pymisp 2.5.3__py3-none-any.whl → 2.5.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (162) hide show
  1. CHANGELOG.txt +5380 -0
  2. examples/__init__.py +0 -0
  3. examples/add_attributes_from_csv.py +74 -0
  4. examples/add_email_object.py +29 -0
  5. examples/add_fail2ban_object.py +86 -0
  6. examples/add_feed.py +25 -0
  7. examples/add_file_object.py +47 -0
  8. examples/add_filetype_object_from_csv.py +53 -0
  9. examples/add_generic_object.py +26 -0
  10. examples/add_github_user.py +65 -0
  11. examples/add_gitlab_user.py +56 -0
  12. examples/add_named_attribute.py +25 -0
  13. examples/add_organisations.py +57 -0
  14. examples/add_ssh_authorized_keys.py +29 -0
  15. examples/add_user.py +22 -0
  16. examples/add_vehicle_object.py +22 -0
  17. examples/addtag2.py +45 -0
  18. examples/asciidoc_generator.py +114 -0
  19. examples/cache_all.py +10 -0
  20. examples/copyTagsFromAttributesToEvent.py +68 -0
  21. examples/copy_list.py +93 -0
  22. examples/create_events.py +26 -0
  23. examples/cytomic_orion.py +549 -0
  24. examples/del.py +22 -0
  25. examples/delete_user.py +16 -0
  26. examples/edit_organisation.py +20 -0
  27. examples/edit_user.py +20 -0
  28. examples/falsepositive_disabletoids.py +136 -0
  29. examples/fetch_events_feed.py +15 -0
  30. examples/fetch_warninglist_hits.py +38 -0
  31. examples/freetext.py +22 -0
  32. examples/generate_file_objects.py +78 -0
  33. examples/generate_meta_feed.py +15 -0
  34. examples/get.py +37 -0
  35. examples/get_csv.py +37 -0
  36. examples/get_network_activity.py +187 -0
  37. examples/last.py +48 -0
  38. examples/load_csv.py +94 -0
  39. examples/lookup.py +28 -0
  40. examples/misp2cef.py +71 -0
  41. examples/misp2clamav.py +52 -0
  42. examples/openioc_to_misp.py +27 -0
  43. examples/proofpoint_tap.py +203 -0
  44. examples/proofpoint_vap.py +65 -0
  45. examples/search.py +48 -0
  46. examples/search_attributes_yara.py +40 -0
  47. examples/search_sighting.py +42 -0
  48. examples/server_sync_check_conn.py +32 -0
  49. examples/sharing_groups.py +15 -0
  50. examples/show_sightings.py +168 -0
  51. examples/stats_report.py +405 -0
  52. examples/sync_sighting.py +171 -0
  53. examples/tags.py +25 -0
  54. examples/test_sign.py +19 -0
  55. examples/trustar_misp.py +59 -0
  56. examples/up.py +21 -0
  57. examples/upload.py +60 -0
  58. examples/users_list.py +15 -0
  59. examples/vmray_automation.py +281 -0
  60. examples/vt_to_misp.py +182 -0
  61. examples/warninglists.py +22 -0
  62. examples/yara.py +38 -0
  63. examples/yara_dump.py +98 -0
  64. pymisp/api.py +33 -5
  65. pymisp/data/misp-objects/objects/android-app/definition.json +8 -2
  66. pymisp/data/misp-objects/objects/instagram-account/definition.json +66 -0
  67. pymisp/data/misp-objects/objects/lnk/definition.json +13 -1
  68. pymisp/data/misp-objects/objects/rmm/definition.json +88 -0
  69. pymisp/data/misp-objects/objects/spambee-report/definition.json +54 -0
  70. pymisp/data/misp-objects/objects/target-system/definition.json +2 -2
  71. pymisp/data/misp-objects/objects/vulnerability/definition.json +5 -4
  72. pymisp/data/misp-objects/relationships/definition.json +17 -1
  73. pymisp/data/misp-objects/schema_objects.json +1 -1
  74. pymisp/mispevent.py +95 -23
  75. {pymisp-2.5.3.dist-info → pymisp-2.5.7.dist-info}/METADATA +23 -28
  76. {pymisp-2.5.3.dist-info → pymisp-2.5.7.dist-info}/RECORD +144 -30
  77. {pymisp-2.5.3.dist-info → pymisp-2.5.7.dist-info}/WHEEL +1 -1
  78. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +1 -0
  79. tests/__init__.py +0 -0
  80. tests/csv_testfiles/invalid_fieldnames.csv +11 -0
  81. tests/csv_testfiles/valid_fieldnames.csv +4 -0
  82. tests/email_testfiles/mail_1.eml.zip +0 -0
  83. tests/email_testfiles/mail_1.msg +0 -0
  84. tests/email_testfiles/mail_1_bom.eml +858 -0
  85. tests/email_testfiles/mail_1_headers_only.eml +28 -0
  86. tests/email_testfiles/mail_2.eml +32 -0
  87. tests/email_testfiles/mail_3.eml +170 -0
  88. tests/email_testfiles/mail_3.msg +0 -0
  89. tests/email_testfiles/mail_4.msg +0 -0
  90. tests/email_testfiles/mail_5.msg +0 -0
  91. tests/email_testfiles/mail_multiple_to.eml +15 -0
  92. tests/email_testfiles/source +1 -0
  93. tests/git-vuln-finder-quagga.json +1493 -0
  94. tests/misp_event.json +76 -0
  95. tests/mispevent_testfiles/attribute.json +21 -0
  96. tests/mispevent_testfiles/attribute_del.json +23 -0
  97. tests/mispevent_testfiles/def_param.json +53 -0
  98. tests/mispevent_testfiles/event.json +8 -0
  99. tests/mispevent_testfiles/event_obj_attr_tag.json +57 -0
  100. tests/mispevent_testfiles/event_obj_def_param.json +62 -0
  101. tests/mispevent_testfiles/event_obj_tag.json +29 -0
  102. tests/mispevent_testfiles/event_tags.json +18 -0
  103. tests/mispevent_testfiles/existing_event.json +4599 -0
  104. tests/mispevent_testfiles/existing_event_edited.json +4601 -0
  105. tests/mispevent_testfiles/galaxy.json +25 -0
  106. tests/mispevent_testfiles/malware.json +19 -0
  107. tests/mispevent_testfiles/malware_exist.json +163 -0
  108. tests/mispevent_testfiles/misp_custom_obj.json +38 -0
  109. tests/mispevent_testfiles/overwrite_file/definition.json +457 -0
  110. tests/mispevent_testfiles/proposals.json +35 -0
  111. tests/mispevent_testfiles/shadow.json +148 -0
  112. tests/mispevent_testfiles/sighting.json +5 -0
  113. tests/mispevent_testfiles/simple.json +2 -0
  114. tests/mispevent_testfiles/test_object_template/definition.json +29 -0
  115. tests/new_misp_event.json +34 -0
  116. tests/reportlab_testfiles/HTML_event.json +1 -0
  117. tests/reportlab_testfiles/galaxy_1.json +1250 -0
  118. tests/reportlab_testfiles/image_event.json +2490 -0
  119. tests/reportlab_testfiles/japanese_test.json +156 -0
  120. tests/reportlab_testfiles/japanese_test_heavy.json +318 -0
  121. tests/reportlab_testfiles/long_event.json +3730 -0
  122. tests/reportlab_testfiles/mainly_objects_1.json +1092 -0
  123. tests/reportlab_testfiles/mainly_objects_2.json +977 -0
  124. tests/reportlab_testfiles/sighting_1.json +305 -0
  125. tests/reportlab_testfiles/sighting_2.json +221 -0
  126. tests/reportlab_testfiles/to_delete1.json +804 -0
  127. tests/reportlab_testfiles/to_delete2.json +1 -0
  128. tests/reportlab_testfiles/to_delete3.json +1 -0
  129. tests/reportlab_testfiles/very_long_event.json +1006 -0
  130. tests/reportlab_testoutputs/to_delete1.json.pdf +391 -0
  131. tests/reportlab_testoutputs/to_delete2.json.pdf +506 -0
  132. tests/reportlab_testoutputs/to_delete3.json.pdf +277 -0
  133. tests/search_index_result.json +69 -0
  134. tests/sharing_groups.json +98 -0
  135. tests/stix1.xml-utf8 +110 -0
  136. tests/stix2.json +1 -0
  137. tests/test_analyst_data.py +123 -0
  138. tests/test_emailobject.py +157 -0
  139. tests/test_fileobject.py +20 -0
  140. tests/test_mispevent.py +473 -0
  141. tests/test_reportlab.py +431 -0
  142. tests/testlive_comprehensive.py +3734 -0
  143. tests/testlive_sync.py +474 -0
  144. pymisp/data/misp-objects/.git +0 -1
  145. pymisp/data/misp-objects/.gitchangelog.rc +0 -289
  146. pymisp/data/misp-objects/.github/workflows/codeql.yml +0 -41
  147. pymisp/data/misp-objects/.github/workflows/nosetests.yml +0 -39
  148. pymisp/data/misp-objects/.travis.yml +0 -16
  149. pymisp/data/misp-objects/LICENSE-software-only.md +0 -661
  150. pymisp/data/misp-objects/LICENSE.md +0 -36
  151. pymisp/data/misp-objects/README.md +0 -566
  152. pymisp/data/misp-objects/docs/time-related-objects.ods +0 -0
  153. pymisp/data/misp-objects/docs/time-related-objects.pdf +0 -0
  154. pymisp/data/misp-objects/jq_all_the_things.sh +0 -29
  155. pymisp/data/misp-objects/tools/adoc_objects.py +0 -145
  156. pymisp/data/misp-objects/tools/alfred_links_to_relarelationships.py +0 -48
  157. pymisp/data/misp-objects/tools/list_of_objects.py +0 -50
  158. pymisp/data/misp-objects/tools/updated.sh +0 -6
  159. pymisp/data/misp-objects/tools/validate_opposites.sh +0 -17
  160. pymisp/data/misp-objects/unique_uuid.py +0 -16
  161. pymisp/data/misp-objects/validate_all.sh +0 -38
  162. {pymisp-2.5.3.dist-info → pymisp-2.5.7.dist-info}/LICENSE +0 -0
tests/reportlab_testfiles/sighting_1.json ADDED
@@ -0,0 +1,305 @@
1
+ {
2
+ "Event": {
3
+ "id": "60",
4
+ "orgc_id": "5",
5
+ "org_id": "1",
6
+ "date": "2018-08-01",
7
+ "threat_level_id": "3",
8
+ "info": "Ursnif, MALWAREMESSIAGH",
9
+ "published": true,
10
+ "uuid": "5b646415-7b48-40d5-86b4-c0070acd0835",
11
+ "attribute_count": "5",
12
+ "analysis": "2",
13
+ "timestamp": "1533306089",
14
+ "distribution": "3",
15
+ "proposal_email_lock": false,
16
+ "locked": false,
17
+ "publish_timestamp": "1550506283",
18
+ "sharing_group_id": "0",
19
+ "disable_correlation": false,
20
+ "extends_uuid": "",
21
+ "Org": {
22
+ "id": "1",
23
+ "name": "ORGNAME",
24
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
25
+ },
26
+ "Orgc": {
27
+ "id": "5",
28
+ "name": "Synovus Financial",
29
+ "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
30
+ },
31
+ "Attribute": [
32
+ {
33
+ "id": "8885",
34
+ "type": "domain",
35
+ "category": "Network activity",
36
+ "to_ids": true,
37
+ "uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835",
38
+ "event_id": "60",
39
+ "distribution": "5",
40
+ "timestamp": "1533306058",
41
+ "comment": "Ursnif",
42
+ "sharing_group_id": "0",
43
+ "deleted": false,
44
+ "disable_correlation": false,
45
+ "object_id": "0",
46
+ "object_relation": null,
47
+ "value": "ooiasjdnqjwbeasdasd.com",
48
+ "Galaxy": [],
49
+ "ShadowAttribute": [],
50
+ "Sighting": [
51
+ {
52
+ "id": "8",
53
+ "attribute_id": "8885",
54
+ "event_id": "60",
55
+ "org_id": "1",
56
+ "date_sighting": "1551253950",
57
+ "uuid": "5c7641bf-a4e8-4d5d-a653-03240a00020f",
58
+ "source": "",
59
+ "type": "0",
60
+ "Organisation": {
61
+ "id": "1",
62
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
63
+ "name": "ORGNAME"
64
+ },
65
+ "attribute_uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835"
66
+ }
67
+ ]
68
+ },
69
+ {
70
+ "id": "8886",
71
+ "type": "domain",
72
+ "category": "Network activity",
73
+ "to_ids": true,
74
+ "uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835",
75
+ "event_id": "60",
76
+ "distribution": "5",
77
+ "timestamp": "1533306058",
78
+ "comment": "Ursnif",
79
+ "sharing_group_id": "0",
80
+ "deleted": false,
81
+ "disable_correlation": false,
82
+ "object_id": "0",
83
+ "object_relation": null,
84
+ "value": "eqowiesajenqweasd.com",
85
+ "Galaxy": [],
86
+ "ShadowAttribute": [],
87
+ "Sighting": [
88
+ {
89
+ "id": "9",
90
+ "attribute_id": "8886",
91
+ "event_id": "60",
92
+ "org_id": "1",
93
+ "date_sighting": "1551253959",
94
+ "uuid": "5c7641c7-f020-4643-92b4-03240a00020f",
95
+ "source": "",
96
+ "type": "1",
97
+ "Organisation": {
98
+ "id": "1",
99
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
100
+ "name": "ORGNAME"
101
+ },
102
+ "attribute_uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835"
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "8887",
108
+ "type": "domain",
109
+ "category": "Network activity",
110
+ "to_ids": true,
111
+ "uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835",
112
+ "event_id": "60",
113
+ "distribution": "5",
114
+ "timestamp": "1533306058",
115
+ "comment": "Ursnif",
116
+ "sharing_group_id": "0",
117
+ "deleted": false,
118
+ "disable_correlation": false,
119
+ "object_id": "0",
120
+ "object_relation": null,
121
+ "value": "dquohwdihaewqdcas.com",
122
+ "Galaxy": [],
123
+ "ShadowAttribute": [],
124
+ "Sighting": [
125
+ {
126
+ "id": "10",
127
+ "attribute_id": "8887",
128
+ "event_id": "60",
129
+ "org_id": "1",
130
+ "date_sighting": "1551253962",
131
+ "uuid": "5c7641cb-ccc0-44ee-ab75-03240a00020f",
132
+ "source": "",
133
+ "type": "1",
134
+ "Organisation": {
135
+ "id": "1",
136
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
137
+ "name": "ORGNAME"
138
+ },
139
+ "attribute_uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835"
140
+ }
141
+ ]
142
+ },
143
+ {
144
+ "id": "8888",
145
+ "type": "domain",
146
+ "category": "Network activity",
147
+ "to_ids": true,
148
+ "uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835",
149
+ "event_id": "60",
150
+ "distribution": "5",
151
+ "timestamp": "1533306058",
152
+ "comment": "Ursnif",
153
+ "sharing_group_id": "0",
154
+ "deleted": false,
155
+ "disable_correlation": false,
156
+ "object_id": "0",
157
+ "object_relation": null,
158
+ "value": "diqjwhebseqhbasdh.com",
159
+ "Galaxy": [],
160
+ "ShadowAttribute": [],
161
+ "Sighting": [
162
+ {
163
+ "id": "11",
164
+ "attribute_id": "8888",
165
+ "event_id": "60",
166
+ "org_id": "1",
167
+ "date_sighting": "1551253968",
168
+ "uuid": "5c7641d5-58bc-4d20-9a84-05f10a00020f",
169
+ "source": "honeyp",
170
+ "type": "2",
171
+ "Organisation": {
172
+ "id": "1",
173
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
174
+ "name": "ORGNAME"
175
+ },
176
+ "attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
177
+ },
178
+ {
179
+ "id": "12",
180
+ "attribute_id": "8888",
181
+ "event_id": "60",
182
+ "org_id": "1",
183
+ "date_sighting": "1551253976",
184
+ "uuid": "5c7641db-a9a0-49b0-b536-05f10a00020f",
185
+ "source": "dede",
186
+ "type": "1",
187
+ "Organisation": {
188
+ "id": "1",
189
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
190
+ "name": "ORGNAME"
191
+ },
192
+ "attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
193
+ }
194
+ ]
195
+ },
196
+ {
197
+ "id": "8889",
198
+ "type": "url",
199
+ "category": "Payload delivery",
200
+ "to_ids": true,
201
+ "uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835",
202
+ "event_id": "60",
203
+ "distribution": "5",
204
+ "timestamp": "1533306089",
205
+ "comment": "Ursnif dropped file",
206
+ "sharing_group_id": "0",
207
+ "deleted": false,
208
+ "disable_correlation": false,
209
+ "object_id": "0",
210
+ "object_relation": null,
211
+ "value": "http:\/\/sistemait.it\/softaculous\/backup\/client.rar",
212
+ "Galaxy": [],
213
+ "ShadowAttribute": [],
214
+ "Sighting": [
215
+ {
216
+ "id": "7",
217
+ "attribute_id": "8889",
218
+ "event_id": "60",
219
+ "org_id": "1",
220
+ "date_sighting": "1551253943",
221
+ "uuid": "5c7641b7-b618-4e41-a9c9-03240a00020f",
222
+ "source": "",
223
+ "type": "0",
224
+ "Organisation": {
225
+ "id": "1",
226
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
227
+ "name": "ORGNAME"
228
+ },
229
+ "attribute_uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835"
230
+ }
231
+ ]
232
+ }
233
+ ],
234
+ "ShadowAttribute": [],
235
+ "RelatedEvent": [],
236
+ "Galaxy": [
237
+ {
238
+ "id": "4",
239
+ "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
240
+ "name": "Banker",
241
+ "type": "banker",
242
+ "description": "Banking malware galaxy.",
243
+ "version": "3",
244
+ "icon": "usd",
245
+ "namespace": "misp",
246
+ "GalaxyCluster": [
247
+ {
248
+ "id": "289",
249
+ "collection_uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
250
+ "type": "banker",
251
+ "value": "Gozi",
252
+ "tag_name": "misp-galaxy:banker=\"Gozi\"",
253
+ "description": "Banking trojan delivered primarily via email (typically malspam) and exploit kits. Gozi 1.0 source leaked in 2010",
254
+ "galaxy_id": "4",
255
+ "source": "Open Sources",
256
+ "authors": [
257
+ "Unknown",
258
+ "raw-data"
259
+ ],
260
+ "version": "16",
261
+ "uuid": "",
262
+ "tag_id": "86",
263
+ "meta": {
264
+ "date": [
265
+ "First seen ~ 2007"
266
+ ],
267
+ "refs": [
268
+ "https:\/\/www.secureworks.com\/research\/gozi",
269
+ "https:\/\/www.gdatasoftware.com\/blog\/2016\/11\/29325-analysis-ursnif-spying-on-your-data-since-2007",
270
+ "https:\/\/lokalhost.pl\/gozi_tree.txt"
271
+ ],
272
+ "synonyms": [
273
+ "Ursnif",
274
+ "CRM",
275
+ "Snifula",
276
+ "Papras"
277
+ ]
278
+ }
279
+ }
280
+ ]
281
+ }
282
+ ],
283
+ "Object": [],
284
+ "Tag": [
285
+ {
286
+ "id": "85",
287
+ "name": "PasteBin: MALWAREMESSIAGH",
288
+ "colour": "#ab34e3",
289
+ "exportable": true,
290
+ "user_id": "0",
291
+ "hide_tag": false,
292
+ "numerical_value": null
293
+ },
294
+ {
295
+ "id": "86",
296
+ "name": "misp-galaxy:banker=\"Gozi\"",
297
+ "colour": "#0088cc",
298
+ "exportable": true,
299
+ "user_id": "0",
300
+ "hide_tag": false,
301
+ "numerical_value": null
302
+ }
303
+ ]
304
+ }
305
+ }
tests/reportlab_testfiles/sighting_2.json ADDED
@@ -0,0 +1,221 @@
1
+ {
2
+ "Event": {
3
+ "id": "1",
4
+ "orgc_id": "1",
5
+ "org_id": "1",
6
+ "date": "2019-02-18",
7
+ "threat_level_id": "2",
8
+ "info": "This is the description",
9
+ "published": false,
10
+ "uuid": "5c6ab833-676c-42f3-95d2-034f0a00020f",
11
+ "attribute_count": "2",
12
+ "analysis": "1",
13
+ "timestamp": "1551253649",
14
+ "distribution": "1",
15
+ "proposal_email_lock": false,
16
+ "locked": false,
17
+ "publish_timestamp": "0",
18
+ "sharing_group_id": "0",
19
+ "disable_correlation": false,
20
+ "extends_uuid": "",
21
+ "event_creator_email": "admin@admin.test",
22
+ "Org": {
23
+ "id": "1",
24
+ "name": "ORGNAME",
25
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
26
+ },
27
+ "Orgc": {
28
+ "id": "1",
29
+ "name": "ORGNAME",
30
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
31
+ },
32
+ "Attribute": [
33
+ {
34
+ "id": "1",
35
+ "type": "comment",
36
+ "category": "Antivirus detection",
37
+ "to_ids": false,
38
+ "uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f",
39
+ "event_id": "1",
40
+ "distribution": "0",
41
+ "timestamp": "1550497961",
42
+ "comment": "Contextual commentary",
43
+ "sharing_group_id": "0",
44
+ "deleted": false,
45
+ "disable_correlation": false,
46
+ "object_id": "0",
47
+ "object_relation": null,
48
+ "value": "Value to test",
49
+ "Galaxy": [
50
+ {
51
+ "id": "15",
52
+ "uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
53
+ "name": "Botnet",
54
+ "type": "botnet",
55
+ "description": "Botnet galaxy.",
56
+ "version": "2",
57
+ "icon": "sitemap",
58
+ "namespace": "misp",
59
+ "GalaxyCluster": [
60
+ {
61
+ "id": "2511",
62
+ "collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
63
+ "type": "botnet",
64
+ "value": "Asprox",
65
+ "tag_name": "misp-galaxy:botnet=\"Asprox\"",
66
+ "description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
67
+ "galaxy_id": "15",
68
+ "source": "MISP Project",
69
+ "authors": [
70
+ "Various"
71
+ ],
72
+ "version": "18",
73
+ "uuid": "",
74
+ "tag_id": "1",
75
+ "meta": {
76
+ "date": [
77
+ "2008"
78
+ ],
79
+ "refs": [
80
+ "https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
81
+ ],
82
+ "synonyms": [
83
+ "Badsrc",
84
+ "Aseljo",
85
+ "Danmec",
86
+ "Hydraflux"
87
+ ]
88
+ }
89
+ }
90
+ ]
91
+ }
92
+ ],
93
+ "ShadowAttribute": [],
94
+ "Tag": [
95
+ {
96
+ "id": "1",
97
+ "name": "misp-galaxy:botnet=\"Asprox\"",
98
+ "colour": "#0088cc",
99
+ "exportable": true,
100
+ "user_id": "0",
101
+ "hide_tag": false,
102
+ "numerical_value": null
103
+ }
104
+ ],
105
+ "Sighting": [
106
+ {
107
+ "id": "5",
108
+ "attribute_id": "1",
109
+ "event_id": "1",
110
+ "org_id": "1",
111
+ "date_sighting": "1551253653",
112
+ "uuid": "5c764095-129c-4e81-956d-0e1a0a00020f",
113
+ "source": "",
114
+ "type": "1",
115
+ "Organisation": {
116
+ "id": "1",
117
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
118
+ "name": "ORGNAME"
119
+ },
120
+ "attribute_uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f"
121
+ }
122
+ ]
123
+ },
124
+ {
125
+ "id": "242460",
126
+ "type": "target-external",
127
+ "category": "Targeting data",
128
+ "to_ids": true,
129
+ "uuid": "5c764091-273c-4821-92ad-0e1a0a00020f",
130
+ "event_id": "1",
131
+ "distribution": "2",
132
+ "timestamp": "1551253649",
133
+ "comment": "This is a contextual comment",
134
+ "sharing_group_id": "0",
135
+ "deleted": false,
136
+ "disable_correlation": false,
137
+ "object_id": "0",
138
+ "object_relation": null,
139
+ "value": "testvalue",
140
+ "Galaxy": [],
141
+ "ShadowAttribute": [],
142
+ "Sighting": [
143
+ {
144
+ "id": "6",
145
+ "attribute_id": "242460",
146
+ "event_id": "1",
147
+ "org_id": "1",
148
+ "date_sighting": "1551253653",
149
+ "uuid": "5c764095-26ec-4de1-99f2-0e1a0a00020f",
150
+ "source": "",
151
+ "type": "0",
152
+ "Organisation": {
153
+ "id": "1",
154
+ "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
155
+ "name": "ORGNAME"
156
+ },
157
+ "attribute_uuid": "5c764091-273c-4821-92ad-0e1a0a00020f"
158
+ }
159
+ ]
160
+ }
161
+ ],
162
+ "ShadowAttribute": [],
163
+ "RelatedEvent": [],
164
+ "Galaxy": [
165
+ {
166
+ "id": "15",
167
+ "uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
168
+ "name": "Botnet",
169
+ "type": "botnet",
170
+ "description": "Botnet galaxy.",
171
+ "version": "2",
172
+ "icon": "sitemap",
173
+ "namespace": "misp",
174
+ "GalaxyCluster": [
175
+ {
176
+ "id": "2511",
177
+ "collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
178
+ "type": "botnet",
179
+ "value": "Asprox",
180
+ "tag_name": "misp-galaxy:botnet=\"Asprox\"",
181
+ "description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
182
+ "galaxy_id": "15",
183
+ "source": "MISP Project",
184
+ "authors": [
185
+ "Various"
186
+ ],
187
+ "version": "18",
188
+ "uuid": "",
189
+ "tag_id": "1",
190
+ "meta": {
191
+ "date": [
192
+ "2008"
193
+ ],
194
+ "refs": [
195
+ "https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
196
+ ],
197
+ "synonyms": [
198
+ "Badsrc",
199
+ "Aseljo",
200
+ "Danmec",
201
+ "Hydraflux"
202
+ ]
203
+ }
204
+ }
205
+ ]
206
+ }
207
+ ],
208
+ "Object": [],
209
+ "Tag": [
210
+ {
211
+ "id": "1",
212
+ "name": "misp-galaxy:botnet=\"Asprox\"",
213
+ "colour": "#0088cc",
214
+ "exportable": true,
215
+ "user_id": "0",
216
+ "hide_tag": false,
217
+ "numerical_value": null
218
+ }
219
+ ]
220
+ }
221
+ }