def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] if "malekal_local" in self.config and "malekal_remote" in self.config: if self.config[ "malekal_local"] and not self.config["malekal_remote"]: self.types = ["MD5"] else: self.types = [ "MD5", "SHA1", "SHA256", "SHA512", "URL", "IPv4", "IPv6", "domain" ] else: mod.display( self.module_name, message_type="ERROR", string=("Check if you have malekal_local and malekal_remote" "fields in config.ini ")) self.search_method = "Online" self.description = "Search IOC in malekal database" self.author = "Conix" self.creation_date = "13-09-2016" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "Malekal module not activated")
def search(self): mod.display(self.module_name, "", "INFO", "Searching...") if "malekal_local" in self.config: if self.config["malekal_local"]: self.localSearch() if "malekal_remote" in self.config: if self.config["malekal_remote"] and mod.allowedToSearch( self.search_method): self.remoteSearch()
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA256", "SHA1"] self.search_method = "Online" self.description = "Search IOC in Malshare database" self.author = "Conix" self.creation_date = "12-04-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "Malshare module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["domain"] self.search_method = "Online" self.description = "Search domain in Lehigh feeds" self.author = "Conix" self.creation_date = "15-09-2016" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "Lehigh module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA1", "domain", "IPv4", "IPv6", "URL", "SHA256"] self.search_method = "Online" self.description = "Search IOC in Alienvault database" self.author = "Hicham Megherbi" self.creation_date = "13-04-2016" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.Search() else: mod.display(self.module_name, "", "INFO", "Alienvault OTX module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA1", "SHA256", "URL", "IPv4", "domain"] self.search_method = "Online" self.description = "Search IOC in VirusTotal database" self.author = "Conix" self.creation_date = "13-09-2016" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "VirusTotal module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["IPv4", "IPv6"] self.search_method = "Online" self.description = "Search IP in SpamHaus feeds" self.author = "Robin Marsollier" self.creation_date = "20-03-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "Spamhaus module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA256"] self.search_method = "Onpremises" self.description = "Search IOC in CuckooSandbox database" self.author = "Conix" self.creation_date = "02-03-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "Cuckoosandbox module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA1", "SHA256", "URL", "domain", "IPv4"] self.search_method = "Onpremises" self.description = "Search IOC in Viper Database" self.author = "Hicham Megherbi" self.creation_date = "21-10-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.Search() else: mod.display(self.module_name, "", "INFO", "Viper module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["IPv4"] self.search_method = "Online" self.description = "Search an IPv4 in tor exits nodes" self.author = "Conix" self.creation_date = "13-09-2016" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "TorIps module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["domain", "URL", "IPv4", "IPv6"] self.search_method = "Online" self.description = "Search in ransomwaretracker feeds" self.author = "Hicham Megherbi" self.creation_date = "12-04-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "RansomwareTracker module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA1", "SHA256"] self.search_method = "Online" self.description = "Search IOC malware in VirusShare" self.author = "Hicham Megherbi" self.creation_date = "15-11-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.search() else: mod.display(self.module_name, "", "INFO", "VirusShare module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = [ "MD5", "SHA1", "domain", "IPv4", "IPv6", "URL", "SHA256", "SHA512" ] self.search_method = "Online" self.description = "Crawl MISP searching for IOC" self.author = "Conix" self.creation_date = "21-03-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.Search() else: mod.display(self.module_name, "", "INFO", "MISP_crawler module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] self.types = ["MD5", "SHA1", "SHA256", "domain", "IPv4", "IPv6"] self.search_method = "Online" # Specifing user_agent to avoid the 403 self.user_agent = {'User-agent': 'VxApi Connector'} self.description = "Search IOC in Hybrid Analysis" self.author = "Hicham Megherbi" self.creation_date = "20-10-2017" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.Search() else: mod.display(self.module_name, "", "INFO", "VXstream module not activated")
def __init__(self, ioc, type, config): self.config = config self.module_name = __name__.split(".")[1] # supported type : hash and digest SHA256, URL self.types = ["URL"] # googleSB can run on a local database with a 30min refresh by default self.search_method = "Online" self.description = "Search IOC in GoogleSafeBrowsing database" self.author = "Conix" self.creation_date = "11-04-2018" self.type = type self.ioc = ioc if type in self.types and mod.allowedToSearch(self.search_method): self.lookup_API() else: mod.display(self.module_name, "", "INFO", "googlesb module not activated") return None
def __init__(self, module_name, url, filename, search_method): self.config = Config.get_instance() self.module_name = module_name self.url = url self.filename = self.new_filename = filename self.temp_folder = "%s%s/" % (self.config["temporary_cache_path"], self.module_name) position = 0 filename_copy = self.filename if not self.filename.isalnum(): filename_copy = self.filename.replace("_", "") for pos, char in enumerate(filename_copy): if not char.isalnum() and char != '.': position = pos self.new_filename = filename_copy[position:] self.temp_file = "%s%s" % (self.temp_folder, self.new_filename) self.createModuleFolder() if self.checkIfUpdate(): if mod.allowedToSearch(search_method): self.downloadFile() self.content = self.getContent()