Last active
September 22, 2021 06:43
-
-
Save SteveClement/7217d548a17b22c5b09b4b0dc0c158fd to your computer and use it in GitHub Desktop.
cowrie misp integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Event": { | |
"id": "1167", | |
"orgc_id": "1", | |
"org_id": "1", | |
"date": "2021-09-22", | |
"threat_level_id": "4", | |
"info": "File uploaded to Cowrie (cowrie-ng)", | |
"published": false, | |
"uuid": "21cb5613-7061-4ce8-ac73-f22288deba36", | |
"attribute_count": "8", | |
"analysis": "0", | |
"timestamp": "1632292909", | |
"distribution": "1", | |
"proposal_email_lock": false, | |
"locked": false, | |
"publish_timestamp": "0", | |
"sharing_group_id": "0", | |
"disable_correlation": false, | |
"extends_uuid": "", | |
"event_creator_email": "admin@pid.lu", | |
"Org": { | |
"id": "1", | |
"name": "Cyber Beagle Inc.", | |
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f", | |
"local": true | |
}, | |
"Orgc": { | |
"id": "1", | |
"name": "Cyber Beagle Inc.", | |
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f", | |
"local": true | |
}, | |
"Attribute": [ ], | |
"ShadowAttribute": [ ], | |
"RelatedEvent": [ ], | |
"Galaxy": [ ], | |
"Object": [ | |
{ | |
"id": "17913", | |
"name": "file", | |
"meta-category": "file", | |
"description": "File object describing a file with meta-information", | |
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", | |
"template_version": "24", | |
"event_id": "1167", | |
"uuid": "d0d9fb22-e090-4cb9-b3da-546832600ebe", | |
"timestamp": "1632292909", | |
"distribution": "5", | |
"sharing_group_id": "0", | |
"comment": "", | |
"deleted": false, | |
"first_seen": null, | |
"last_seen": null, | |
"ObjectReference": [ ], | |
"Attribute": [ | |
{ | |
"id": "242938", | |
"type": "filename", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "30f84e24-703e-4f45-9733-c0d2eced241c", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": true, | |
"object_id": "17913", | |
"object_relation": "filename", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242939", | |
"type": "size-in-bytes", | |
"category": "Other", | |
"to_ids": false, | |
"uuid": "f100b4f9-f36a-42cb-8628-e3f34e702281", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": true, | |
"object_id": "17913", | |
"object_relation": "size-in-bytes", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "4766", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242940", | |
"type": "float", | |
"category": "Other", | |
"to_ids": false, | |
"uuid": "1eca4658-d89c-400d-8075-1a36080977ca", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": true, | |
"object_id": "17913", | |
"object_relation": "entropy", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "5.8386890902957", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242941", | |
"type": "md5", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "4ff4ee31-70c5-44cc-89f6-4e74efe27db7", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": false, | |
"object_id": "17913", | |
"object_relation": "md5", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "b103638cf9c58c44279fc3af05d7796b", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242942", | |
"type": "sha1", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "640da9c4-bea2-4f85-9c38-889e25698bc7", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": false, | |
"object_id": "17913", | |
"object_relation": "sha1", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "58d82238850818bf429943caac7945c190387d79", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242943", | |
"type": "sha256", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "62838fce-af0e-4320-9906-b8a5991c7dc3", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": false, | |
"object_id": "17913", | |
"object_relation": "sha256", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ], | |
"Sighting": [ | |
{ | |
"id": "11", | |
"attribute_id": "242943", | |
"event_id": "1167", | |
"org_id": "1", | |
"date_sighting": "1632292910", | |
"uuid": "0bb737e4-8e25-4922-a180-5e8fbf4f4ef3", | |
"source": "cowrie-ng (Cowrie)", | |
"type": "0", | |
"attribute_uuid": "62838fce-af0e-4320-9906-b8a5991c7dc3", | |
"Organisation": { | |
"id": "1", | |
"uuid": "5db171df-8fdc-43c5-b9db-4c52b32cc77f", | |
"name": "Cyber Beagle Inc." | |
} | |
} | |
] | |
}, | |
{ | |
"id": "242944", | |
"type": "sha512", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "7c5fa2e3-d275-444b-8cd6-f50a354e4fb4", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": false, | |
"object_id": "17913", | |
"object_relation": "sha512", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "a79f86d1a999aa56abe53ece54bfde444eb4b06b8bae9c6a3d916d447a61e995d78057df310e6179fa7a017361e7d0f608341c2831c857549c33ed50c9b66363", | |
"Galaxy": [ ], | |
"ShadowAttribute": [ ] | |
}, | |
{ | |
"id": "242945", | |
"type": "malware-sample", | |
"category": "Payload delivery", | |
"to_ids": true, | |
"uuid": "085c1a9d-7325-437f-bde5-3c160f01fcb8", | |
"event_id": "1167", | |
"distribution": "5", | |
"timestamp": "1632292909", | |
"comment": "", | |
"sharing_group_id": "0", | |
"deleted": false, | |
"disable_correlation": true, | |
"object_id": "17913", | |
"object_relation": "malware-sample", | |
"first_seen": null, | |
"last_seen": null, | |
"value": "3a04bf4a5b6aa13200aab81e27c3393cee55f2ec3cdcdb4f2ff4daa296572ae2|b103638cf9c58c44279fc3af05d7796b", | |
"Galaxy": [ ], | |
"data": "UEsDBBQACQAIADk1NlM8rhUrVQgAAJ4SAAAgABwAYjEwMzYzOGNmOWM1OGM0NDI3OWZjM2FmMDVkNzc5NmJVVAkAAy3QSmEt0EphdXgLAAEEIQAAAAQhAAAAxC9jTVLxyZwFS0cMM7wuKM3PBSAT96BjRle60hNgjd1EYEQqr2f6kwgDap13tbzI+j3NUnwTtWMQiwbABASAVEUfKPhpzBg4/3KPVmNtV++Gi+FvlkxPxfh6UNQ+RdY6F6hQHKj+GpzKMHoPq8MmGLpDo/e1Xyf/+m1dODYCsodsO+1wJ+E2j6NE396PkpBKVzy+x0GALrN514sZLT6ExWxzlkH9eWjd3pI4npdx2wdFi5kWWmJuu00YzDcP9+nrMbzyHsXNhh4wvB+jMMJwMPUT0SPjUg4nbyylzsjepCuTz/xH6xBJIhi9vY2IQXtas3JpstG0IofT6x2sz5G0ZWo3P3IaVvrCGsZiW8mNbh1x3DIvCpoz/2dIzGRrnm+RNIAcDmwJYfZRT0DppPAB+1uLmzCjEcs7k0rphKg+rK0ah0sAhEkgV1mJDeoUsZfX1q0c2oR6RMpRbewShipKXtwA9XdZC1e05VNfsi5vT5WQECbEIcA+4W9l31YCZ4Yn8pzspkKNZZdrkQcmmDYrlYVDFjbPC/7WQ4i9uSjJ3xNBlWR2qGLPsksPzV6kbZ8DV6XmWiKmIYAUv8079T/tE7poS+A+RBTOKC1tRWYItzOepdbRCf9cZx0mr7e2DJ00+tt7XI2tpT7e5hslUykSHX5r3sYUPWA4PAhg75BmPLHD6jI7hvfsE/PbuDMdqoUcbBy0QUB7qkYyA/8gN/Oetkc28K1fB0ErTZ9+CjrUraI1Qf1+KcRJKAkDEI8S+NjHPMIGTj+sWQufeDJjar6UWckwNZ4NiP+WZ1PXNzRVxR+TNujecKzbHgWXuDHV2Dgnbxop8YB02Phl1ZtKg/6X1lGZbZtEgmc4Q3xErzfwpL5QD6jAVNyKnWbVPfnZ/zL0z8jYFgZonecJfQ+ElEo8+JCN2IUnXzbLjqiLRZLJzobal8RRwC4/7yBJVL6+IpMrzDyISI+itrO6GMFdFRgQpYhd0Bd8bJxPJ/3R3gg7pe3zNhBEXUka/v2lkyModugvS7JplS746oqr6u5egtFBmo/rWbV7i4gzOgsfaFfbIc4oPub9Sbq369JJzFQ8GdkyCnwq0G3QL2ZVYn7k3KqJpzgnXklDnf3pPTzd5TcoZ2ucM9Mae/AHLm1NGbhtHt6/sV9lQzM5Bh5g/NhVa2IUIHwORxjsiFe8RbG+8MEznlnWuQDMu0EtCib6ylO1XWOKy+yZtJO7yIW9NdMEccz9iaswm4/myOifMeqYFE2oZcD49iH2qGGujr2aHDMjFM3vxnp2dd2iddMWgOf5QdAm6uFPg0ols4JP8Ctobm+kfkHfhyoLond0a7UQu3e7Wy93myrXkt9z3TfkjOGX0V9z9u94YxTlxaaLybBChibL/PW9Pns7aC8QmxmQCY8ZzQQ5JxOGQY8ZBtIxbPy/Q6oaSzXXgO1XMiEeaCNK7gz1Y0fzzORPynEQyTFHTKfiaeuPxigj7kN6LdHldBTit/gT5wvxS1c1pZ6KQGi7XzvHp//rEhSjgZyrmVfwhQn4pwObIw1rn3pQ+JmtFlrYlM4KRhxKFMFJUXNX8hqF1xEmP8o21snNP46LSgJGT9oVWMWfgDoFhzx8hZHSIDYPWPkaPwVPNDP6sBCdeJG2PyMLtmuHaswPTElHMZHbwktmIaElvBim2GBNzVoHixlQs4YVb5WcQF8fSnWKt5p2SpX1h3icNPzCwOgwbKwhyD+n+aeK5w2zA120WUVemezdFqguWwcOQzkhPsMi9gtkactQaK3mWD+NktveRU2OPlahjincQnjgWElePsGomymLyahSLQW4q0VHYgH29tOQHKHez/aeJYsJNr+hUB7mZBSKErkxN9+zEIKSjn0x5zp9sp45lG0YCT/le0vbQPx03TDQI9w38vqDX7oWAFsWFNu2pz6MwDgmaDQb+cvT1Mj7iGP4SGD+PxpfQFh7I0OWmE56N9/75xaWIroDmbIvNFclqQsCkF2QszgISWU809onWcqquSRTg1JTaTIZxjg5aMbKX9U43Tw1GhZImNMNnX/bmm3vI9V7urDKkv8aL+6XvoejhZWdGd/seON6kBSGxtVP9zvwB1mc5u4a5m+6VvoXINFRcgyiQq/iPb8Y9ScNgw//TdT6OOZaB2Rloidr9S4BQV5RQEfTY0+xkI9Zyki7H/UEIVS2Z84oXJAiYM6SxXzSt65CIe+Juq86Y9B49izfwNsS6KmxsOUM3KW8ccuoqqsLmM8URuefd4x9Sv481kIfZcmtvDfNzZTqJFWCkd65x3YlEI6vFYMqKNsaHuvoO5OPaMR+g6GBxAnP832Bz0hEt2dCt3O1s8qffdA6iawG2IPMe+Ec1VzUzN+ZdCdiVXNDvMlty+QzR9lanHZyO342lBAj7H0lmPB0jjku5casRbrRuLGzGyYEx2CNXIAI3WMalqXqJ9DHH7Zmx0jV9N8tltmGH7sodkERKrzJgTsbnXI6yhbgHCyaLPC6dnFXx7LIaY8PVjsXIt1Riz07Nc1Sgewq8ri73BZ/hQbqKLHmsN1EQgElh8mBzxY91gHDnzY62ICVnU4Ip90pFP6JGzYdH/gsi8+EKB9MbhT5OvHFBmPYUJH0Wnzr9xYABAjR0Qq0WR67L+eY1dN+vlSB5AeC+RKTpCme6EuI5u/oPAhjjgt/7/0NKVfVSk07nP5PycteyKg+hhWQipSlRKb9J6JZuXnzVzjC1nA0YzCXzTVXxHCWr5MrGj4kQAzJGP0ZJQiqsZZwH6l3thHDWCZHB04fSKoGvcNwCCifF4lT7SrBOL0D5U4MMlVchX2E7Yk4iHJC91i5Karw0AWXMx8ZYODNe2wjbEQcUEsHCDyuFStVCAAAnhIAAFBLAwQUAAkACAA5NTZTPW/ADEAAAABAAAAALQAcAGIxMDM2MzhjZjljNThjNDQyNzlmYzNhZjA1ZDc3OTZiLmZpbGVuYW1lLnR4dFVUCQADLdBKYS3QSmF1eAsAAQQhAAAABCEAAAD0BEPp/cvSpBIlH6/bPxf+zuKDNBZ2UgrA+4QdM1cWGEYWYLO7TXn62NvL2XfFJ+8L0Mp6z43exaafV2AA9QXQUEsHCD1vwAxAAAAAQAAAAFBLAQIeAxQACQAIADk1NlM8rhUrVQgAAJ4SAAAgABgAAAAAAAAAAACkgQAAAABiMTAzNjM4Y2Y5YzU4YzQ0Mjc5ZmMzYWYwNWQ3Nzk2YlVUBQADLdBKYXV4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIADk1NlM9b8AMQAAAAEAAAAAtABgAAAAAAAEAAACkgb8IAABiMTAzNjM4Y2Y5YzU4YzQ0Mjc5ZmMzYWYwNWQ3Nzk2Yi5maWxlbmFtZS50eHRVVAUAAy3QSmF1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdgkAAAAA", | |
"ShadowAttribute": [ ] | |
} | |
] | |
} | |
], | |
"EventReport": [ ] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment