search

Neo23x0 / Loki

Loki - Simple IOC and YARA Scanner
https://www.nextron-systems.com/compare-our-scanners/
GNU General Public License v3.0
3.4k stars 583 forks source link

Fetch data from MISP (Malware Information Sharing Platform) #15

Closed elhoim closed 9 years ago

elhoim commented 9 years ago

MISP is a platform to echange IOCs.

MISP has a key-authenticated REST API available, there is some documentation in this file, and a reference library implementation in python: PyMISP.

Existing MISP data types that might be of interest to be used for lookups: yara, filename, mutex, md5, sha1, sha256, email subject, email attachment. New data types to be implemented in the future: URI-regexp, filename-regexp, SSL certificates attributes.

I can arrange access to a MISP instance hosting IOCs if you need it for testing.

Neo23x0 commented 9 years ago

Access to MISP instance would be useful. I can integrate some of the IOC types: yara, filename, md5, sha1, sha256, filename-regexp

I'll create a downloader that pulls the IOCs from the MISP and stores them in an appropriate LOKI signature format.

https://keybase.io/johngalt

elhoim commented 9 years ago

You will receive an email soon from circl.lu people... :)

Neo23x0 commented 9 years ago

First version is included - see the "./threatintel" subfolder