adding some ideas forpython tools in intel
actualizo contenido de opencti y degrado scripts
adding a script to ingest a threat actor and indicator bundle in opencti
These are just some simple useful scripts to look for indicators.
This script allows searching for pulses related to an input:
python3 search_pulses.py <my input>
For example:
python3 search_pulses.py XHIDE
This scripts allows searching details about a hash:
python3 search_HASH.py <HASH type> <HASH value>
For example:
python3 search_HASH.py SHA256 46b501600a4ee30d014c5356bad83ad2107ba9b9c58ffc717f60f986322721d4
Note: remember to use your own API key! change the "otx" variable content.
This script will give you a fast report using a hash:
./get_report.sh <hash> <name of the output file>
For example:
./get_report.sh fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5 example
This will produce a example.json
file and a readable_example
file. The .json
is the whole VT report, while readable_
is a fast-readable version with key values. In the example above, the readable would look like:
Threat label:
hacktool
Tags:
executable
windows
win32
pe
peexe
Meaningful name:
smb2os.exe
Imports:
mscoree.dll
This way it's easy to see in a first glance what it is.