mirror of https://github.com/MISP/misp-modules
chg: Use MISPObject in ransomcoindb
parent
06025e63d0
commit
5d7a829583
|
@ -14,16 +14,16 @@ __version__ = 0.1
|
||||||
|
|
||||||
|
|
||||||
baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/"
|
baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/"
|
||||||
user_agent = "ransomcoindb client via python-requests/%s" % requests.__version__
|
user_agent = "ransomcoindb client via python-requests/%s" % requests.__version__
|
||||||
|
|
||||||
urls = {'BTC': {'btc' : baseurl + 'bin2btc/',
|
urls = {'BTC': {'btc': baseurl + 'bin2btc/',
|
||||||
'md5' : baseurl + 'bin2btc/md5/',
|
'md5': baseurl + 'bin2btc/md5/',
|
||||||
'sha1' : baseurl + 'bin2btc/sha1/',
|
'sha1': baseurl + 'bin2btc/sha1/',
|
||||||
'sha256': baseurl + 'bin2btc/sha256/',
|
'sha256': baseurl + 'bin2btc/sha256/',
|
||||||
},
|
},
|
||||||
'XMR': {'xmr' : baseurl + 'bin2crypto/XMR/',
|
'XMR': {'xmr': baseurl + 'bin2crypto/XMR/',
|
||||||
'md5' : baseurl + 'bin2crypto/XMR/md5/',
|
'md5': baseurl + 'bin2crypto/XMR/md5/',
|
||||||
'sha1' : baseurl + 'bin2crypto/XMR/sha1/',
|
'sha1': baseurl + 'bin2crypto/XMR/sha1/',
|
||||||
'sha256': baseurl + 'bin2crypto/XMR/sha256/',
|
'sha256': baseurl + 'bin2crypto/XMR/sha256/',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
from ._ransomcoindb import ransomcoindb
|
from ._ransomcoindb import ransomcoindb
|
||||||
|
from pymisp import MISPObject
|
||||||
|
|
||||||
copyright = """
|
copyright = """
|
||||||
Copyright 2019 (C) by Aaron Kaplan <aaron@lo-res.org>, all rights reserved.
|
Copyright 2019 (C) by Aaron Kaplan <aaron@lo-res.org>, all rights reserved.
|
||||||
|
@ -9,11 +10,11 @@ copyright = """
|
||||||
__version__ = 0.1
|
__version__ = 0.1
|
||||||
|
|
||||||
|
|
||||||
debug=False
|
debug = False
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
# mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']}
|
# mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']}
|
||||||
mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']}
|
mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext'], 'format': 'misp_standard'}
|
||||||
moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']}
|
moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']}
|
||||||
moduleconfig = ['api-key']
|
moduleconfig = ['api-key']
|
||||||
|
|
||||||
|
@ -34,21 +35,23 @@ def handler(q=False):
|
||||||
'module': 'ransomcoindb',
|
'module': 'ransomcoindb',
|
||||||
'persistent': 1}
|
'persistent': 1}
|
||||||
"""
|
"""
|
||||||
|
attribute = q['attribute']
|
||||||
for key in ['md5', 'sha1', 'sha256', 'btc']: # later: xmr, dash
|
answer = ransomcoindb.get_data_by('BTC', attribute['type'], attribute['value'], api_key)
|
||||||
if key in q:
|
""" The results data type should be:
|
||||||
answer = ransomcoindb.get_data_by('BTC', key, q[key], api_key)
|
r = { 'results': [ {'types': 'md5', 'values': [ a list of all md5s or all binaries related to this btc address ] } ] }
|
||||||
""" The results data type should be:
|
"""
|
||||||
r = { 'results': [ {'types': 'md5', 'values': [ a list of all md5s or all binaries related to this btc address ] } ] }
|
if attribute['type'] in ['md5', 'sha1', 'sha256']:
|
||||||
"""
|
r['results'].append({'types': 'btc', 'values': [a['btc'] for a in answer]})
|
||||||
if key in ['md5', 'sha1', 'sha256']:
|
elif attribute['type'] == 'btc':
|
||||||
r['results'].append({'types': 'btc', 'values': [ a['btc'] for a in answer ]})
|
# better: create a MISP object
|
||||||
elif key == 'btc':
|
files = []
|
||||||
# better: create a MISP object
|
for a in answer:
|
||||||
r['results'].append({ 'types': 'sha1', 'values': [ a['sha1'] for a in answer ]})
|
obj = MISPObject('file')
|
||||||
r['results'].append({ 'types': 'md5', 'values': [ a['md5'] for a in answer ]})
|
obj.add_attribute('md5', a['md5'])
|
||||||
r['results'].append({ 'types': 'sha256', 'values': [ a['sha256'] for a in answer ]})
|
obj.add_attribute('sha1', a['sha1'])
|
||||||
|
obj.add_attribute('sha256', a['sha256'])
|
||||||
|
files.append(obj)
|
||||||
|
r['results'] = {'Object': [json.loads(f.to_json()) for f in files]}
|
||||||
return r
|
return r
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue