From dce7fc1c18789452ae7b290a3e1e7cc3dfdfc2a5 Mon Sep 17 00:00:00 2001 From: Karen Yousefi <38912491+karenyousefi@users.noreply.github.com> Date: Fri, 16 Aug 2024 18:55:58 -0700 Subject: [PATCH] Update expansion.md Add: virustotal upload malshare upload triage submit --- documentation/mkdocs/expansion.md | 88 +++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md index 153fc1be..d92d914c 100644 --- a/documentation/mkdocs/expansion.md +++ b/documentation/mkdocs/expansion.md @@ -1561,6 +1561,29 @@ Module to access Macvendors API. ----- +#### [Malshare Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py) + +Module to push malware samples to MalShare.com +[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)] + +- **features**: +>The module requires a MalShare API key to upload files, and returns the link of the MalShare analysis. + +- **config**: +>api_key + +- **input**: +>Attachment or malware sample + +- **output**: +>Link attribute that points to the sample at the MalShare analysis instance. + +- **references**: +> - https://malshare.com/ +> - https://malshare.com/doc.php + +----- + #### [Malware Bazaar Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malwarebazaar.py) Query Malware Bazaar to get additional information about the input hash. @@ -2454,6 +2477,42 @@ Module to get information from ThreatMiner. - **references**: >https://www.threatminer.org/ + + +----- + +#### [Triage Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py) + +Module to submit samples to tria.ge +[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)] + +- **features**: +> Upload files, and returns the link of the uploaded analysis. +> +>The module can submit URLs to retrieve and analyze them directly in the browser or fetch and execute files in the sandbox. + + +- **config**: +>apikey +> +>url_mode ( 'submit' or 'fetch' ) + +- **input**: +>A MISP attribute included in the following list: +>- Attachment +>- malware-sample +>- url + +- **output**: +>Link attribute that points to the sample at the Triage analysis instance. + +- **references**: +> - https://tria.ge/ +> - https://tria.ge/docs/cloud-api/submit/ + +- **requirements**: +>An access to the Triage API (apikey) + ----- #### [TruSTAR Enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/trustar_enrich.py) @@ -2653,6 +2712,35 @@ Enrich observables with the VirusTotal v3 public API - **requirements**: >An access to the VirusTotal API (apikey) + +----- + +#### [VirusTotal Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py) + + + +Module to push malware samples to VirusTotal v3 public API +[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)] + +- **features**: +>The module requires a VirusTotal API key to Upload files, and returns the link of the uploaded analysis. + +- **config**: +> - apikey + +- **input**: +>Attachment or malware sample + +- **output**: +>Link attribute that points to the sample at the VirusTotal analysis instance. + +- **references**: +> - https://www.virustotal.com +> - https://docs.virustotal.com/reference/overview + +- **requirements**: +>An access to the VirusTotal API (apikey) + ----- #### [VMRay Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py)