mirror of https://github.com/MISP/PyMISPGalaxies
fix: [doc] use cluster.get() instead
parent
104cb81239
commit
b9791f98c1
|
@ -1,26 +1,10 @@
|
|||
{
|
||||
"nbformat": 4,
|
||||
"nbformat_minor": 0,
|
||||
"metadata": {
|
||||
"colab": {
|
||||
"provenance": [],
|
||||
"authorship_tag": "ABX9TyOFSmnINQ4YRBroomWdb+/2",
|
||||
"include_colab_link": true
|
||||
},
|
||||
"kernelspec": {
|
||||
"name": "python3",
|
||||
"display_name": "Python 3"
|
||||
},
|
||||
"language_info": {
|
||||
"name": "python"
|
||||
}
|
||||
},
|
||||
"cells": [
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {
|
||||
"id": "view-in-github",
|
||||
"colab_type": "text"
|
||||
"colab_type": "text",
|
||||
"id": "view-in-github"
|
||||
},
|
||||
"source": [
|
||||
"<a href=\"https://colab.research.google.com/github/sebdraven/PyMISPGalaxies/blob/main/Galaxie_MISP.ipynb\" target=\"_parent\"><img src=\"https://colab.research.google.com/assets/colab-badge.svg\" alt=\"Open In Colab\"/></a>"
|
||||
|
@ -38,8 +22,8 @@
|
|||
},
|
||||
"outputs": [
|
||||
{
|
||||
"output_type": "stream",
|
||||
"name": "stdout",
|
||||
"output_type": "stream",
|
||||
"text": [
|
||||
"Looking in indexes: https://pypi.org/simple, https://us-python.pkg.dev/colab-wheels/public/simple/\n",
|
||||
"Collecting PyMISPGalaxies\n",
|
||||
|
@ -65,38 +49,52 @@
|
|||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"source": [
|
||||
"from pymispgalaxies import Clusters"
|
||||
],
|
||||
"execution_count": 1,
|
||||
"metadata": {
|
||||
"id": "Gy_cjV42Faj-"
|
||||
},
|
||||
"execution_count": 2,
|
||||
"outputs": []
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"from pymispgalaxies import Clusters"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"source": [
|
||||
"To Choose a cluster, the name of cluster is the name of file in <https://github.com/MISP/misp-galaxy/clusters/>, here we use malpedia"
|
||||
],
|
||||
"metadata": {
|
||||
"id": "Z_FZERTPMV0s"
|
||||
}
|
||||
},
|
||||
"source": [
|
||||
"To Choose a cluster, the name of cluster is the name of file in <https://github.com/MISP/misp-galaxy/clusters/>, here we use malpedia"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"source": [
|
||||
"cluster_malpedia = Clusters().get('malpedia') #corresponding to https://github.com/MISP/misp-galaxy/clusters/malpedia.json\n",
|
||||
"cluster_malpedia"
|
||||
],
|
||||
"execution_count": 2,
|
||||
"metadata": {
|
||||
"id": "pmsFAlTsFr_Q"
|
||||
},
|
||||
"execution_count": null,
|
||||
"outputs": []
|
||||
"outputs": [
|
||||
{
|
||||
"data": {
|
||||
"text/plain": [
|
||||
"<pymispgalaxies.api.Cluster at 0x75b3464402c0>"
|
||||
]
|
||||
},
|
||||
"execution_count": 2,
|
||||
"metadata": {},
|
||||
"output_type": "execute_result"
|
||||
}
|
||||
],
|
||||
"source": [
|
||||
"cluster_malpedia = Clusters().get('malpedia') #corresponding to https://github.com/MISP/misp-galaxy/clusters/malpedia.json\n",
|
||||
"cluster_malpedia"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {
|
||||
"id": "xf3vTuWsNzF6"
|
||||
},
|
||||
"source": [
|
||||
"To access in a entry json like Zeus:\n",
|
||||
"\n",
|
||||
|
@ -154,17 +152,11 @@
|
|||
" \"value\": \"Zeus\"\n",
|
||||
" }\n",
|
||||
" ```"
|
||||
],
|
||||
"metadata": {
|
||||
"id": "xf3vTuWsNzF6"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"source": [
|
||||
"zeus = cluster_malpedia.cluster_values['Zeus']\n",
|
||||
"zeus.to_dict()"
|
||||
],
|
||||
"execution_count": 9,
|
||||
"metadata": {
|
||||
"colab": {
|
||||
"base_uri": "https://localhost:8080/"
|
||||
|
@ -172,36 +164,38 @@
|
|||
"id": "2dVS64R9Nxwu",
|
||||
"outputId": "7ebb7915-c981-4814-e7cb-b4ba96aa409f"
|
||||
},
|
||||
"execution_count": 8,
|
||||
"outputs": [
|
||||
{
|
||||
"output_type": "execute_result",
|
||||
"data": {
|
||||
"text/plain": [
|
||||
"{'value': 'Zeus',\n",
|
||||
" 'uuid': '4e8c1ab7-2841-4823-a5d1-39284fb0969a',\n",
|
||||
" 'meta': <pymispgalaxies.api.ClusterValueMeta at 0x7f870e02ba60>}"
|
||||
" 'description': \"According to CrowdStrike, The two primary goals of the Zeus trojan horse virus are stealing people's financial information and adding machines to a botnet. Unlike many types of malware, most Zeus variants try to avoid doing long-term damage to the devices they infect. Their aim is to avoid detection from antivirus software.\",\n",
|
||||
" 'meta': <pymispgalaxies.api.ClusterValueMeta at 0x75b33bee97f0>}"
|
||||
]
|
||||
},
|
||||
"execution_count": 9,
|
||||
"metadata": {},
|
||||
"execution_count": 8
|
||||
"output_type": "execute_result"
|
||||
}
|
||||
],
|
||||
"source": [
|
||||
"zeus = cluster_malpedia.get('Zeus')\n",
|
||||
"zeus.to_dict()"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"source": [
|
||||
"To access at metadata"
|
||||
],
|
||||
"metadata": {
|
||||
"id": "SHmE7qcDPBcF"
|
||||
}
|
||||
},
|
||||
"source": [
|
||||
"To access at metadata"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"source": [
|
||||
"zeus.meta.to_dict()"
|
||||
],
|
||||
"execution_count": 11,
|
||||
"metadata": {
|
||||
"colab": {
|
||||
"base_uri": "https://localhost:8080/"
|
||||
|
@ -209,77 +203,76 @@
|
|||
"id": "-T6MYOzJOrVF",
|
||||
"outputId": "bc22b364-a1a0-470e-d4ab-8e833e81753a"
|
||||
},
|
||||
"execution_count": 9,
|
||||
"outputs": [
|
||||
{
|
||||
"output_type": "execute_result",
|
||||
"data": {
|
||||
"text/plain": [
|
||||
"{'refs': ['https://malpedia.caad.fkie.fraunhofer.de/details/win.zeus',\n",
|
||||
" 'https://securelist.com/financial-cyberthreats-in-2020/101638/',\n",
|
||||
" 'https://www.kryptoslogic.com/blog/2021/07/trickbot-and-zeus/',\n",
|
||||
" 'http://eternal-todo.com/blog/detecting-zeus',\n",
|
||||
" 'https://www.symantec.com/connect/blogs/spyeye-s-kill-zeus-bark-worse-its-bite',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/02/zeus-on-irs-scam-remains-actively.html',\n",
|
||||
" 'https://www.youtube.com/watch?v=LUxOcpIRxmg',\n",
|
||||
" 'https://www.secureworks.com/research/threat-profiles/bronze-woodland',\n",
|
||||
" 'http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots.pdf',\n",
|
||||
" 'https://www.mnin.org/write/ZeusMalware.pdf',\n",
|
||||
" 'https://www.secureworks.com/research/zeus?threat=zeus',\n",
|
||||
" 'https://blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/',\n",
|
||||
" 'https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/',\n",
|
||||
" 'https://us-cert.cisa.gov/ncas/alerts/aa20-345a',\n",
|
||||
" 'http://eternal-todo.com/blog/new-zeus-binary',\n",
|
||||
" 'https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/02/facebook-phishing-campaign-proposed-by.html',\n",
|
||||
" 'https://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-targeted-attacks-upgrade-with-64-bit-support/',\n",
|
||||
" 'https://go.recordedfuture.com/hubfs/reports/cta-2021-0909.pdf',\n",
|
||||
" 'http://contagiodump.blogspot.com/2010/07/zeus-trojan-research-links.html',\n",
|
||||
" 'https://www.wired.com/2017/03/russian-hacker-spy-botnet/',\n",
|
||||
" 'http://malwareint.blogspot.com/2009/07/special-zeus-botnet-for-dummies.html',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html',\n",
|
||||
" 'https://www.secureworks.com/research/threat-profiles/gold-evergreen',\n",
|
||||
" 'http://contagiodump.blogspot.com/2010/07/zeus-version-scheme-by-trojan-author.html',\n",
|
||||
" 'https://www.anomali.com/files/white-papers/russian-federation-country-profile.pdf',\n",
|
||||
" 'https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree',\n",
|
||||
" 'https://nakedsecurity.sophos.com/2010/07/24/sample-run/',\n",
|
||||
" 'https://www.justice.gov/opa/pr/four-individuals-plead-guilty-rico-conspiracy-involving-bulletproof-hosting-cybercriminals',\n",
|
||||
" 'http://contagiodump.blogspot.com/2012/12/dec-2012-linuxchapro-trojan-apache.html',\n",
|
||||
" 'http://contagiodump.blogspot.com/2010/07/zeus-trojan-research-links.html',\n",
|
||||
" 'https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf',\n",
|
||||
" 'https://www.symantec.com/connect/blogs/brief-look-zeuszbot-20',\n",
|
||||
" 'https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/ssl-tls-technical-brief/ssl-tls-technical-brief.pdf',\n",
|
||||
" 'https://www.secureworks.com/research/evolution-of-the-gold-evergreen-threat-group',\n",
|
||||
" 'https://www.s21sec.com/en/zeus-the-missing-link/',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html',\n",
|
||||
" 'http://eternal-todo.com/blog/zeus-spreading-facebook',\n",
|
||||
" 'https://web.archive.org/web/20160616170611/https://media.blackhat.com/bh-eu-10/presentations/Carrera_Silberman/BlackHat-EU-2010-Carrera-Silberman-State-of-Malware-slides.pdf',\n",
|
||||
" 'http://eternal-todo.com/blog/detecting-zeus',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html',\n",
|
||||
" 'https://nakedsecurity.sophos.com/2010/07/24/sample-run/',\n",
|
||||
" 'https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/ssl-tls-technical-brief/ssl-tls-technical-brief.pdf',\n",
|
||||
" 'https://www.symantec.com/connect/blogs/brief-look-zeuszbot-20',\n",
|
||||
" 'https://www.mnin.org/write/ZeusMalware.pdf',\n",
|
||||
" 'https://securelist.com/financial-cyberthreats-in-2020/101638/',\n",
|
||||
" 'https://www.secureworks.com/research/zeus?threat=zeus',\n",
|
||||
" 'https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/',\n",
|
||||
" 'http://eternal-todo.com/blog/zeus-spreading-facebook',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/02/facebook-phishing-campaign-proposed-by.html',\n",
|
||||
" 'http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots.pdf',\n",
|
||||
" 'https://www.kryptoslogic.com/blog/2021/07/trickbot-and-zeus/',\n",
|
||||
" 'https://www.crowdstrike.com/cybersecurity-101/malware/trojan-zeus-malware',\n",
|
||||
" 'https://www.wired.com/2017/03/russian-hacker-spy-botnet/',\n",
|
||||
" 'https://us-cert.cisa.gov/ncas/alerts/aa20-345a',\n",
|
||||
" 'https://www.s21sec.com/en/zeus-the-missing-link/',\n",
|
||||
" 'https://www.symantec.com/connect/blogs/spyeye-s-kill-zeus-bark-worse-its-bite',\n",
|
||||
" 'https://go.recordedfuture.com/hubfs/reports/cta-2021-0909.pdf',\n",
|
||||
" 'https://www.justice.gov/opa/pr/four-individuals-plead-guilty-rico-conspiracy-involving-bulletproof-hosting-cybercriminals',\n",
|
||||
" 'https://www.secureworks.com/research/evolution-of-the-gold-evergreen-threat-group',\n",
|
||||
" 'https://www.youtube.com/watch?v=LUxOcpIRxmg',\n",
|
||||
" 'https://www.secureworks.com/research/threat-profiles/gold-evergreen',\n",
|
||||
" 'https://www.cisecurity.org/insights/blog/top-10-malware-march-2022',\n",
|
||||
" 'https://www.secureworks.com/research/threat-profiles/bronze-woodland',\n",
|
||||
" 'https://blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/',\n",
|
||||
" 'https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html',\n",
|
||||
" 'https://unit42.paloaltonetworks.com/banking-trojan-techniques/',\n",
|
||||
" 'https://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-targeted-attacks-upgrade-with-64-bit-support/',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/02/zeus-on-irs-scam-remains-actively.html',\n",
|
||||
" 'http://malwareint.blogspot.com/2010/01/leveraging-zeus-to-send-spam-through.html',\n",
|
||||
" 'http://eternal-todo.com/blog/new-zeus-binary',\n",
|
||||
" 'http://contagiodump.blogspot.com/2012/12/dec-2012-linuxchapro-trojan-apache.html',\n",
|
||||
" 'http://malwareint.blogspot.com/2009/07/special-zeus-botnet-for-dummies.html',\n",
|
||||
" 'http://www.secureworks.com/research/threat-profiles/gold-evergreen',\n",
|
||||
" 'https://www.anomali.com/files/white-papers/russian-federation-country-profile.pdf'],\n",
|
||||
" 'http://contagiodump.blogspot.com/2010/07/zeus-version-scheme-by-trojan-author.html'],\n",
|
||||
" 'synonyms': ['Zbot']}"
|
||||
]
|
||||
},
|
||||
"execution_count": 11,
|
||||
"metadata": {},
|
||||
"execution_count": 9
|
||||
"output_type": "execute_result"
|
||||
}
|
||||
],
|
||||
"source": [
|
||||
"zeus.meta.to_dict()"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"source": [
|
||||
"To list all entries, with metadata"
|
||||
],
|
||||
"metadata": {
|
||||
"id": "Tq96ubMoPWoV"
|
||||
}
|
||||
},
|
||||
"source": [
|
||||
"To list all entries, with metadata"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"source": [
|
||||
"for name,cluster_value in cluster_malpedia.cluster_values.items():\n",
|
||||
" obj_dict = cluster_value.to_dict()\n",
|
||||
" if 'meta' in obj_dict:\n",
|
||||
" meta = obj_dict['meta'].to_dict()\n",
|
||||
" print(name, meta)"
|
||||
],
|
||||
"execution_count": 10,
|
||||
"metadata": {
|
||||
"colab": {
|
||||
"base_uri": "https://localhost:8080/"
|
||||
|
@ -287,11 +280,10 @@
|
|||
"id": "rWcAjS6ZPVn_",
|
||||
"outputId": "ac25600c-fdd7-460c-835d-c6d6b4bfda60"
|
||||
},
|
||||
"execution_count": 10,
|
||||
"outputs": [
|
||||
{
|
||||
"output_type": "stream",
|
||||
"name": "stdout",
|
||||
"output_type": "stream",
|
||||
"text": [
|
||||
"FastCash {'refs': ['https://malpedia.caad.fkie.fraunhofer.de/details/aix.fastcash', 'https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf', 'https://github.com/fboldewin/FastCashMalwareDissected/', 'https://www.cisa.gov/uscert/ncas/alerts/TA18-275A', 'https://www.cisa.gov/uscert/ncas/alerts/aa20-239a', 'https://mal-eats.net/en/2021/05/11/campo_new_attack_campaign_targeting_japan/', 'https://www.youtube.com/watch?v=zGvQPtejX9w', 'https://www.us-cert.gov/ncas/alerts/TA18-275A', 'https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html', 'https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/', 'https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud.pdf', 'https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud-wp.pdf', 'https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf', 'https://www.youtube.com/watch?v=LUxOcpIRxmg', 'https://i.blackhat.com/eu-20/Wednesday/eu-20-Rivera-From-Zero-To-Sixty-The-Story-Of-North-Koreas-Rapid-Ascent-To-Becoming-A-Global-Cyber-Superpower.pdf', 'https://symantec-blogs.broadcom.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware', 'https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware']}\n",
|
||||
"888 RAT {'refs': ['https://malpedia.caad.fkie.fraunhofer.de/details/apk.888_rat', 'https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/']}\n",
|
||||
|
@ -2869,7 +2861,39 @@
|
|||
"Zyklon {'refs': ['https://malpedia.caad.fkie.fraunhofer.de/details/win.zyklon', 'https://www.fireeye.com/blog/threat-research/2018/01/microsoft-office-vulnerabilities-used-to-distribute-zyklon-malware.html', 'https://blog.talosintelligence.com/2017/05/modified-zyklon-and-plugins-from-india.html']}\n"
|
||||
]
|
||||
}
|
||||
],
|
||||
"source": [
|
||||
"for name,cluster_value in cluster_malpedia.cluster_values.items():\n",
|
||||
" obj_dict = cluster_value.to_dict()\n",
|
||||
" if 'meta' in obj_dict:\n",
|
||||
" meta = obj_dict['meta'].to_dict()\n",
|
||||
" print(name, meta)"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metadata": {
|
||||
"colab": {
|
||||
"authorship_tag": "ABX9TyOFSmnINQ4YRBroomWdb+/2",
|
||||
"include_colab_link": true,
|
||||
"provenance": []
|
||||
},
|
||||
"kernelspec": {
|
||||
"display_name": "Python 3",
|
||||
"name": "python3"
|
||||
},
|
||||
"language_info": {
|
||||
"codemirror_mode": {
|
||||
"name": "ipython",
|
||||
"version": 3
|
||||
},
|
||||
"file_extension": ".py",
|
||||
"mimetype": "text/x-python",
|
||||
"name": "python",
|
||||
"nbconvert_exporter": "python",
|
||||
"pygments_lexer": "ipython3",
|
||||
"version": "3.12.3"
|
||||
}
|
||||
},
|
||||
"nbformat": 4,
|
||||
"nbformat_minor": 0
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue