mirror of https://github.com/MISP/misp-modules
fix: Use the proper formatting method and not the horrible % one
parent
9bf3346e88
commit
648c6414c3
|
@ -10,11 +10,11 @@ mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'md5', 'sh
|
||||||
}
|
}
|
||||||
|
|
||||||
# possible module-types: 'expansion', 'hover' or both
|
# possible module-types: 'expansion', 'hover' or both
|
||||||
moduleinfo = {'version': '2', 'author': 'Hannah Ward',
|
moduleinfo = {'version': '1', 'author': 'KX499',
|
||||||
'description': 'Get information from virustotal',
|
'description': 'Get information from ThreatMiner',
|
||||||
'module-type': ['expansion']}
|
'module-type': ['expansion']}
|
||||||
|
|
||||||
desc = '%s: Threatminer - %s'
|
desc = '{}: Threatminer - {}'
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
|
@ -66,25 +66,25 @@ def get_domain(q):
|
||||||
if not emails:
|
if not emails:
|
||||||
continue
|
continue
|
||||||
for em_type, email in emails.items():
|
for em_type, email in emails.items():
|
||||||
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
|
||||||
if flag == 2: #pdns
|
if flag == 2: #pdns
|
||||||
ip = result.get('ip')
|
ip = result.get('ip')
|
||||||
if ip:
|
if ip:
|
||||||
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')})
|
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
|
||||||
if flag == 3: #uri
|
if flag == 3: #uri
|
||||||
uri = result.get('uri')
|
uri = result.get('uri')
|
||||||
if uri:
|
if uri:
|
||||||
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')})
|
ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
|
||||||
if flag == 4: #samples
|
if flag == 4: #samples
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
|
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
|
||||||
if flag == 5: #subdomains
|
if flag == 5: #subdomains
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['domain'], 'values': [result], 'comment': desc % (q, 'subdomain')})
|
ret.append({'types': ['domain'], 'values': [result], 'comment': desc.format(q, 'subdomain')})
|
||||||
if flag == 6: #reports
|
if flag == 6: #reports
|
||||||
link = result.get('URL')
|
link = result.get('URL')
|
||||||
if link:
|
if link:
|
||||||
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')})
|
ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
@ -105,25 +105,25 @@ def get_ip(q):
|
||||||
if not emails:
|
if not emails:
|
||||||
continue
|
continue
|
||||||
for em_type, email in emails.items():
|
for em_type, email in emails.items():
|
||||||
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')})
|
ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')})
|
||||||
if flag == 2: #pdns
|
if flag == 2: #pdns
|
||||||
ip = result.get('ip')
|
ip = result.get('ip')
|
||||||
if ip:
|
if ip:
|
||||||
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')})
|
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')})
|
||||||
if flag == 3: #uri
|
if flag == 3: #uri
|
||||||
uri = result.get('uri')
|
uri = result.get('uri')
|
||||||
if uri:
|
if uri:
|
||||||
ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')})
|
ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')})
|
||||||
if flag == 4: #samples
|
if flag == 4: #samples
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')})
|
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')})
|
||||||
if flag == 5: #ssl
|
if flag == 5: #ssl
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'ssl')})
|
ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc.format(q, 'ssl')})
|
||||||
if flag == 6: #reports
|
if flag == 6: #reports
|
||||||
link = result.get('URL')
|
link = result.get('URL')
|
||||||
if link:
|
if link:
|
||||||
ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')})
|
ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')})
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
@ -142,25 +142,25 @@ def get_hash(q):
|
||||||
if flag == 1: #meta (filename)
|
if flag == 1: #meta (filename)
|
||||||
name = result.get('file_name')
|
name = result.get('file_name')
|
||||||
if name:
|
if name:
|
||||||
ret.append({'types': ['filename'], 'values': [name], 'comment': desc % (q, 'file')})
|
ret.append({'types': ['filename'], 'values': [name], 'comment': desc.format(q, 'file')})
|
||||||
if flag == 3: #network
|
if flag == 3: #network
|
||||||
domains = result.get('domains')
|
domains = result.get('domains')
|
||||||
for dom in domains:
|
for dom in domains:
|
||||||
if dom.get('domain'):
|
if dom.get('domain'):
|
||||||
ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc % (q, 'network')})
|
ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc.format(q, 'network')})
|
||||||
|
|
||||||
hosts = result.get('hosts')
|
hosts = result.get('hosts')
|
||||||
for h in hosts:
|
for h in hosts:
|
||||||
if type(h) is str:
|
if type(h) is str:
|
||||||
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc % (q, 'network')})
|
ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc.format(q, 'network')})
|
||||||
if flag == 6: #detections
|
if flag == 6: #detections
|
||||||
detections = result.get('av_detections')
|
detections = result.get('av_detections')
|
||||||
for d in detections:
|
for d in detections:
|
||||||
if d.get('detection'):
|
if d.get('detection'):
|
||||||
ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc % (q, 'detection')})
|
ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc.format(q, 'detection')})
|
||||||
if flag == 7: #report
|
if flag == 7: #report
|
||||||
if type(result) is str:
|
if type(result) is str:
|
||||||
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'report')})
|
ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'report')})
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue