Skip to content
/ covid-scripts Public

A collection of python scripts to push covid-themed threat intel into MISP

License

GPL-3.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DocArmoryTech/covid-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bazaartomisp.py
bazaartomisp.py
 
 
domaintoolstomisp.py
domaintoolstomisp.py
 
 
uastomisp.py
uastomisp.py
 
 
virustotaltomisp.py
virustotaltomisp.py
 
 

Repository files navigation

covid-scripts

A collection of python scripts to push covid-themed threat intel into MISP

bazaartomisp.py

  • downloads a summary of all samples tagged "COVID-19" from bazaar
  • downloads details of each sample, as well as the samples refered to therein
  • populates a misp-event with File objects represent the samples
  • file-object relationships "dropped_by_sha256" and "dropping_sha256" are represented as relationships between files
  • each file-object additionally references
    • the bazaar URL of the sample
    • any URLs that feature as 3rd-party references to a sample (e.g. urlhaus)
  • subsequent script runs update the event, but not the existing File-objects/samples, references or attributes

domaintoolstomisp.py

  • pulls domaintools' "covid-19-threat-list",
  • populates one event for each day with Attributes of type domain.
  • MISP Taxonomy ifx-vetting is used to tag each domain with domaintools "score".

Subsequent runs of the script seek to update all events/days... takes a while, unless you specify a date filter (-d) as an argument

About

A collection of python scripts to push covid-themed threat intel into MISP

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages