-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy paththreatfox_submit-ioc.py
More file actions
47 lines (43 loc) · 1.84 KB
/
threatfox_submit-ioc.py
File metadata and controls
47 lines (43 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/python3
import requests
import urllib3
import json
# Prepare HTTPSConnectionPool
headers = {
"Auth-Key" : "YOUR-AUTH-KEY"
}
pool = urllib3.HTTPSConnectionPool('threatfox-api.abuse.ch', port=443, maxsize=50, headers=headers)
# threat_type - Query https://threatfox.abuse.ch/api/#types to get the appropriate
# threat_type / ioc_type combination
# ioc_type - Query https://threatfox.abuse.ch/api/#types to get the appropriate
# threat_type / ioc_type combination
# malwareinfo - Query https://threatfox.abuse.ch/api/#malware-list to get the appropriate
# - malware family or search through Malpedia web UI: https://malpedia.caad.fkie.fraunhofer.de/
# confidence_level - Optional; Must be between 0-100. Default: 50
# is_compromised - Optional: "True" or "False. Indicates whether the asset is compromised (i.e. compromised website, IP address, etc) or dedicated infrastructure setup and operated by the threat actor. Default: "False"
# reference - Optional; Must be a URL if provided
# Comment - Optional; Your comment on the IOC(s) you want to submit
# anonymous - Optional; 0 (false) or 1 (true). Default: 0 (false)
# tag_list - Optional; List of tags
# iocs - list of IOCs you want to submit
data = {
'query': 'submit_ioc',
'threat_type': threat_type,
'ioc_type': ioc_type,
'malware': malware,
'confidence_level': confidence_level,
'is_compromised': is_compromised,
'reference': reference,
'comment': comment,
'anonymous': 0,
'tags': [
tag
],
'iocs': [
ioc
]
}
json_data = json.dumps(data)
response = pool.request("POST", "/api/v1/", body=json_data)
response = response.data.decode("utf-8", "ignore")
print(response)