@@ 0,0 1,67 @@
+from stix2 import Indicator
+from stix2 import Malware
+from stix2 import Relationship
+from stix2 import Bundle
+import copy
+
+# reading malware from user prompt
+
+mal_name = input("Malware name: ")
+malware = Malware(name=mal_name,
+ is_family=True)
+
+# getting the file with SHA1 hashes
+myfile = input("file with SHA1: ")
+file1 = open(myfile, 'r')
+content = file1.readlines()
+
+count = 0
+
+
+
+in_name="file hash for " + mal_name
+
+print("Reading hashes for SHA1...")
+
+print("SHA1: ")
+
+# iterating the whole file, for each line it creates a temporary
+# stix object with the sha1 hash and the malware family
+# and saves an indicator object with the content. No need to create a
+# list because the object is already stored as a permanent identifier during the session
+# although a trash-temp-indicator is also stored.
+
+for line in content:
+
+ tmp_indicator = Indicator(name=in_name,
+ pattern="[file:hashes.sha1 = '"+ line.strip()+"']",
+ pattern_type="stix")
+ # print("TEMPORARY, DEBUG:")
+ # print(tmp_indicator.serialize(pretty=True))
+
+ count = count + 1
+
+ locals()["indicator_" + str(count)] = copy.deepcopy(tmp_indicator)
+
+
+
+print("no more lines to read")
+
+
+num_lines = sum(1 for _ in open('hashesSHA1.txt'))
+
+# This prints all the indicators for the SHA1
+for i in range(num_lines):
+ print(locals()["indicator_" + str(i+1)].serialize(pretty=True))
+
+print("DONE")
+
+
+
+
+
+
+
+
+
+