Merge branch 'master' of https://github.com/CERT-BDF/Cortex-Analyzers …

…into feature/Bluecoat
TheHive-Project · Oct 9, 2017 · e20bc6a · e20bc6a
2 parents 6a3befb + 7d4e0a5
commit e20bc6a
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 5 deletions.
diff --git a/analyzers/MISP/mispclient.py b/analyzers/MISP/mispclient.py
@@ -27,14 +27,23 @@ def __init__(self, url, key, ssl=True, name='Unnamed'):
         if type(url) is list:
             for idx, server in enumerate(url):
                 verify = True
-                if os.path.isfile(ssl[idx]):
-                    verify = ssl[idx]
+                if isinstance(ssl, list):
+                    if os.path.isfile(ssl[idx]):
+                        verify = ssl[idx]
+                elif isinstance(ssl, str):
+                    if os.path.isfile(ssl):
+                        verify = ssl
+                elif isinstance(ssl, bool):
+                    verify = ssl
                 self.misp_connections.append(pymisp.PyMISP(url=server,
                                                            key=key[idx],
                                                            ssl=verify))
         else:
             verify = True
-            if os.path.isfile(ssl):
+            if isinstance(ssl, str):
+                if os.path.isfile(ssl):
+                    verify = ssl
+            elif isinstance(ssl, bool):
                 verify = ssl
             self.misp_connections.append(pymisp.PyMISP(url=url,
                                                        key=key,

diff --git a/analyzers/Virusshare/getHashes.sh b/analyzers/Virusshare/getHashes.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# This script downloads all available Virusshare.com hash files using curl and wget. It can be called as: ./getHashes.sh PATH
+
+
+display_usage() { 
+    echo "getHashes v0.1" 
+    echo "  Fetch all Virusshare.com hashes" 
+    echo -e "\n  Usage: $0 <path> \n"
+} 
+
+if [  $# -ne 1 ]; then 
+    display_usage
+    exit 1
+fi
+
+if [ ! -d $1 ]; then
+    display_usage
+    echo -e "    Error: Directory not found: '$1'\n\n    :'(\n\n"
+    exit 1
+
+fi
+
+cd $1
+for u in `curl https://virusshare.com/hashes.4n6|grep hashes/|cut -d\" -f2`
+do
+    echo $u
+    wget https://virusshare.com/$u
+done | tee -a ../$0.log
+cd ..
diff --git a/analyzers/Virusshare/virusshare.py b/analyzers/Virusshare/virusshare.py
@@ -28,7 +28,7 @@ def summary(self, raw):
         value = "\"Unknown\""
 
         if raw["isonvs"]:
-            if raw["isonvs"] == "Unknown":
+            if raw["isonvs"] == "unknown":
                 value = "\"Not MD5\""
                 level = "suspicious"
             else:
@@ -67,7 +67,7 @@ def run(self):
                     # Skipping comments
                     if line[0] == '#':
                         continue
-                    if line.strip('\n') == searchhash:
+                    if searchhash.lower() in line:
                         self.report({'isonvs': True,
                                      'md5': searchhash})
         self.report({'isonvs': False,

diff --git a/thehive-templates/Yeti/long.html → thehive-templates/Yeti_1_0/long.html b/thehive-templates/Yeti/long.html → thehive-templates/Yeti_1_0/long.html
diff --git a/thehive-templates/Yeti/short.html → thehive-templates/Yeti_1_0/short.html b/thehive-templates/Yeti/short.html → thehive-templates/Yeti_1_0/short.html