diff --git a/misp_modules/modules/expansion/malshare_upload.py b/misp_modules/modules/expansion/malshare_upload.py index edd3bfae..b810e209 100644 --- a/misp_modules/modules/expansion/malshare_upload.py +++ b/misp_modules/modules/expansion/malshare_upload.py @@ -16,11 +16,12 @@ moduleinfo = { 'module-type': ['expansion'], 'name': 'MalShare Upload', 'requirements': ['requests library'], - 'logo': '' + 'logo': '', } moduleconfig = ['malshare_apikey'] + def handler(q=False): if q is False: return False @@ -54,42 +55,53 @@ def handler(q=False): try: url = "https://malshare.com/api.php" - params = { - 'api_key': malshare_apikey, - 'action': 'upload' - } + params = {'api_key': malshare_apikey, 'action': 'upload'} files = {"upload": (sample_filename, data)} response = requests.post(url, params=params, files=files) response.raise_for_status() - + response_text = response.text.strip() - + # Calculate SHA256 of the file sha256 = hashlib.sha256(data).hexdigest() - + if response_text.startswith("Success"): # If upload was successful or file already exists - malshare_link = f"https://malshare.com/sample.php?action=detail&hash={sha256}" + malshare_link = ( + f"https://malshare.com/sample.php?action=detail&hash={sha256}" + ) elif "sample already exists" in response_text: # If file already exists, extract SHA256 from response match = re.search(r'([a-fA-F0-9]{64})', response_text) if match: sha256 = match.group(1) - malshare_link = f"https://malshare.com/sample.php?action=detail&hash={sha256}" + malshare_link = ( + f"https://malshare.com/sample.php?action=detail&hash={sha256}" + ) else: # If there's any other error raise Exception(f"Upload failed: {response_text}") - + except Exception as e: misperrors['error'] = f"Unable to send sample to MalShare: {str(e)}" return misperrors - r = {'results': [{'types': 'link', 'values': malshare_link, 'comment': 'Link to MalShare analysis'}]} + r = { + 'results': [ + { + 'types': 'link', + 'values': malshare_link, + 'comment': 'Link to MalShare analysis', + } + ] + } return r + def introspection(): return mispattributes + def version(): moduleinfo['config'] = moduleconfig return moduleinfo diff --git a/misp_modules/modules/expansion/triage_submit.py b/misp_modules/modules/expansion/triage_submit.py index ee5776a6..97db16c9 100644 --- a/misp_modules/modules/expansion/triage_submit.py +++ b/misp_modules/modules/expansion/triage_submit.py @@ -12,15 +12,16 @@ moduleinfo = { 'description': 'Module to submit samples to tria.ge', 'module-type': ['expansion', 'hover'], 'name': 'Triage Submit', - 'logo': '' + 'logo': '', } moduleconfig = ['apikey', 'url_mode'] + def handler(q=False): if q is False: return False - + request = json.loads(q) if request.get('config', {}).get('apikey') is None: @@ -30,9 +31,7 @@ def handler(q=False): api_key = request['config']['apikey'] url_mode = request['config'].get('url_mode', 'submit') # 'submit' or 'fetch' base_url = 'https://tria.ge/api/v0/samples' - headers = { - 'Authorization': f'Bearer {api_key}' - } + headers = {'Authorization': f'Bearer {api_key}'} if 'attachment' in request: data = request['data'] @@ -49,6 +48,7 @@ def handler(q=False): misperrors['error'] = 'Unsupported input type' return misperrors + def submit_file(headers, base_url, data, filename, is_malware_sample=False): try: if is_malware_sample: @@ -62,39 +62,58 @@ def submit_file(headers, base_url, data, filename, is_malware_sample=False): response = requests.post(base_url, headers=headers, files=files) response.raise_for_status() result = response.json() - + sample_id = result['id'] sample_url = f'https://tria.ge/{sample_id}' - - return {'results': [{'types': 'link', 'values': sample_url, 'comment': 'Link to tria.ge analysis'}]} - + + return { + 'results': [ + { + 'types': 'link', + 'values': sample_url, + 'comment': 'Link to tria.ge analysis', + } + ] + } + except Exception as e: misperrors['error'] = f'Error submitting to tria.ge: {str(e)}' return misperrors + def submit_url(headers, base_url, url, mode): try: if mode == 'fetch': data = {'kind': 'fetch', 'url': url} else: # submit data = {'kind': 'url', 'url': url} - + response = requests.post(base_url, headers=headers, json=data) response.raise_for_status() result = response.json() - + sample_id = result['id'] sample_url = f'https://tria.ge/{sample_id}' - - return {'results': [{'types': 'link', 'values': sample_url, 'comment': f'Link to tria.ge analysis ({mode} mode)'}]} - + + return { + 'results': [ + { + 'types': 'link', + 'values': sample_url, + 'comment': f'Link to tria.ge analysis ({mode} mode)', + } + ] + } + except Exception as e: misperrors['error'] = f'Error submitting to tria.ge: {str(e)}' return misperrors + def introspection(): return mispattributes + def version(): moduleinfo['config'] = moduleconfig return moduleinfo diff --git a/misp_modules/modules/expansion/virustotal_upload.py b/misp_modules/modules/expansion/virustotal_upload.py index 237d283f..e0ae1499 100644 --- a/misp_modules/modules/expansion/virustotal_upload.py +++ b/misp_modules/modules/expansion/virustotal_upload.py @@ -15,11 +15,12 @@ moduleinfo = { 'module-type': ['expansion'], 'name': 'VirusTotal Upload', 'requirements': ['requests library'], - 'logo': 'virustotal.png' + 'logo': 'virustotal.png', } moduleconfig = ['virustotal_apikey'] + def handler(q=False): if q is False: return False @@ -60,21 +61,31 @@ def handler(q=False): files = {"file": (sample_filename, data)} response = requests.post(url, headers=headers, files=files) response.raise_for_status() - + # Calculate SHA256 of the file sha256 = hashlib.sha256(data).hexdigest() - + virustotal_link = f"https://www.virustotal.com/gui/file/{sha256}" except Exception as e: misperrors['error'] = f"Unable to send sample to VirusTotal: {str(e)}" return misperrors - r = {'results': [{'types': 'link', 'values': virustotal_link, 'comment': 'Link to VirusTotal analysis'}]} + r = { + 'results': [ + { + 'types': 'link', + 'values': virustotal_link, + 'comment': 'Link to VirusTotal analysis', + } + ] + } return r + def introspection(): return mispattributes + def version(): moduleinfo['config'] = moduleconfig return moduleinfo