High Value Source: Contagio

[sroberts]

The one thing I'd most love to see added, even knowing it's a huge pain, would be pulling samples from Contagio. I know it wouldn't be easy, but this is the single most valuable public source I know.

Feel free to punt this back to me, I don't mean to :trollface: too much, I can submit a pull request like a big boy, but I wanted it on the list in case someone else is more ambitious than I am before the weekend.

:+1: great tool! Definitely going on one of my VPSs soon.

[krmaxwell]

Hm, that's interesting. It is definitely trickier than the other sources, but I have a few tricks up my sleeve from a related issue (grabbing IOCs in unstructured blog posts like Dynamoo et al.), so I'll mull on this.

Pull requests won't be unappreciated though!

[krmaxwell]

Thinking more about this: how do you suggest handling the archive passwords given that they are not public per se (TLP:AMBER, as it were)?

[krmaxwell]

Closing this unless we can figure out how to handle the archive password issue.

[sroberts]

Why not just have a configuration where those who know the password can store it?

[krmaxwell]

Because it's a scheme...

[sroberts]

Oh.... you're right. My bad.