def handle_incident_dionaea_download_complete_hash(self, i): sha512 = sha512file(i.file) self.client.publish(CAPTURECHAN, saddr=i.con.remote.host, sport=str(i.con.remote.port), daddr=i.con.local.host, dport=str(i.con.local.port), md5=i.md5hash, sha512=sha512, url=i.url )
def handle_incident_dionaea_download_complete_unique(self, icd):
cookie = str(uuid.uuid4())
i = incident("dionaea.upload.request")
i._url = self.backendurl + 'nepenthes/submit'
i.sha512 = sha512file(icd.file)
i.maintainer = self.maintainer
i.guid = self.guid
i.secret = self.secret
mr = mwserv_report(i.sha512, icd.file)
if hasattr(icd, 'con'):
i.saddr = icd.con.remote.host
i.sport = str(icd.con.remote.port)
i.daddr = icd.con.local.host
i.dport = str(icd.con.local.port)
mr.saddr, mr.sport, mr.daddr, mr.dport = i.saddr, i.sport, i.daddr, i.dport
if hasattr(icd, 'url'):
i.url = icd.url
mr.download_url = icd.url
i._callback = "dionaea.modules.python.mwserv.result"
i._userdata = cookie
self.cookies[cookie] = mr
i.report()
def handle_incident_dionaea_download_complete_again(self, icd):
if not hasattr(icd, 'con') or not self.client.connected:
return
logger.debug('hash complete, publishing md5 {0}, path {1}'.format(icd.md5hash, icd.file))
try:
tstamp = timestr()
sha512 = sha512file(icd.file)
#sha256 = sha256file(icd.file)
meta = {"tags": self.tags,
"event_type": "Download with file hash",
"time": tstamp,
"saddr": icd.con.remote.host,
"sport": str(icd.con.remote.port),
"daddr": self._ownip(icd),
"dport": str(icd.con.local.port),
"md5": icd.md5hash,
"sha512": sha512,
#"sha256": sha256,
"url": icd.url}
self.client.publish(
CAPTURECHAN,
json.dumps(meta).encode('utf-8')
)
except Exception as e:
logger.warning('exception when publishing: {0}'.format(e))
def handle_incident_dionaea_download_complete_again(self, i):
if not hasattr(i, 'con') or not self.client.connected: return
logger.debug('hash complete, publishing md5 {0}, path {1}'.format(i.md5hash, i.file))
try:
sha512 = sha512file(i.file)
self.client.publish(CAPTURECHAN, saddr=i.con.remote.host,
sport=str(i.con.remote.port), daddr=self._ownip(i),
dport=str(i.con.local.port), md5=i.md5hash, sha512=sha512,
url=i.url
)
except Exception as e:
logger.warn('exception when publishing: {0}'.format(e))
def handle_incident_dionaea_download_complete_again(self, i):
if not hasattr(i, 'con') or not self.client.connected: return
logger.debug('hash complete, publishing md5 {0}, path {1}'.format(i.md5hash, i.file))
try:
sha512 = sha512file(i.file)
self.client.publish(CAPTURECHAN, saddr=i.con.remote.host,
sport=str(i.con.remote.port), daddr=self._ownip(i),
dport=str(i.con.local.port), md5=i.md5hash, sha512=sha512,
url=i.url
)
except Exception as e:
logger.warn('exception when publishing: {0}'.format(e))
def handle_incident_dionaea_download_complete_unique(self, icd):
cookie = str(uuid.uuid4())
i = incident("dionaea.upload.request")
i._url = self.backendurl
i.sha512 = sha512file(icd.file)
i.md5 = md5file(icd.file)
i.email = self.email
i.user = self.user
i.set('pass', self.passwd)
mr = submithttp_report(i.sha512, i.md5, icd.file)
if hasattr(icd, 'con'):
i.source_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0]
)
i.source_port = str(icd.con.remote.port)
i.target_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0]
)
i.target_port = str(icd.con.local.port)
mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port
if hasattr(icd, 'url'):
i.url = icd.url
i.trigger = icd.url
try:
i.filename = urlparse(icd.url).path.split('/')[-1]
mr.filename = i.filename
except:
pass
mr.download_url = icd.url
i.filetype = filetype(icd.file)
mr.filetype = i.filetype
i._callback = "dionaea.modules.python.submithttp.result"
i._userdata = cookie
self.cookies[cookie] = mr
i.report()
def handle_incident_dionaea_download_complete_unique(self, icd):
logger.warning('handle_incident_dionaea_download_complete_unique')
cookie = str(uuid.uuid4())
i = incident("dionaea.upload.request")
i._url = self.backendurl
i.sha512 = sha512file(icd.file)
i.md5 = md5file(icd.file)
i.email = self.email
i.user = self.user
i.set('pass', self.passwd)
mr = submithttp_report(i.sha512, i.md5, icd.file)
if hasattr(icd, 'con'):
i.source_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0])
i.source_port = str(icd.con.remote.port)
i.target_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0])
i.target_port = str(icd.con.local.port)
mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port
if hasattr(icd, 'url'):
i.url = icd.url
i.trigger = icd.url
try:
i.filename = urlparse(icd.url).path.split('/')[-1]
mr.filename = i.filename
except:
pass
mr.download_url = icd.url
i.filetype = filetype(icd.file)
mr.filetype = i.filetype
i._callback = "dionaea.modules.python.submithttp.result"
i._userdata = cookie
self.cookies[cookie] = mr
i.report()
