From c2281828d1a59f15b5e4636ac3337efaa6aa61af Mon Sep 17 00:00:00 2001 From: Terrtia Date: Tue, 22 Mar 2022 09:50:41 +0100 Subject: [PATCH] chg: [misp export] add username --- bin/export/MispExport.py | 29 ++++++++++++++++++- .../correlation/show_correlation.html | 2 +- .../import_export/block_to_export_input.html | 5 ++++ .../import_export/export_object.html | 3 ++ 4 files changed, 37 insertions(+), 2 deletions(-) diff --git a/bin/export/MispExport.py b/bin/export/MispExport.py index 26b1f28a..d1d09b70 100755 --- a/bin/export/MispExport.py +++ b/bin/export/MispExport.py @@ -17,6 +17,8 @@ import Decoded import Domain import Screenshot +import Username + import Correlate_object import AILObjects @@ -181,6 +183,28 @@ def export_pgp(pgp_type, pgp_value): l_obj_attr.append( obj.add_attribute('user-id-email', value=pgp_value) ) return obj +def export_username(username_type, username): + dict_metadata = Username.correlation.get_metadata(username_type, username) + + obj_attrs = [] + if username_type == 'telegram': + obj = MISPObject('telegram-account', standalone=True) + obj_attrs.append( obj.add_attribute('username', value=username) ) + + elif username_type == 'twitter': + obj = MISPObject('twitter-account', standalone=True) + obj_attrs.append( obj.add_attribute('name', value=username) ) + + else: + obj = MISPObject('user-account', standalone=True) + obj_attrs.append( obj.add_attribute('username', value=username) ) + + obj.first_seen = dict_metadata['first_seen'] + obj.last_seen = dict_metadata['last_seen'] + # for obj_attr in obj_attrs: + # for tag in self.get_tags(): + # obj_attr.add_tag(tag) + return obj # filter objects to export, export only object who correlect which each other def filter_obj_linked(l_obj): @@ -214,7 +238,7 @@ def add_obj_to_create_by_lvl(all_obj_to_export, set_relationship, dict_obj, lvl) obj_correlations = Correlate_object.get_object_correlation(dict_obj['type'], dict_obj['id'], requested_correl_type=dict_obj.get('subtype', None)) for obj_type in obj_correlations: dict_new_obj = {'type': obj_type} - if obj_type=='pgp' or obj_type=='cryptocurrency': + if obj_type=='pgp' or obj_type=='cryptocurrency' or obj_type=='username': for subtype in obj_correlations[obj_type]: dict_new_obj['subtype'] = subtype for obj_id in obj_correlations[obj_type][subtype]: @@ -283,6 +307,9 @@ def create_misp_obj(obj_type, obj_id): elif obj_type == 'pgp': obj_subtype, obj_id = obj_id.split(':', 1) return export_pgp(obj_subtype, obj_id) + elif obj_type == 'username': + obj_subtype, obj_id = obj_id.split(':', 1) + return export_username(obj_subtype, obj_id) elif obj_type == 'domain': return export_domain(obj_id) diff --git a/var/www/templates/correlation/show_correlation.html b/var/www/templates/correlation/show_correlation.html index 6a3355ed..3ef77ec8 100644 --- a/var/www/templates/correlation/show_correlation.html +++ b/var/www/templates/correlation/show_correlation.html @@ -114,7 +114,7 @@
Graph - {% if dict_object["object_type"] != "username" %} + {% if dict_object["object_type"] != "" %} {% with obj_type=dict_object["object_type"], obj_id=dict_object["correlation_id"], obj_subtype=dict_object["metadata"]["type_id"],obj_lvl=1%} {% include 'import_export/block_add_user_object_to_export.html' %} {% endwith %} diff --git a/var/www/templates/import_export/block_to_export_input.html b/var/www/templates/import_export/block_to_export_input.html index 86ebe14d..4ae91129 100644 --- a/var/www/templates/import_export/block_to_export_input.html +++ b/var/www/templates/import_export/block_to_export_input.html @@ -19,6 +19,11 @@ + + + + + diff --git a/var/www/templates/import_export/export_object.html b/var/www/templates/import_export/export_object.html index c6760f74..b055cdb5 100644 --- a/var/www/templates/import_export/export_object.html +++ b/var/www/templates/import_export/export_object.html @@ -67,6 +67,9 @@ + + +