From 5350003e3af3aa2e66afc3495b876b4a7cbefcfd Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 18:52:39 +0100 Subject: [PATCH 01/12] initial version of the ransomcoindb expansion module --- misp_modules/modules/expansion/__init__.py | 2 +- .../expansion/_ransomcoindb/ransomcoindb.py | 92 +++++++++++++++++++ .../modules/expansion/ransomcoindb.py | 62 +++++++++++++ 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100755 misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py create mode 100644 misp_modules/modules/expansion/ransomcoindb.py diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 669fb8c..892f3bf 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -15,4 +15,4 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich', 'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus', 'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', - 'assemblyline_submit', 'assemblyline_query'] + 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb'] diff --git a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py new file mode 100755 index 0000000..7225c47 --- /dev/null +++ b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python + +import requests +import logging +import os +import pprint + +copyright = """ + Copyright 2019 (C) by Aaron Kaplan , all rights reserved. + This file is part of the ransomwarecoindDB project and licensed under the AGPL 3.0 license +""" + +__version__ = 0.1 + + +baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/" +urls = {'BTC': {'btc' : baseurl + 'bin2btc/', + 'md5' : baseurl + 'bin2btc/md5/', + 'sha1' : baseurl + 'bin2btc/sha1/', + 'sha256': baseurl + 'bin2btc/sha256/', + }, + 'XMR': {'xmr' : baseurl + 'bin2crypto/XMR/', + 'md5' : baseurl + 'bin2crypto/XMR/md5/', + 'sha1' : baseurl + 'bin2crypto/XMR/sha1/', + 'sha256': baseurl + 'bin2crypto/XMR/sha256/', + } + } + + +def get_data_by(coin: str, key: str, value: str, api_key: str): + """ + Abstract function to fetch data from the bin2btc/{key} endpoint. + This function must be made concrete by generating a relevant function. + See below for examples. + """ + + pprint.pprint("api-key: %s" % api_key) + + headers = {'x-api-key': api_key, 'content-type': 'application/json'} + # check first if valid: + valid_coins = ['BTC', 'XMR'] + valid_keys = ['btc', 'md5', 'sha1', 'sha256'] + if coin not in valid_coins or key not in valid_keys: + logging.error("get_data_by_X(): not a valid key parameter. Must be a valid coin (i.e. from %r) and one of: %r" % (valid_coins, valid_keys)) + return None + try: + + url = urls[coin.upper()][key] + logging.debug("url = %s" % url) + if not url: + logging.error("Could not find a valid coin/key combination. Must be a valid coin (i.e. from %r) and one of: %r" % (valid_coins, valid_keys)) + return None + r = requests.get(url + "%s" % (value), headers=headers) + except Exception as ex: + logging.error("could not fetch from the service. Error: %s" % str(ex)) + + if r.status_code != 200: + logging.error("could not fetch from the service. Status code: %s" % + r.status_code) + return r.json() + + +def get_bin2btc_by_btc(btc_addr: str, api_key: str): + """ Function to fetch the data from the bin2btc/{btc} endpoint """ + return get_data_by('BTC', 'btc', btc_addr, api_key) + + +def get_bin2btc_by_md5(md5: str, api_key: str): + """ Function to fetch the data from the bin2btc/{md5} endpoint """ + return get_data_by('BTC', 'md5', md5, api_key) + + +def get_bin2btc_by_sha1(sha1: str, api_key: str): + """ Function to fetch the data from the bin2btc/{sha1} endpoint """ + return get_data_by('BTC', 'sha1', sha1, api_key) + + +def get_bin2btc_by_sha256(sha256: str, api_key: str): + """ Function to fetch the data from the bin2btc/{sha256} endpoint """ + return get_data_by('BTC', 'sha256', sha256, api_key) + + +if __name__ == "__main__": + """ Just for testing on the cmd line. """ + to_btc = "1KnuC7FdhGuHpvFNxtBpz299Q5QteUdNCq" + api_key = os.getenv('api_key') + r = get_bin2btc_by_btc(to_btc, api_key) + print(r) + r = get_bin2btc_by_md5("abc", api_key) + print(r) + r = get_data_by('XMR', 'md5', "452878CD7", api_key) + print(r) diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py new file mode 100644 index 0000000..ed0e118 --- /dev/null +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -0,0 +1,62 @@ +import json +from _ransomcoindb import ransomcoindb +import pprint + +copyright = """ + Copyright 2019 (C) by Aaron Kaplan , all rights reserved. + This file is part of the ransomwarecoindDB project and licensed under the AGPL 3.0 license +""" + +__version__ = 0.1 + + +debug=False + +misperrors = {'error': 'Error'} +# mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} +mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} +moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (ransomcoindb.metadata.li)', 'module-type': ['expansion', 'hover']} +moduleconfig = ['api-key'] + + +def handler(q=False): + """ the main handler function which gets a JSON dict as input and returns a results dict """ + + if q is False: + return False + + q = json.loads(q) + api_key = q["config"]["api-key"] + r = {"results": []} + + """ the "q" query coming in should look something like this: + {'config': {'api-key': ''}, + 'md5': 'md5 or sha1 or sha256 or btc', + 'module': 'metadatali_ransomcoindb', + 'persistent': 1} + """ + + for key in ['md5', 'sha1', 'sha256', 'btc']: # later: xmr, dash + if key in q: + answer = ransomcoindb.get_data_by('BTC', key, q[key], api_key) + """ The results data type should be: + r = { 'results': [ {'types': 'md5', 'values': [ a list of all md5s or all binaries related to this btc address ] } ] } + """ + if key in ['md5', 'sha1', 'sha256']: + r['results'].append({'types': 'btc', 'values': [ a['btc'] for a in answer ]}) + elif key == 'btc': + # better: create a MISP object + r['results'].append({ 'types': 'sha1', 'values': [ a['sha1'] for a in answer ]}) + r['results'].append({ 'types': 'md5', 'values': [ a['md5'] for a in answer ]}) + r['results'].append({ 'types': 'sha256', 'values': [ a['sha256'] for a in answer ]}) + + return r + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 24ec4a0e233f43929a1e1f2faf9f13cb7836bbcd Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 18:56:12 +0100 Subject: [PATCH 02/12] remove pprint --- misp_modules/modules/expansion/ransomcoindb.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py index ed0e118..cf43d44 100644 --- a/misp_modules/modules/expansion/ransomcoindb.py +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -1,6 +1,5 @@ import json from _ransomcoindb import ransomcoindb -import pprint copyright = """ Copyright 2019 (C) by Aaron Kaplan , all rights reserved. @@ -15,7 +14,7 @@ debug=False misperrors = {'error': 'Error'} # mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} -moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (ransomcoindb.metadata.li)', 'module-type': ['expansion', 'hover']} +moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']} moduleconfig = ['api-key'] @@ -32,7 +31,7 @@ def handler(q=False): """ the "q" query coming in should look something like this: {'config': {'api-key': ''}, 'md5': 'md5 or sha1 or sha256 or btc', - 'module': 'metadatali_ransomcoindb', + 'module': 'ransomcoindb', 'persistent': 1} """ From 132249a521f031921f1c1e5b94ed4bb6d0dfecf5 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 19:03:13 +0100 Subject: [PATCH 03/12] mention the ransomcoindb in the README file as a new module --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d1289bc..55cf809 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [AssemblyLine query](misp_modules/modules/expansion/assemblyline_query.py) - an expansion module to query AssemblyLine and parse the full submission report. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. +* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](http://ransomcoindb.concinnity-risks.com): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. * [BTC transactions](misp_modules/modules/expansion/btc_steroids.py) - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. * [CIRCL Passive DNS](misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. From 44130e2bf9842c03fb80245b90a873917b56df74 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 20:51:20 +0100 Subject: [PATCH 04/12] fix url --- misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py | 2 +- misp_modules/modules/expansion/ransomcoindb.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py index 7225c47..c37855a 100755 --- a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py +++ b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py @@ -13,7 +13,7 @@ copyright = """ __version__ = 0.1 -baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/" +baseurl = "https://ransomcoindb.metadata.li/api/v1/" urls = {'BTC': {'btc' : baseurl + 'bin2btc/', 'md5' : baseurl + 'bin2btc/md5/', 'sha1' : baseurl + 'bin2btc/sha1/', diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py index cf43d44..aecd932 100644 --- a/misp_modules/modules/expansion/ransomcoindb.py +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -14,7 +14,7 @@ debug=False misperrors = {'error': 'Error'} # mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} -moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']} +moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.metadata.li)', 'module-type': ['expansion', 'hover']} moduleconfig = ['api-key'] From c5924aee2543b268b296a57096e636261676b63c Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 21:14:45 +0100 Subject: [PATCH 05/12] fix url again --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 55cf809..a6f2124 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [AssemblyLine query](misp_modules/modules/expansion/assemblyline_query.py) - an expansion module to query AssemblyLine and parse the full submission report. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. -* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](http://ransomcoindb.concinnity-risks.com): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. +* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](https://ransomcoindb.metadata.li): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. * [BTC transactions](misp_modules/modules/expansion/btc_steroids.py) - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. * [CIRCL Passive DNS](misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. From b82716f888aa50b318aed3830708055ac4c903aa Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 22:24:14 +0100 Subject: [PATCH 06/12] Revert "fix url again" This reverts commit c5924aee2543b268b296a57096e636261676b63c. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6f2124..55cf809 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [AssemblyLine query](misp_modules/modules/expansion/assemblyline_query.py) - an expansion module to query AssemblyLine and parse the full submission report. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. -* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](https://ransomcoindb.metadata.li): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. +* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](http://ransomcoindb.concinnity-risks.com): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. * [BTC transactions](misp_modules/modules/expansion/btc_steroids.py) - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. * [CIRCL Passive DNS](misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. From 777483838b01249ca842fccb98c6d59601db7c7d Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 22:24:57 +0100 Subject: [PATCH 07/12] Revert "fix url" This reverts commit 44130e2bf9842c03fb80245b90a873917b56df74. --- misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py | 2 +- misp_modules/modules/expansion/ransomcoindb.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py index c37855a..7225c47 100755 --- a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py +++ b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py @@ -13,7 +13,7 @@ copyright = """ __version__ = 0.1 -baseurl = "https://ransomcoindb.metadata.li/api/v1/" +baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/" urls = {'BTC': {'btc' : baseurl + 'bin2btc/', 'md5' : baseurl + 'bin2btc/md5/', 'sha1' : baseurl + 'bin2btc/sha1/', diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py index aecd932..cf43d44 100644 --- a/misp_modules/modules/expansion/ransomcoindb.py +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -14,7 +14,7 @@ debug=False misperrors = {'error': 'Error'} # mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} -moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.metadata.li)', 'module-type': ['expansion', 'hover']} +moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']} moduleconfig = ['api-key'] From 65469055377634881cfa23e83e6fab224b4d8007 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Mon, 25 Nov 2019 22:25:33 +0100 Subject: [PATCH 08/12] final url fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 55cf809..c8000f2 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [AssemblyLine query](misp_modules/modules/expansion/assemblyline_query.py) - an expansion module to query AssemblyLine and parse the full submission report. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. -* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](http://ransomcoindb.concinnity-risks.com): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. +* [RansomcoinDB check](misp_modules/modules/expansion/ransomcoindb.py) - An expansion hover module to query the [ransomcoinDB](https://ransomcoindb.concinnity-risks.com): it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. * [BTC transactions](misp_modules/modules/expansion/btc_steroids.py) - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. * [CIRCL Passive DNS](misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. From d73a9b601afe5096daace37e4bd32159b0b0bd26 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Tue, 26 Nov 2019 01:08:28 +0100 Subject: [PATCH 09/12] use a helpful user-agent string --- .../modules/expansion/_ransomcoindb/ransomcoindb.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py index 7225c47..98ed588 100755 --- a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py +++ b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py @@ -3,7 +3,7 @@ import requests import logging import os -import pprint +# import pprint copyright = """ Copyright 2019 (C) by Aaron Kaplan , all rights reserved. @@ -14,6 +14,8 @@ __version__ = 0.1 baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/" +user_agent = "ransomcoindb client via python-requests/%s" % requests.__version__ + urls = {'BTC': {'btc' : baseurl + 'bin2btc/', 'md5' : baseurl + 'bin2btc/md5/', 'sha1' : baseurl + 'bin2btc/sha1/', @@ -34,9 +36,11 @@ def get_data_by(coin: str, key: str, value: str, api_key: str): See below for examples. """ - pprint.pprint("api-key: %s" % api_key) + # pprint.pprint("api-key: %s" % api_key) headers = {'x-api-key': api_key, 'content-type': 'application/json'} + headers.update({'User-Agent': user_agent}) + # check first if valid: valid_coins = ['BTC', 'XMR'] valid_keys = ['btc', 'md5', 'sha1', 'sha256'] From 06025e63d018bdb4a20fcdcdac5bfe11c1b8a25c Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Tue, 26 Nov 2019 01:52:31 +0100 Subject: [PATCH 10/12] oops , use relative import --- misp_modules/modules/expansion/ransomcoindb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py index cf43d44..d9d7535 100644 --- a/misp_modules/modules/expansion/ransomcoindb.py +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -1,5 +1,5 @@ import json -from _ransomcoindb import ransomcoindb +from ._ransomcoindb import ransomcoindb copyright = """ Copyright 2019 (C) by Aaron Kaplan , all rights reserved. From 5d7a8295832282a6a2076c6f044e47379c94c201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 26 Nov 2019 11:15:47 +0100 Subject: [PATCH 11/12] chg: Use MISPObject in ransomcoindb --- .../expansion/_ransomcoindb/ransomcoindb.py | 14 +++---- .../modules/expansion/ransomcoindb.py | 37 ++++++++++--------- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py index 98ed588..26cd2e3 100755 --- a/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py +++ b/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py @@ -14,16 +14,16 @@ __version__ = 0.1 baseurl = "https://ransomcoindb.concinnity-risks.com/api/v1/" -user_agent = "ransomcoindb client via python-requests/%s" % requests.__version__ +user_agent = "ransomcoindb client via python-requests/%s" % requests.__version__ -urls = {'BTC': {'btc' : baseurl + 'bin2btc/', - 'md5' : baseurl + 'bin2btc/md5/', - 'sha1' : baseurl + 'bin2btc/sha1/', +urls = {'BTC': {'btc': baseurl + 'bin2btc/', + 'md5': baseurl + 'bin2btc/md5/', + 'sha1': baseurl + 'bin2btc/sha1/', 'sha256': baseurl + 'bin2btc/sha256/', }, - 'XMR': {'xmr' : baseurl + 'bin2crypto/XMR/', - 'md5' : baseurl + 'bin2crypto/XMR/md5/', - 'sha1' : baseurl + 'bin2crypto/XMR/sha1/', + 'XMR': {'xmr': baseurl + 'bin2crypto/XMR/', + 'md5': baseurl + 'bin2crypto/XMR/md5/', + 'sha1': baseurl + 'bin2crypto/XMR/sha1/', 'sha256': baseurl + 'bin2crypto/XMR/sha256/', } } diff --git a/misp_modules/modules/expansion/ransomcoindb.py b/misp_modules/modules/expansion/ransomcoindb.py index d9d7535..3bac983 100644 --- a/misp_modules/modules/expansion/ransomcoindb.py +++ b/misp_modules/modules/expansion/ransomcoindb.py @@ -1,5 +1,6 @@ import json from ._ransomcoindb import ransomcoindb +from pymisp import MISPObject copyright = """ Copyright 2019 (C) by Aaron Kaplan , all rights reserved. @@ -9,11 +10,11 @@ copyright = """ __version__ = 0.1 -debug=False +debug = False misperrors = {'error': 'Error'} # mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc', 'xmr', 'dash' ], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} -mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext']} +mispattributes = {'input': ['sha1', 'sha256', 'md5', 'btc'], 'output': ['btc', 'sha1', 'sha256', 'md5', 'freetext'], 'format': 'misp_standard'} moduleinfo = {'version': __version__, 'author': 'Aaron Kaplan', 'description': 'Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)', 'module-type': ['expansion', 'hover']} moduleconfig = ['api-key'] @@ -34,21 +35,23 @@ def handler(q=False): 'module': 'ransomcoindb', 'persistent': 1} """ - - for key in ['md5', 'sha1', 'sha256', 'btc']: # later: xmr, dash - if key in q: - answer = ransomcoindb.get_data_by('BTC', key, q[key], api_key) - """ The results data type should be: - r = { 'results': [ {'types': 'md5', 'values': [ a list of all md5s or all binaries related to this btc address ] } ] } - """ - if key in ['md5', 'sha1', 'sha256']: - r['results'].append({'types': 'btc', 'values': [ a['btc'] for a in answer ]}) - elif key == 'btc': - # better: create a MISP object - r['results'].append({ 'types': 'sha1', 'values': [ a['sha1'] for a in answer ]}) - r['results'].append({ 'types': 'md5', 'values': [ a['md5'] for a in answer ]}) - r['results'].append({ 'types': 'sha256', 'values': [ a['sha256'] for a in answer ]}) - + attribute = q['attribute'] + answer = ransomcoindb.get_data_by('BTC', attribute['type'], attribute['value'], api_key) + """ The results data type should be: + r = { 'results': [ {'types': 'md5', 'values': [ a list of all md5s or all binaries related to this btc address ] } ] } + """ + if attribute['type'] in ['md5', 'sha1', 'sha256']: + r['results'].append({'types': 'btc', 'values': [a['btc'] for a in answer]}) + elif attribute['type'] == 'btc': + # better: create a MISP object + files = [] + for a in answer: + obj = MISPObject('file') + obj.add_attribute('md5', a['md5']) + obj.add_attribute('sha1', a['sha1']) + obj.add_attribute('sha256', a['sha256']) + files.append(obj) + r['results'] = {'Object': [json.loads(f.to_json()) for f in files]} return r From 7a7b3a0ae11f886070dd682f3df09de927417a46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 26 Nov 2019 13:27:19 +0100 Subject: [PATCH 12/12] chg: Bump dependencies --- Pipfile | 2 +- Pipfile.lock | 212 +++++++++++++++++++++++---------------------------- 2 files changed, 97 insertions(+), 117 deletions(-) diff --git a/Pipfile b/Pipfile index 415178b..1cb0889 100644 --- a/Pipfile +++ b/Pipfile @@ -11,7 +11,7 @@ flake8 = "*" [packages] dnspython = "*" -requests = "*" +requests = {extras = ["security"],version = "*"} urlarchiver = "*" passivetotal = "*" pypdns = "*" diff --git a/Pipfile.lock b/Pipfile.lock index 8d6be41..e0e8023 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "28bab177e7e34c6b7fe8bfd8be6fe79a87ec6ca9c44ca63148fed9433d09cf21" + "sha256": "2cd074bb42f3fbefc9eefdcd673817af96b25fdf8e7e7a149878b7ae8bbfcc66" }, "pipfile-spec": 6, "requires": { @@ -325,35 +325,35 @@ }, "lxml": { "hashes": [ - "sha256:02ca7bf899da57084041bb0f6095333e4d239948ad3169443f454add9f4e9cb4", - "sha256:096b82c5e0ea27ce9138bcbb205313343ee66a6e132f25c5ed67e2c8d960a1bc", - "sha256:0a920ff98cf1aac310470c644bc23b326402d3ef667ddafecb024e1713d485f1", - "sha256:1409b14bf83a7d729f92e2a7fbfe7ec929d4883ca071b06e95c539ceedb6497c", - "sha256:17cae1730a782858a6e2758fd20dd0ef7567916c47757b694a06ffafdec20046", - "sha256:17e3950add54c882e032527795c625929613adbd2ce5162b94667334458b5a36", - "sha256:1f4f214337f6ee5825bf90a65d04d70aab05526c08191ab888cb5149501923c5", - "sha256:2e8f77db25b0a96af679e64ff9bf9dddb27d379c9900c3272f3041c4d1327c9d", - "sha256:4dffd405390a45ecb95ab5ab1c1b847553c18b0ef8ed01e10c1c8b1a76452916", - "sha256:6b899931a5648862c7b88c795eddff7588fb585e81cecce20f8d9da16eff96e0", - "sha256:726c17f3e0d7a7200718c9a890ccfeab391c9133e363a577a44717c85c71db27", - "sha256:760c12276fee05c36f95f8040180abc7fbebb9e5011447a97cdc289b5d6ab6fc", - "sha256:796685d3969815a633827c818863ee199440696b0961e200b011d79b9394bbe7", - "sha256:891fe897b49abb7db470c55664b198b1095e4943b9f82b7dcab317a19116cd38", - "sha256:9277562f175d2334744ad297568677056861070399cec56ff06abbe2564d1232", - "sha256:a471628e20f03dcdfde00770eeaf9c77811f0c331c8805219ca7b87ac17576c5", - "sha256:a63b4fd3e2cabdcc9d918ed280bdde3e8e9641e04f3c59a2a3109644a07b9832", - "sha256:ae88588d687bd476be588010cbbe551e9c2872b816f2da8f01f6f1fda74e1ef0", - "sha256:b0b84408d4eabc6de9dd1e1e0bc63e7731e890c0b378a62443e5741cfd0ae90a", - "sha256:be78485e5d5f3684e875dab60f40cddace2f5b2a8f7fede412358ab3214c3a6f", - "sha256:c27eaed872185f047bb7f7da2d21a7d8913457678c9a100a50db6da890bc28b9", - "sha256:c7fccd08b14aa437fe096c71c645c0f9be0655a9b1a4b7cffc77bcb23b3d61d2", - "sha256:c81cb40bff373ab7a7446d6bbca0190bccc5be3448b47b51d729e37799bb5692", - "sha256:d11874b3c33ee441059464711cd365b89fa1a9cf19ae75b0c189b01fbf735b84", - "sha256:e9c028b5897901361d81a4718d1db217b716424a0283afe9d6735fe0caf70f79", - "sha256:fe489d486cd00b739be826e8c1be188ddb74c7a1ca784d93d06fda882a6a1681" + "sha256:00ac0d64949fef6b3693813fe636a2d56d97a5a49b5bbb86e4cc4cc50ebc9ea2", + "sha256:0571e607558665ed42e450d7bf0e2941d542c18e117b1ebbf0ba72f287ad841c", + "sha256:0e3f04a7615fdac0be5e18b2406529521d6dbdb0167d2a690ee328bef7807487", + "sha256:13cf89be53348d1c17b453867da68704802966c433b2bb4fa1f970daadd2ef70", + "sha256:217262fcf6a4c2e1c7cb1efa08bd9ebc432502abc6c255c4abab611e8be0d14d", + "sha256:223e544828f1955daaf4cefbb4853bc416b2ec3fd56d4f4204a8b17007c21250", + "sha256:277cb61fede2f95b9c61912fefb3d43fbd5f18bf18a14fae4911b67984486f5d", + "sha256:3213f753e8ae86c396e0e066866e64c6b04618e85c723b32ecb0909885211f74", + "sha256:4690984a4dee1033da0af6df0b7a6bde83f74e1c0c870623797cec77964de34d", + "sha256:4fcc472ef87f45c429d3b923b925704aa581f875d65bac80f8ab0c3296a63f78", + "sha256:61409bd745a265a742f2693e4600e4dbd45cc1daebe1d5fad6fcb22912d44145", + "sha256:678f1963f755c5d9f5f6968dded7b245dd1ece8cf53c1aa9d80e6734a8c7f41d", + "sha256:6c6d03549d4e2734133badb9ab1c05d9f0ef4bcd31d83e5d2b4747c85cfa21da", + "sha256:6e74d5f4d6ecd6942375c52ffcd35f4318a61a02328f6f1bd79fcb4ffedf969e", + "sha256:7b4fc7b1ecc987ca7aaf3f4f0e71bbfbd81aaabf87002558f5bc95da3a865bcd", + "sha256:7ed386a40e172ddf44c061ad74881d8622f791d9af0b6f5be20023029129bc85", + "sha256:8f54f0924d12c47a382c600c880770b5ebfc96c9fd94cf6f6bdc21caf6163ea7", + "sha256:ad9b81351fdc236bda538efa6879315448411a81186c836d4b80d6ca8217cdb9", + "sha256:bbd00e21ea17f7bcc58dccd13869d68441b32899e89cf6cfa90d624a9198ce85", + "sha256:c3c289762cc09735e2a8f8a49571d0e8b4f57ea831ea11558247b5bdea0ac4db", + "sha256:cf4650942de5e5685ad308e22bcafbccfe37c54aa7c0e30cd620c2ee5c93d336", + "sha256:cfcbc33c9c59c93776aa41ab02e55c288a042211708b72fdb518221cc803abc8", + "sha256:e301055deadfedbd80cf94f2f65ff23126b232b0d1fea28f332ce58137bcdb18", + "sha256:ebbfe24df7f7b5c6c7620702496b6419f6a9aa2fd7f005eb731cc80d7b4692b9", + "sha256:eff69ddbf3ad86375c344339371168640951c302450c5d3e9936e98d6459db06", + "sha256:f6ed60a62c5f1c44e789d2cf14009423cb1646b44a43e40a9cf6a21f077678a1" ], "index": "pypi", - "version": "==4.4.1" + "version": "==4.4.2" }, "maclookup": { "hashes": [ @@ -382,37 +382,25 @@ }, "multidict": { "hashes": [ - "sha256:024b8129695a952ebd93373e45b5d341dbb87c17ce49637b34000093f243dd4f", - "sha256:041e9442b11409be5e4fc8b6a97e4bcead758ab1e11768d1e69160bdde18acc3", - "sha256:045b4dd0e5f6121e6f314d81759abd2c257db4634260abcfe0d3f7083c4908ef", - "sha256:047c0a04e382ef8bd74b0de01407e8d8632d7d1b4db6f2561106af812a68741b", - "sha256:068167c2d7bbeebd359665ac4fff756be5ffac9cda02375b5c5a7c4777038e73", - "sha256:148ff60e0fffa2f5fad2eb25aae7bef23d8f3b8bdaf947a65cdbe84a978092bc", - "sha256:1d1c77013a259971a72ddaa83b9f42c80a93ff12df6a4723be99d858fa30bee3", - "sha256:1d48bc124a6b7a55006d97917f695effa9725d05abe8ee78fd60d6588b8344cd", - "sha256:31dfa2fc323097f8ad7acd41aa38d7c614dd1960ac6681745b6da124093dc351", - "sha256:34f82db7f80c49f38b032c5abb605c458bac997a6c3142e0d6c130be6fb2b941", - "sha256:3d5dd8e5998fb4ace04789d1d008e2bb532de501218519d70bb672c4c5a2fc5d", - "sha256:4a6ae52bd3ee41ee0f3acf4c60ceb3f44e0e3bc52ab7da1c2b2aa6703363a3d1", - "sha256:4b02a3b2a2f01d0490dd39321c74273fed0568568ea0e7ea23e02bd1fb10a10b", - "sha256:4b843f8e1dd6a3195679d9838eb4670222e8b8d01bc36c9894d6c3538316fa0a", - "sha256:5de53a28f40ef3c4fd57aeab6b590c2c663de87a5af76136ced519923d3efbb3", - "sha256:61b2b33ede821b94fa99ce0b09c9ece049c7067a33b279f343adfe35108a4ea7", - "sha256:6a3a9b0f45fd75dc05d8e93dc21b18fc1670135ec9544d1ad4acbcf6b86781d0", - "sha256:76ad8e4c69dadbb31bad17c16baee61c0d1a4a73bed2590b741b2e1a46d3edd0", - "sha256:7ba19b777dc00194d1b473180d4ca89a054dd18de27d0ee2e42a103ec9b7d014", - "sha256:7c1b7eab7a49aa96f3db1f716f0113a8a2e93c7375dd3d5d21c4941f1405c9c5", - "sha256:7fc0eee3046041387cbace9314926aa48b681202f8897f8bff3809967a049036", - "sha256:8ccd1c5fff1aa1427100ce188557fc31f1e0a383ad8ec42c559aabd4ff08802d", - "sha256:8e08dd76de80539d613654915a2f5196dbccc67448df291e69a88712ea21e24a", - "sha256:c18498c50c59263841862ea0501da9f2b3659c00db54abfbf823a80787fde8ce", - "sha256:c49db89d602c24928e68c0d510f4fcf8989d77defd01c973d6cbe27e684833b1", - "sha256:ce20044d0317649ddbb4e54dab3c1bcc7483c78c27d3f58ab3d0c7e6bc60d26a", - "sha256:d1071414dd06ca2eafa90c85a079169bfeb0e5f57fd0b45d44c092546fcd6fd9", - "sha256:d3be11ac43ab1a3e979dac80843b42226d5d3cccd3986f2e03152720a4297cd7", - "sha256:db603a1c235d110c860d5f39988ebc8218ee028f07a7cbc056ba6424372ca31b" + "sha256:07f9a6bf75ad675d53956b2c6a2d4ef2fa63132f33ecc99e9c24cf93beb0d10b", + "sha256:0ffe4d4d28cbe9801952bfb52a8095dd9ffecebd93f84bdf973c76300de783c5", + "sha256:1b605272c558e4c659dbaf0fb32a53bfede44121bcf77b356e6e906867b958b7", + "sha256:205a011e636d885af6dd0029e41e3514a46e05bb2a43251a619a6e8348b96fc0", + "sha256:250632316295f2311e1ed43e6b26a63b0216b866b45c11441886ac1543ca96e1", + "sha256:2bc9c2579312c68a3552ee816311c8da76412e6f6a9cf33b15152e385a572d2a", + "sha256:318aadf1cfb6741c555c7dd83d94f746dc95989f4f106b25b8a83dfb547f2756", + "sha256:42cdd649741a14b0602bf15985cad0dd4696a380081a3319cd1ead46fd0f0fab", + "sha256:5159c4975931a1a78bf6602bbebaa366747fce0a56cb2111f44789d2c45e379f", + "sha256:87e26d8b89127c25659e962c61a4c655ec7445d19150daea0759516884ecb8b4", + "sha256:891b7e142885e17a894d9d22b0349b92bb2da4769b4e675665d0331c08719be5", + "sha256:8d919034420378132d074bf89df148d0193e9780c9fe7c0e495e895b8af4d8a2", + "sha256:9c890978e2b37dd0dc1bd952da9a5d9f245d4807bee33e3517e4119c48d66f8c", + "sha256:a37433ce8cdb35fc9e6e47e1606fa1bfd6d70440879038dca7d8dd023197eaa9", + "sha256:c626029841ada34c030b94a00c573a0c7575fe66489cde148785b6535397d675", + "sha256:cfec9d001a83dc73580143f3c77e898cf7ad78b27bb5e64dbe9652668fcafec7", + "sha256:efaf1b18ea6c1f577b1371c0159edbe4749558bfe983e13aa24d0a0c01e1ad7b" ], - "version": "==4.5.2" + "version": "==4.6.1" }, "np": { "hashes": [ @@ -462,36 +450,35 @@ }, "opencv-python": { "hashes": [ - "sha256:01505b131dc35f60e99a5da98b77156e37f872ae0ff5596e5e68d526bb572d3c", - "sha256:0478a1037505ddde312806c960a5e8958d2cf7a2885e8f2f5dde74c4028e0b04", - "sha256:17810b89f9ef8e8537e75332acf533e619e26ccadbf1b73f24bf338f2d327ddd", - "sha256:19ad2ea9fb32946761b47b9d6eed51876a8329da127f27788263fecd66651ba0", - "sha256:1a250edb739baf3e7c25d99a2ee252aac4f59a97e0bee39237eaa490fd0281d3", - "sha256:3505468970448f66cd776cb9e179570c87988f94b5cf9bcbc4c2d88bd88bbdf1", - "sha256:4e04a91da157885359f487534433340b2d709927559c80acf62c28167e59be02", - "sha256:5a49cffcdec5e37217672579c3343565926d999642844efa9c6a031ed5f32318", - "sha256:604b2ce3d4a86480ced0813da7fba269b4605ad9fea26cd2144d8077928d4b49", - "sha256:61cbb8fa9565a0480c46028599431ad8f19181a7fac8070a700515fd54cd7377", - "sha256:62d7c6e511c9454f099616315c695d02a584048e1affe034b39160db7a2ae34d", - "sha256:6555272dd9efd412d17cdc1a4f4c2da5753c099d95d9ff01aca54bb9782fb5cf", - "sha256:67d994c6b2b14cb9239e85dc7dfa6c08ef7cf6eb4def80c0af6141dfacc8cbb9", - "sha256:68c9cbe538666c4667523821cc56caee49389bea06bae4c0fc2cd68bd264226a", - "sha256:822ad8f628a9498f569c57d30865f5ef9ee17824cee0a1d456211f742028c135", - "sha256:82d972429eb4fee22c1dc4204af2a2e981f010e5e4f66daea2a6c68381b79184", - "sha256:9128924f5b58269ee221b8cf2d736f31bd3bb0391b92ee8504caadd68c8176a2", - "sha256:9172cf8270572c494d8b2ae12ef87c0f6eed9d132927e614099f76843b0c91d7", - "sha256:952bce4d30a8287b17721ddaad7f115dab268efee8576249ddfede80ec2ce404", - "sha256:a8147718e70b1f170a3d26518e992160137365a4db0ed82a9efd3040f9f660d4", - "sha256:bfdb636a3796ff223460ea0fcfda906b3b54f4bef22ae433a5b67e66fab00b25", - "sha256:c9c3f27867153634e1083390920067008ebaaab78aeb09c4e0274e69746cb2c8", - "sha256:d69be21973d450a4662ae6bd1b3df6b1af030e448d7276380b0d1adf7c8c2ae6", - "sha256:db1479636812a6579a3753b72a6fefaa73190f32bf7b19e483f8bc750cebe1a5", - "sha256:db8313d755962a7dd61e5c22a651e0743208adfdb255c6ec8904ce9cb02940c6", - "sha256:e4625a6b032e7797958aeb630d6e3e91e3896d285020aae612e6d7b342d6dfea", - "sha256:e8397a26966a1290836a52c34b362aabc65a422b9ffabcbbdec1862f023ccab8" + "sha256:04bec0a6d3a00360a7fb769b755ff4489a4ac8291821b785151f63e6d8bb59ea", + "sha256:1a2d1801c038f055852bd2379186ca8b19b4ea24afb0b8410293bc802211579b", + "sha256:1c7d235faef511aca7669f1aa650897b6c058dfde6412ea3fc58feb0fce78814", + "sha256:22c2ee5f97f85903bfb28c056566b2ecaa1d2f804b880ab39ebf94528a402992", + "sha256:25127990671dc8bd27ae8b880d7a39f9aae863052a8fbebe8977c6ce8e5fc0c9", + "sha256:3cef82b6a1f748d2f4527f5932a86d54ebd10bd89f6cf59b003c36b1015055f7", + "sha256:499a0413e7110a934ab56e635252a4c86f8be64de59f94a62318a7b895dc809e", + "sha256:5f2cf5a0ab244a0a1dbe5ec426c277b55e06ac6a472ad61be77ef643a238cbd3", + "sha256:5fec35916a6b9ce935f2e2806084303fd4e3fbb0c973a8db8f54b5aca54613cb", + "sha256:6183c9c7fab4590e0651bc941cde780988c3ad9889bd62de19d581a6f59523ea", + "sha256:67a236db8db84d7fb0f6e127f360ce6669350ef324839132e22879ec90588dab", + "sha256:6c32d36f52a6e0c02d1ab0bb95223cb4dd5525a7e8292a747116126b3d34c578", + "sha256:73a467a78ffd902d2c0265ab6b2e2cdda423d61b3d08685e0c7d0b4572142ff1", + "sha256:76de8a247970d150b1672c6646cda91217d562682e713721fc9b9bf1434553c4", + "sha256:919d5c3ec1a62258ba8c68b869b1056186e2355c4474739b199c295547e66cc1", + "sha256:982d4e80c14356098cde57a6c7d18fe0928a1c3118675bac2252ef38f152e1ab", + "sha256:9d025e6bf2989bcbc7744c26d8bd90c2629a92d8de3ba2416f62ce2a94615dd9", + "sha256:bb59f98205cd81e29f45eed043cf0f98531486dc0b3f671c9e06fecf08f7ccef", + "sha256:c8119248457e909dcd7b598621ed1d139419d69377e8cb4e2b2c49c819de287d", + "sha256:ce7b1f25be04b04f2e678b2bf23a975137f77406dcee66a88a2daeb77cda3e76", + "sha256:d64428bf59ab4d27620b00a2ad6fea2b4d62016a17849c82a7517ec12db97d55", + "sha256:e2ffa3161b8662112f1880734e8b9549d0c9e818e59f652a9d1c5bf31e36586a", + "sha256:e6fc00ac42c800fad5fb3927cfb9bf4e60bb3302cb9805f45b826d5d2546119a", + "sha256:e793df2e12093b3a01006b5b27f321e306193c7a5c9e2a6c8bf652e1ad2d6a86", + "sha256:eae543b3e9253ff702103333aabd87736b5ed5e46ab834d8e0b929f08f494dee", + "sha256:f0af656402b73ead2d9f593c2774c04b01e2d0c63e4f99e0dc2f3fde99be22b4" ], "index": "pypi", - "version": "==4.1.1.26" + "version": "==4.1.2.30" }, "pandas": { "hashes": [ @@ -587,19 +574,19 @@ }, "psutil": { "hashes": [ - "sha256:021d361439586a0fd8e64f8392eb7da27135db980f249329f1a347b9de99c695", - "sha256:145e0f3ab9138165f9e156c307100905fd5d9b7227504b8a9d3417351052dc3d", - "sha256:348ad4179938c965a27d29cbda4a81a1b2c778ecd330a221aadc7bd33681afbd", - "sha256:3feea46fbd634a93437b718518d15b5dd49599dfb59a30c739e201cc79bb759d", - "sha256:474e10a92eeb4100c276d4cc67687adeb9d280bbca01031a3e41fb35dfc1d131", - "sha256:47aeb4280e80f27878caae4b572b29f0ec7967554b701ba33cd3720b17ba1b07", - "sha256:73a7e002781bc42fd014dfebb3fc0e45f8d92a4fb9da18baea6fb279fbc1d966", - "sha256:d051532ac944f1be0179e0506f6889833cf96e466262523e57a871de65a15147", - "sha256:dfb8c5c78579c226841908b539c2374da54da648ee5a837a731aa6a105a54c00", - "sha256:e3f5f9278867e95970854e92d0f5fe53af742a7fc4f2eba986943345bcaed05d", - "sha256:e9649bb8fc5cea1f7723af53e4212056a6f984ee31784c10632607f472dec5ee" + "sha256:094f899ac3ef72422b7e00411b4ed174e3c5a2e04c267db6643937ddba67a05b", + "sha256:10b7f75cc8bd676cfc6fa40cd7d5c25b3f45a0e06d43becd7c2d2871cbb5e806", + "sha256:1b1575240ca9a90b437e5a40db662acd87bbf181f6aa02f0204978737b913c6b", + "sha256:21231ef1c1a89728e29b98a885b8e0a8e00d09018f6da5cdc1f43f988471a995", + "sha256:28f771129bfee9fc6b63d83a15d857663bbdcae3828e1cb926e91320a9b5b5cd", + "sha256:70387772f84fa5c3bb6a106915a2445e20ac8f9821c5914d7cbde148f4d7ff73", + "sha256:b560f5cd86cf8df7bcd258a851ca1ad98f0d5b8b98748e877a0aec4e9032b465", + "sha256:b74b43fecce384a57094a83d2778cdfc2e2d9a6afaadd1ebecb2e75e0d34e10d", + "sha256:e85f727ffb21539849e6012f47b12f6dd4c44965e56591d8dec6e8bc9ab96f4a", + "sha256:fd2e09bb593ad9bdd7429e779699d2d47c1268cbde4dda95fcd1bd17544a0217", + "sha256:ffad8eb2ac614518bbe3c0b8eb9dffdb3a8d2e3a7d5da51c5b974fb723a5c5aa" ], - "version": "==5.6.5" + "version": "==5.6.7" }, "pybgpranking": { "editable": true, @@ -721,7 +708,7 @@ "pymisp": { "editable": true, "git": "https://github.com/MISP/PyMISP.git", - "ref": "b1818b1751021fc82805524706352b0a8eb77249" + "ref": "a32256f1959cc3fb6a4481b77dbe2589385e4f5b" }, "pyonyphe": { "editable": true, @@ -759,9 +746,9 @@ }, "pyrsistent": { "hashes": [ - "sha256:eb6545dbeb1aa69ab1fb4809bfbf5a8705e44d92ef8fc7c2361682a47c46c778" + "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b" ], - "version": "==0.15.5" + "version": "==0.15.6" }, "pytesseract": { "hashes": [ @@ -951,10 +938,10 @@ }, "stix2-patterns": { "hashes": [ - "sha256:137cbe28d29af774d526a49d60b3a40af7c19fe1e5f252e741bb25f253d5616f" + "sha256:1a583ec394af0c61eaa36efeef06e33d03bb7aae8b6e2f491449d5f220dc819d" ], "index": "pypi", - "version": "==1.1.0" + "version": "==1.2.0" }, "tabulate": { "hashes": [ @@ -1094,13 +1081,6 @@ } }, "develop": { - "atomicwrites": { - "hashes": [ - "sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4", - "sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6" - ], - "version": "==1.3.0" - }, "attrs": { "hashes": [ "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", @@ -1229,10 +1209,10 @@ }, "pluggy": { "hashes": [ - "sha256:0db4b7601aae1d35b4a033282da476845aa19185c1e6964b25cf324b5e4ec3e6", - "sha256:fa5fa1622fa6dd5c030e9cad086fa19ef6a0cf6d7a2d12318e10cb49d6d68f34" + "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", + "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" ], - "version": "==0.13.0" + "version": "==0.13.1" }, "py": { "hashes": [ @@ -1264,11 +1244,11 @@ }, "pytest": { "hashes": [ - "sha256:8e256fe71eb74e14a4d20a5987bb5e1488f0511ee800680aaedc62b9358714e8", - "sha256:ff0090819f669aaa0284d0f4aad1a6d9d67a6efdc6dd4eb4ac56b704f890a0d6" + "sha256:1897d74f60a5d8be02e06d708b41bf2445da2ee777066bd68edf14474fc201eb", + "sha256:f6a567e20c04259d41adce9a360bd8991e6aa29dd9695c5e6bd25a9779272673" ], "index": "pypi", - "version": "==5.2.4" + "version": "==5.3.0" }, "requests": { "extras": [