diff --git a/.travis.yml b/.travis.yml index ab748c983..19bc05129 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,6 +33,10 @@ addons: - python-pip - php5-mysql + +before_install: + - git config --global user.name "TravisCI" + install: - git pull --recurse-submodules && git submodule update - pip install --user pyzmq @@ -103,6 +107,7 @@ install: - sudo usermod -a -G www-data $USER - sudo -E su $USER -c 'app/Console/cake userInit -q | sudo tee ./key.txt' - sudo chmod 777 ./key.txt + - sudo chmod -R 777 ./tests - sudo chown -R www-data:www-data `pwd` - sudo chmod +x /home/travis/build - sudo chmod +x /home/travis @@ -119,13 +124,15 @@ before_script: - popd script: + - pushd tests + - ./curl_tests.sh $AUTH + - popd - pushd PyMISP - coverage run setup.py test - popd after_failure: - curl http://misp.local - - cat /etc/apache2/envvars - cat /etc/apache2/sites-available/misp.local.conf - sudo ls -l /var/log/apache2 - sudo cat `pwd`/app/tmp/logs/error.log @@ -134,7 +141,6 @@ after_failure: - sudo cat /var/log/apache2/misp.local_error.log - sudo cat /var/log/apache2/misp.local_access.log - pwd - - sudo ls -lR /home after_success: diff --git a/tests/curl_tests.sh b/tests/curl_tests.sh new file mode 100755 index 000000000..065631749 --- /dev/null +++ b/tests/curl_tests.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -e +set -x + +AUTH="$1" + +curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: $AUTH" --data "@event.json" -X POST http://misp.local/events +curl -H "Authorization: $AUTH" -X GET http://misp.local/events/csv/download/1 | sed -e 's/^M//g' | cut -d, -f2 --complement > 1.csv +cat 1.csv +cut -d, -f2 --complement event.csv > compare.csv +diff compare.csv 1.csv diff --git a/tests/event.csv b/tests/event.csv new file mode 100644 index 000000000..cad5d5529 --- /dev/null +++ b/tests/event.csv @@ -0,0 +1,31 @@ +uuid,event_id,category,type,value,comment,to_ids,date +548847d8-01e0-4231-a739-15bb950d210b,750,Payload installation,md5,"744c07e886497f7b68f6f7fe57b7ab54","Regin samples collected.",1,20141210 +548847d8-05f8-49e7-af79-15bb950d210b,750,Payload installation,md5,"47d0e8f9d7a6429920329207a32ecc2e","Regin samples collected.",1,20141210 +548847d8-3fbc-4a06-ba82-15bb950d210b,750,Payload installation,md5,"2c8b9d2885543d7ade3cae98225e263b","Regin samples collected.",1,20141210 +548847d8-9db0-4df6-8206-15bb950d210b,750,Payload installation,md5,"26297dc3cd0b688de3b846983c5385e5","Regin samples collected.",1,20141210 +548847d8-a33c-41f3-9f7a-15bb950d210b,750,Payload installation,md5,"01c2f321b6bfdb9473c079b0797567ba","Regin samples collected.",1,20141210 +548847d8-c950-48eb-b960-15bb950d210b,750,Payload installation,md5,"4b6b86c7fec1c574706cecedf44abded","Regin samples collected.",1,20141210 +548847d9-1404-4331-ae3c-15bb950d210b,750,Payload installation,md5,"90fecc6a89b2e22d82d58878d93477d4","Regin samples collected.",1,20141210 +548847d9-39dc-4247-b23d-15bb950d210b,750,Payload installation,md5,"06665b96e293b23acc80451abb413e50","Regin samples collected.",1,20141210 +548847d9-3b28-449e-b527-15bb950d210b,750,Payload installation,md5,"e94393561901895cb0783edc34740fd4","Regin samples collected.",1,20141210 +548847d9-4020-41da-b5f3-15bb950d210b,750,Payload installation,md5,"db405ad775ac887a337b02ea8b07fddc","Regin samples collected.",1,20141210 +548847d9-6340-44a0-8f33-15bb950d210b,750,Payload installation,md5,"ffb0b9b5b610191051a7bdf0806e1e47","Regin samples collected.",1,20141210 +548847d9-8b18-4654-9766-15bb950d210b,750,Payload installation,md5,"f3ffc2aaaa1e2ab55ec26ff098653347","Regin samples collected.",1,20141210 +548847d9-a564-4178-b8e6-15bb950d210b,750,Payload installation,md5,"6662c390b2bbbd291ec7987388fc75d7","Regin samples collected.",1,20141210 +548847d9-afe0-4531-a4b0-15bb950d210b,750,Payload installation,md5,"187044596bc1328efa0ed636d8aa4a5c","Regin samples collected.",1,20141210 +548847d9-b63c-4c95-a2bd-15bb950d210b,750,Payload installation,md5,"1800def71006ca6790767e202fae9b9a","Regin samples collected.",1,20141210 +548847d9-e6fc-4b93-a773-15bb950d210b,750,Payload installation,md5,"bfbe8c3ee78750c3a520480700e440f8","Regin samples collected.",1,20141210 +548847d9-fd54-4e49-909b-15bb950d210b,750,Payload installation,md5,"89003e9a1ae635c97ebad07aebc67f00","Regin samples collected.",1,20141210 +548847da-1660-4562-a1f8-15bb950d210b,750,Payload installation,md5,"b505d65721bb2453d5039a389113b566","Regin samples collected.",1,20141210 +548847da-2134-43d7-ba22-15bb950d210b,750,Payload installation,md5,"8fcf4e53ece6111758a1dd3139dc7cad","Regin samples collected.",1,20141210 +548847da-3e40-4ab2-a5eb-15bb950d210b,750,Payload installation,md5,"1c024e599ac055312a4ab75b3950040a","Regin samples collected.",1,20141210 +548847da-49c0-404d-ae42-15bb950d210b,750,Payload installation,md5,"d240f06e98c8d3e647cbf4d442d79475","Regin samples collected.",1,20141210 +548847da-71ec-4b2b-bae5-15bb950d210b,750,Payload installation,md5,"148c1bb9d405d717252c77593aff4bd8","Regin samples collected.",1,20141210 +548847da-9798-4b6d-b422-15bb950d210b,750,Payload installation,md5,"ba7bb65634ce1e30c1e5415be3d1db1d","Regin samples collected.",1,20141210 +548847da-ac78-474c-86fe-15bb950d210b,750,Payload installation,md5,"b29ca4f22ae7b7b25f79c1d4a421139d","Regin samples collected.",1,20141210 +548847da-c2d0-4d24-821e-15bb950d210b,750,Payload installation,md5,"b269894f434657db2b15949641a67532","Regin samples collected.",1,20141210 +548847da-ffe4-4a90-9f2a-15bb950d210b,750,Payload installation,md5,"22bfc970f707fd775d49e875b63c2f0c","Regin samples collected.",1,20141210 +548847db-060c-4275-a0c7-15bb950d210b,750,Payload installation,md5,"049436bb90f71cf38549817d9b90e2da","Regin samples collected.",1,20141210 +5488486c-1418-4624-b87c-15ba950d210b,750,Artifacts dropped,regkey,"Class\{4F20E605-9452-4787-B793-D0204917CA58}","",1,20141210 +5488486c-47ec-4952-8e60-15ba950d210b,750,Artifacts dropped,regkey,"Class\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}","",1,20141210 +5488486c-a044-4c31-830c-15ba950d210b,750,Artifacts dropped,regkey,"HKLM\System\CurrentControlSet\Control\","",1,20141210 diff --git a/tests/event.json b/tests/event.json new file mode 100644 index 000000000..bc9db7f86 --- /dev/null +++ b/tests/event.json @@ -0,0 +1,1495 @@ +{ + "Event": { + "id": "750", + "orgc_id": "2", + "org_id": "2", + "date": "2014-12-10", + "threat_level_id": "1", + "info": "OSINT - F-Secure W32/Regin, Stage #1", + "published": true, + "uuid": "54884656-2da8-4625-bf07-43ef950d210b", + "attribute_count": "39", + "analysis": "2", + "timestamp": "1418217625", + "distribution": "3", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1418217647", + "sharing_group_id": "0", + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Attribute": [ + { + "id": "96642", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-f2a8-46ff-be58-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "abiosdsk.sys", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + } + ] + }, + { + "id": "96643", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-2608-4fe6-959e-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "ser8uart.sys", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + } + ] + }, + { + "id": "96644", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-93a4-4fb0-aeba-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "usbclass.sys", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96645", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-983c-4e4c-a692-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "pcidump.sys", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96646", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-5134-460e-bea2-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "atdisk.sys", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96647", + "type": "filename", + "category": "Artifacts dropped", + "to_ids": false, + "uuid": "54884832-6fb4-4c63-937c-1ac6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217522", + "comment": "", + "sharing_group_id": "0", + "value": "rdpmdd.sys", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96648", + "type": "regkey", + "category": "Artifacts dropped", + "to_ids": true, + "uuid": "5488486c-a044-4c31-830c-15ba950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217580", + "comment": "", + "sharing_group_id": "0", + "value": "HKLM\\System\\CurrentControlSet\\Control\\", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96649", + "type": "regkey", + "category": "Artifacts dropped", + "to_ids": true, + "uuid": "5488486c-47ec-4952-8e60-15ba950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217580", + "comment": "", + "sharing_group_id": "0", + "value": "Class\\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96650", + "type": "regkey", + "category": "Artifacts dropped", + "to_ids": true, + "uuid": "5488486c-1418-4624-b87c-15ba950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217580", + "comment": "", + "sharing_group_id": "0", + "value": "Class\\{4F20E605-9452-4787-B793-D0204917CA58}", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96614", + "type": "link", + "category": "External analysis", + "to_ids": false, + "uuid": "5488466a-f0d0-4b58-89a5-15bc950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217066", + "comment": "", + "sharing_group_id": "0", + "value": "https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96651", + "type": "text", + "category": "External analysis", + "to_ids": false, + "uuid": "5488488d-a4ec-4b40-bd7d-15c7950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217613", + "comment": "", + "sharing_group_id": "0", + "value": "In this document we analyze a set of 32-bit samples\r\nwhich represents stage #1 of the complex threat that is\r\nknown as Regin. Based on our analysis of the malware’s\r\nfunctionalities, this part of the Regin threat can be\r\nconsidered just a support module — its sole purpose\r\nis to facilitate and enable the operations of stage #2\r\nby loading it and making it more difficult to detect by\r\nsecurity products.\r\nRegin’s stage #1 targets the Windows platform and\r\nsupport various versions of the operating system,\r\nbeginning with Windows NT 4.0. Based on our analysis,\r\nthe samples may be classified into two categories: “pure”\r\nsamples that do not feature any extra, non-malicious\r\ncode; and “augmented” ones which feature malware\r\ncode as part of another device driver. The existence of\r\n“augmented” samples indicates the intention of the\r\nattacker to remain undiscovered for as long as possible.\r\nWhen activated, samples of Regin stage #1 will\r\nretrieve encrypted content from specific locations of\r\nan already compromised system, map it into kernel\r\nmemory and transfer control to it. In terms of technical\r\nsophistication, stage #1’s import resolution process is\r\nof particular interest, as the malware uses the unusual\r\n“trampoline” technique to mask the payload’s access to\r\nAPI functions.\r\nIt is clear that this support component, that represents\r\nthe initial stage of a very complex threat, has been\r\ninstrumental in securing long-term persistence in the\r\nattacks that made use of this threat.", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96652", + "type": "text", + "category": "Other", + "to_ids": false, + "uuid": "54884899-35b8-48a3-9da2-15c6950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217625", + "comment": "", + "sharing_group_id": "0", + "value": "Regin", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2824", + "org_id": "2", + "info": "OSINT: An analysis of Regin’s Hopscotch and Legspin" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "833", + "org_id": "2", + "info": "OSINT - An analysis of Regin's Hopscotch and Legspin" + }, + { + "id": "759", + "org_id": "26", + "info": "OSINT F-Secure W64/Regin, Stage #1" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "726", + "org_id": "2", + "info": "Regin fake certificates thumbprints" + }, + { + "id": "715", + "org_id": "26", + "info": "OSINT Regin samples shared by VirusShare" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "700", + "org_id": "2", + "info": "Regin Yara rules" + }, + { + "id": "699", + "org_id": "2", + "info": "OSINT - The Regin Espionage Toolkit" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96615", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-9db0-4df6-8206-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "26297dc3cd0b688de3b846983c5385e5", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + } + ] + }, + { + "id": "96616", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-05f8-49e7-af79-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "47d0e8f9d7a6429920329207a32ecc2e", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "715", + "org_id": "26", + "info": "OSINT Regin samples shared by VirusShare" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + } + ] + }, + { + "id": "96617", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-a33c-41f3-9f7a-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "01c2f321b6bfdb9473c079b0797567ba", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + } + ] + }, + { + "id": "96618", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-c950-48eb-b960-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "4b6b86c7fec1c574706cecedf44abded", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96619", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-01e0-4231-a739-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "744c07e886497f7b68f6f7fe57b7ab54", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "715", + "org_id": "26", + "info": "OSINT Regin samples shared by VirusShare" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + } + ] + }, + { + "id": "96620", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d8-3fbc-4a06-ba82-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217432", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "2c8b9d2885543d7ade3cae98225e263b", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96621", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-8b18-4654-9766-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "f3ffc2aaaa1e2ab55ec26ff098653347", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96622", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-3b28-449e-b527-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "e94393561901895cb0783edc34740fd4", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96623", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-e6fc-4b93-a773-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "bfbe8c3ee78750c3a520480700e440f8", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96624", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-fd54-4e49-909b-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "89003e9a1ae635c97ebad07aebc67f00", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96625", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-b63c-4c95-a2bd-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "1800def71006ca6790767e202fae9b9a", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96626", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-1404-4331-ae3c-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "90fecc6a89b2e22d82d58878d93477d4", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96627", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-4020-41da-b5f3-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "db405ad775ac887a337b02ea8b07fddc", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + } + ] + }, + { + "id": "96628", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-a564-4178-b8e6-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "6662c390b2bbbd291ec7987388fc75d7", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96629", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-39dc-4247-b23d-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "06665b96e293b23acc80451abb413e50", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96630", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-6340-44a0-8f33-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "ffb0b9b5b610191051a7bdf0806e1e47", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96631", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847d9-afe0-4531-a4b0-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217433", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "187044596bc1328efa0ed636d8aa4a5c", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96632", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-ac78-474c-86fe-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "b29ca4f22ae7b7b25f79c1d4a421139d", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "715", + "org_id": "26", + "info": "OSINT Regin samples shared by VirusShare" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96633", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-49c0-404d-ae42-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "d240f06e98c8d3e647cbf4d442d79475", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96634", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-2134-43d7-ba22-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "8fcf4e53ece6111758a1dd3139dc7cad", + "SharingGroup": [], + "ShadowAttribute": [] + }, + { + "id": "96635", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-71ec-4b2b-bae5-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "148c1bb9d405d717252c77593aff4bd8", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + } + ] + }, + { + "id": "96636", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-3e40-4ab2-a5eb-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "1c024e599ac055312a4ab75b3950040a", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96637", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-c2d0-4d24-821e-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "b269894f434657db2b15949641a67532", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "715", + "org_id": "26", + "info": "OSINT Regin samples shared by VirusShare" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96638", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-9798-4b6d-b422-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "ba7bb65634ce1e30c1e5415be3d1db1d", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96639", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-ffe4-4a90-9f2a-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "22bfc970f707fd775d49e875b63c2f0c", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + } + ] + }, + { + "id": "96640", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847da-1660-4562-a1f8-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217434", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "b505d65721bb2453d5039a389113b566", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "2825", + "org_id": "2", + "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" + }, + { + "id": "2006", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" + }, + { + "id": "730", + "org_id": "26", + "info": "Regin Scanner" + }, + { + "id": "714", + "org_id": "3", + "info": "Script to detect Regin VFS" + }, + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + }, + { + "id": "709", + "org_id": "2", + "info": "OSINT - Regin: Nation-state ownage of GSM networks" + }, + { + "id": "697", + "org_id": "2", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" + } + ] + }, + { + "id": "96641", + "type": "md5", + "category": "Payload installation", + "to_ids": true, + "uuid": "548847db-060c-4275-a0c7-15bb950d210b", + "event_id": "750", + "distribution": "3", + "timestamp": "1418217435", + "comment": "Regin samples collected.", + "sharing_group_id": "0", + "value": "049436bb90f71cf38549817d9b90e2da", + "SharingGroup": [], + "ShadowAttribute": [], + "RelatedAttribute": [ + { + "id": "710", + "org_id": "26", + "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" + } + ] + } + ], + "ShadowAttribute": [], + "RelatedEvent": [ + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "2006", + "date": "2015-08-27", + "threat_level_id": "1", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec", + "published": true, + "uuid": "55df7369-7d68-428b-aa03-4f5d950d210b", + "analysis": "2", + "timestamp": "1440752388", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + }, + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "833", + "date": "2015-01-22", + "threat_level_id": "1", + "info": "OSINT - An analysis of Regin's Hopscotch and Legspin", + "published": true, + "uuid": "54c0ce92-9d00-42b7-8cfc-f03f950d210b", + "analysis": "2", + "timestamp": "1422266910", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + }, + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "697", + "date": "2014-11-24", + "threat_level_id": "1", + "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance", + "published": true, + "uuid": "5472cdc5-3e3c-47c9-a3b1-47be950d210b", + "analysis": "2", + "timestamp": "1416818985", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + }, + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "699", + "date": "2014-11-24", + "threat_level_id": "1", + "info": "OSINT - The Regin Espionage Toolkit", + "published": true, + "uuid": "5472fbd1-1a38-484a-b3f4-4502950d210b", + "analysis": "2", + "timestamp": "1416821880", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + }, + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "700", + "date": "2014-11-24", + "threat_level_id": "1", + "info": "Regin Yara rules", + "published": true, + "uuid": "5473051e-2db8-4467-b6d5-4b1d950d210b", + "analysis": "1", + "timestamp": "1417157341", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + }, + { + "Org": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Orgc": { + "id": "2", + "name": "CIRCL", + "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" + }, + "Event": [ + { + "id": "709", + "date": "2014-11-24", + "threat_level_id": "1", + "info": "OSINT - Regin: Nation-state ownage of GSM networks", + "published": true, + "uuid": "5473429a-bc10-498d-a195-46e2950d2109", + "analysis": "2", + "timestamp": "1416843113", + "distribution": "3", + "org_id": "2", + "orgc_id": "2" + } + ] + } + ], + "Tag": [ + { + "id": "1", + "name": "Type:OSINT", + "colour": "#1eed40", + "exportable": true + } + ] + } +}