MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #209 from cvandeplas/master 

ta_import - support for TheatAnalyzer 6.1
pull/210/head
Christophe Vandeplas 2018-07-27 14:51:26 +02:00 committed by GitHub
parent 1fcc16efb7 2f27ff1244
commit a8170ded17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
misp_modules/modules/import_mod/threatanalyzer_import.py
View File

@ -46,15 +46,19 @@ def handler(q=False):
with zf.open(zip_file_name, mode='r', pwd=None) as fp: with zf.open(zip_file_name, mode='r', pwd=None) as fp:
file_data = fp.read() file_data = fp.read()
for line in file_data.decode().split('\n'): for line in file_data.decode().split('\n'):
if line: if not line:
continue
if line.count('|') == 3:
l_fname, l_size, l_md5, l_created = line.split('|') l_fname, l_size, l_md5, l_created = line.split('|')
l_fname = cleanup_filepath(l_fname) if line.count('|') == 4:
if l_fname: l_fname, l_size, l_md5, l_sha256, l_created = line.split('|')
if l_size == 0: l_fname = cleanup_filepath(l_fname)
pass # FIXME create an attribute for the filename/path if l_fname:
else: if l_size == 0:
# file is a non empty sample, upload the sample later pass # FIXME create an attribute for the filename/path
modified_files_mapping[l_md5] = l_fname else:
# file is a non empty sample, upload the sample later
modified_files_mapping[l_md5] = l_fname
# now really process the data # now really process the data
for zip_file_name in zf.namelist(): # Get all files in the zip file for zip_file_name in zf.namelist(): # Get all files in the zip file