MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [hashlookup] KnownMalicious field added

pull/526/head
Alexandre Dulaunoy 2021-09-24 15:35:14 +02:00
parent b6e0c4ce53
commit 4162ccb528
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misp_modules/modules/expansion/hashlookup.py
View File

@ -16,7 +16,7 @@ hashlookup_url = 'https://hashlookup.circl.lu/'
class HashlookupParser(): class HashlookupParser():
def __init__(self, attribute, hashlookupresult, api_url): def __init__(self, attribute, hashlookupresult, api_url):
self.attribute = attribute self.attribute = attribute
self.hashlookupresult = hashlookupresult self.hashlookupresult = hashlookupresult
self.api_url = api_url self.api_url = api_url
self.misp_event = MISPEvent() self.misp_event = MISPEvent()
self.misp_event.add_attribute(**attribute) self.misp_event.add_attribute(**attribute)
@ -33,6 +33,8 @@ class HashlookupParser():
hashlookup_object = MISPObject('hashlookup') hashlookup_object = MISPObject('hashlookup')
if 'source' in self.hashlookupresult: if 'source' in self.hashlookupresult:
hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']}) hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']})
if 'KnownMalicious' in self.hashlookupresult:
hashlookup_object.add_attribute('KnownMalicious', **{'type': 'text', 'value': self.hashlookupresult['KnownMalicious']})
hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']})
hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']})
if 'SSDEEP' in self.hashlookupresult: if 'SSDEEP' in self.hashlookupresult: