attachment -> sample

pull/4/head
Sascha Rommelfangen 2017-05-24 16:39:21 +02:00
parent ed94db8b27
commit 432034aa8b
1 changed files with 6 additions and 4 deletions

View File

@ -184,6 +184,9 @@ for entry in urllist:
target.write(entry + "\n") target.write(entry + "\n")
target.write(str(ids_flag)) target.write(str(ids_flag))
if hostname: if hostname:
if is_valid_ipv4_address(entry):
misp.add_url(new_event, entry, category='Network activity', to_ids=False)
else:
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag) misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
if debug: if debug:
target.write(hostname + "\n") target.write(hostname + "\n")
@ -191,7 +194,6 @@ for entry in urllist:
comment = "" comment = ""
if port: if port:
comment = "on port: " + str(port) comment = "on port: " + str(port)
if is_valid_ipv4_address(hostname.decode('utf-8', 'ignore')): if is_valid_ipv4_address(hostname.decode('utf-8', 'ignore')):
misp.add_ipdst(new_event, hostname.decode('utf-8', 'ignore'), comment=comment, category='Network activity', to_ids=False) misp.add_ipdst(new_event, hostname.decode('utf-8', 'ignore'), comment=comment, category='Network activity', to_ids=False)
else: else:
@ -200,7 +202,7 @@ for entry in urllist:
for rdata in dns.resolver.query(hostname.decode('utf-8', 'ignore'), 'A'): for rdata in dns.resolver.query(hostname.decode('utf-8', 'ignore'), 'A'):
if debug: if debug:
target.write(str(rdata) + "\n") target.write(str(rdata) + "\n")
misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=ids_flag, comment=hostname.decode('utf-8', 'ignore')) misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=False, comment=hostname.decode('utf-8', 'ignore'))
except Exception as e: except Exception as e:
print (e) print (e)
if debug: if debug:
@ -218,5 +220,5 @@ if stdin_used:
_, output_path = tempfile.mkstemp() _, output_path = tempfile.mkstemp()
output = open(output_path, 'wb') output = open(output_path, 'wb')
output.write(part.get_payload(decode=True)) output.write(part.get_payload(decode=True))
misp.add_attachment(new_event, output_path, name=filename, comment=filename, category='Artifacts dropped', to_ids=True) misp.upload_sample(event_id=new_event, filepath=output_path, filename=filename, category='Artifacts dropped', to_ids=True)
output.close() output.close()