Skip to content

Instantly share code, notes, and snippets.

@SteveClement

SteveClement/cowrie-file-event.json

Last active September 22, 2021 06:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save SteveClement/7217d548a17b22c5b09b4b0dc0c158fd to your computer and use it in GitHub Desktop.
Save SteveClement/7217d548a17b22c5b09b4b0dc0c158fd to your computer and use it in GitHub Desktop.
Download ZIP
cowrie misp integration
Raw
cowrie-file-event.json
{
"Event": {
"id": "1167",
"orgc_id": "1",
"org_id": "1",
"date": "2021-09-22",
"threat_level_id": "4",
"info": "File uploaded to Cowrie (cowrie-ng)",
"published": false,
"uuid": "21cb5613-7061-4ce8-ac73-f22288deba36",
"attribute_count": "8",
"analysis": "0",
"timestamp": "1632292909",
"distribution": "1",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "0",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"event_creator_email": "admin@pid.lu",
"Org": {
"id": "1",
"name": "Cyber Beagle Inc.",
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f",
"local": true
},
"Orgc": {
"id": "1",
"name": "Cyber Beagle Inc.",
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f",
"local": true
},
"Attribute": [ ],
"ShadowAttribute": [ ],
"RelatedEvent": [ ],
"Galaxy": [ ],
"Object": [
{
"id": "17913",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"event_id": "1167",
"uuid": "d0d9fb22-e090-4cb9-b3da-546832600ebe",
"timestamp": "1632292909",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"first_seen": null,
"last_seen": null,
"ObjectReference": [ ],
"Attribute": [
{
"id": "242938",
"type": "filename",
"category": "Payload delivery",
"to_ids": true,
"uuid": "30f84e24-703e-4f45-9733-c0d2eced241c",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": true,
"object_id": "17913",
"object_relation": "filename",
"first_seen": null,
"last_seen": null,
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242939",
"type": "size-in-bytes",
"category": "Other",
"to_ids": false,
"uuid": "f100b4f9-f36a-42cb-8628-e3f34e702281",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": true,
"object_id": "17913",
"object_relation": "size-in-bytes",
"first_seen": null,
"last_seen": null,
"value": "4766",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242940",
"type": "float",
"category": "Other",
"to_ids": false,
"uuid": "1eca4658-d89c-400d-8075-1a36080977ca",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": true,
"object_id": "17913",
"object_relation": "entropy",
"first_seen": null,
"last_seen": null,
"value": "5.8386890902957",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242941",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4ff4ee31-70c5-44cc-89f6-4e74efe27db7",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "17913",
"object_relation": "md5",
"first_seen": null,
"last_seen": null,
"value": "b103638cf9c58c44279fc3af05d7796b",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242942",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "640da9c4-bea2-4f85-9c38-889e25698bc7",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "17913",
"object_relation": "sha1",
"first_seen": null,
"last_seen": null,
"value": "58d82238850818bf429943caac7945c190387d79",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242943",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "62838fce-af0e-4320-9906-b8a5991c7dc3",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "17913",
"object_relation": "sha256",
"first_seen": null,
"last_seen": null,
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2",
"Galaxy": [ ],
"ShadowAttribute": [ ],
"Sighting": [
{
"id": "11",
"attribute_id": "242943",
"event_id": "1167",
"org_id": "1",
"date_sighting": "1632292910",
"uuid": "0bb737e4-8e25-4922-a180-5e8fbf4f4ef3",
"source": "cowrie-ng (Cowrie)",
"type": "0",
"attribute_uuid": "62838fce-af0e-4320-9906-b8a5991c7dc3",
"Organisation": {
"id": "1",
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f",
"name": "Cyber Beagle Inc."
}
}
]
},
{
"id": "242944",
"type": "sha512",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7c5fa2e3-d275-444b-8cd6-f50a354e4fb4",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "17913",
"object_relation": "sha512",
"first_seen": null,
"last_seen": null,
"value": "a79f86d1a999aa56abe53ece54bfde444eb4b06b8bae9c6a3d916d447a61e995d78057df310e6179fa7a017361e7d0f608341c2831c857549c33ed50c9b66363",
"Galaxy": [ ],
"ShadowAttribute": [ ]
},
{
"id": "242945",
"type": "malware-sample",
"category": "Payload delivery",
"to_ids": true,
"uuid": "085c1a9d-7325-437f-bde5-3c160f01fcb8",
"event_id": "1167",
"distribution": "5",
"timestamp": "1632292909",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": true,
"object_id": "17913",
"object_relation": "malware-sample",
"first_seen": null,
"last_seen": null,
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2|b103638cf9c58c44279fc3af05d7796b",
"Galaxy": [ ],
"data": "UEsDBBQACQAIADk1NlM8rhUrVQgAAJ4SAAAgABwAYjEwMzYzOGNmOWM1OGM0NDI3OWZjM2FmMDVkNzc5NmJVVAkAAy3QSmEt0EphdXgLAAEEIQAAAAQhAAAAxC9jTVLxyZwFS0cMM7wuKM3PBSAT96BjRle60hNgjd1EYEQqr2f6kwgDap13tbzI+j3NUnwTtWMQiwbABASAVEUfKPhpzBg4/3KPVmNtV++Gi+FvlkxPxfh6UNQ+RdY6F6hQHKj+GpzKMHoPq8MmGLpDo/e1Xyf/+m1dODYCsodsO+1wJ+E2j6NE396PkpBKVzy+x0GALrN514sZLT6ExWxzlkH9eWjd3pI4npdx2wdFi5kWWmJuu00YzDcP9+nrMbzyHsXNhh4wvB+jMMJwMPUT0SPjUg4nbyylzsjepCuTz/xH6xBJIhi9vY2IQXtas3JpstG0IofT6x2sz5G0ZWo3P3IaVvrCGsZiW8mNbh1x3DIvCpoz/2dIzGRrnm+RNIAcDmwJYfZRT0DppPAB+1uLmzCjEcs7k0rphKg+rK0ah0sAhEkgV1mJDeoUsZfX1q0c2oR6RMpRbewShipKXtwA9XdZC1e05VNfsi5vT5WQECbEIcA+4W9l31YCZ4Yn8pzspkKNZZdrkQcmmDYrlYVDFjbPC/7WQ4i9uSjJ3xNBlWR2qGLPsksPzV6kbZ8DV6XmWiKmIYAUv8079T/tE7poS+A+RBTOKC1tRWYItzOepdbRCf9cZx0mr7e2DJ00+tt7XI2tpT7e5hslUykSHX5r3sYUPWA4PAhg75BmPLHD6jI7hvfsE/PbuDMdqoUcbBy0QUB7qkYyA/8gN/Oetkc28K1fB0ErTZ9+CjrUraI1Qf1+KcRJKAkDEI8S+NjHPMIGTj+sWQufeDJjar6UWckwNZ4NiP+WZ1PXNzRVxR+TNujecKzbHgWXuDHV2Dgnbxop8YB02Phl1ZtKg/6X1lGZbZtEgmc4Q3xErzfwpL5QD6jAVNyKnWbVPfnZ/zL0z8jYFgZonecJfQ+ElEo8+JCN2IUnXzbLjqiLRZLJzobal8RRwC4/7yBJVL6+IpMrzDyISI+itrO6GMFdFRgQpYhd0Bd8bJxPJ/3R3gg7pe3zNhBEXUka/v2lkyModugvS7JplS746oqr6u5egtFBmo/rWbV7i4gzOgsfaFfbIc4oPub9Sbq369JJzFQ8GdkyCnwq0G3QL2ZVYn7k3KqJpzgnXklDnf3pPTzd5TcoZ2ucM9Mae/AHLm1NGbhtHt6/sV9lQzM5Bh5g/NhVa2IUIHwORxjsiFe8RbG+8MEznlnWuQDMu0EtCib6ylO1XWOKy+yZtJO7yIW9NdMEccz9iaswm4/myOifMeqYFE2oZcD49iH2qGGujr2aHDMjFM3vxnp2dd2iddMWgOf5QdAm6uFPg0ols4JP8Ctobm+kfkHfhyoLond0a7UQu3e7Wy93myrXkt9z3TfkjOGX0V9z9u94YxTlxaaLybBChibL/PW9Pns7aC8QmxmQCY8ZzQQ5JxOGQY8ZBtIxbPy/Q6oaSzXXgO1XMiEeaCNK7gz1Y0fzzORPynEQyTFHTKfiaeuPxigj7kN6LdHldBTit/gT5wvxS1c1pZ6KQGi7XzvHp//rEhSjgZyrmVfwhQn4pwObIw1rn3pQ+JmtFlrYlM4KRhxKFMFJUXNX8hqF1xEmP8o21snNP46LSgJGT9oVWMWfgDoFhzx8hZHSIDYPWPkaPwVPNDP6sBCdeJG2PyMLtmuHaswPTElHMZHbwktmIaElvBim2GBNzVoHixlQs4YVb5WcQF8fSnWKt5p2SpX1h3icNPzCwOgwbKwhyD+n+aeK5w2zA120WUVemezdFqguWwcOQzkhPsMi9gtkactQaK3mWD+NktveRU2OPlahjincQnjgWElePsGomymLyahSLQW4q0VHYgH29tOQHKHez/aeJYsJNr+hUB7mZBSKErkxN9+zEIKSjn0x5zp9sp45lG0YCT/le0vbQPx03TDQI9w38vqDX7oWAFsWFNu2pz6MwDgmaDQb+cvT1Mj7iGP4SGD+PxpfQFh7I0OWmE56N9/75xaWIroDmbIvNFclqQsCkF2QszgISWU809onWcqquSRTg1JTaTIZxjg5aMbKX9U43Tw1GhZImNMNnX/bmm3vI9V7urDKkv8aL+6XvoejhZWdGd/seON6kBSGxtVP9zvwB1mc5u4a5m+6VvoXINFRcgyiQq/iPb8Y9ScNgw//TdT6OOZaB2Rloidr9S4BQV5RQEfTY0+xkI9Zyki7H/UEIVS2Z84oXJAiYM6SxXzSt65CIe+Juq86Y9B49izfwNsS6KmxsOUM3KW8ccuoqqsLmM8URuefd4x9Sv481kIfZcmtvDfNzZTqJFWCkd65x3YlEI6vFYMqKNsaHuvoO5OPaMR+g6GBxAnP832Bz0hEt2dCt3O1s8qffdA6iawG2IPMe+Ec1VzUzN+ZdCdiVXNDvMlty+QzR9lanHZyO342lBAj7H0lmPB0jjku5casRbrRuLGzGyYEx2CNXIAI3WMalqXqJ9DHH7Zmx0jV9N8tltmGH7sodkERKrzJgTsbnXI6yhbgHCyaLPC6dnFXx7LIaY8PVjsXIt1Riz07Nc1Sgewq8ri73BZ/hQbqKLHmsN1EQgElh8mBzxY91gHDnzY62ICVnU4Ip90pFP6JGzYdH/gsi8+EKB9MbhT5OvHFBmPYUJH0Wnzr9xYABAjR0Qq0WR67L+eY1dN+vlSB5AeC+RKTpCme6EuI5u/oPAhjjgt/7/0NKVfVSk07nP5PycteyKg+hhWQipSlRKb9J6JZuXnzVzjC1nA0YzCXzTVXxHCWr5MrGj4kQAzJGP0ZJQiqsZZwH6l3thHDWCZHB04fSKoGvcNwCCifF4lT7SrBOL0D5U4MMlVchX2E7Yk4iHJC91i5Karw0AWXMx8ZYODNe2wjbEQcUEsHCDyuFStVCAAAnhIAAFBLAwQUAAkACAA5NTZTPW/ADEAAAABAAAAALQAcAGIxMDM2MzhjZjljNThjNDQyNzlmYzNhZjA1ZDc3OTZiLmZpbGVuYW1lLnR4dFVUCQADLdBKYS3QSmF1eAsAAQQhAAAABCEAAAD0BEPp/cvSpBIlH6/bPxf+zuKDNBZ2UgrA+4QdM1cWGEYWYLO7TXn62NvL2XfFJ+8L0Mp6z43exaafV2AA9QXQUEsHCD1vwAxAAAAAQAAAAFBLAQIeAxQACQAIADk1NlM8rhUrVQgAAJ4SAAAgABgAAAAAAAAAAACkgQAAAABiMTAzNjM4Y2Y5YzU4YzQ0Mjc5ZmMzYWYwNWQ3Nzk2YlVUBQADLdBKYXV4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIADk1NlM9b8AMQAAAAEAAAAAtABgAAAAAAAEAAACkgb8IAABiMTAzNjM4Y2Y5YzU4YzQ0Mjc5ZmMzYWYwNWQ3Nzk2Yi5maWxlbmFtZS50eHRVVAUAAy3QSmF1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdgkAAAAA",
"ShadowAttribute": [ ]
}
]
}
],
"EventReport": [ ]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment