Closed sroberts closed 9 years ago
Hm, that's interesting. It is definitely trickier than the other sources, but I have a few tricks up my sleeve from a related issue (grabbing IOCs in unstructured blog posts like Dynamoo et al.), so I'll mull on this.
Pull requests won't be unappreciated though!
Thinking more about this: how do you suggest handling the archive passwords given that they are not public per se (TLP:AMBER, as it were)?
Closing this unless we can figure out how to handle the archive password issue.
Why not just have a configuration where those who know the password can store it?
Because it's a scheme...
Oh.... you're right. My bad.
The one thing I'd most love to see added, even knowing it's a huge pain, would be pulling samples from Contagio. I know it wouldn't be easy, but this is the single most valuable public source I know.
Feel free to punt this back to me, I don't mean to :trollface: too much, I can submit a pull request like a big boy, but I wanted it on the list in case someone else is more ambitious than I am before the weekend.
:+1: great tool! Definitely going on one of my VPSs soon.