adding a script to ingest a threat actor and indicator bundle in opencti
adding an iterator to partially encrypt several random
adding the partial encryption sim
These are just some simple useful scripts to look for indicators.
This script allows searching for pulses related to an input:
python3 search_pulses.py <my input>
For example:
python3 search_pulses.py XHIDE
This scripts allows searching details about a hash:
python3 search_HASH.py <HASH type> <HASH value>
For example:
python3 search_HASH.py SHA256 46b501600a4ee30d014c5356bad83ad2107ba9b9c58ffc717f60f986322721d4
Note: remember to use your own API key! change the "otx" variable content.
This script will give you a fast report using a hash:
./get_report.sh <hash> <name of the output file>
For example:
./get_report.sh fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5 example
This will produce a example.json file and a readable_example file. The .json is the whole VT report, while readable_ is a fast-readable version with key values. In the example above, the readable would look like:
Threat label:
hacktool
Tags:
executable
windows
win32
pe
peexe
Meaningful name:
smb2os.exe
Imports:
mscoree.dll
This way it's easy to see in a first glance what it is.