Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-MISPData{
- # MISP (Malware Information Sharing Platform) Powershell IOC Parser.
- $ipdsts = @()
- $links = @()
- $regkeys = @()
- $filenames = @()
- $sha256s = @()
- $sha1s = @()
- $md5s = @()
- $urls = @()
- $exports = "C:\users\1276068519E\Desktop\MISP\Exports\"
- $date = get-date
- #
- $links = Invoke-WebRequest -Uri "https://www.circl.lu/doc/misp/feed-osint/" -UseBasicParsing
- foreach ($link in $links.links.href | where {$_ -notlike "*Parent*" -and $_ -ne "manifest.json" -and $_ -ne "hashes.csv" -and $_ -notlike "*?C*" -and $_ -ne "/doc/misp/"}){
- $IOCs = Invoke-RestMethod -uri "https://www.circl.lu/doc/misp/feed-osint/$($link)" -UseBasicParsing
- foreach ($event in $IOCs.Event.Attribute | where {$_.Comment -ne ""}){
- write-progress -Activity "Processing Event $($event.Comment)"
- if ($event.type -eq "ip-dst"){
- $ipdsts += New-Object PSObject -Property @{"ip-dst"="$($event.value)"; "Comment"="$($event.Comment)"} | Select ip-dst,Comment
- }
- if ($event.type -eq "link"){
- $links += New-Object PSObject -Property @{"link"="$($event.value)"; "Comment"="$($event.Comment)"} | Select link,Comment
- }
- if ($event.type -eq "regkey"){
- $regkeys += New-Object PSObject -Property @{"regkey"="$($event.value)"; "Comment"="$($event.Comment)"} | Select regkey,Comment
- }
- if ($event.type -eq "filename"){
- $filenames += New-Object PSObject -Property @{"filename"="$($event.value)"; "Comment"="$($event.Comment)"} | Select filename,Comment
- }
- if ($event.type -eq "sha256"){
- $sha256s += New-Object PSObject -Property @{"sha256"="$($event.value)"; "Comment"="$($event.Comment)"} | Select sha256,Comment
- }
- if ($event.type -eq "sha1"){
- $sha1s += New-Object PSObject -Property @{"sha1"="$($event.value)"; "Comment"="$($event.Comment)"} | Select sha1,Comment
- }
- if ($event.type -eq "md5"){
- $md5s += New-Object PSObject -Property @{"md5"="$($event.value)"; "Comment"="$($event.Comment)"} | Select md5,Comment
- }
- if ($event.type -eq "url"){
- $urls += New-Object PSObject -Property @{"url"="$($event.value)"; "Comment"="$($event.Comment)"} | Select url,Comment
- }
- }
- }
- if ($ipdsts){
- $ipdsts | Export-CSV -Path "$($exports)MISP_Export_IPs_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($links){
- $links | Export-CSV -Path "$($exports)MISP_Export_Links_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($regkeys){
- $regkeys | Export-CSV -Path "$($exports)MISP_Export_Regkeys_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($filenames){
- $filenames | Export-CSV -Path "$($exports)MISP_Export_Filenames_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($sha256s){
- $sha256s | Export-CSV -Path "$($exports)MISP_Export_sha256s_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($sha1s){
- $sha1s | Export-CSV -Path "$($exports)MISP_Export_sha1s_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($md5s){
- $md5s | Export-CSV -Path "$($exports)MISP_Export_md5s_$($date).month_$($date).day_$($date)_year.csv"
- }
- if ($urls){
- $urls | Export-CSV -Path "$($exports)MISP_Export_urls_$($date).month_$($date).day_$($date)_year.csv"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement