2016-07-01 10:33:44 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
import random
|
|
|
|
from random import randint
|
|
|
|
import string
|
2020-01-13 11:39:20 +01:00
|
|
|
from pymisp import MISPEvent, MISPAttribute
|
2016-07-01 10:33:44 +02:00
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
def randomStringGenerator(size, chars=string.ascii_lowercase + string.digits):
|
|
|
|
return ''.join(random.choice(chars) for _ in range(size))
|
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
def randomIpGenerator():
|
|
|
|
return str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255))
|
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2020-01-13 11:39:20 +01:00
|
|
|
def _attribute(category, type, value):
|
|
|
|
attribute = MISPAttribute()
|
|
|
|
attribute.category = category
|
|
|
|
attribute.type = type
|
|
|
|
attribute.value = value
|
|
|
|
return attribute
|
|
|
|
|
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
def floodtxt(misp, event, maxlength=255):
|
2016-07-01 10:33:44 +02:00
|
|
|
text = randomStringGenerator(randint(1, maxlength))
|
2020-01-13 11:39:20 +01:00
|
|
|
choose_from = [('Internal reference', 'comment', text), ('Internal reference', 'text', text),
|
|
|
|
('Internal reference', 'other', text), ('Network activity', 'email-subject', text),
|
|
|
|
('Artifacts dropped', 'mutex', text), ('Artifacts dropped', 'filename', text)]
|
|
|
|
misp.add_attribute(event, _attribute(*random.choice(choose_from)))
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
|
|
|
|
def floodip(misp, event):
|
|
|
|
ip = randomIpGenerator()
|
2020-01-13 11:39:20 +01:00
|
|
|
choose_from = [('Network activity', 'ip-src', ip), ('Network activity', 'ip-dst', ip)]
|
|
|
|
misp.add_attribute(event, _attribute(*random.choice(choose_from)))
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
def flooddomain(misp, event, maxlength=25):
|
2016-07-01 10:33:44 +02:00
|
|
|
a = randomStringGenerator(randint(1, maxlength))
|
|
|
|
b = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
|
|
|
|
domain = a + '.' + b
|
2020-01-13 11:39:20 +01:00
|
|
|
choose_from = [('Network activity', 'domain', domain), ('Network activity', 'hostname', domain)]
|
|
|
|
misp.add_attribute(event, _attribute(*random.choice(choose_from)))
|
2016-07-01 10:33:44 +02:00
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
|
|
|
|
def floodemail(misp, event, maxlength=25):
|
2016-07-01 10:33:44 +02:00
|
|
|
a = randomStringGenerator(randint(1, maxlength))
|
|
|
|
b = randomStringGenerator(randint(1, maxlength))
|
|
|
|
c = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
|
2016-10-12 15:40:49 +02:00
|
|
|
email = a + '@' + b + '.' + c
|
2020-01-13 11:39:20 +01:00
|
|
|
choose_from = [('Network activity', 'email-dst', email), ('Network activity', 'email-src', email)]
|
|
|
|
misp.add_attribute(event, _attribute(*random.choice(choose_from)))
|
2016-07-01 10:33:44 +02:00
|
|
|
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
def create_dummy_event(misp):
|
2020-07-16 11:30:44 +02:00
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'Dummy event'
|
|
|
|
event = misp.add_event(event, pythonify=True)
|
|
|
|
return event
|
2016-10-12 15:40:49 +02:00
|
|
|
|
2016-07-01 10:33:44 +02:00
|
|
|
|
|
|
|
def create_massive_dummy_events(misp, nbattribute):
|
2018-12-26 18:27:48 +01:00
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'massive dummy event'
|
|
|
|
event = misp.add_event(event)
|
|
|
|
print(event)
|
2020-01-13 11:39:20 +01:00
|
|
|
functions = [floodtxt, floodip, flooddomain, floodemail]
|
2016-07-01 10:33:44 +02:00
|
|
|
for i in range(nbattribute):
|
2020-01-13 11:39:20 +01:00
|
|
|
functions[random.randint(0, len(functions) - 1)](misp, event)
|