Cowrie logs analysis
Credentials used by threat actors were harvested for 2 months on digitalocean free trial VPS. Results and statistics can be found in this repository.
Copy cowrie_parser.js and passwords.js to directory where your logs in JSON format are located, then in terminal:
node cowrie_parser.js
node passwords.js
Results will be stored in /passwords/ and /usernames_passwords/ directories.