You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make sure your requested feature makes sense for Mihari. ThreatFox, provided by abuse.ch, is a free portal allowing access to various IOCs related to malware and malware infrastructure. All IOCs are validated, meaning they are high-fidelity. Access to the API is free, and detailed here.
It probably makes sense to implement the analyzer to accept a single string to search against either the tag or malware name, and a limit of 1,000. ThreatFox supports return types (ioc) including ip:port, url and hash. ip:port could be stripped to just the ip consistent with the Mihari ip IOC data format.
I intentionally did not develop an analyzer for a feed because Mihari is a search aggregator, not a feed aggregator.
But your proposal is understandable. So I created a general feed ingestor which is shipped in v3.12.0. (#382)
Here is the usage of the new feature. https://www.notion.so/Feed-b4bd11723e7043e5b2fdf78423479014
Make sure your requested feature makes sense for Mihari.
ThreatFox, provided by abuse.ch, is a free portal allowing access to various IOCs related to malware and malware infrastructure. All IOCs are validated, meaning they are high-fidelity. Access to the API is free, and detailed here.
If you want to suggest a new integration of a service, please provide detailed information of it. (e.g. API docs)
API Docs - https://threatfox.abuse.ch/api/
FAQ - https://threatfox.abuse.ch/faq/
It probably makes sense to implement the analyzer to accept a single string to search against either the tag or malware name, and a limit of 1,000. ThreatFox supports return types (
ioc
) includingip:port
,url
andhash
.ip:port
could be stripped to just theip
consistent with the Mihari ip IOC data format.Sample Usage
mihari analyze threatfox 'RedLineStealer' --title "RedLine Stealer" --description "Identifies RedLineStealer C2s." --tags "InfoStealer"
Thank you for your consideration, and wishing you the best for 2022!
The text was updated successfully, but these errors were encountered: