Closed a2t2 closed 1 year ago
Yes. -E
flag enables extracting IOCs from mentioned links. But TwiTi does not handle all links.
https://github.com/SamsungLabs/TwiTi/blob/f17d5ca083f6f9f6e166dd4348b057bfd8df7d33/ioc_extractor/__init__.py#L9-L27
TwiTi handles only selected list of external sources to increase accuracy of IOC and not to violate data policy of sources.
If you want to extend sources, please check ioc_extractor/external_resource_parser.py
.
I tried the following test wherein a took sample tweet JSON data from https://developer.twitter.com/en/docs/twitter-api/v1/data-dictionary/overview and replaced the URLs to correspond to this recent article https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html.
I tried using the E flag when running the IOC extractor, but I don't see any hashes extracted even though the article has a list of hashes in the end.
Is the above test the correct way to run the extractor to get IOCs from links mentioned in tweets ?