adding a readme
changing main location
adding simle graph and fixing things
This is a tool for managing CTI content and enriching IoCs using a simple, terminal interface that doesn't require deploying graphical websites.
The tool is still unfinished and under development, and requires using a Linux based system as well as installing a few things, which are described in the "requirements" documents.
Right now it's still under development, but you can test a few of the modules separatly by going through the folders in this repository. Right now, the available options are generating a simple relational graph, retrieving data from VT using a hash, and looking for key words on a document.
The service is meant to be deployed in a server or local, for that, before anything else, in the root directory execute:
uvicorn main:app --reload
curl http://127.0.0.1:8000/keyword/<mykeyword>
An example html document is provided, about Oyster Backdoor, so in this case for example:
http://127.0.0.1:8000/keyword/backdoor
Will return:
The key word was found in the article
I'd like to add a multiple word search, for what I made the logic to search on a document, and not a single variable. It's still under development.
curl http://127.0.0.1:8000/enrich/<myhash>
For example:
http://127.0.0.1:8000/enrich/9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43
Will return a json of info:
{'label': 'trojankryplod/tedy', 'tags': [ 'executable', 'windows', 'win32', 'pe', 'peexe', 'simplecti_analysis'], 'meaninful_name': 'Setup.exe', 'imports': ' KERNEL32.dll USER32.dll ADVAPI32.dll SHELL32.dll'}
In the /basic_template/data/campaigns/simple_graph
location use:
python3 mymalware.py <document with tags> <name of the threat>
This will generate an html file with the name of the thrat with the graph. The graph right now onlu creates a spider in which the body is the main threat, I'm still developing a serious map.
I'm a professional Threat analyst, but I'm doing this in my free time because I'm more confortable with the terminal than using graphical tools. If you are the same, and you thought the tool was useful (or you want to support the development of the tool so it becomes better) consider buying me a coffee or two. Coffee fuels my programming!