~alienagain/Stix_stuff

8b934c0d04dda35809ccda6e76f19d613fba6516 — terceranexus6 1 year, 6 months ago 4426dd8
Adding a python script that creates indicator objects from a file of sha1 hashes related to a malware
1 files changed, 67 insertions(+), 0 deletions(-)

A bulk_conversion/SHA1_indicator_maker.py
A bulk_conversion/SHA1_indicator_maker.py => bulk_conversion/SHA1_indicator_maker.py +67 -0
@@ 0,0 1,67 @@
from stix2 import Indicator
from stix2 import Malware
from stix2 import Relationship
from stix2 import Bundle
import copy

# reading malware from user prompt

mal_name = input("Malware name: ")
malware = Malware(name=mal_name,
                  is_family=True)

# getting the file with SHA1 hashes
myfile = input("file with SHA1: ")
file1 = open(myfile, 'r')
content = file1.readlines()
 
count = 0



in_name="file hash for " + mal_name

print("Reading hashes for SHA1...")

print("SHA1: ")

# iterating the whole file, for each line it creates a temporary 
# stix object with the sha1 hash and the malware family
# and saves an indicator object with the content. No need to create a
# list because the object is already stored as a permanent identifier during the session
# although a trash-temp-indicator is also stored.

for line in content:

    tmp_indicator = Indicator(name=in_name, 
                          pattern="[file:hashes.sha1 = '"+ line.strip()+"']",
                          pattern_type="stix")
   # print("TEMPORARY, DEBUG:")
   # print(tmp_indicator.serialize(pretty=True))

    count = count + 1

    locals()["indicator_" + str(count)] = copy.deepcopy(tmp_indicator)



print("no more lines to read")


num_lines = sum(1 for _ in open('hashesSHA1.txt'))

# This prints all the indicators for the SHA1
for i in range(num_lines):
    print(locals()["indicator_" + str(i+1)].serialize(pretty=True))

print("DONE")