[Feature Request] ThreatFox #381
Labels
enhancement
New feature or request
Comments
|
Just realised that an API key is only required to submit indicators; otherwise, no key is required :) |
|
I intentionally did not develop an analyzer for a feed because Mihari is a search aggregator, not a feed aggregator. |
|
Thank you, this works wonderfully! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Make sure your requested feature makes sense for Mihari.
ThreatFox, provided by abuse.ch, is a free portal allowing access to various IOCs related to malware and malware infrastructure. All IOCs are validated, meaning they are high-fidelity. Access to the API is free, and detailed here.
If you want to suggest a new integration of a service, please provide detailed information of it. (e.g. API docs)
API Docs - https://threatfox.abuse.ch/api/
FAQ - https://threatfox.abuse.ch/faq/
It probably makes sense to implement the analyzer to accept a single string to search against either the tag or malware name, and a limit of 1,000. ThreatFox supports return types (
ioc) includingip:port,urlandhash.ip:portcould be stripped to just theipconsistent with the Mihari ip IOC data format.Sample Usage
mihari analyze threatfox 'RedLineStealer' --title "RedLine Stealer" --description "Identifies RedLineStealer C2s." --tags "InfoStealer"Thank you for your consideration, and wishing you the best for 2022!
The text was updated successfully, but these errors were encountered: