PyMISP/tests/reportlab_testfiles/sighting_1.json

305 lines
12 KiB
JSON
Raw Normal View History

{
"Event": {
"id": "60",
"orgc_id": "5",
"org_id": "1",
"date": "2018-08-01",
"threat_level_id": "3",
"info": "Ursnif, MALWAREMESSIAGH",
"published": true,
"uuid": "5b646415-7b48-40d5-86b4-c0070acd0835",
"attribute_count": "5",
"analysis": "2",
"timestamp": "1533306089",
"distribution": "3",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1550506283",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "5",
"name": "Synovus Financial",
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
},
"Attribute": [
{
"id": "8885",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835",
"event_id": "60",
"distribution": "5",
"timestamp": "1533306058",
"comment": "Ursnif",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "ooiasjdnqjwbeasdasd.com",
"Galaxy": [],
"ShadowAttribute": [],
"Sighting": [
{
"id": "8",
"attribute_id": "8885",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253950",
"uuid": "5c7641bf-a4e8-4d5d-a653-03240a00020f",
"source": "",
"type": "0",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835"
}
]
},
{
"id": "8886",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835",
"event_id": "60",
"distribution": "5",
"timestamp": "1533306058",
"comment": "Ursnif",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "eqowiesajenqweasd.com",
"Galaxy": [],
"ShadowAttribute": [],
"Sighting": [
{
"id": "9",
"attribute_id": "8886",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253959",
"uuid": "5c7641c7-f020-4643-92b4-03240a00020f",
"source": "",
"type": "1",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835"
}
]
},
{
"id": "8887",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835",
"event_id": "60",
"distribution": "5",
"timestamp": "1533306058",
"comment": "Ursnif",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "dquohwdihaewqdcas.com",
"Galaxy": [],
"ShadowAttribute": [],
"Sighting": [
{
"id": "10",
"attribute_id": "8887",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253962",
"uuid": "5c7641cb-ccc0-44ee-ab75-03240a00020f",
"source": "",
"type": "1",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835"
}
]
},
{
"id": "8888",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835",
"event_id": "60",
"distribution": "5",
"timestamp": "1533306058",
"comment": "Ursnif",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "diqjwhebseqhbasdh.com",
"Galaxy": [],
"ShadowAttribute": [],
"Sighting": [
{
"id": "11",
"attribute_id": "8888",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253968",
"uuid": "5c7641d5-58bc-4d20-9a84-05f10a00020f",
"source": "honeyp",
"type": "2",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
},
{
"id": "12",
"attribute_id": "8888",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253976",
"uuid": "5c7641db-a9a0-49b0-b536-05f10a00020f",
"source": "dede",
"type": "1",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835"
}
]
},
{
"id": "8889",
"type": "url",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835",
"event_id": "60",
"distribution": "5",
"timestamp": "1533306089",
"comment": "Ursnif dropped file",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "http:\/\/sistemait.it\/softaculous\/backup\/client.rar",
"Galaxy": [],
"ShadowAttribute": [],
"Sighting": [
{
"id": "7",
"attribute_id": "8889",
"event_id": "60",
"org_id": "1",
"date_sighting": "1551253943",
"uuid": "5c7641b7-b618-4e41-a9c9-03240a00020f",
"source": "",
"type": "0",
"Organisation": {
"id": "1",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
"name": "ORGNAME"
},
"attribute_uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835"
}
]
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [
{
"id": "4",
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
"name": "Banker",
"type": "banker",
"description": "Banking malware galaxy.",
"version": "3",
"icon": "usd",
"namespace": "misp",
"GalaxyCluster": [
{
"id": "289",
"collection_uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
"type": "banker",
"value": "Gozi",
"tag_name": "misp-galaxy:banker=\"Gozi\"",
"description": "Banking trojan delivered primarily via email (typically malspam) and exploit kits. Gozi 1.0 source leaked in 2010",
"galaxy_id": "4",
"source": "Open Sources",
"authors": [
"Unknown",
"raw-data"
],
"version": "16",
"uuid": "",
"tag_id": "86",
"meta": {
"date": [
"First seen ~ 2007"
],
"refs": [
"https:\/\/www.secureworks.com\/research\/gozi",
"https:\/\/www.gdatasoftware.com\/blog\/2016\/11\/29325-analysis-ursnif-spying-on-your-data-since-2007",
"https:\/\/lokalhost.pl\/gozi_tree.txt"
],
"synonyms": [
"Ursnif",
"CRM",
"Snifula",
"Papras"
]
}
}
]
}
],
"Object": [],
"Tag": [
{
"id": "85",
"name": "PasteBin: MALWAREMESSIAGH",
"colour": "#ab34e3",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "86",
"name": "misp-galaxy:banker=\"Gozi\"",
"colour": "#0088cc",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}
]
}
}