def _parse(self): for line in self._raw_threat_intel.split("\n"): if line[:1] is "#": pass else: try: split_line = line.split('", "') intel = Intel( original=line, event_type="indicator", event_reference=self._feed_url, event_provider="Abuse.ch", event_dataset="MalwareBazaar", threat_first_seen=split_line[0], threat_last_seen=None, threat_type="file_hash" ) intel.add_file(name=split_line[5], extension=split_line[6], mime_type=split_line[7], sha1=split_line[3], sha256=split_line[1], md5=split_line[2]) intel.add_malware(split_line[8]) except Exception as err: print(err) else: intel.add_docid() self.intel.append(intel)
def _parse(self): for line in self._raw_threat_intel.split("\n"): if line[:1] is "#": pass else: split_line = line.split(",") # add as destination ip try: intel = Intel( original=line, event_type="indicator", event_reference=self._feed_url, event_provider="Abuse.ch", event_dataset="FeodoTracker", threat_first_seen=split_line[0], threat_last_seen=split_line[3], threat_type="ip_address", threat_description=split_line[4] ) intel.add_destination(ip=split_line[1], port=split_line[2]) intel.add_malware(name=split_line[4]) except IndexError as err: pass else: intel.add_docid() self.intel.append(intel)
def test_add_malware(self): intel = Intel() intel.add_malware(name="Rake") self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake") intel = Intel() intel.add_malware("Rake") self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake") intel = Intel() intel.add_malware(name="Rake", family="Rake", malware_type="C&C") self.assertEqual(intel.intel["threat"]["malware"]["name"], "Rake") self.assertEqual(intel.intel["threat"]["malware"]["family"], "Rake") self.assertEqual(intel.intel["threat"]["malware"]["type"], "C&C")