def _parse(self):
for line in self._raw_threat_intel.split("\n"):
if line[:1] is "#":
pass
else:
try:
split_line = line.split('", "')
intel = Intel(
original=line,
event_type="indicator",
event_reference=self._feed_url,
event_provider="Abuse.ch",
event_dataset="MalwareBazaar",
threat_first_seen=split_line[0],
threat_last_seen=None,
threat_type="file_hash"
)
intel.add_file(name=split_line[5], extension=split_line[6], mime_type=split_line[7],
sha1=split_line[3], sha256=split_line[1], md5=split_line[2])
intel.add_malware(split_line[8])
except Exception as err:
print(err)
else:
intel.add_docid()
self.intel.append(intel)
def _parse(self):
for line in self._raw_threat_intel.split("\n"):
if line[:1] is "#":
pass
else:
split_line = line.split(",")
# add as destination ip
try:
intel = Intel(
original=line,
event_type="indicator",
event_reference=self._feed_url,
event_provider="Abuse.ch",
event_dataset="FeodoTracker",
threat_first_seen=split_line[0],
threat_last_seen=split_line[3],
threat_type="ip_address",
threat_description=split_line[4]
)
intel.add_destination(ip=split_line[1], port=split_line[2])
intel.add_malware(name=split_line[4])
except IndexError as err:
pass
else:
intel.add_docid()
self.intel.append(intel)
def test_add_malware(self):
intel = Intel()
intel.add_malware(name="Rake")
self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake")
intel = Intel()
intel.add_malware("Rake")
self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake")
intel = Intel()
intel.add_malware(name="Rake", family="Rake", malware_type="C&C")
self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake")
self.assertEqual(intel.intel["threat"]["malware"]["family"], "Rake")
self.assertEqual(intel.intel["threat"]["malware"]["type"], "C&C")
