mirror of https://github.com/MISP/PyMISP
221 lines
8.6 KiB
JSON
221 lines
8.6 KiB
JSON
{
|
|
"Event": {
|
|
"id": "1",
|
|
"orgc_id": "1",
|
|
"org_id": "1",
|
|
"date": "2019-02-18",
|
|
"threat_level_id": "2",
|
|
"info": "This is the description",
|
|
"published": false,
|
|
"uuid": "5c6ab833-676c-42f3-95d2-034f0a00020f",
|
|
"attribute_count": "2",
|
|
"analysis": "1",
|
|
"timestamp": "1551253649",
|
|
"distribution": "1",
|
|
"proposal_email_lock": false,
|
|
"locked": false,
|
|
"publish_timestamp": "0",
|
|
"sharing_group_id": "0",
|
|
"disable_correlation": false,
|
|
"extends_uuid": "",
|
|
"event_creator_email": "admin@admin.test",
|
|
"Org": {
|
|
"id": "1",
|
|
"name": "ORGNAME",
|
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
|
|
},
|
|
"Orgc": {
|
|
"id": "1",
|
|
"name": "ORGNAME",
|
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
|
|
},
|
|
"Attribute": [
|
|
{
|
|
"id": "1",
|
|
"type": "comment",
|
|
"category": "Antivirus detection",
|
|
"to_ids": false,
|
|
"uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f",
|
|
"event_id": "1",
|
|
"distribution": "0",
|
|
"timestamp": "1550497961",
|
|
"comment": "Contextual commentary",
|
|
"sharing_group_id": "0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_id": "0",
|
|
"object_relation": null,
|
|
"value": "Value to test",
|
|
"Galaxy": [
|
|
{
|
|
"id": "15",
|
|
"uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
|
|
"name": "Botnet",
|
|
"type": "botnet",
|
|
"description": "Botnet galaxy.",
|
|
"version": "2",
|
|
"icon": "sitemap",
|
|
"namespace": "misp",
|
|
"GalaxyCluster": [
|
|
{
|
|
"id": "2511",
|
|
"collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
|
|
"type": "botnet",
|
|
"value": "Asprox",
|
|
"tag_name": "misp-galaxy:botnet=\"Asprox\"",
|
|
"description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
|
|
"galaxy_id": "15",
|
|
"source": "MISP Project",
|
|
"authors": [
|
|
"Various"
|
|
],
|
|
"version": "18",
|
|
"uuid": "",
|
|
"tag_id": "1",
|
|
"meta": {
|
|
"date": [
|
|
"2008"
|
|
],
|
|
"refs": [
|
|
"https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
|
|
],
|
|
"synonyms": [
|
|
"Badsrc",
|
|
"Aseljo",
|
|
"Danmec",
|
|
"Hydraflux"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"ShadowAttribute": [],
|
|
"Tag": [
|
|
{
|
|
"id": "1",
|
|
"name": "misp-galaxy:botnet=\"Asprox\"",
|
|
"colour": "#0088cc",
|
|
"exportable": true,
|
|
"user_id": "0",
|
|
"hide_tag": false,
|
|
"numerical_value": null
|
|
}
|
|
],
|
|
"Sighting": [
|
|
{
|
|
"id": "5",
|
|
"attribute_id": "1",
|
|
"event_id": "1",
|
|
"org_id": "1",
|
|
"date_sighting": "1551253653",
|
|
"uuid": "5c764095-129c-4e81-956d-0e1a0a00020f",
|
|
"source": "",
|
|
"type": "1",
|
|
"Organisation": {
|
|
"id": "1",
|
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
|
|
"name": "ORGNAME"
|
|
},
|
|
"attribute_uuid": "5c6ab897-0f68-44ca-8d62-0c150a00020f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "242460",
|
|
"type": "target-external",
|
|
"category": "Targeting data",
|
|
"to_ids": true,
|
|
"uuid": "5c764091-273c-4821-92ad-0e1a0a00020f",
|
|
"event_id": "1",
|
|
"distribution": "2",
|
|
"timestamp": "1551253649",
|
|
"comment": "This is a contextual comment",
|
|
"sharing_group_id": "0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_id": "0",
|
|
"object_relation": null,
|
|
"value": "testvalue",
|
|
"Galaxy": [],
|
|
"ShadowAttribute": [],
|
|
"Sighting": [
|
|
{
|
|
"id": "6",
|
|
"attribute_id": "242460",
|
|
"event_id": "1",
|
|
"org_id": "1",
|
|
"date_sighting": "1551253653",
|
|
"uuid": "5c764095-26ec-4de1-99f2-0e1a0a00020f",
|
|
"source": "",
|
|
"type": "0",
|
|
"Organisation": {
|
|
"id": "1",
|
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c",
|
|
"name": "ORGNAME"
|
|
},
|
|
"attribute_uuid": "5c764091-273c-4821-92ad-0e1a0a00020f"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"ShadowAttribute": [],
|
|
"RelatedEvent": [],
|
|
"Galaxy": [
|
|
{
|
|
"id": "15",
|
|
"uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087",
|
|
"name": "Botnet",
|
|
"type": "botnet",
|
|
"description": "Botnet galaxy.",
|
|
"version": "2",
|
|
"icon": "sitemap",
|
|
"namespace": "misp",
|
|
"GalaxyCluster": [
|
|
{
|
|
"id": "2511",
|
|
"collection_uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
|
|
"type": "botnet",
|
|
"value": "Asprox",
|
|
"tag_name": "misp-galaxy:botnet=\"Asprox\"",
|
|
"description": "The Asprox botnet (discovered around 2008), also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware.",
|
|
"galaxy_id": "15",
|
|
"source": "MISP Project",
|
|
"authors": [
|
|
"Various"
|
|
],
|
|
"version": "18",
|
|
"uuid": "",
|
|
"tag_id": "1",
|
|
"meta": {
|
|
"date": [
|
|
"2008"
|
|
],
|
|
"refs": [
|
|
"https:\/\/en.wikipedia.org\/wiki\/Asprox_botnet"
|
|
],
|
|
"synonyms": [
|
|
"Badsrc",
|
|
"Aseljo",
|
|
"Danmec",
|
|
"Hydraflux"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"Object": [],
|
|
"Tag": [
|
|
{
|
|
"id": "1",
|
|
"name": "misp-galaxy:botnet=\"Asprox\"",
|
|
"colour": "#0088cc",
|
|
"exportable": true,
|
|
"user_id": "0",
|
|
"hide_tag": false,
|
|
"numerical_value": null
|
|
}
|
|
]
|
|
}
|
|
} |