This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 353
/
add.py
75 lines (65 loc) · 3.18 KB
/
add.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# -*- coding: utf-8 -*-
# This file is part of Viper - https://github.com/viper-framework/viper
# See the file 'LICENSE' for copying permission.
try:
from pymisp.tools import make_binary_objects
HAVE_PYMISP = True
except ImportError:
HAVE_PYMISP = False
from viper.core.session import __sessions__
from viper.common.objects import MispEvent
def _check_add(self, new_event):
old_related = self._find_related_id(__sessions__.current.misp_event.event)
new_related = self._find_related_id(new_event)
old_related_ids = [i[0] for i in old_related]
for related, title in new_related:
if related not in old_related_ids:
self.log('success', 'New related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
else:
self.log('info', 'Related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
__sessions__.new(misp_event=MispEvent(new_event, self.offline_mode))
def _change_event(self):
if self.offline_mode:
self._dump()
else:
if __sessions__.current.misp_event.event.id:
event = self.misp.update_event(__sessions__.current.misp_event.event)
else:
event = self.misp.add_event(__sessions__.current.misp_event.event)
try:
self._check_add(event)
except Exception as e:
self.log('error', e)
def add_hashes(self):
if self.args.filename is None and self.args.md5 is None and self.args.sha1 is None and self.args.sha256 is None:
if not __sessions__.is_attached_file(True):
self.log('error', "Not attached to a file, please set the hashes manually.")
return False
file_obj, bin_obj, sections = make_binary_objects(filepath=__sessions__.current.file.path, standalone=False)
__sessions__.current.misp_event.event.add_object(file_obj)
if bin_obj:
__sessions__.current.misp_event.event.add_object(bin_obj)
for s in sections:
__sessions__.current.misp_event.event.add_object(s)
else:
if self.args.filename:
if self.args.md5:
__sessions__.current.misp_event.event.add_attribute('filename|md5', '{}|{}'.format(
self.args.filename, self.args.md5))
if self.args.sha1:
__sessions__.current.misp_event.event.add_attribute('filename|sha1', '{}|{}'.format(
self.args.filename, self.args.sha1))
if self.args.sha256:
__sessions__.current.misp_event.event.add_attribute('filename|sha256', '{}|{}'.format(
self.args.filename, self.args.sha256))
else:
if self.args.md5:
__sessions__.current.misp_event.event.add_attribute('md5', self.args.md5)
if self.args.sha1:
__sessions__.current.misp_event.event.add_attribute('sha1', self.args.sha1)
if self.args.sha256:
__sessions__.current.misp_event.event.add_attribute('sha256', self.args.sha256)
self._change_event()
def add(self):
__sessions__.current.misp_event.event.add_attribute(self.args.add, ' '.join(vars(self.args).get(self.args.add)))
self._change_event()