search

CYBEX-P / cybexp-cs

1 stars 0 forks source link

input.plugin.plugin_comm.post_event: requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)) #13

Open qclassified opened 5 years ago

qclassified commented 5 years ago 
ERROR:root:api.input.plugin.plugin_comm.CybInp -- 

{"Event": {"id": "667", "orgc_id": "8", "org_id": "2", "date": "2015-01-11", "threat_level_id": "3", "info": "OSINT DTL-12012015-01: Hong Kong SWC attack from Dragon Threat Labs", "published": true, "uuid": "54b4edfc-7f48-4b02-b488-4f83950d210b", "attribute_count": "40", "analysis": "2", "timestamp": "1487758001", "distribution": "3", "proposal_email_lock": false, "locked": false, "publish_timestamp": "1531328201", "sharing_group_id": "0", "disable_correlation": false, "extends_uuid": "", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "8", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"}, "Attribute": [{"id": "427520", "type": "md5", "category": "Payload delivery", "to_ids": true, "uuid": "54b4ef99-d7e4-4210-9cb8-1d08950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143961", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "ec532bbe9d0882d403473102e9724557", "Galaxy": [], "ShadowAttribute": []}, {"id": "427521", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "54b4ef7b-f684-4f62-9e00-40c4950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143931", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://www.virustotal.com/en/file/debabe7707040b16172545fc174bd4ded36599ebd032a6f09baa2653b32e4f21/analysis/1420727848/", "Galaxy": [], "ShadowAttribute": []}, {"id": "427522", "type": "vulnerability", "category": "Payload delivery", "to_ids": false, "uuid": "54b4ef59-7924-4b30-b0f7-1d17950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143897", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "CVE-2014-6332", "Galaxy": [], "ShadowAttribute": []}, {"id": "427523", "type": "email-src", "category": "Payload delivery", "to_ids": false, "uuid": "54b4ef31-1450-44ee-818c-42dd950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143857", "comment": "Registrant of domain", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "lim.kiu@hotmail.com", "Galaxy": [], "ShadowAttribute": []}, {"id": "427524", "type": "text", "category": "Attribution", "to_ids": false, "uuid": "54b4ef0d-5fbc-4f21-941c-4c5d950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143821", "comment": "Registrant", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "lim.kiu@hotmail.com", "Galaxy": [], "ShadowAttribute": []}, {"id": "427525", "type": "ip-dst", "category": "Network activity", "to_ids": true, "uuid": "54b4eef6-dcb0-4802-b477-4449950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143798", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "103.229.127.104", "Galaxy": [], "ShadowAttribute": []}, {"id": "427526", "type": "ip-dst", "category": "Network activity", "to_ids": true, "uuid": "54b4eef6-2490-4eeb-85dd-464b950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143798", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "45.64.74.101", "Galaxy": [], "ShadowAttribute": []}, {"id": "427527", "type": "domain", "category": "Network activity", "to_ids": true, "uuid": "54b4eee8-418c-4e8e-865e-40b5950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143784", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "aoemvp.com", "Galaxy": [], "ShadowAttribute": []}, {"id": "427528", "type": "hostname", "category": "Network activity", "to_ids": true, "uuid": "54b4eedc-8c50-4b7f-91f7-4c0a950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143772", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "c.aoemvp.com", "Galaxy": [], "ShadowAttribute": []}, {"id": "427529", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-c2d8-404f-a0db-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "efd9dc39682312d6576468f5c0eb6236", "Galaxy": [], "ShadowAttribute": []}, {"id": "427530", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-fac8-4269-bb03-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "f66b64ef984ac46ac7395358059979bc", "Galaxy": [], "ShadowAttribute": []}, {"id": "427531", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-f8b0-40db-84fe-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "ad17eff26994df824be36db246c8fb6a", "Galaxy": [], "ShadowAttribute": []}, {"id": "427532", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-20bc-4390-9176-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "cff25fe24a90ef63eaa168c07008c2bb", "Galaxy": [], "ShadowAttribute": []}, {"id": "427533", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-fdd4-48e8-96de-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "42b76c0503a6bf21f1ea86e0b14d67ea", "Galaxy": [], "ShadowAttribute": []}, {"id": "427534", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-9214-4b55-800b-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "279ef79f904476ba0f9f44c87358bb1f", "Galaxy": [], "ShadowAttribute": []}, {"id": "427535", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-0c68-469c-bafa-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "55f84d88d84c221437cd23cdbc541d2e", "Galaxy": [], "ShadowAttribute": []}, {"id": "427536", "type": "md5", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4eece-d980-49db-b0fe-9eb1950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143758", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "a6a18c846e5179259eba9de238f67e41", "Galaxy": [], "ShadowAttribute": []}, {"id": "427537", "type": "snort", "category": "Network activity", "to_ids": true, "uuid": "54b4eebc-9548-4724-961f-4994950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143740", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:\"MALWARE \u2013 DTL ID 21122014 - PcClient beacon\"; flow:established,to_server; content:\"|BB 4E 4E BC BC BC 7E 7E|\"; nocase; offset:160; depth:8; classtype:trojan-activty;)", "Galaxy": [], "ShadowAttribute": []}, {"id": "427538", "type": "text", "category": "External analysis", "to_ids": false, "uuid": "54b4eea5-8ae0-403d-843f-459f950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143717", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "dtl-12012015-01", "Galaxy": [], "ShadowAttribute": []}, {"id": "427539", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee8e-2328-4f8e-bff7-45ff950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143694", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win_memory_pcclient {\r\nmeta:\r\n     author = \"@dragonthreatlab \"\r\n     md5 = \"ec532bbe9d0882d403473102e9724557\"\r\n     description = \"File matching the md5 above tends to only live in memory, hence the lack of MZ header check.\"\r\nstrings:\r\n     $str1 = \"Kill You\" ascii\r\n     $str2 = \"%4d-%02d-%02d %02d:%02d:%02d\" ascii\r\n     $str3 = \"%4.2f  KB\" ascii\r\n     $encodefunc = {8A 08 32 CA 02 CA 88 08 40 4E 75 F4}\r\ncondition:\r\n     all of them\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427540", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee7f-b380-4792-afea-4f25950d210b", "event_id": "667", "distribution": "5", "timestamp": "1487758001", "comment": "copy/paste typo?", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win_disk_pcclient {\r\nmeta:\r\n     author = \"@dragonthreatlab \"\r\n     md5 = \"55f84d88d84c221437cd23cdbc541d2e\"\r\n     description = \"Encoded version of pcclient found on disk\"\r\nstrings:\r\n     $header = {51 5C 96 06 03 06 06 06 0A 06 06 06 FF FF 06 06 BE 06 06 06 06 06 06 06 46 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 EE 06 06 06 10 1F BC 10 06 BA 0D D1 25 BE 05 52 D1 25 5A 6E 6D 73 26 76 74 6F 67 74 65 71 26 63 65 70 70 6F 7A 26 64 69 26 74 79 70 26 6D 70 26 4A 4F 53 26 71 6F 6A 69 30 11 11 0C 2A 06 06 06 06 06 06 06 73 43 96 1B 37 24 00 4E 37 24 00 4E 37 24 00 4E BA 40 F6 4E 39 24 00 4E 5E 41 FA 4E 33 24 00 4E 5E 41 FC 4E 39 24 00 4E 37 24 FF 4E 0D 24 00 4E FA 31 A3 4E 40 24 00 4E DF 41 F9 4E 36 24 00 4E F6 2A FE 4E 38 24 00 4E DF 41 FC 4E 38 24 00 4E 54 6D 63 6E 37 24 00 4E 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 56 49 06 06 52 05 09 06 5D 87 8C 5A 06 06 06 06 06 06 06 06 E6 06 10 25 0B 05 08 06 06 1C 06 06 06 1A 06 06 06 06 06 06 E5 27 06 06 06 16 06 06 06 36 06 06 06 06 06 16 06 16 06 06 06 04 06 06 0A 06 06 06 06 06 06 06 0A 06 06 06 06 06 06 06 06 76 06 06 06 0A 06 06 06 06 06 06 04 06 06 06 06 06 16 06 06 16 06 06}\r\ncondition:\r\n     $header at 0\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427541", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee6f-5f64-48a0-b315-4bbc950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143663", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win64_dropper {\r\nmeta:\r\n     author = \"@dragonthreatlab\"\r\n     md5 = \"ad17eff26994df824be36db246c8fb6a\"\r\n     description = \"APT malware used to drop PcClient RAT\"\r\nstrings:\r\n     $mz = {4D 5A}\r\n     $str1 = \"clbcaiq.dll\" ascii\r\n     $str2 = \"profapi_104\" ascii\r\n     $str3 = \"\\\\Microsoft\\\\wuauclt\\\\wuauclt.dat\" ascii\r\n     $str4 = {0F B6 0A 48 FF C2 80 E9 03 80 F1 03 49 FF C8 88 4A FF 75 EC}\r\ncondition:\r\n     $mz at 0 and all of ($str*)\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427542", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee5d-a168-4453-9a4c-1d17950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143644", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win32_dropper {\r\nmeta:\r\n     author = \"@dragonthreatlab\"\r\n     md5 = \"ad17eff26994df824be36db246c8fb6a\"\r\n     description = \"APT malware used to drop PcClient RAT\"\r\nstrings:\r\n     $mz = {4D 5A}\r\n     $str1 = \"clbcaiq.dll\" ascii\r\n     $str2 = \"profapi_104\" ascii\r\n     $str3 = \"/ShowWU\" ascii\r\n     $str4 = \"Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\\" ascii\r\n     $str5 = {8A 08 2A CA 32 CA 88 08 40 4E 75 F4 5E}\r\ncondition:\r\n     $mz at 0 and all of ($str*)\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427543", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee52-8748-4e83-83e0-1d17950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143634", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win_swisyn {\r\nmeta:\r\n     author = \"@dragonthreatlab\"\r\n     md5 = \"a6a18c846e5179259eba9de238f67e41\"\r\n     description = \"File matching the md5 above tends to only live in memory, hence the lack of MZ header check.\"\r\nstrings:\r\n     $mz = {4D 5A}\r\n     $str1 = \"/ShowWU\" ascii\r\n     $str2 = \"IsWow64Process\"\r\n     $str3 = \"regsvr32 \"\r\n     $str4 = {8A 11 2A 55 FC 8B 45 08 88 10 8B 4D 08 8A 11 32 55 FC 8B 45 08 88 10}\r\ncondition:\r\n     $mz at 0 and all of ($str*)\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427544", "type": "yara", "category": "Artifacts dropped", "to_ids": true, "uuid": "54b4ee3e-c8d0-40fa-96ee-0ec8950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143614", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "rule apt_c16_win_wateringhole {\r\nmeta:\r\n     author = \"@dragonthreatlab \"\r\n     description = \"Detects code from APT wateringhole\"\r\nstrings:\r\n     $str1 = \"function runmumaa()\"\r\n     $str2 = \"Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"\r\n     $str3 = \"function MoSaklgEs7(k)\"\r\ncondition:\r\n     any of ($str*)\r\n}", "Galaxy": [], "ShadowAttribute": []}, {"id": "427545", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "54b4ee1a-2cf8-4281-ac73-1d08950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143578", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://github.com/DragonThreatLabs/IntelReports/blob/master/DTL-12012015-01.pdf?raw=true", "Galaxy": [], "ShadowAttribute": []}, {"id": "427546", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "54b4ee1a-a838-4ce2-b166-1d08950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143578", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://github.com/DragonThreatLabs/IntelReports/blob/master/DTL-12012015-01.pdf", "Galaxy": [], "ShadowAttribute": []}, {"id": "427547", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "54b4ee1a-3498-4c7e-9352-1d08950d210b", "event_id": "667", "distribution": "5", "timestamp": "1421143578", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html", "Galaxy": [], "ShadowAttribute": []}, {"id": "427548", "type": "sha1", "category": "Artifacts dropped", "to_ids": true, "uuid": "56c64b60-2a94-43b1-8722-599c950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836000", "comment": "Automatically added (via ad17eff26994df824be36db246c8fb6a)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "5d3b16c01d3fd52976634c50676469853d3743c5", "Galaxy": [], "ShadowAttribute": []}, {"id": "427549", "type": "sha1", "category": "Artifacts dropped", "to_ids": true, "uuid": "56c64b62-d838-4952-a1b5-59a1950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836002", "comment": "Automatically added (via a6a18c846e5179259eba9de238f67e41)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "f8fdb27b9f65e2121ac1e1573bd39a9207d4f014", "Galaxy": [], "ShadowAttribute": []}, {"id": "427550", "type": "sha1", "category": "Payload delivery", "to_ids": true, "uuid": "56c64b64-1dc4-47e1-ba2c-59a2950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836004", "comment": "Automatically added (via ec532bbe9d0882d403473102e9724557)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "b91b2d4a10ef98b76e083ebcd646c21e319ebe84", "Galaxy": [], "ShadowAttribute": []}, {"id": "427551", "type": "sha256", "category": "Artifacts dropped", "to_ids": true, "uuid": "56c64b61-5984-44ed-ae21-5ca1950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836001", "comment": "Automatically added (via ad17eff26994df824be36db246c8fb6a)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "f79392364595487a049d9ebce118781063225af00a57e80c6591c01a5ccc5b21", "Galaxy": [], "ShadowAttribute": []}, {"id": "427552", "type": "sha256", "category": "Artifacts dropped", "to_ids": true, "uuid": "56c64b63-8e90-4978-8952-c654950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836003", "comment": "Automatically added (via a6a18c846e5179259eba9de238f67e41)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "143b17615314b43c3fd1b26d9432ce58298bec96981186023540670203b0b8d4", "Galaxy": [], "ShadowAttribute": []}, {"id": "427553", "type": "sha256", "category": "Payload delivery", "to_ids": true, "uuid": "56c64b65-cb40-42c3-9fe8-c653950d210f", "event_id": "667", "distribution": "5", "timestamp": "1455836005", "comment": "Automatically added (via ec532bbe9d0882d403473102e9724557)", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "debabe7707040b16172545fc174bd4ded36599ebd032a6f09baa2653b32e4f21", "Galaxy": [], "ShadowAttribute": []}, {"id": "427554", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "56de0885-54dc-46e3-aa52-427e02de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391749", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://www.virustotal.com/file/debabe7707040b16172545fc174bd4ded36599ebd032a6f09baa2653b32e4f21/analysis/1442484430/", "Galaxy": [], "ShadowAttribute": []}, {"id": "427555", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "56de0885-28e4-472d-89bd-46cc02de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391749", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://www.virustotal.com/file/143b17615314b43c3fd1b26d9432ce58298bec96981186023540670203b0b8d4/analysis/1445914123/", "Galaxy": [], "ShadowAttribute": []}, {"id": "427556", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "56de0886-d73c-47f1-9c63-4cb502de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391750", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://www.virustotal.com/file/f79392364595487a049d9ebce118781063225af00a57e80c6591c01a5ccc5b21/analysis/1442484423/", "Galaxy": [], "ShadowAttribute": []}, {"id": "427557", "type": "sha256", "category": "Artifacts dropped", "to_ids": true, "uuid": "56de0886-8ad8-4c5f-95f3-4c1602de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391750", "comment": "- Xchecked via VT: cff25fe24a90ef63eaa168c07008c2bb", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "c7432bdded820e088852b041d9cdff84a81e53a940e2cd19990189ddeb5ae052", "Galaxy": [], "ShadowAttribute": []}, {"id": "427558", "type": "sha1", "category": "Artifacts dropped", "to_ids": true, "uuid": "56de0886-02b4-4bf2-bb06-490202de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391750", "comment": "- Xchecked via VT: cff25fe24a90ef63eaa168c07008c2bb", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "9fdc73e29546ff7f971564f499170626bd0e7430", "Galaxy": [], "ShadowAttribute": []}, {"id": "427559", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "56de0887-bd1c-4c60-b57d-41a302de0b81", "event_id": "667", "distribution": "5", "timestamp": "1457391751", "comment": "", "sharing_group_id": "0", "deleted": false, "disable_correlation": false, "object_id": "0", "object_relation": null, "value": "https://www.virustotal.com/file/c7432bdded820e088852b041d9cdff84a81e53a940e2cd19990189ddeb5ae052/analysis/1442484444/", "Galaxy": [], "ShadowAttribute": []}], "ShadowAttribute": [], "RelatedEvent": [{"Event": {"id": "308", "date": "2016-04-22", "threat_level_id": "3", "info": "OSINT - powershell used for spreading trojan.laziok through google docs", "published": true, "uuid": "571a7cdc-c078-482d-98dc-4e42950d210f", "analysis": "2", "timestamp": "1461354043", "distribution": "3", "org_id": "2", "orgc_id": "7", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "7", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"}}}, {"Event": {"id": "468", "date": "2015-12-28", "threat_level_id": "3", "info": "OSINT Neutrino Exploit Kit \u2013 One Flash File to Rule Them All by SpiderLabs", "published": true, "uuid": "56b06dc5-2cac-46c1-9827-40f7950d210f", "analysis": "2", "timestamp": "1454408491", "distribution": "3", "org_id": "2", "orgc_id": "8", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "8", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"}}}, {"Event": {"id": "624", "date": "2015-09-28", "threat_level_id": "3", "info": "OSINT Infected Korean Website Installs Banking Malware by Cyphort", "published": true, "uuid": "560a3ca1-e110-476e-b730-4765950d210b", "analysis": "2", "timestamp": "1443511856", "distribution": "3", "org_id": "2", "orgc_id": "8", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "8", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"}}}, {"Event": {"id": "170", "date": "2015-06-11", "threat_level_id": "3", "info": "OSINT  Evilgrab Delivered by Watering Hole Attack on President of Myanmar\u2019s Website by Palo Alto Unit 42", "published": true, "uuid": "557e78b6-91ec-4123-87df-424f950d210b", "analysis": "2", "timestamp": "1434353143", "distribution": "3", "org_id": "2", "orgc_id": "8", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "8", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"}}}, {"Event": {"id": "142", "date": "2014-11-21", "threat_level_id": "2", "info": "OSINT Operation Double Tap from FireEye", "published": true, "uuid": "5474459d-1c60-456a-b057-4bdc950d210b", "analysis": "2", "timestamp": "1422269529", "distribution": "3", "org_id": "2", "orgc_id": "8", "Org": {"id": "2", "name": "UNR-Feeds", "uuid": "5ada62b4-d3fc-460a-b786-063a86c50716"}, "Orgc": {"id": "8", "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"}}}], "Galaxy": [], "Object": [], "Tag": [{"id": "6", "name": "Type:OSINT", "colour": "#DADCF0", "exportable": true, "hide_tag": false, "user_id": "0", "numerical_value": null}, {"id": "24", "name": "tlp:green", "colour": "#339900", "exportable": true, "hide_tag": false, "user_id": "0", "numerical_value": null}]}}
Traceback (most recent call last):
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 384, in _make_request
    six.raise_from(e, None)
  File "<string>", line 2, in raise_from
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 380, in _make_request
    httplib_response = conn.getresponse()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 1321, in getresponse
    response.begin()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 296, in begin
    version, status, reason = self._read_status()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 257, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\venv\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "D:\venv\lib\site-packages\urllib3\util\retry.py", line 367, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "D:\venv\lib\site-packages\urllib3\packages\six.py", line 685, in reraise
    raise value.with_traceback(tb)
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 384, in _make_request
    six.raise_from(e, None)
  File "<string>", line 2, in raise_from
  File "D:\venv\lib\site-packages\urllib3\connectionpool.py", line 380, in _make_request
    httplib_response = conn.getresponse()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 1321, in getresponse
    response.begin()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 296, in begin
    version, status, reason = self._read_status()
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\http\client.py", line 257, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "C:\Users\fsadique\AppData\Local\Programs\Python\Python37\Lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\cybexp\api\input\plugin\plugin_comm.py", line 33, in post_event
    'orgid': self.orgid, 'typtag': self.typtag, 'timezone': self.timezone})
  File "D:\venv\lib\site-packages\requests\api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "D:\venv\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "D:\venv\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "D:\venv\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "D:\venv\lib\site-packages\requests\adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))