function Get-MISPData{ # MISP (Malware Information Sharing Platform) Powers

1. function Get-MISPData{
2. # MISP (Malware Information Sharing Platform) Powershell IOC Parser.
3. $ipdsts = @()
4. $links = @()
5. $regkeys = @()
6. $filenames = @()
7. $sha256s = @()
8. $sha1s = @()
9. $md5s = @()
10. $urls = @()
11. $exports = "C:\users\1276068519E\Desktop\MISP\Exports\"
12. $date = get-date
13. #
14. $links = Invoke-WebRequest -Uri "https://www.circl.lu/doc/misp/feed-osint/" -UseBasicParsing
15. foreach ($link in $links.links.href | where {$_ -notlike "*Parent*" -and $_ -ne "manifest.json" -and $_ -ne "hashes.csv" -and $_ -notlike "*?C*" -and $_ -ne "/doc/misp/"}){
16. $IOCs = Invoke-RestMethod -uri "https://www.circl.lu/doc/misp/feed-osint/$($link)" -UseBasicParsing
17. foreach ($event in $IOCs.Event.Attribute | where {$_.Comment -ne ""}){
18. write-progress -Activity "Processing Event $($event.Comment)"
19. if ($event.type -eq "ip-dst"){
20. $ipdsts += New-Object PSObject -Property @{"ip-dst"="$($event.value)"; "Comment"="$($event.Comment)"} | Select ip-dst,Comment
21. }
22. if ($event.type -eq "link"){
23. $links += New-Object PSObject -Property @{"link"="$($event.value)"; "Comment"="$($event.Comment)"} | Select link,Comment
24. }
25. if ($event.type -eq "regkey"){
26. $regkeys += New-Object PSObject -Property @{"regkey"="$($event.value)"; "Comment"="$($event.Comment)"} | Select regkey,Comment
27. }
28. if ($event.type -eq "filename"){
29. $filenames += New-Object PSObject -Property @{"filename"="$($event.value)"; "Comment"="$($event.Comment)"} | Select filename,Comment
30. }
31. if ($event.type -eq "sha256"){
32. $sha256s += New-Object PSObject -Property @{"sha256"="$($event.value)"; "Comment"="$($event.Comment)"} | Select sha256,Comment
33. }
34. if ($event.type -eq "sha1"){
35. $sha1s += New-Object PSObject -Property @{"sha1"="$($event.value)"; "Comment"="$($event.Comment)"} | Select sha1,Comment
36. }
37. if ($event.type -eq "md5"){
38. $md5s += New-Object PSObject -Property @{"md5"="$($event.value)"; "Comment"="$($event.Comment)"} | Select md5,Comment
39. }
40. if ($event.type -eq "url"){
41. $urls += New-Object PSObject -Property @{"url"="$($event.value)"; "Comment"="$($event.Comment)"} | Select url,Comment
42. }
43. }
44. }
45. if ($ipdsts){
46. $ipdsts | Export-CSV -Path "$($exports)MISP_Export_IPs_$($date).month_$($date).day_$($date)_year.csv"
47. }
48. if ($links){
49. $links | Export-CSV -Path "$($exports)MISP_Export_Links_$($date).month_$($date).day_$($date)_year.csv"
50. }
51. if ($regkeys){
52. $regkeys | Export-CSV -Path "$($exports)MISP_Export_Regkeys_$($date).month_$($date).day_$($date)_year.csv"
53. }
54. if ($filenames){
55. $filenames | Export-CSV -Path "$($exports)MISP_Export_Filenames_$($date).month_$($date).day_$($date)_year.csv"
56. }
57. if ($sha256s){
58. $sha256s | Export-CSV -Path "$($exports)MISP_Export_sha256s_$($date).month_$($date).day_$($date)_year.csv"
59. }
60. if ($sha1s){
61. $sha1s | Export-CSV -Path "$($exports)MISP_Export_sha1s_$($date).month_$($date).day_$($date)_year.csv"
62. }
63. if ($md5s){
64. $md5s | Export-CSV -Path "$($exports)MISP_Export_md5s_$($date).month_$($date).day_$($date)_year.csv"
65. }
66. if ($urls){
67. $urls | Export-CSV -Path "$($exports)MISP_Export_urls_$($date).month_$($date).day_$($date)_year.csv"
68. }
69. }