def handle_incident_dionaea_download_complete_hash(self, i): sha512 = sha512file(i.file) self.client.publish(CAPTURECHAN, saddr=i.con.remote.host, sport=str(i.con.remote.port), daddr=i.con.local.host, dport=str(i.con.local.port), md5=i.md5hash, sha512=sha512, url=i.url )
def handle_incident_dionaea_download_complete_unique(self, icd): cookie = str(uuid.uuid4()) i = incident("dionaea.upload.request") i._url = self.backendurl + 'nepenthes/submit' i.sha512 = sha512file(icd.file) i.maintainer = self.maintainer i.guid = self.guid i.secret = self.secret mr = mwserv_report(i.sha512, icd.file) if hasattr(icd, 'con'): i.saddr = icd.con.remote.host i.sport = str(icd.con.remote.port) i.daddr = icd.con.local.host i.dport = str(icd.con.local.port) mr.saddr, mr.sport, mr.daddr, mr.dport = i.saddr, i.sport, i.daddr, i.dport if hasattr(icd, 'url'): i.url = icd.url mr.download_url = icd.url i._callback = "dionaea.modules.python.mwserv.result" i._userdata = cookie self.cookies[cookie] = mr i.report()
def handle_incident_dionaea_download_complete_again(self, icd): if not hasattr(icd, 'con') or not self.client.connected: return logger.debug('hash complete, publishing md5 {0}, path {1}'.format(icd.md5hash, icd.file)) try: tstamp = timestr() sha512 = sha512file(icd.file) #sha256 = sha256file(icd.file) meta = {"tags": self.tags, "event_type": "Download with file hash", "time": tstamp, "saddr": icd.con.remote.host, "sport": str(icd.con.remote.port), "daddr": self._ownip(icd), "dport": str(icd.con.local.port), "md5": icd.md5hash, "sha512": sha512, #"sha256": sha256, "url": icd.url} self.client.publish( CAPTURECHAN, json.dumps(meta).encode('utf-8') ) except Exception as e: logger.warning('exception when publishing: {0}'.format(e))
def handle_incident_dionaea_download_complete_again(self, i): if not hasattr(i, 'con') or not self.client.connected: return logger.debug('hash complete, publishing md5 {0}, path {1}'.format(i.md5hash, i.file)) try: sha512 = sha512file(i.file) self.client.publish(CAPTURECHAN, saddr=i.con.remote.host, sport=str(i.con.remote.port), daddr=self._ownip(i), dport=str(i.con.local.port), md5=i.md5hash, sha512=sha512, url=i.url ) except Exception as e: logger.warn('exception when publishing: {0}'.format(e))
def handle_incident_dionaea_download_complete_unique(self, icd): cookie = str(uuid.uuid4()) i = incident("dionaea.upload.request") i._url = self.backendurl i.sha512 = sha512file(icd.file) i.md5 = md5file(icd.file) i.email = self.email i.user = self.user i.set('pass', self.passwd) mr = submithttp_report(i.sha512, i.md5, icd.file) if hasattr(icd, 'con'): i.source_host = str( struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0] ) i.source_port = str(icd.con.remote.port) i.target_host = str( struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0] ) i.target_port = str(icd.con.local.port) mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port if hasattr(icd, 'url'): i.url = icd.url i.trigger = icd.url try: i.filename = urlparse(icd.url).path.split('/')[-1] mr.filename = i.filename except: pass mr.download_url = icd.url i.filetype = filetype(icd.file) mr.filetype = i.filetype i._callback = "dionaea.modules.python.submithttp.result" i._userdata = cookie self.cookies[cookie] = mr i.report()
def handle_incident_dionaea_download_complete_unique(self, icd): logger.warning('handle_incident_dionaea_download_complete_unique') cookie = str(uuid.uuid4()) i = incident("dionaea.upload.request") i._url = self.backendurl i.sha512 = sha512file(icd.file) i.md5 = md5file(icd.file) i.email = self.email i.user = self.user i.set('pass', self.passwd) mr = submithttp_report(i.sha512, i.md5, icd.file) if hasattr(icd, 'con'): i.source_host = str( struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0]) i.source_port = str(icd.con.remote.port) i.target_host = str( struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0]) i.target_port = str(icd.con.local.port) mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port if hasattr(icd, 'url'): i.url = icd.url i.trigger = icd.url try: i.filename = urlparse(icd.url).path.split('/')[-1] mr.filename = i.filename except: pass mr.download_url = icd.url i.filetype = filetype(icd.file) mr.filetype = i.filetype i._callback = "dionaea.modules.python.submithttp.result" i._userdata = cookie self.cookies[cookie] = mr i.report()