABLE ONLY sensors ALTER COLUMN id SET DEFAULT nextval('sensors_id_seq'::regclass);
1179
+
1180
+
1181
+ --
1182
+ -- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
1183
+ --
1184
+
1185
+ ALTER TABLE ONLY whois ALTER COLUMN id SET DEFAULT nextval('whois_id_seq'::regclass);
1186
+
1187
+
1188
+ --
1189
+ -- Data for Name: analyses; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1190
+ --
1191
+
1192
+ COPY analyses (id, sample, sandbox, traffic_dump, date) FROM stdin;
1193
+ \.
1194
+
1195
+
1196
+ --
1197
+ -- Data for Name: asns; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1198
+ --
1199
+
1200
+ COPY asns (handle, owner, country, confidence, id) FROM stdin;
1201
+ \.
1202
+
1203
+
1204
+ --
1205
+ -- Data for Name: dns_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1206
+ --
1207
+
1208
+ COPY dns_data (id, name, class, qry, ttl, flow, address, data, type, is_sinkholed) FROM stdin;
1209
+ \.
1210
+
1211
+
1212
+ --
1213
+ -- Data for Name: downloads; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1214
+ --
1215
+
1216
+ COPY downloads (sample, flow, path, filename) FROM stdin;
1217
+ \.
1218
+
1219
+
1220
+ --
1221
+ -- Data for Name: emails; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1222
+ --
1223
+
1224
+ COPY emails ("from", "to", subject, data, id, flow, hcmd, hcont, rcode, rcont) FROM stdin;
1225
+ \.
1226
+
1227
+
1228
+ --
1229
+ -- Data for Name: flows; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1230
+ --
1231
+
1232
+ COPY flows (source, dest, srcport, dstport, size, traffic_dump, packets, id, ip_protocol, service, title, content, duration, "time", relative_id) FROM stdin;
1233
+ \.
1234
+
1235
+
1236
+ --
1237
+ -- Data for Name: ftp_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1238
+ --
1239
+
1240
+ COPY ftp_data (id, banner, "user", password, type, is_ssl, size, data) FROM stdin;
1241
+ \.
1242
+
1243
+
1244
+ --
1245
+ -- Data for Name: geoinfo; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1246
+ --
1247
+
1248
+ COPY geoinfo (id, longlat, country, city, "last-update", asn) FROM stdin;
1249
+ \.
1250
+
1251
+
1252
+ --
1253
+ -- Data for Name: host_ips; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1254
+ --
1255
+
1256
+ COPY host_ips (ip, geoinfo, sbl, uptime, is_online, whois, zone, last_update, id, dns_name, migrated_from) FROM stdin;
1257
+ \.
1258
+
1259
+
1260
+ --
1261
+ -- Data for Name: host_roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1262
+ --
1263
+
1264
+ COPY host_roles (role, host_ip) FROM stdin;
1265
+ \.
1266
+
1267
+
1268
+ --
1269
+ -- Data for Name: http_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1270
+ --
1271
+
1272
+ COPY http_data (id, method, url, size, is_ssl, flow, data) FROM stdin;
1273
+ \.
1274
+
1275
+
1276
+ --
1277
+ -- Data for Name: http_headers; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1278
+ --
1279
+
1280
+ COPY http_headers (http_data, key, value) FROM stdin;
1281
+ \.
1282
+
1283
+
1284
+ --
1285
+ -- Data for Name: irc_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1286
+ --
1287
+
1288
+ COPY irc_data (id, flow, data, incoming) FROM stdin;
1289
+ \.
1290
+
1291
+
1292
+ --
1293
+ -- Data for Name: malwares; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1294
+ --
1295
+
1296
+ COPY malwares (bin, family, vendor, version, rate, update, detected) FROM stdin;
1297
+ \.
1298
+
1299
+
1300
+ --
1301
+ -- Data for Name: reports; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1302
+ --
1303
+
1304
+ COPY reports (id, sandbox, sample, data) FROM stdin;
1305
+ \.
1306
+
1307
+
1308
+ --
1309
+ -- Data for Name: roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1310
+ --
1311
+
1312
+ COPY roles (id, type, comment) FROM stdin;
1313
+ 0 honeypot \N
1314
+ 1 cc-irc \N
1315
+ 2 SPAM \N
1316
+ 3 cc-drop \N
1317
+ 5 cc-support \N
1318
+ 4 unknown \N
1319
+ \.
1320
+
1321
+
1322
+ --
1323
+ -- Data for Name: samples; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1324
+ --
1325
+
1326
+ COPY samples (hash, size, type, path, filename, md5, long_type) FROM stdin;
1327
+ \.
1328
+
1329
+
1330
+ --
1331
+ -- Data for Name: sandboxes; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1332
+ --
1333
+
1334
+ COPY sandboxes (id, hostname, type, "OS", version, os_lang, ipaddress, username, password, is_available) FROM stdin;
1335
+ \.
1336
+
1337
+
1338
+ --
1339
+ -- Data for Name: sensors; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1340
+ --
1341
+
1342
+ COPY sensors (id, name, host, type) FROM stdin;
1343
+ 0 hp1-dionaea 0 lowint-honeypot
1344
+ 2 userinput 0 unknow
1345
+ 1 ztracker 0 external-source
1346
+ \.
1347
+
1348
+
1349
+ --
1350
+ -- Data for Name: sightings; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1351
+ --
1352
+
1353
+ COPY sightings (sample, sensor, date, traffic_dump) FROM stdin;
1354
+ \.
1355
+
1356
+
1357
+ --
1358
+ -- Data for Name: traffic_dumps; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1359
+ --
1360
+
1361
+ COPY traffic_dumps (hash, size, pcapr_id, "binary", parsed) FROM stdin;
1362
+ EMPTYPCAP 0 ffff ffff true
1363
+ \.
1364
+
1365
+
1366
+ --
1367
+ -- Data for Name: whois; Type: TABLE DATA; Schema: dorothy; Owner: postgres
1368
+ --
1369
+
1370
+ COPY whois (id, query, data, abuse, "last-update") FROM stdin;
1371
+ \.
1372
+
1373
+
1374
+ --
1375
+ -- Name: asns_handle_uq; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1376
+ --
1377
+
1378
+ ALTER TABLE ONLY asns
1379
+ ADD CONSTRAINT asns_handle_uq UNIQUE (handle);
1380
+
1381
+
1382
+ --
1383
+ -- Name: CONSTRAINT asns_handle_uq ON asns; Type: COMMENT; Schema: dorothy; Owner: postgres
1384
+ --
1385
+
1386
+ COMMENT ON CONSTRAINT asns_handle_uq ON asns IS 'AS handle must be unique';
1387
+
1388
+
1389
+ --
1390
+ -- Name: asns_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1391
+ --
1392
+
1393
+ ALTER TABLE ONLY asns
1394
+ ADD CONSTRAINT asns_pk PRIMARY KEY (id);
1395
+
1396
+
1397
+ --
1398
+ -- Name: dns_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1399
+ --
1400
+
1401
+ ALTER TABLE ONLY dns_data
1402
+ ADD CONSTRAINT dns_data_pkey PRIMARY KEY (id);
1403
+
1404
+
1405
+ --
1406
+ -- Name: ftp_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1407
+ --
1408
+
1409
+ ALTER TABLE ONLY ftp_data
1410
+ ADD CONSTRAINT ftp_data_pkey PRIMARY KEY (id);
1411
+
1412
+
1413
+ --
1414
+ -- Name: geoinfo_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1415
+ --
1416
+
1417
+ ALTER TABLE ONLY geoinfo
1418
+ ADD CONSTRAINT geoinfo_pkey PRIMARY KEY (id);
1419
+
1420
+
1421
+ --
1422
+ -- Name: hash; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1423
+ --
1424
+
1425
+ ALTER TABLE ONLY samples
1426
+ ADD CONSTRAINT hash PRIMARY KEY (hash);
1427
+
1428
+
1429
+ --
1430
+ -- Name: http_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1431
+ --
1432
+
1433
+ ALTER TABLE ONLY http_data
1434
+ ADD CONSTRAINT http_data_pkey PRIMARY KEY (id);
1435
+
1436
+
1437
+ --
1438
+ -- Name: http_headers_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1439
+ --
1440
+
1441
+ ALTER TABLE ONLY http_headers
1442
+ ADD CONSTRAINT http_headers_pk PRIMARY KEY (http_data, key);
1443
+
1444
+
1445
+ --
1446
+ -- Name: id; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1447
+ --
1448
+
1449
+ ALTER TABLE ONLY analyses
1450
+ ADD CONSTRAINT id PRIMARY KEY (id);
1451
+
1452
+
1453
+ --
1454
+ -- Name: id_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1455
+ --
1456
+
1457
+ ALTER TABLE ONLY emails
1458
+ ADD CONSTRAINT id_pk PRIMARY KEY (id);
1459
+
1460
+
1461
+ --
1462
+ -- Name: ip_uniq; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1463
+ --
1464
+
1465
+ ALTER TABLE ONLY host_ips
1466
+ ADD CONSTRAINT ip_uniq UNIQUE (ip);
1467
+
1468
+
1469
+ --
1470
+ -- Name: pk_connection; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1471
+ --
1472
+
1473
+ ALTER TABLE ONLY flows
1474
+ ADD CONSTRAINT pk_connection PRIMARY KEY (id);
1475
+
1476
+
1477
+ --
1478
+ -- Name: pk_host_ips; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1479
+ --
1480
+
1481
+ ALTER TABLE ONLY host_ips
1482
+ ADD CONSTRAINT pk_host_ips PRIMARY KEY (ip, id);
1483
+
1484
+
1485
+ --
1486
+ -- Name: pk_irc; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1487
+ --
1488
+
1489
+ ALTER TABLE ONLY irc_data
1490
+ ADD CONSTRAINT pk_irc PRIMARY KEY (id);
1491
+
1492
+
1493
+ --
1494
+ -- Name: reports_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1495
+ --
1496
+
1497
+ ALTER TABLE ONLY reports
1498
+ ADD CONSTRAINT reports_pkey PRIMARY KEY (id);
1499
+
1500
+
1501
+ --
1502
+ -- Name: roles_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1503
+ --
1504
+
1505
+ ALTER TABLE ONLY roles
1506
+ ADD CONSTRAINT roles_pkey PRIMARY KEY (id);
1507
+
1508
+
1509
+ --
1510
+ -- Name: sandboxes_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1511
+ --
1512
+
1513
+ ALTER TABLE ONLY sandboxes
1514
+ ADD CONSTRAINT sandboxes_pkey PRIMARY KEY (id);
1515
+
1516
+
1517
+ --
1518
+ -- Name: sensors_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1519
+ --
1520
+
1521
+ ALTER TABLE ONLY sensors
1522
+ ADD CONSTRAINT sensors_pkey PRIMARY KEY (id);
1523
+
1524
+ --
1525
+ -- Name: traffic_dumps_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1526
+ --
1527
+
1528
+ ALTER TABLE ONLY traffic_dumps
1529
+ ADD CONSTRAINT traffic_dumps_pkey PRIMARY KEY (hash);
1530
+
1531
+
1532
+ --
1533
+ -- Name: uniq_sandbox; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1534
+ --
1535
+
1536
+ ALTER TABLE ONLY sandboxes
1537
+ ADD CONSTRAINT uniq_sandbox UNIQUE (ipaddress);
1538
+
1539
+
1540
+ --
1541
+ -- Name: whois_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
1542
+ --
1543
+
1544
+ ALTER TABLE ONLY whois
1545
+ ADD CONSTRAINT whois_pkey PRIMARY KEY (id);
1546
+
1547
+
1548
+ --
1549
+ -- Name: fki_bin; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1550
+ --
1551
+
1552
+ CREATE INDEX fki_bin ON malwares USING btree (bin);
1553
+
1554
+
1555
+ --
1556
+ -- Name: fki_connection; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1557
+ --
1558
+
1559
+ CREATE INDEX fki_connection ON http_data USING btree (flow);
1560
+
1561
+
1562
+ --
1563
+ -- Name: fki_dest_ip; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1564
+ --
1565
+
1566
+ CREATE INDEX fki_dest_ip ON flows USING btree (dest);
1567
+
1568
+
1569
+ --
1570
+ -- Name: fki_dns; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1571
+ --
1572
+
1573
+ CREATE INDEX fki_dns ON host_ips USING btree (dns_name);
1574
+
1575
+
1576
+ --
1577
+ -- Name: fki_dumps; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1578
+ --
1579
+
1580
+ CREATE INDEX fki_dumps ON flows USING btree (traffic_dump);
1581
+
1582
+
1583
+ --
1584
+ -- Name: fki_email; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1585
+ --
1586
+
1587
+ CREATE INDEX fki_email ON emails USING btree (flow);
1588
+
1589
+
1590
+ --
1591
+ -- Name: fki_flow; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1592
+ --
1593
+
1594
+ CREATE INDEX fki_flow ON downloads USING btree (flow);
1595
+
1596
+
1597
+ --
1598
+ -- Name: fki_flows; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1599
+ --
1600
+
1601
+ CREATE INDEX fki_flows ON dns_data USING btree (flow);
1602
+
1603
+
1604
+ --
1605
+ -- Name: fki_host; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1606
+ --
1607
+
1608
+ CREATE INDEX fki_host ON host_roles USING btree (host_ip);
1609
+
1610
+
1611
+ --
1612
+ -- Name: fki_irc; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1613
+ --
1614
+
1615
+ CREATE INDEX fki_irc ON irc_data USING btree (flow);
1616
+
1617
+
1618
+ --
1619
+ -- Name: fki_sample; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1620
+ --
1621
+
1622
+ CREATE INDEX fki_sample ON analyses USING btree (sample);
1623
+
1624
+
1625
+ --
1626
+ -- Name: fki_sandbox; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1627
+ --
1628
+
1629
+ CREATE INDEX fki_sandbox ON analyses USING btree (sandbox);
1630
+
1631
+
1632
+ --
1633
+ -- Name: fki_shash; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1634
+ --
1635
+
1636
+ CREATE INDEX fki_shash ON reports USING btree (sample);
1637
+
1638
+
1639
+ --
1640
+ -- Name: fki_tdumps; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
1641
+ --
1642
+
1643
+ CREATE INDEX fki_tdumps ON analyses USING btree (traffic_dump);
1644
+
1645
+
1646
+ --
1647
+ -- Name: dest_ip; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1648
+ --
1649
+
1650
+ ALTER TABLE ONLY flows
1651
+ ADD CONSTRAINT dest_ip FOREIGN KEY (dest) REFERENCES host_ips(ip);
1652
+
1653
+
1654
+ --
1655
+ -- Name: dns; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1656
+ --
1657
+
1658
+ ALTER TABLE ONLY host_ips
1659
+ ADD CONSTRAINT dns FOREIGN KEY (dns_name) REFERENCES dns_data(id);
1660
+
1661
+
1662
+ --
1663
+ -- Name: dumps; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1664
+ --
1665
+
1666
+ ALTER TABLE ONLY flows
1667
+ ADD CONSTRAINT dumps FOREIGN KEY (traffic_dump) REFERENCES traffic_dumps(hash);
1668
+
1669
+
1670
+ --
1671
+ -- Name: fk_bin; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1672
+ --
1673
+
1674
+ ALTER TABLE ONLY malwares
1675
+ ADD CONSTRAINT fk_bin FOREIGN KEY (bin) REFERENCES samples(hash);
1676
+
1677
+
1678
+ --
1679
+ -- Name: fk_email; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1680
+ --
1681
+
1682
+ ALTER TABLE ONLY emails
1683
+ ADD CONSTRAINT fk_email FOREIGN KEY (flow) REFERENCES flows(id);
1684
+
1685
+
1686
+ --
1687
+ -- Name: fk_flow; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1688
+ --
1689
+
1690
+ ALTER TABLE ONLY http_data
1691
+ ADD CONSTRAINT fk_flow FOREIGN KEY (flow) REFERENCES flows(id);
1692
+
1693
+
1694
+ --
1695
+ -- Name: fk_flow; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1696
+ --
1697
+
1698
+ ALTER TABLE ONLY downloads
1699
+ ADD CONSTRAINT fk_flow FOREIGN KEY (flow) REFERENCES flows(id);
1700
+
1701
+
1702
+ --
1703
+ -- Name: fk_irc; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1704
+ --
1705
+
1706
+ ALTER TABLE ONLY irc_data
1707
+ ADD CONSTRAINT fk_irc FOREIGN KEY (flow) REFERENCES flows(id);
1708
+
1709
+
1710
+ --
1711
+ -- Name: flows; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1712
+ --
1713
+
1714
+ ALTER TABLE ONLY dns_data
1715
+ ADD CONSTRAINT flows FOREIGN KEY (flow) REFERENCES flows(id);
1716
+
1717
+
1718
+ --
1719
+ -- Name: geoinfo_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1720
+ --
1721
+
1722
+ ALTER TABLE ONLY host_ips
1723
+ ADD CONSTRAINT geoinfo_fk FOREIGN KEY (geoinfo) REFERENCES geoinfo(id);
1724
+
1725
+
1726
+ --
1727
+ -- Name: host; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1728
+ --
1729
+
1730
+ ALTER TABLE ONLY host_roles
1731
+ ADD CONSTRAINT host FOREIGN KEY (host_ip) REFERENCES host_ips(ip);
1732
+
1733
+
1734
+ --
1735
+ -- Name: role_fkey; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1736
+ --
1737
+
1738
+ ALTER TABLE ONLY host_roles
1739
+ ADD CONSTRAINT role_fkey FOREIGN KEY (role) REFERENCES roles(id);
1740
+
1741
+
1742
+ --
1743
+ -- Name: samples; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1744
+ --
1745
+
1746
+ ALTER TABLE ONLY analyses
1747
+ ADD CONSTRAINT samples FOREIGN KEY (sample) REFERENCES samples(hash);
1748
+
1749
+
1750
+ --
1751
+ -- Name: samples; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1752
+ --
1753
+
1754
+ ALTER TABLE ONLY sightings
1755
+ ADD CONSTRAINT samples FOREIGN KEY (sample) REFERENCES samples(hash);
1756
+
1757
+
1758
+ --
1759
+ -- Name: sensor_fkey; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1760
+ --
1761
+
1762
+ ALTER TABLE ONLY sightings
1763
+ ADD CONSTRAINT sensor_fkey FOREIGN KEY (sensor) REFERENCES sensors(id);
1764
+
1765
+
1766
+ --
1767
+ -- Name: shash; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1768
+ --
1769
+
1770
+ ALTER TABLE ONLY reports
1771
+ ADD CONSTRAINT shash FOREIGN KEY (sample) REFERENCES samples(hash);
1772
+
1773
+
1774
+ --
1775
+ -- Name: tdumps; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1776
+ --
1777
+
1778
+ ALTER TABLE ONLY analyses
1779
+ ADD CONSTRAINT tdumps FOREIGN KEY (traffic_dump) REFERENCES traffic_dumps(hash);
1780
+
1781
+
1782
+ --
1783
+ -- Name: whois_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
1784
+ --
1785
+
1786
+ ALTER TABLE ONLY host_ips
1787
+ ADD CONSTRAINT whois_fk FOREIGN KEY (whois) REFERENCES whois(id);
1788
+
1789
+
1790
+ --
1791
+ -- Name: dorothy; Type: ACL; Schema: -; Owner: postgres
1792
+ --
1793
+
1794
+ REVOKE ALL ON SCHEMA dorothy FROM PUBLIC;
1795
+ REVOKE ALL ON SCHEMA dorothy FROM postgres;
1796
+ GRANT ALL ON SCHEMA dorothy TO postgres;
1797
+ GRANT ALL ON SCHEMA dorothy TO PUBLIC;
1798
+
1799
+
1800
+ --
1801
+ -- PostgreSQL database dump complete
1802
+ --
1803
+