MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [modules] formatting updated

karenyousefi-main
Alexandre Dulaunoy 2024-08-22 15:14:11 +02:00
parent 80f1f6ec1e
commit 55a3d8e9f5
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 72 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
misp_modules/modules/expansion/malshare_upload.py
View File

@ -16,11 +16,12 @@ moduleinfo = {
'module-type': ['expansion'],
'name': 'MalShare Upload',
'requirements': ['requests library'],
'logo': ''
'logo': '',
}
moduleconfig = ['malshare_apikey']
def handler(q=False):
if q is False:
return False
@ -54,42 +55,53 @@ def handler(q=False):
try:
url = "https://malshare.com/api.php"
params = {
'api_key': malshare_apikey,
'action': 'upload'
}
params = {'api_key': malshare_apikey, 'action': 'upload'}
files = {"upload": (sample_filename, data)}
response = requests.post(url, params=params, files=files)
response.raise_for_status()
response_text = response.text.strip()
# Calculate SHA256 of the file
sha256 = hashlib.sha256(data).hexdigest()
if response_text.startswith("Success"):
# If upload was successful or file already exists
malshare_link = f"https://malshare.com/sample.php?action=detail&hash={sha256}"
malshare_link = (
f"https://malshare.com/sample.php?action=detail&hash={sha256}"
)
elif "sample already exists" in response_text:
# If file already exists, extract SHA256 from response
match = re.search(r'([a-fA-F0-9]{64})', response_text)
if match:
sha256 = match.group(1)
malshare_link = f"https://malshare.com/sample.php?action=detail&hash={sha256}"
malshare_link = (
f"https://malshare.com/sample.php?action=detail&hash={sha256}"
)
else:
# If there's any other error
raise Exception(f"Upload failed: {response_text}")
except Exception as e:
misperrors['error'] = f"Unable to send sample to MalShare: {str(e)}"
return misperrors
r = {'results': [{'types': 'link', 'values': malshare_link, 'comment': 'Link to MalShare analysis'}]}
r = {
'results': [
{
'types': 'link',
'values': malshare_link,
'comment': 'Link to MalShare analysis',
}
]
}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo

47
misp_modules/modules/expansion/triage_submit.py
View File

@ -12,15 +12,16 @@ moduleinfo = {
'description': 'Module to submit samples to tria.ge',
'module-type': ['expansion', 'hover'],
'name': 'Triage Submit',
'logo': ''
'logo': '',
}
moduleconfig = ['apikey', 'url_mode']
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('config', {}).get('apikey') is None:
@ -30,9 +31,7 @@ def handler(q=False):
api_key = request['config']['apikey']
url_mode = request['config'].get('url_mode', 'submit') # 'submit' or 'fetch'
base_url = 'https://tria.ge/api/v0/samples'
headers = {
'Authorization': f'Bearer {api_key}'
}
headers = {'Authorization': f'Bearer {api_key}'}
if 'attachment' in request:
data = request['data']
@ -49,6 +48,7 @@ def handler(q=False):
misperrors['error'] = 'Unsupported input type'
return misperrors
def submit_file(headers, base_url, data, filename, is_malware_sample=False):
try:
if is_malware_sample:
@ -62,39 +62,58 @@ def submit_file(headers, base_url, data, filename, is_malware_sample=False):
response = requests.post(base_url, headers=headers, files=files)
response.raise_for_status()
result = response.json()
sample_id = result['id']
sample_url = f'https://tria.ge/{sample_id}'
return {'results': [{'types': 'link', 'values': sample_url, 'comment': 'Link to tria.ge analysis'}]}
return {
'results': [
{
'types': 'link',
'values': sample_url,
'comment': 'Link to tria.ge analysis',
}
]
}
except Exception as e:
misperrors['error'] = f'Error submitting to tria.ge: {str(e)}'
return misperrors
def submit_url(headers, base_url, url, mode):
try:
if mode == 'fetch':
data = {'kind': 'fetch', 'url': url}
else: # submit
data = {'kind': 'url', 'url': url}
response = requests.post(base_url, headers=headers, json=data)
response.raise_for_status()
result = response.json()
sample_id = result['id']
sample_url = f'https://tria.ge/{sample_id}'
return {'results': [{'types': 'link', 'values': sample_url, 'comment': f'Link to tria.ge analysis ({mode} mode)'}]}
return {
'results': [
{
'types': 'link',
'values': sample_url,
'comment': f'Link to tria.ge analysis ({mode} mode)',
}
]
}
except Exception as e:
misperrors['error'] = f'Error submitting to tria.ge: {str(e)}'
return misperrors
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo

19
misp_modules/modules/expansion/virustotal_upload.py
View File

@ -15,11 +15,12 @@ moduleinfo = {
'module-type': ['expansion'],
'name': 'VirusTotal Upload',
'requirements': ['requests library'],
'logo': 'virustotal.png'
'logo': 'virustotal.png',
}
moduleconfig = ['virustotal_apikey']
def handler(q=False):
if q is False:
return False
@ -60,21 +61,31 @@ def handler(q=False):
files = {"file": (sample_filename, data)}
response = requests.post(url, headers=headers, files=files)
response.raise_for_status()
# Calculate SHA256 of the file
sha256 = hashlib.sha256(data).hexdigest()
virustotal_link = f"https://www.virustotal.com/gui/file/{sha256}"
except Exception as e:
misperrors['error'] = f"Unable to send sample to VirusTotal: {str(e)}"
return misperrors
r = {'results': [{'types': 'link', 'values': virustotal_link, 'comment': 'Link to VirusTotal analysis'}]}
r = {
'results': [
{
'types': 'link',
'values': virustotal_link,
'comment': 'Link to VirusTotal analysis',
}
]
}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo