def create_new_event(self, entry): if self.is_python2: self.misp_api.upload_sample( entry["shasum"], entry["outfile"], None, distribution=1, info="File uploaded to Cowrie ({})".format(entry["sensor"]), analysis=0, threat_level_id=2 ) else: attribute = MISPAttribute() attribute.type = "malware-sample" attribute.value = entry["shasum"] attribute.data = Path(entry["outfile"]) attribute.comment = "File uploaded to Cowrie ({})".format(entry["sensor"]) attribute.expand = "binary" event = MISPEvent() event.info = "File uploaded to Cowrie ({})".format(entry["sensor"]) event.attributes = [attribute] event.run_expansions() if self.publish: event.publish() result = self.misp_api.add_event(event) if self.debug: log.msg("Event creation result: \n%s" % result)
def create_new_event(self, entry): attribute = MISPAttribute() attribute.type = "malware-sample" attribute.value = entry["shasum"] attribute.data = Path(entry["outfile"]) attribute.comment = "File uploaded to Cowrie ({})".format(entry["sensor"]) attribute.expand = "binary" if "url" in entry: attributeURL = MISPAttribute() attributeURL.type = "url" attributeURL.value = entry["url"] attributeURL.to_ids = True else: attributeURL = MISPAttribute() attributeURL.type = "text" attributeURL.value = "External upload" attributeIP = MISPAttribute() attributeIP.type = "ip-src" attributeIP.value = entry["src_ip"] attributeDT = MISPAttribute() attributeDT.type = "datetime" attributeDT.value = entry["timestamp"] event = MISPEvent() event.info = "File uploaded to Cowrie ({})".format(entry["sensor"]) event.add_tag("tlp:white") event.attributes = [attribute, attributeURL, attributeIP, attributeDT] event.run_expansions() if self.publish: event.publish() result = self.misp_api.add_event(event) if self.debug: log.msg(f"Event creation result: \n{result}")
def create_new_event(self, entry): attribute = MISPAttribute() attribute.type = "malware-sample" attribute.value = entry["shasum"] attribute.data = Path(entry["outfile"]) attribute.comment = "File uploaded to Cowrie ({})".format(entry["sensor"]) attribute.expand = "binary" event = MISPEvent() event.info = "File uploaded to Cowrie ({})".format(entry["sensor"]) event.attributes = [attribute] event.run_expansions() if self.publish: event.publish() result = self.misp_api.add_event(event) if self.debug: log.msg(f"Event creation result: \n{result}")
if args.is_malware: arg_type = 'malware-sample' else: arg_type = 'attachment' # Create attributes attributes = [] for f in files: a = MISPAttribute() a.type = arg_type a.value = f.name a.data = f a.comment = args.comment a.distribution = args.distrib if args.expand and arg_type == 'malware-sample': a.expand = 'binary' attributes.append(a) if args.event: for a in attributes: misp.add_attribute(args.event, a) else: m = MISPEvent() m.info = args.info m.distribution = args.distrib m.attributes = attributes if args.expand and arg_type == 'malware-sample': m.run_expansions() misp.add_event(m)