From 7bafa939b07f426cde7eef121f65188e57143515 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Tue, 6 Nov 2018 00:48:36 +0900 Subject: [PATCH] new: [btc] Very simple BTC expansion chg: [req] yara-python is preferred --- REQUIREMENTS | 3 +- misp_modules/modules/expansion/__init__.py | 2 +- misp_modules/modules/expansion/btc.py | 50 ++++++++++++++++++++++ 3 files changed, 53 insertions(+), 2 deletions(-) create mode 100755 misp_modules/modules/expansion/btc.py diff --git a/REQUIREMENTS b/REQUIREMENTS index 0aae71f..cfaf9ad 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -21,9 +21,10 @@ domaintools_api pygeoip bs4 oauth2 -yara +yara-python sigmatools stix2-patterns maclookup vulners psutil +blockchain diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index f1c6d7a..73abd2e 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -1,3 +1,3 @@ from . import _vmray -__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query'] +__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'btc', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query'] diff --git a/misp_modules/modules/expansion/btc.py b/misp_modules/modules/expansion/btc.py new file mode 100755 index 0000000..da2fbe0 --- /dev/null +++ b/misp_modules/modules/expansion/btc.py @@ -0,0 +1,50 @@ +import json +import blockchain + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['btc'], 'output': ['text']} +moduleinfo = {'version': '0.1', 'author': 'Steve Clement', + 'description': 'Simple BTC expansion service to \ + get quick information from MISP attributes', + 'module-type': ['expansion', 'hover']} + +moduleconfig = [] + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + if request.get('btc'): + toquery = request['btc'] + else: + return False + + try: + address = blockchain.blockexplorer.get_address(toquery) + except Exception as e: + misperrors['error'] = e + return misperrors + finalBalance = address.final_balance*(1/100000000) + totalRX = address.total_received*(1/100000000) + totalTX = address.total_sent*(1/100000000) + totalTransactions = address.n_tx + + answer = 'Current balance: \ + {} - \ + {} total received - \ + {} total sent - \ + {} transactions.\ + '.format(finalBalance, totalRX, totalTX, totalTransactions) + r = {'results': [{'types': mispattributes['output'], + 'values':[str(answer)]}]} + return r + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo