def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
if "malekal_local" in self.config and "malekal_remote" in self.config:
if self.config[
"malekal_local"] and not self.config["malekal_remote"]:
self.types = ["MD5"]
else:
self.types = [
"MD5", "SHA1", "SHA256", "SHA512", "URL", "IPv4", "IPv6",
"domain"
]
else:
mod.display(
self.module_name,
message_type="ERROR",
string=("Check if you have malekal_local and malekal_remote"
"fields in config.ini "))
self.search_method = "Online"
self.description = "Search IOC in malekal database"
self.author = "Conix"
self.creation_date = "13-09-2016"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"Malekal module not activated")
def search(self):
mod.display(self.module_name, "", "INFO", "Searching...")
if "malekal_local" in self.config:
if self.config["malekal_local"]:
self.localSearch()
if "malekal_remote" in self.config:
if self.config["malekal_remote"] and mod.allowedToSearch(
self.search_method):
self.remoteSearch()
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA256", "SHA1"]
self.search_method = "Online"
self.description = "Search IOC in Malshare database"
self.author = "Conix"
self.creation_date = "12-04-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO", "Malshare module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["domain"]
self.search_method = "Online"
self.description = "Search domain in Lehigh feeds"
self.author = "Conix"
self.creation_date = "15-09-2016"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO", "Lehigh module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA1", "domain", "IPv4", "IPv6", "URL", "SHA256"]
self.search_method = "Online"
self.description = "Search IOC in Alienvault database"
self.author = "Hicham Megherbi"
self.creation_date = "13-04-2016"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.Search()
else:
mod.display(self.module_name, "", "INFO", "Alienvault OTX module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA1", "SHA256", "URL", "IPv4", "domain"]
self.search_method = "Online"
self.description = "Search IOC in VirusTotal database"
self.author = "Conix"
self.creation_date = "13-09-2016"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"VirusTotal module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["IPv4", "IPv6"]
self.search_method = "Online"
self.description = "Search IP in SpamHaus feeds"
self.author = "Robin Marsollier"
self.creation_date = "20-03-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"Spamhaus module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA256"]
self.search_method = "Onpremises"
self.description = "Search IOC in CuckooSandbox database"
self.author = "Conix"
self.creation_date = "02-03-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"Cuckoosandbox module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA1", "SHA256", "URL", "domain", "IPv4"]
self.search_method = "Onpremises"
self.description = "Search IOC in Viper Database"
self.author = "Hicham Megherbi"
self.creation_date = "21-10-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.Search()
else:
mod.display(self.module_name, "", "INFO", "Viper module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["IPv4"]
self.search_method = "Online"
self.description = "Search an IPv4 in tor exits nodes"
self.author = "Conix"
self.creation_date = "13-09-2016"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"TorIps module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["domain", "URL", "IPv4", "IPv6"]
self.search_method = "Online"
self.description = "Search in ransomwaretracker feeds"
self.author = "Hicham Megherbi"
self.creation_date = "12-04-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"RansomwareTracker module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA1", "SHA256"]
self.search_method = "Online"
self.description = "Search IOC malware in VirusShare"
self.author = "Hicham Megherbi"
self.creation_date = "15-11-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.search()
else:
mod.display(self.module_name, "", "INFO",
"VirusShare module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = [
"MD5", "SHA1", "domain", "IPv4", "IPv6", "URL", "SHA256", "SHA512"
]
self.search_method = "Online"
self.description = "Crawl MISP searching for IOC"
self.author = "Conix"
self.creation_date = "21-03-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.Search()
else:
mod.display(self.module_name, "", "INFO",
"MISP_crawler module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
self.types = ["MD5", "SHA1", "SHA256", "domain", "IPv4", "IPv6"]
self.search_method = "Online"
# Specifing user_agent to avoid the 403
self.user_agent = {'User-agent': 'VxApi Connector'}
self.description = "Search IOC in Hybrid Analysis"
self.author = "Hicham Megherbi"
self.creation_date = "20-10-2017"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.Search()
else:
mod.display(self.module_name, "", "INFO",
"VXstream module not activated")
def __init__(self, ioc, type, config):
self.config = config
self.module_name = __name__.split(".")[1]
# supported type : hash and digest SHA256, URL
self.types = ["URL"]
# googleSB can run on a local database with a 30min refresh by default
self.search_method = "Online"
self.description = "Search IOC in GoogleSafeBrowsing database"
self.author = "Conix"
self.creation_date = "11-04-2018"
self.type = type
self.ioc = ioc
if type in self.types and mod.allowedToSearch(self.search_method):
self.lookup_API()
else:
mod.display(self.module_name, "", "INFO",
"googlesb module not activated")
return None
def __init__(self, module_name, url, filename, search_method):
self.config = Config.get_instance()
self.module_name = module_name
self.url = url
self.filename = self.new_filename = filename
self.temp_folder = "%s%s/" % (self.config["temporary_cache_path"],
self.module_name)
position = 0
filename_copy = self.filename
if not self.filename.isalnum():
filename_copy = self.filename.replace("_", "")
for pos, char in enumerate(filename_copy):
if not char.isalnum() and char != '.':
position = pos
self.new_filename = filename_copy[position:]
self.temp_file = "%s%s" % (self.temp_folder, self.new_filename)
self.createModuleFolder()
if self.checkIfUpdate():
if mod.allowedToSearch(search_method):
self.downloadFile()
self.content = self.getContent()
