MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update expansion.md 

Add: virustotal upload 
malshare upload
triage submit
pull/682/head
Karen Yousefi 2024-08-16 18:55:58 -07:00 committed by GitHub
parent 9106a44e8f
commit dce7fc1c18
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 88 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
documentation/mkdocs/expansion.md
View File

@ -1561,6 +1561,29 @@ Module to access Macvendors API.
-----
#### [Malshare Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)
Module to push malware samples to MalShare.com
[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)]
- **features**:
>The module requires a MalShare API key to upload files, and returns the link of the MalShare analysis.
- **config**:
>api_key
- **input**:
>Attachment or malware sample
- **output**:
>Link attribute that points to the sample at the MalShare analysis instance.
- **references**:
> - https://malshare.com/
> - https://malshare.com/doc.php
-----
#### [Malware Bazaar Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malwarebazaar.py)
Query Malware Bazaar to get additional information about the input hash.
@ -2454,6 +2477,42 @@ Module to get information from ThreatMiner.
- **references**:
>https://www.threatminer.org/
-----
#### [Triage Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)
Module to submit samples to tria.ge
[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)]
- **features**:
> Upload files, and returns the link of the uploaded analysis.
>
>The module can submit URLs to retrieve and analyze them directly in the browser or fetch and execute files in the sandbox.
- **config**:
>apikey
>
>url_mode ( 'submit' or 'fetch' )
- **input**:
>A MISP attribute included in the following list:
>- Attachment
>- malware-sample
>- url
- **output**:
>Link attribute that points to the sample at the Triage analysis instance.
- **references**:
> - https://tria.ge/
> - https://tria.ge/docs/cloud-api/submit/
- **requirements**:
>An access to the Triage API (apikey)
-----
#### [TruSTAR Enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/trustar_enrich.py)
@ -2653,6 +2712,35 @@ Enrich observables with the VirusTotal v3 public API
- **requirements**:
>An access to the VirusTotal API (apikey)
-----
#### [VirusTotal Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)
<img src=../logos/virustotal.png height=60>
Module to push malware samples to VirusTotal v3 public API
[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)]
- **features**:
>The module requires a VirusTotal API key to Upload files, and returns the link of the uploaded analysis.
- **config**:
> - apikey
- **input**:
>Attachment or malware sample
- **output**:
>Link attribute that points to the sample at the VirusTotal analysis instance.
- **references**:
> - https://www.virustotal.com
> - https://docs.virustotal.com/reference/overview
- **requirements**:
>An access to the VirusTotal API (apikey)
-----
#### [VMRay Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py)