chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
f541b1f4ba
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-29 10:50:39 +10:00
Georg Schölly
1745d33ee4
add expansion for joe sandbox
2019-05-21 21:14:21 +02:00
chrisr3d
d4bc85259d
fix: Removed unused library
2019-05-02 14:15:12 +02:00
chrisr3d
a5ff849950
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-02 13:23:24 +02:00
Steve Clement
553cf44337
fix: [pep8] Fixes
2019-05-02 10:37:48 +09:00
Koen Van Impe
c8a4d8d76f
New VMRay modules
...
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
2019-05-01 22:44:24 +02:00
root
92351e6679
add: Added urlhaus in the expansion modules init list
2019-05-01 22:22:10 +02:00
root
9d3741aeb9
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-30 08:59:05 +02:00
Alexandre Dulaunoy
ec766f571c
chg: [init] cleanup for pep
2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy
63c12f34e6
chg: [pdf-enrich] updated
2019-04-26 13:36:07 +02:00
Sascha Rommelfangen
fc339c888d
removed trailing whitespaces
2019-04-26 12:14:56 +02:00
Sascha Rommelfangen
1d4f8a6989
new modules added
2019-04-26 12:09:16 +02:00
Sascha Rommelfangen
f55d7946df
introduction of new modules
2019-04-26 12:07:55 +02:00
Sascha Rommelfangen
06036b7fe5
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-04-24 15:01:03 +02:00
Sascha Rommelfangen
07f759b07a
renamed file
2019-04-24 14:53:16 +02:00
Sascha Rommelfangen
5104bce451
renamed module
2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy
81b0082ae5
chg: [init] removed trailing whitespace
2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy
614fc1354b
chg: [ocr] re module not used - removed
2019-04-24 14:01:08 +02:00
Sascha Rommelfangen
7171c8ce92
initial version of OCR expansion module
2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy
18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo
...
Expansion module - File/URL submission to Cuckoo Sandbox
2019-04-23 19:36:28 +02:00
Sascha Rommelfangen
2d8aaf09c2
brackets are difficult...
2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy
e55ae11a1e
chg: [qrcode] added to the __init__
2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy
44050ec4da
chg: [qrcode] flake8 needs some drugs
2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy
d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant
2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy
a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module
2019-04-23 14:33:06 +02:00
Sascha Rommelfangen
c85ab8d93c
initial version of QR code reader
...
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
2019-04-23 11:38:56 +02:00
Ricardo van Zutphen
e6326185d5
Use double quotes and provide headers correctly
2019-04-19 16:24:30 +02:00
Ricardo van Zutphen
49acb53745
Update Cuckoo module to support files and URLs
2019-04-19 14:06:35 +02:00
Evert0x
e243edb503
Update __init__.py
2019-04-18 14:25:05 +02:00
Evert0x
eefa35c65d
Create cuckoo_submit.py
2019-04-18 00:23:38 +02:00
Raphaël Vinot
f82933779f
fix: pep8 foobar.
2019-04-02 16:01:36 +02:00
Raphaël Vinot
9cb21f98e1
fix: Add the new module sin the list of modules availables.
2019-04-02 15:46:17 +02:00
Raphaël Vinot
c64f514a6f
fix: Typos in variable names
2019-04-02 15:39:27 +02:00
Raphaël Vinot
b89d068c04
new: Modules for greynoise, haveibeenpwned and macvendors
...
Source: https://github.com/src7/misp-modules
2019-04-02 15:30:11 +02:00
root
38fc479d12
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-01 16:29:10 +02:00
root
2439d5f75d
fix: Fixed object_id variable name typo
2019-04-01 16:28:19 +02:00
Raphaël Vinot
1c0984eaec
fix: Remove unused import
2019-03-15 11:06:11 +01:00
chrisr3d
d87a67c6f3
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-03-14 19:04:32 +01:00
chrisr3d
0b92fd5a53
fix: Making json_decode even happier with full json format
...
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
2019-03-14 18:48:13 +01:00
Sascha Rommelfangen
5af667edff
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-03-14 14:41:24 +01:00
Sascha Rommelfangen
eb2dcca12b
fixed a bug when checking malformed BTC addresses
2019-03-14 14:39:58 +01:00
chrisr3d
62bc45e03a
fix: Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part
2019-03-14 14:31:38 +01:00
chrisr3d
9c8ee1f3d7
new: Expansion module to query urlhaus API
...
- Using the next version of modules, taking a
MISP attribute as input and able to return
attributes and objects
- Work still in process in the core part
2019-03-13 09:57:28 +01:00
Alexandre Dulaunoy
0bf27c1b69
chg: [btc_scam_check] fix spacing for making flake 8 happy
2019-02-11 14:23:18 +01:00
chrisr3d
74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-02-11 09:28:49 +01:00
Alexandre Dulaunoy
f0ccfd2027
chg: [backscatter.io] blind fix regarding undefined value
2019-02-10 16:56:01 +01:00
Alexandre Dulaunoy
7b1a837b10
chg: [backscatter.io] remove blank line at the end of the file
2019-02-10 16:40:06 +01:00
Alexandre Dulaunoy
acc35e3a02
chg: [backscatter.io] Exception handler fixed for recent version of Python
2019-02-10 16:33:09 +01:00
9b
c8b410161a
Use the write var on return
2019-02-08 12:29:43 -05:00
9b
e4c1468968
Stubbed module
2019-02-08 12:27:20 -05:00
chrisr3d
08fe0cbe09
fix: Description fixed
2019-02-05 14:54:22 +01:00
chrisr3d
d1000d82c4
add: New module to check if a bitcoin address has been abused
...
- Also related update of documentation
2019-02-05 14:46:42 +01:00
Raphaël Vinot
454c9e0f43
fix: Pep8 related fixes.
2019-02-04 11:05:51 +01:00
Raphaël Vinot
3d47eb7420
fix: make flake8 happy
2019-01-25 10:45:07 +01:00
Sascha Rommelfangen
c52b95cdbe
sometimes server doesn't return expected values. fixed.
2019-01-24 09:51:46 +01:00
Raphaël Vinot
0189a117a3
fix: Change in the imports in other sigma module
2019-01-21 14:14:19 +01:00
Raphaël Vinot
b791b177c3
fix: Change in the imports
2019-01-21 14:06:38 +01:00
Raphaël Vinot
d5ec09fe4a
fix: Change module name
2019-01-21 13:57:45 +01:00
Raphaël Vinot
55f05e0524
chg: Use pipenv, update bgpranking/ipasn modules
2019-01-21 13:31:52 +01:00
Raphaël Vinot
8fc5b1fd1f
fix: Make pep8 happy
2018-12-11 15:29:09 +01:00
Raphaël Vinot
d0aec62f1a
new: Intel471 module
2018-12-11 13:30:52 +01:00
Sascha Rommelfangen
d5eb34270a
Merge branch 'master' of https://github.com/MISP/misp-modules
2018-11-26 15:56:33 +01:00
Sascha Rommelfangen
96570caece
cosmetic output change
2018-11-26 15:56:11 +01:00
chrisr3d
e30a5d2502
fix: Removed not valid input type
2018-11-22 12:30:12 +01:00
chrisr3d
7cfc7a730b
fix: Cleaned up not used variables
2018-11-22 12:27:45 +01:00
chrisr3d
627420ca43
fix: Updated rbl module result format
...
- More readable as str than dumped json
2018-11-22 12:27:16 +01:00
chrisr3d
547985b8ce
fix: Added Macaddress.io module in the init list
2018-11-22 12:26:27 +01:00
chrisr3d
be3063f3c6
fix: Typo on input type
2018-11-22 12:24:47 +01:00
chrisr3d
22173c249e
add: Update to support sha1 & sha256 attributes
2018-11-22 12:23:40 +01:00
chrisr3d
b778dd5e67
fix: Fixed type of the result in case of exception
...
- Set as str since some exception types are not
jsonable
2018-11-21 16:06:22 +01:00
chrisr3d
1b44668094
fix: Added hostname attribute support as it is intended
2018-11-21 16:05:38 +01:00
chrisr3d
651f69126d
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-13 16:05:24 +01:00
chrisr3d
299e97d1ce
add: Added imphash to input attribute types
2018-11-13 15:40:47 +01:00
Sascha Rommelfangen
3e25428978
debug removed
2018-11-13 15:34:33 +01:00
Sascha Rommelfangen
8285ff324f
API changes reflected
2018-11-13 15:30:06 +01:00
chrisr3d
58b3a069bf
fix: Updated yara import error message
...
- Better to 'pip install -I -r REQUIREMENTS' to
have the correct yara-python version working
for all the modules, than having another one
failing with yara hash & pe modules
2018-11-12 16:22:14 +01:00
chrisr3d
ad1ccdb9d0
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-12 12:48:58 +01:00
Alexandre Dulaunoy
5d1583d88b
chg: [onyphe] fix #252
2018-11-11 15:49:14 +01:00
Sascha Rommelfangen
463d7ae874
bug fix regarding leftovers between runs
2018-11-07 14:57:19 +01:00
Steve Clement
91f922b5c4
chg: [btc] Removed simple PoC for btc expansion.
2018-11-07 22:53:21 +09:00
Sascha Rommelfangen
00b1b3214b
added btc_steroids to the list
2018-11-07 14:28:28 +01:00
Sascha Rommelfangen
b01cb28323
initial version of a Bitcoin module
2018-11-07 14:14:39 +01:00
Steve Clement
7bafa939b0
new: [btc] Very simple BTC expansion
...
chg: [req] yara-python is preferred
2018-11-06 00:48:36 +09:00
chrisr3d
d1308f9924
chg: Validating yara rules after their creation
2018-11-02 21:35:02 +01:00
chrisr3d
1c10fd5e50
fix: Making yara query an expansion module for single attributes atm
2018-10-31 10:21:21 +01:00
chrisr3d
1d530a7fa6
new: First version of a yara rule creation expansion module
2018-10-18 14:44:57 +02:00
chrisr3d
e2cebd6c3e
fix: Catching errors while parsing additional info in requests
2018-09-25 17:10:19 +02:00
Codelinefi-admin
c19989e217
Fixed a bug with wrong dates conversion
2018-09-19 21:50:56 +03:00
isox
f1325f4316
Fixed getting of the Vulners AI score.
2018-09-18 18:36:12 +03:00
Igor Ivanov
3e9589d0f4
code cleanup and formatting
2018-09-18 14:38:49 +02:00
Igor Ivanov
8d7d377464
added exploit information
2018-09-18 12:11:47 +02:00
Igor Ivanov
5dc05bfafc
initial Vulners module PoC
2018-09-18 11:18:55 +02:00
Codelinefi-admin
db7dbd6ed5
macaddress.io hover module added
2018-09-13 17:02:49 +03:00
chrisr3d
5c718c5379
fix: Making python 3.5 happy with the exception type ImportError
2018-09-08 02:53:15 +02:00
chrisr3d
cfbd63f14e
fix: Fixed exception type for python 3.5
2018-09-07 18:06:01 +02:00
chrisr3d
a18db2ed1d
fix: Fixed exception type
2018-09-07 17:56:25 +02:00
chrisr3d
48fcf9a85e
fix: Fixed syntax error
2018-09-07 17:49:28 +02:00
chrisr3d
26647a164b
fix: Fixed indentation error
2018-09-07 17:43:46 +02:00
chrisr3d
5c69f1d867
Merge branch 'master' of github.com:MISP/misp-modules
2018-09-07 16:59:21 +02:00
Sascha Rommelfangen
ef781f59f8
fixed typo
...
via #220
2018-09-06 14:05:55 +02:00
chrisr3d
ba728f7120
fix: Fixed 1 variable misuse + cleaned up variable names
...
- Fixed use of 'domain' variable instead of 'email'
- Cleaned up variable names to avoid redefinition
of built-in variables
2018-09-03 14:43:51 +02:00
chrisr3d
cdf2f434ce
fix: Avoiding adding attributes that are already in the event
2018-09-03 14:30:33 +02:00
chrisr3d
33181bc52b
fix: Fixed quick variable issue
2018-09-03 14:29:42 +02:00
chrisr3d
0ab38feade
fix: Cleaned up test function not used anymore
2018-09-03 13:17:48 +02:00
chrisr3d
936e30b15b
fix: Multiple attributes parsing support
...
- Fixing one of my previous changes not processing
multiple attributes parsing
2018-09-03 12:03:42 +02:00
chrisr3d
2af947a2de
fix: Removed print
2018-09-03 10:23:05 +02:00
chrisr3d
bc2a73c5cf
Merge branch 'master' of github.com:MISP/misp-modules
2018-09-02 20:21:01 +02:00
chrisr3d
179430d69d
fix: Some cleanup and output types fixed
...
- hashes types specified in output
2018-08-31 21:38:53 +02:00
SuRb0
b0be965e57
Update urlscan.py
...
Added hash to the search so you can take advantage of the new file down load function on urlscan.io. You can use this to pivot on file hashes and find out domains that hosting the same malicious file.
2018-08-30 19:41:34 -05:00
chrisr3d
35f3a5e43f
fix: Quick cleanup
2018-08-30 20:45:29 +02:00
chrisr3d
18bad54603
Merge branch 'master' of github.com:MISP/misp-modules
2018-08-30 09:11:25 +02:00
David J
a697f65382
Add error handling for DNS failures, reduce imports, and simplify misp_comments
2018-08-14 10:51:15 -05:00
David J
bdbf538893
Create urlscan.py
2018-08-10 16:00:01 -05:00
chrisr3d
3a57d11745
Merge branch 'chrisr3d_patch' of github.com:chrisr3d/misp-modules
2018-08-08 17:41:07 +02:00
chrisr3d
90baa1dd5a
add: Added DBL spamhaus module documentation and in expansion init file
2018-08-08 17:05:22 +02:00
chrisr3d
61232ad93e
new: Expansion hover module to check spamhaus DBL for a domain name
2018-08-08 17:00:10 +02:00
chrisr3d
0666a60b3d
fix: [cleanup] Quick clean up on exception type
2018-08-07 18:15:15 +02:00
chrisr3d
bb6002a3ff
fix: [cleanup] Quick clean up on yaml load function
2018-08-07 18:14:29 +02:00