pymisp 2.5.7__py3-none-any.whl → 2.5.7.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (72) hide show
  1. CHANGELOG.txt +13 -0
  2. pymisp/data/misp-objects/objects/rmm/definition.json +1 -1
  3. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/METADATA +2 -2
  4. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/RECORD +6 -72
  5. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +0 -1
  6. tests/__init__.py +0 -0
  7. tests/csv_testfiles/invalid_fieldnames.csv +0 -11
  8. tests/csv_testfiles/valid_fieldnames.csv +0 -4
  9. tests/email_testfiles/mail_1.eml.zip +0 -0
  10. tests/email_testfiles/mail_1.msg +0 -0
  11. tests/email_testfiles/mail_1_bom.eml +0 -858
  12. tests/email_testfiles/mail_1_headers_only.eml +0 -28
  13. tests/email_testfiles/mail_2.eml +0 -32
  14. tests/email_testfiles/mail_3.eml +0 -170
  15. tests/email_testfiles/mail_3.msg +0 -0
  16. tests/email_testfiles/mail_4.msg +0 -0
  17. tests/email_testfiles/mail_5.msg +0 -0
  18. tests/email_testfiles/mail_multiple_to.eml +0 -15
  19. tests/email_testfiles/source +0 -1
  20. tests/git-vuln-finder-quagga.json +0 -1493
  21. tests/misp_event.json +0 -76
  22. tests/mispevent_testfiles/attribute.json +0 -21
  23. tests/mispevent_testfiles/attribute_del.json +0 -23
  24. tests/mispevent_testfiles/def_param.json +0 -53
  25. tests/mispevent_testfiles/event.json +0 -8
  26. tests/mispevent_testfiles/event_obj_attr_tag.json +0 -57
  27. tests/mispevent_testfiles/event_obj_def_param.json +0 -62
  28. tests/mispevent_testfiles/event_obj_tag.json +0 -29
  29. tests/mispevent_testfiles/event_tags.json +0 -18
  30. tests/mispevent_testfiles/existing_event.json +0 -4599
  31. tests/mispevent_testfiles/existing_event_edited.json +0 -4601
  32. tests/mispevent_testfiles/galaxy.json +0 -25
  33. tests/mispevent_testfiles/malware.json +0 -19
  34. tests/mispevent_testfiles/malware_exist.json +0 -163
  35. tests/mispevent_testfiles/misp_custom_obj.json +0 -38
  36. tests/mispevent_testfiles/overwrite_file/definition.json +0 -457
  37. tests/mispevent_testfiles/proposals.json +0 -35
  38. tests/mispevent_testfiles/shadow.json +0 -148
  39. tests/mispevent_testfiles/sighting.json +0 -5
  40. tests/mispevent_testfiles/simple.json +0 -2
  41. tests/mispevent_testfiles/test_object_template/definition.json +0 -29
  42. tests/new_misp_event.json +0 -34
  43. tests/reportlab_testfiles/HTML_event.json +0 -1
  44. tests/reportlab_testfiles/galaxy_1.json +0 -1250
  45. tests/reportlab_testfiles/image_event.json +0 -2490
  46. tests/reportlab_testfiles/japanese_test.json +0 -156
  47. tests/reportlab_testfiles/japanese_test_heavy.json +0 -318
  48. tests/reportlab_testfiles/long_event.json +0 -3730
  49. tests/reportlab_testfiles/mainly_objects_1.json +0 -1092
  50. tests/reportlab_testfiles/mainly_objects_2.json +0 -977
  51. tests/reportlab_testfiles/sighting_1.json +0 -305
  52. tests/reportlab_testfiles/sighting_2.json +0 -221
  53. tests/reportlab_testfiles/to_delete1.json +0 -804
  54. tests/reportlab_testfiles/to_delete2.json +0 -1
  55. tests/reportlab_testfiles/to_delete3.json +0 -1
  56. tests/reportlab_testfiles/very_long_event.json +0 -1006
  57. tests/reportlab_testoutputs/to_delete1.json.pdf +0 -391
  58. tests/reportlab_testoutputs/to_delete2.json.pdf +0 -506
  59. tests/reportlab_testoutputs/to_delete3.json.pdf +0 -277
  60. tests/search_index_result.json +0 -69
  61. tests/sharing_groups.json +0 -98
  62. tests/stix1.xml-utf8 +0 -110
  63. tests/stix2.json +0 -1
  64. tests/test_analyst_data.py +0 -123
  65. tests/test_emailobject.py +0 -157
  66. tests/test_fileobject.py +0 -20
  67. tests/test_mispevent.py +0 -473
  68. tests/test_reportlab.py +0 -431
  69. tests/testlive_comprehensive.py +0 -3734
  70. tests/testlive_sync.py +0 -474
  71. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/LICENSE +0 -0
  72. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/WHEEL +0 -0
tests/reportlab_testfiles/sighting_1.json DELETED
@@ -1,305 +0,0 @@
1
- {
2
- "Event": {
3
- "id": "60",
4
- "orgc_id": "5",
5
- "org_id": "1",
6
- "date": "2018-08-01",
7
- "threat_level_id": "3",
8
- "info": "Ursnif, MALWAREMESSIAGH",
9
- "published": true,
10
- "uuid": "5b646415-7b48-40d5-86b4-c0070acd0835",
11
- "attribute_count": "5",
12
- "analysis": "2",
13
- "timestamp": "1533306089",
14
- "distribution": "3",
15
- "proposal_email_lock": false,
16
- "locked": false,
17
- "publish_timestamp": "1550506283",
18
- "sharing_group_id": "0",
19
- "disable_correlation": false,
20
- "extends_uuid": "",
21
- "Org": {
22
- "id": "1",
23
- "name": "ORGNAME",
24
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
25
- },
26
- "Orgc": {
27
- "id": "5",
28
- "name": "Synovus Financial",
29
- "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
30
- },
31
- "Attribute": [
32
- {
33
- "id": "8885",
34
- "type": "domain",
35
- "category": "Network activity",
36
- "to_ids": true,
37
- "uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835",
38
- "event_id": "60",
39
- "distribution": "5",
40
- "timestamp": "1533306058",
41
- "comment": "Ursnif",
42
- "sharing_group_id": "0",
43
- "deleted": false,
44
- "disable_correlation": false,
45
- "object_id": "0",
46
- "object_relation": null,
47
- "value": "ooiasjdnqjwbeasdasd.com",
48
- "Galaxy": [],
49
- "ShadowAttribute": [],
50
- "Sighting": [
51
- {
52
- "id": "8",
53
- "attribute_id": "8885",
54
- "event_id": "60",
55
- "org_id": "1",
56
- "date_sighting": "1551253950",
57
- "uuid": "5c7641bf-a4e8-4d5d-a653-03240a00020f",
58
- "source": "",
59
- "type": "0",
60
- "Organisation": {
61
- "id": "1",
62
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
63
- "name": "ORGNAME"
64
- },
65
- "attribute_uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835"
66
- }
67
- ]
68
- },
69
- {
70
- "id": "8886",
71
- "type": "domain",
72
- "category": "Network activity",
73
- "to_ids": true,
74
- "uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835",
75
- "event_id": "60",
76
- "distribution": "5",
77
- "timestamp": "1533306058",
78
- "comment": "Ursnif",
79
- "sharing_group_id": "0",
80
- "deleted": false,
81
- "disable_correlation": false,
82
- "object_id": "0",
83
- "object_relation": null,
84
- "value": "eqowiesajenqweasd.com",
85
- "Galaxy": [],
86
- "ShadowAttribute": [],
87
- "Sighting": [
88
- {
89
- "id": "9",
90
- "attribute_id": "8886",
91
- "event_id": "60",
92
- "org_id": "1",
93
- "date_sighting": "1551253959",
94
- "uuid": "5c7641c7-f020-4643-92b4-03240a00020f",
95
- "source": "",
96
- "type": "1",
97
- "Organisation": {
98
- "id": "1",
99
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
100
- "name": "ORGNAME"
101
- },
102
- "attribute_uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835"
103
- }
104
- ]
105
- },
106
- {
107
- "id": "8887",
108
- "type": "domain",
109
- "category": "Network activity",
110
- "to_ids": true,
111
- "uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835",
112
- "event_id": "60",
113
- "distribution": "5",
114
- "timestamp": "1533306058",
115
- "comment": "Ursnif",
116
- "sharing_group_id": "0",
117
- "deleted": false,
118
- "disable_correlation": false,
119
- "object_id": "0",
120
- "object_relation": null,
121
- "value": "dquohwdihaewqdcas.com",
122
- "Galaxy": [],
123
- "ShadowAttribute": [],
124
- "Sighting": [
125
- {
126
- "id": "10",
127
- "attribute_id": "8887",
128
- "event_id": "60",
129
- "org_id": "1",
130
- "date_sighting": "1551253962",
131
- "uuid": "5c7641cb-ccc0-44ee-ab75-03240a00020f",
132
- "source": "",
133
- "type": "1",
134
- "Organisation": {
135
- "id": "1",
136
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
137
- "name": "ORGNAME"
138
- },
139
- "attribute_uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835"
140
- }
141
- ]
142
- },
143
- {
144
- "id": "8888",
145
- "type": "domain",
146
- "category": "Network activity",
147
- "to_ids": true,
148
- "uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835",
149
- "event_id": "60",
150
- "distribution": "5",
151
- "timestamp": "1533306058",
152
- "comment": "Ursnif",
153
- "sharing_group_id": "0",
154
- "deleted": false,
155
- "disable_correlation": false,
156
- "object_id": "0",
157
- "object_relation": null,
158
- "value": "diqjwhebseqhbasdh.com",
159
- "Galaxy": [],
160
- "ShadowAttribute": [],
161
- "Sighting": [
162
- {
163
- "id": "11",
164
- "attribute_id": "8888",
165
- "event_id": "60",
166
- "org_id": "1",
167
- "date_sighting": "1551253968",
168
- "uuid": "5c7641d5-58bc-4d20-9a84-05f10a00020f",
169
- "source": "honeyp",
170
- "type": "2",
171
- "Organisation": {
172
- "id": "1",
173
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
174
- "name": "ORGNAME"
175
- },
176
- "attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
177
- },
178
- {
179
- "id": "12",
180
- "attribute_id": "8888",
181
- "event_id": "60",
182
- "org_id": "1",
183
- "date_sighting": "1551253976",
184
- "uuid": "5c7641db-a9a0-49b0-b536-05f10a00020f",
185
- "source": "dede",
186
- "type": "1",
187
- "Organisation": {
188
- "id": "1",
189
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
190
- "name": "ORGNAME"
191
- },
192
- "attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
193
- }
194
- ]
195
- },
196
- {
197
- "id": "8889",
198
- "type": "url",
199
- "category": "Payload delivery",
200
- "to_ids": true,
201
- "uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835",
202
- "event_id": "60",
203
- "distribution": "5",
204
- "timestamp": "1533306089",
205
- "comment": "Ursnif dropped file",
206
- "sharing_group_id": "0",
207
- "deleted": false,
208
- "disable_correlation": false,
209
- "object_id": "0",
210
- "object_relation": null,
211
- "value": "http:\/\/sistemait.it\/softaculous\/backup\/client.rar",
212
- "Galaxy": [],
213
- "ShadowAttribute": [],
214
- "Sighting": [
215
- {
216
- "id": "7",
217
- "attribute_id": "8889",
218
- "event_id": "60",
219
- "org_id": "1",
220
- "date_sighting": "1551253943",
221
- "uuid": "5c7641b7-b618-4e41-a9c9-03240a00020f",
222
- "source": "",
223
- "type": "0",
224
- "Organisation": {
225
- "id": "1",
226
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
227
- "name": "ORGNAME"
228
- },
229
- "attribute_uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835"
230
- }
231
- ]
232
- }
233
- ],
234
- "ShadowAttribute": [],
235
- "RelatedEvent": [],
236
- "Galaxy": [
237
- {
238
- "id": "4",
239
- "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
240
- "name": "Banker",
241
- "type": "banker",
242
- "description": "Banking malware galaxy.",
243
- "version": "3",
244
- "icon": "usd",
245
- "namespace": "misp",
246
- "GalaxyCluster": [
247
- {
248
- "id": "289",
249
- "collection_uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
250
- "type": "banker",
251
- "value": "Gozi",
252
- "tag_name": "misp-galaxy:banker=\"Gozi\"",
253
- "description": "Banking trojan delivered primarily via email (typically malspam) and exploit kits. Gozi 1.0 source leaked in 2010",
254
- "galaxy_id": "4",
255
- "source": "Open Sources",
256
- "authors": [
257
- "Unknown",
258
- "raw-data"
259
- ],
260
- "version": "16",
261
- "uuid": "",
262
- "tag_id": "86",
263
- "meta": {
264
- "date": [
265
- "First seen ~ 2007"
266
- ],
267
- "refs": [
268
- "https:\/\/www.secureworks.com\/research\/gozi",
269
- "https:\/\/www.gdatasoftware.com\/blog\/2016\/11\/29325-analysis-ursnif-spying-on-your-data-since-2007",
270
- "https:\/\/lokalhost.pl\/gozi_tree.txt"
271
- ],
272
- "synonyms": [
273
- "Ursnif",
274
- "CRM",
275
- "Snifula",
276
- "Papras"
277
- ]
278
- }
279
- }
280
- ]
281
- }
282
- ],
283
- "Object": [],
284
- "Tag": [
285
- {
286
- "id": "85",
287
- "name": "PasteBin: MALWAREMESSIAGH",
288
- "colour": "#ab34e3",
289
- "exportable": true,
290
- "user_id": "0",
291
- "hide_tag": false,
292
- "numerical_value": null
293
- },
294
- {
295
- "id": "86",
296
- "name": "misp-galaxy:banker=\"Gozi\"",
297
- "colour": "#0088cc",
298
- "exportable": true,
299
- "user_id": "0",
300
- "hide_tag": false,
301
- "numerical_value": null
302
- }
303
- ]
304
- }
305
- }
tests/reportlab_testfiles/sighting_2.json DELETED
@@ -1,221 +0,0 @@
1
- {
2
- "Event": {
3
- "id": "1",
4
- "orgc_id": "1",
5
- "org_id": "1",
6
- "date": "2019-02-18",
7
- "threat_level_id": "2",
8
- "info": "This is the description",
9
- "published": false,
10
- "uuid": "5c6ab833-676c-42f3-95d2-034f0a00020f",
11
- "attribute_count": "2",
12
- "analysis": "1",
13
- "timestamp": "1551253649",
14
- "distribution": "1",
15
- "proposal_email_lock": false,
16
- "locked": false,
17
- "publish_timestamp": "0",
18
- "sharing_group_id": "0",
19
- "disable_correlation": false,
20
- "extends_uuid": "",
21
- "event_creator_email": "admin@admin.test",
22
- "Org": {
23
- "id": "1",
24
- "name": "ORGNAME",
25
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
26
- },
27
- "Orgc": {
28
- "id": "1",
29
- "name": "ORGNAME",
30
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
31
- },
32
- "Attribute": [
33
- {
34
- "id": "1",
35
- "type": "comment",
36
- "category": "Antivirus detection",
37
- "to_ids": false,
38
- "uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f",
39
- "event_id": "1",
40
- "distribution": "0",
41
- "timestamp": "1550497961",
42
- "comment": "Contextual commentary",
43
- "sharing_group_id": "0",
44
- "deleted": false,
45
- "disable_correlation": false,
46
- "object_id": "0",
47
- "object_relation": null,
48
- "value": "Value to test",
49
- "Galaxy": [
50
- {
51
- "id": "15",
52
- "uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
53
- "name": "Botnet",
54
- "type": "botnet",
55
- "description": "Botnet galaxy.",
56
- "version": "2",
57
- "icon": "sitemap",
58
- "namespace": "misp",
59
- "GalaxyCluster": [
60
- {
61
- "id": "2511",
62
- "collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
63
- "type": "botnet",
64
- "value": "Asprox",
65
- "tag_name": "misp-galaxy:botnet=\"Asprox\"",
66
- "description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
67
- "galaxy_id": "15",
68
- "source": "MISP Project",
69
- "authors": [
70
- "Various"
71
- ],
72
- "version": "18",
73
- "uuid": "",
74
- "tag_id": "1",
75
- "meta": {
76
- "date": [
77
- "2008"
78
- ],
79
- "refs": [
80
- "https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
81
- ],
82
- "synonyms": [
83
- "Badsrc",
84
- "Aseljo",
85
- "Danmec",
86
- "Hydraflux"
87
- ]
88
- }
89
- }
90
- ]
91
- }
92
- ],
93
- "ShadowAttribute": [],
94
- "Tag": [
95
- {
96
- "id": "1",
97
- "name": "misp-galaxy:botnet=\"Asprox\"",
98
- "colour": "#0088cc",
99
- "exportable": true,
100
- "user_id": "0",
101
- "hide_tag": false,
102
- "numerical_value": null
103
- }
104
- ],
105
- "Sighting": [
106
- {
107
- "id": "5",
108
- "attribute_id": "1",
109
- "event_id": "1",
110
- "org_id": "1",
111
- "date_sighting": "1551253653",
112
- "uuid": "5c764095-129c-4e81-956d-0e1a0a00020f",
113
- "source": "",
114
- "type": "1",
115
- "Organisation": {
116
- "id": "1",
117
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
118
- "name": "ORGNAME"
119
- },
120
- "attribute_uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f"
121
- }
122
- ]
123
- },
124
- {
125
- "id": "242460",
126
- "type": "target-external",
127
- "category": "Targeting data",
128
- "to_ids": true,
129
- "uuid": "5c764091-273c-4821-92ad-0e1a0a00020f",
130
- "event_id": "1",
131
- "distribution": "2",
132
- "timestamp": "1551253649",
133
- "comment": "This is a contextual comment",
134
- "sharing_group_id": "0",
135
- "deleted": false,
136
- "disable_correlation": false,
137
- "object_id": "0",
138
- "object_relation": null,
139
- "value": "testvalue",
140
- "Galaxy": [],
141
- "ShadowAttribute": [],
142
- "Sighting": [
143
- {
144
- "id": "6",
145
- "attribute_id": "242460",
146
- "event_id": "1",
147
- "org_id": "1",
148
- "date_sighting": "1551253653",
149
- "uuid": "5c764095-26ec-4de1-99f2-0e1a0a00020f",
150
- "source": "",
151
- "type": "0",
152
- "Organisation": {
153
- "id": "1",
154
- "uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
155
- "name": "ORGNAME"
156
- },
157
- "attribute_uuid": "5c764091-273c-4821-92ad-0e1a0a00020f"
158
- }
159
- ]
160
- }
161
- ],
162
- "ShadowAttribute": [],
163
- "RelatedEvent": [],
164
- "Galaxy": [
165
- {
166
- "id": "15",
167
- "uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
168
- "name": "Botnet",
169
- "type": "botnet",
170
- "description": "Botnet galaxy.",
171
- "version": "2",
172
- "icon": "sitemap",
173
- "namespace": "misp",
174
- "GalaxyCluster": [
175
- {
176
- "id": "2511",
177
- "collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
178
- "type": "botnet",
179
- "value": "Asprox",
180
- "tag_name": "misp-galaxy:botnet=\"Asprox\"",
181
- "description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
182
- "galaxy_id": "15",
183
- "source": "MISP Project",
184
- "authors": [
185
- "Various"
186
- ],
187
- "version": "18",
188
- "uuid": "",
189
- "tag_id": "1",
190
- "meta": {
191
- "date": [
192
- "2008"
193
- ],
194
- "refs": [
195
- "https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
196
- ],
197
- "synonyms": [
198
- "Badsrc",
199
- "Aseljo",
200
- "Danmec",
201
- "Hydraflux"
202
- ]
203
- }
204
- }
205
- ]
206
- }
207
- ],
208
- "Object": [],
209
- "Tag": [
210
- {
211
- "id": "1",
212
- "name": "misp-galaxy:botnet=\"Asprox\"",
213
- "colour": "#0088cc",
214
- "exportable": true,
215
- "user_id": "0",
216
- "hide_tag": false,
217
- "numerical_value": null
218
- }
219
- ]
220
- }
221
- }