├── __init__.py ├── prettythings ├── forms.py ├── DEPENDENCIES ├── requirements.txt ├── README ├── urls.py ├── templates │ ├── prettythings_nav_items.html │ └── pt_main.html ├── __init__.py ├── views.py └── LICENSE ├── rtfmeta_service ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE.txt ├── crits_scripts ├── __init__.py ├── scripts │ ├── __init__.py │ ├── indicator_sharing_dump.js │ ├── email_no_headers.js │ ├── email_report.js │ ├── md5_by_date.js │ ├── email_map.js │ ├── target_data.js │ ├── remove_detection.py │ ├── yara_mapreduce.js │ ├── daily_indicators.py │ ├── dup_map.js │ ├── campaign_backdoors.js │ ├── replace_yara_value.js │ ├── header_query.js │ ├── missing_email_md5.js │ ├── prod_to_dev.py │ ├── email_target_overlap.js │ ├── get_id_by_md5.py │ ├── del_pe_dup.js │ ├── del_analysis_hits.js │ ├── daily_samples.py │ └── get_md5s.py ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── pyew ├── scripts │ └── __init__.py ├── requirements.txt ├── urls.py ├── DEPENDENCIES ├── forms.py └── LICENSE ├── taxii_service ├── scripts │ └── __init__.py ├── requirements.txt ├── HailaTAXII Example Config.png ├── templates │ ├── taxii_service_ip_tab.html │ ├── taxii_service_pcap_tab.html │ ├── taxii_service_domain_tab.html │ ├── taxii_service_email_tab.html │ ├── taxii_service_event_tab.html │ ├── taxii_service_sample_tab.html │ ├── taxii_service_indicator_tab.html │ ├── taxii_service_rawdata_tab.html │ ├── taxii_service_certificate_tab.html │ ├── taxii_service_nav_items.html │ ├── new-standards.html │ └── _taxii_form_template.html ├── DEPENDENCIES ├── README.md ├── migrate.py ├── formats.py └── LICENSE ├── whois_service ├── scripts │ └── __init__.py ├── requirements.txt ├── README ├── DEPENDENCIES └── LICENSE ├── bit9_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── machoinfo_service ├── scripts │ └── __init__.py ├── DEPENDENCIES └── LICENSE ├── chminfo_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── clamd_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── office_meta_service ├── scripts │ └── __init__.py ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── pdfinfo_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── preview_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── CHANGELOG ├── forms.py └── LICENSE ├── shodan_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── threatexchange ├── requirements.txt ├── README ├── templates │ ├── tx_group.html │ ├── threatexchange_nav_items.html │ ├── tx_member.html │ ├── privacy_form.html │ ├── tx_group_member.html │ ├── tx_threat_indicator.html │ └── tx_group_owner.html ├── DEPENDENCIES ├── urls.py └── LICENSE ├── unswf_service ├── requirements.txt ├── README ├── DEPENDENCIES └── LICENSE ├── c1fapp_service ├── requirements.txt ├── DEPENDENCIES ├── README.md ├── forms.py └── LICENSE ├── cuckoo_service ├── requirements.txt ├── README ├── DEPENDENCIES └── LICENSE ├── macro_extract_service ├── DEPENDENCIES ├── requirements.txt ├── README └── LICENSE ├── opendns_service ├── requirements.txt ├── README ├── DEPENDENCIES ├── templates │ └── opendns_service_template.html └── forms.py ├── threatgrid_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── virustotal_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── backscatter_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── maliciousmacrobot_service ├── requirements.txt ├── DEPENDENCIES ├── forms.py └── LICENSE ├── pyinstaller_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── ratdecoder_service ├── decoders │ ├── __init__.py │ ├── c │ └── DarkRAT.py ├── requirements.txt ├── DEPENDENCIES ├── yaraRules │ ├── UPX.yar │ ├── adWind.yar │ ├── Ap0calypse.yar │ ├── Bozok.yar │ ├── BlackNix.yar │ ├── LuxNet.yar │ ├── unrecom.yar │ ├── Paradox.yar │ ├── BlackShades.yar │ ├── Xtreme.yar │ ├── BlueBanana.yar │ ├── AAR.yar │ ├── SmallNet.yar │ ├── PythoRAT.yar │ ├── DarkRAT.yar │ ├── ShadowTech.yar │ ├── Vertex.yar │ ├── QRat.yar │ ├── Infinity.yar │ ├── Punisher.yar │ ├── Arcom.yar │ ├── PoisonIvy.yar │ ├── ClientMesh.yar │ ├── Adzok.yar │ ├── JavaDropper.yar │ ├── Bandook.yar │ ├── Sub7Nation.yar │ ├── Greame.yar │ ├── NetWire.yar │ ├── jRat.yar │ ├── CyberGate.yar │ ├── njRat.yar │ ├── HawkEye.yar │ ├── NanoCore.yar │ ├── DarkComet.yar │ ├── LostDoor.yar │ ├── Pandora.yar │ ├── VirusRat.yar │ ├── Plasma.yar │ ├── SpyGate.yar │ ├── LuminosityLink.yar │ ├── PredatorPain.yar │ ├── xRAT.yar │ ├── Imminent3.yar │ └── yaraRules.yar └── LICENSE ├── threatrecon_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── xforce_exchange ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── malshare_service ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── peinfo_service ├── requirements.txt ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── stix_validator_service ├── requirements.txt ├── DEPENDENCIES ├── templates │ └── stix_validator_service_nav_items.html ├── urls.py ├── README ├── __init__.py ├── views.py └── LICENSE ├── impfuzzy_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── passivetotal_service ├── requirements.txt ├── DEPENDENCIES ├── README └── LICENSE ├── totalhash_service ├── requirements.txt ├── DEPENDENCIES ├── README ├── CHANGELOG ├── forms.py └── LICENSE ├── .gitignore ├── carbonblack_service ├── requirements.txt ├── DEPENDENCIES └── README ├── entropycalc_service ├── README ├── DEPENDENCIES ├── CHANGELOG ├── forms.py └── LICENSE ├── upx_service ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── chopshop_service ├── requirements.txt ├── DEPENDENCIES ├── urls.py ├── README └── LICENSE ├── ssdeep_service ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── yara_service ├── DEPENDENCIES ├── urls.py ├── CHANGELOG ├── README ├── views.py └── LICENSE ├── SEPLQ_service ├── README ├── DEPENDENCIES └── LICENSE ├── farsight_service ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── anb_service ├── DEPENDENCIES ├── README ├── urls.py ├── __init__.py ├── views.py └── LICENSE ├── diffie_service ├── README ├── templates │ └── diffie_service_form.html ├── urls.py ├── __init__.py └── LICENSE ├── carver_service ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── exiftool_service ├── README ├── DEPENDENCIES ├── forms.py └── LICENSE ├── meta_checker ├── DEPENDENCIES ├── README └── LICENSE ├── timeline_service ├── DEPENDENCIES ├── urls.py ├── README ├── views.py ├── __init__.py ├── templates │ └── timeline_service_all_tab.html └── LICENSE ├── zip_meta_service ├── DEPENDENCIES ├── README └── LICENSE ├── data_miner_service ├── DEPENDENCIES ├── README └── LICENSE ├── relationships_service ├── DEPENDENCIES ├── README ├── __init__.py ├── urls.py └── LICENSE ├── virustotal_download_service ├── DEPENDENCIES ├── README └── LICENSE ├── pdf2txt_service ├── DEPENDENCIES ├── README ├── forms.py └── LICENSE ├── OPSWAT_Service ├── DEPENDENCIES ├── forms.py └── LICENSE ├── CONTRIBUTING.md ├── metacap_service ├── urls.py ├── DEPENDENCIES └── LICENSE └── README.md /__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /prettythings/forms.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /rtfmeta_service/README: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /crits_scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /prettythings/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pyew/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /crits_scripts/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /prettythings/requirements.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /taxii_service/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /whois_service/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bit9_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests -------------------------------------------------------------------------------- /machoinfo_service/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /chminfo_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pychm 2 | -------------------------------------------------------------------------------- /clamd_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pyclamd 2 | -------------------------------------------------------------------------------- /office_meta_service/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pdfinfo_service/requirements.txt: -------------------------------------------------------------------------------- 1 | numpy 2 | -------------------------------------------------------------------------------- /preview_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pillow 2 | -------------------------------------------------------------------------------- /shodan_service/requirements.txt: -------------------------------------------------------------------------------- 1 | shodan 2 | -------------------------------------------------------------------------------- /threatexchange/requirements.txt: -------------------------------------------------------------------------------- 1 | pytx 2 | -------------------------------------------------------------------------------- /unswf_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pylzma 2 | -------------------------------------------------------------------------------- /c1fapp_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /cuckoo_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /macro_extract_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | oletools 2 | -------------------------------------------------------------------------------- /opendns_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /threatgrid_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /virustotal_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /backscatter_service/requirements.txt: -------------------------------------------------------------------------------- 1 | backscatter 2 | -------------------------------------------------------------------------------- /crits_scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | mod_pywebsocket 2 | -------------------------------------------------------------------------------- /macro_extract_service/requirements.txt: -------------------------------------------------------------------------------- 1 | oletools 2 | -------------------------------------------------------------------------------- /maliciousmacrobot_service/requirements.txt: -------------------------------------------------------------------------------- 1 | mmbot 2 | -------------------------------------------------------------------------------- /pyew/requirements.txt: -------------------------------------------------------------------------------- 1 | mod_pywebsocket 2 | pexpect 3 | -------------------------------------------------------------------------------- /pyinstaller_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pyinstaller 2 | -------------------------------------------------------------------------------- /ratdecoder_service/decoders/__init__.py: -------------------------------------------------------------------------------- 1 | # Init 2 | -------------------------------------------------------------------------------- /threatrecon_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /xforce_exchange/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | IPWhois -------------------------------------------------------------------------------- /malshare_service/README: -------------------------------------------------------------------------------- 1 | Download samples from MalShare. -------------------------------------------------------------------------------- /peinfo_service/requirements.txt: -------------------------------------------------------------------------------- 1 | bitstring 2 | pefile 3 | -------------------------------------------------------------------------------- /stix_validator_service/requirements.txt: -------------------------------------------------------------------------------- 1 | stix-validator 2 | -------------------------------------------------------------------------------- /impfuzzy_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pyimpfuzzy 2 | pefile 3 | -------------------------------------------------------------------------------- /malshare_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Standard CRITs dependencies 2 | -------------------------------------------------------------------------------- /passivetotal_service/requirements.txt: -------------------------------------------------------------------------------- 1 | passivetotal<1.0.25 2 | -------------------------------------------------------------------------------- /whois_service/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | pythonwhois 3 | -------------------------------------------------------------------------------- /totalhash_service/requirements.txt: -------------------------------------------------------------------------------- 1 | pefile 2 | bitstring 3 | lxml 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.swp 3 | *.swo 4 | !passivetotal_service 5 | .idea -------------------------------------------------------------------------------- /carbonblack_service/requirements.txt: -------------------------------------------------------------------------------- 1 | futures 2 | cbapi 3 | pympler 4 | -------------------------------------------------------------------------------- /entropycalc_service/README: -------------------------------------------------------------------------------- 1 | Calculate entropy for the Sample data. 2 | -------------------------------------------------------------------------------- /peinfo_service/README: -------------------------------------------------------------------------------- 1 | PEInfo generates rich metadata about a binary. 2 | -------------------------------------------------------------------------------- /upx_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The UPX service requires UPX to be installed. 2 | -------------------------------------------------------------------------------- /chopshop_service/requirements.txt: -------------------------------------------------------------------------------- 1 | git+https://github.com/MITRECND/pynids.git 2 | -------------------------------------------------------------------------------- /upx_service/README: -------------------------------------------------------------------------------- 1 | The UPX service attempts to use UPX to unpack the binary. 2 | -------------------------------------------------------------------------------- /c1fapp_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | C1fapp service requires the requests module to be installed -------------------------------------------------------------------------------- /crits_scripts/scripts/indicator_sharing_dump.js: -------------------------------------------------------------------------------- 1 | db.indicators.find({'source.name': 2 | -------------------------------------------------------------------------------- /ratdecoder_service/requirements.txt: -------------------------------------------------------------------------------- 1 | yara>3.3.0 2 | pefile 3 | pype32 4 | pycrypto 5 | -------------------------------------------------------------------------------- /ssdeep_service/README: -------------------------------------------------------------------------------- 1 | The SSDeep service compares SSDeep hashes between Samples. 2 | -------------------------------------------------------------------------------- /pyinstaller_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The pyinstaller service requires: 2 | 3 | - pyinstaller 4 | -------------------------------------------------------------------------------- /whois_service/README: -------------------------------------------------------------------------------- 1 | The WHOIS service provides additional information about domains. 2 | -------------------------------------------------------------------------------- /yara_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Yara service requires: 2 | 3 | - yara 3.3 4 | - yara-python 5 | -------------------------------------------------------------------------------- /SEPLQ_service/README: -------------------------------------------------------------------------------- 1 | The crits service created to extract files quarantined by Symantec Antivirus. 2 | -------------------------------------------------------------------------------- /macro_extract_service/README: -------------------------------------------------------------------------------- 1 | This service will attempt to extract VBA Macros from MS Office files. 2 | -------------------------------------------------------------------------------- /threatrecon_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Threatrecon service requires the requests module to be installed. 2 | -------------------------------------------------------------------------------- /farsight_service/README: -------------------------------------------------------------------------------- 1 | Check the Farsight DNSDB. 2 | 3 | Requires an API key available from Farsight 4 | -------------------------------------------------------------------------------- /passivetotal_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | PassiveTotal service requires the passivetotal module to be installed. 2 | -------------------------------------------------------------------------------- /prettythings/README: -------------------------------------------------------------------------------- 1 | Pretty Things 2 | 3 | Everyone likes pretty things. Here's a collection of them. 4 | -------------------------------------------------------------------------------- /virustotal_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Virustotal service requires the following python modules: 2 | - Requests -------------------------------------------------------------------------------- /opendns_service/README: -------------------------------------------------------------------------------- 1 | The OpenDNS service provides additional information about domains and IP addresses. 2 | -------------------------------------------------------------------------------- /unswf_service/README: -------------------------------------------------------------------------------- 1 | unswf_service 0.0.2 2 | ------------- 3 | 4 | Decompress Flash files. 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /maliciousmacrobot_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Requries MaliciousMacroBot 2 | https://github.com/egaus/MaliciousMacroBot 3 | -------------------------------------------------------------------------------- /ratdecoder_service/decoders/c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crits/crits_services/HEAD/ratdecoder_service/decoders/c -------------------------------------------------------------------------------- /shodan_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The shodan service requires: 2 | 3 | shodan: https://pypi.python.org/pypi/shodan/ 4 | -------------------------------------------------------------------------------- /threatgrid_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | This service requires a ThreatGRID applicance 2 | (http://www.threatgrid.com/). 3 | -------------------------------------------------------------------------------- /unswf_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Dependencies for unswf (is/are): 2 | 3 | pylzma (https://pypi.python.org/pypi/pylzma) 4 | -------------------------------------------------------------------------------- /anb_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The ANB service has no dependencies outside of those that are required for CRITs 2 | to run. 3 | -------------------------------------------------------------------------------- /backscatter_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Backscatter.io service requires the following python modules: 2 | - backscatter 3 | -------------------------------------------------------------------------------- /diffie_service/README: -------------------------------------------------------------------------------- 1 | The diffie service allows you to view two Analysis Results for a given 2 | object side by side. 3 | -------------------------------------------------------------------------------- /taxii_service/requirements.txt: -------------------------------------------------------------------------------- 1 | m2crypto 2 | libtaxii==1.1.111 3 | cybox==2.1.0.14 4 | stix==1.2.0.4 5 | stix-ramrod==1.2.0 -------------------------------------------------------------------------------- /SEPLQ_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The SEPLQ service has no direct dependencies outside of what's necessary for 2 | CRITs to run. 3 | -------------------------------------------------------------------------------- /carver_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The carver service has no dependencies outside of those that are required for 2 | CRITs to run. 3 | -------------------------------------------------------------------------------- /impfuzzy_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The impfuzzy service requires pyimpfuzzy, which requires pydeep, ssdeep, and pefile to run. 2 | -------------------------------------------------------------------------------- /impfuzzy_service/README: -------------------------------------------------------------------------------- 1 | The impfuzzy service is a wrapper for impfuzzy - Fuzzy Hash calculated from import API of PE files. 2 | -------------------------------------------------------------------------------- /office_meta_service/README: -------------------------------------------------------------------------------- 1 | OfficeMeta will parse a Microsoft Office file and generate rich metadata about 2 | the document. 3 | -------------------------------------------------------------------------------- /bit9_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The BIT9_service service has no dependencies outside of those that are required for CRITs 2 | to run. 3 | -------------------------------------------------------------------------------- /exiftool_service/README: -------------------------------------------------------------------------------- 1 | The exiftool service will run Phil Harvey's exiftool to extract EXIF and other metadata from binaries. 2 | -------------------------------------------------------------------------------- /farsight_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Farsight service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /meta_checker/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The meta-checker service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /rtfmeta_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The rtfmeta service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /timeline_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The timeline service has no dependencies outside of those that are required for 2 | CRITs to run. 3 | -------------------------------------------------------------------------------- /zip_meta_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The zip-meta service has no dependencies outside of those that are required for 2 | CRITs to run. 3 | -------------------------------------------------------------------------------- /data_miner_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The data miner service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /entropycalc_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The entropycalc service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /machoinfo_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The macho-info service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /office_meta_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The office_meta service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /opendns_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The OpenDNS Investigate CRITS service requires an Investigate API key and the requests Python module. 2 | -------------------------------------------------------------------------------- /pdfinfo_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | PDFInfo leverages the work of Didier Stevens and his pdf-parser. That script 2 | requires Numpy to run. 3 | -------------------------------------------------------------------------------- /zip_meta_service/README: -------------------------------------------------------------------------------- 1 | ZipMeta will parse a zip file as-is (without extracting anything) and return 2 | rich metadata about the file. 3 | -------------------------------------------------------------------------------- /bit9_service/README: -------------------------------------------------------------------------------- 1 | BIT9_service will query a BIT9 API to check for hash values that match uploaded samples and hash value indicators. 2 | -------------------------------------------------------------------------------- /exiftool_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The exiftool service requires exiftool to be installed. 2 | 3 | Ubuntu: 4 | sudo apt-get install exiftool 5 | -------------------------------------------------------------------------------- /relationships_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Relationships service has no dependencies outside of those that are required 2 | for CRITs to run. 3 | -------------------------------------------------------------------------------- /stix_validator_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The STIX Validator service requires: 2 | 3 | - stix-validator 4 | - pip install stix-validator 5 | -------------------------------------------------------------------------------- /taxii_service/HailaTAXII Example Config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crits/crits_services/HEAD/taxii_service/HailaTAXII Example Config.png -------------------------------------------------------------------------------- /xforce_exchange/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The IBM XForce Exchange service requires the following python modules: 2 | requests 3 | base64 4 | IPWhois 5 | 6 | -------------------------------------------------------------------------------- /chopshop_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Chopshop service requires Chopshop >= 4.0 and its dependencies. 2 | 3 | https://www.github.com/MITRECND/chopshop 4 | -------------------------------------------------------------------------------- /virustotal_download_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The VirusTotal Download service has no dependencies outside of those that are required for 2 | CRITs to run. 3 | -------------------------------------------------------------------------------- /carver_service/README: -------------------------------------------------------------------------------- 1 | The carver service allows you to provide a start and end offset for a Sample and 2 | carve the contents as a new related Sample. 3 | -------------------------------------------------------------------------------- /ssdeep_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The SSDeep service requires pydeep and ssdeep to run. This is a part of CRITs 2 | core so you should already have it installed. 3 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_ip_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="IP" item=ip %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_pcap_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="PCAP" item=pcap %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /threatrecon_service/README: -------------------------------------------------------------------------------- 1 | Check the Threatrecon API database to see if it contains this domain or IP 2 | 3 | Requires an API key available from threatrecon.co 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_domain_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Domain" item=domain %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_email_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Email" item=email %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_event_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Event" item=event %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_sample_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Sample" item=sample %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /anb_service/README: -------------------------------------------------------------------------------- 1 | The ANB service adds a tab to the Campaign and Event details pages. It generates 2 | a set of CSV's which are compatible for input into Analyst's Notebook. 3 | -------------------------------------------------------------------------------- /opendns_service/templates/opendns_service_template.html: -------------------------------------------------------------------------------- 1 | {% include 'services_results_default.html' %} 2 | 7 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_indicator_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Indicator" item=indicator %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_rawdata_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="RawData" item=raw_data %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /chminfo_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | This plugin depends on the following packages: 2 | - pychm 3 | - libchm1 4 | 5 | Installation intructions: 6 | apt-get install python-chm libchm1 7 | -------------------------------------------------------------------------------- /cuckoo_service/README: -------------------------------------------------------------------------------- 1 | The Cuckoo Service submits files to Cuckoo Sandbox, and retrieves the resulting 2 | analysis, submitting dropped files back to CRITs for further analysis. 3 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_certificate_tab.html: -------------------------------------------------------------------------------- 1 | {% with type="Certificate" item=cert %} 2 | {% include "taxii_service_master_tab.html" %} 3 | {% endwith %} 4 | -------------------------------------------------------------------------------- /carbonblack_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Required: 2 | 3 | Carbon Black Client API (https://github.com/carbonblack/cbapi/tree/master/client_apis/python) 4 | 5 | Optional: 6 | 7 | pympler 8 | -------------------------------------------------------------------------------- /pdf2txt_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Dependencies for pdf2txt (is/are): 2 | antiword - you need Antiword binary in /usr/bin/ 3 | poppler-utils - you need pdftotext binary in /usr/bin/ 4 | 5 | -------------------------------------------------------------------------------- /OPSWAT_Service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The OPSWAT service has no direct dependencies outside of what's necessary for 2 | CRITs to run. It does, however, require an OPSWAT appliance to push Samples to. 3 | -------------------------------------------------------------------------------- /chminfo_service/README: -------------------------------------------------------------------------------- 1 | CHMInfo will parse an ITSF/Microsoft Compiled HTML help file and 2 | generate rich metadata about the document and provide basic 3 | malware detection capabilities. 4 | -------------------------------------------------------------------------------- /ratdecoder_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The RATDecoder service requires: 2 | 3 | - yara 3.3 4 | - yara-python 5 | - pefile: https://code.google.com/p/pefile/ 6 | - pycrypto 7 | - pype32 8 | - upx 9 | -------------------------------------------------------------------------------- /taxii_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The TAXII service requires: 2 | 3 | - M2Crypto 4 | - libtaxii-1.1.111 and its dependencies 5 | - cybox==2.1.0.14 6 | - stix==1.2.0.4 7 | - stix-ramrod==1.2.0 8 | - lxml>=3.3.5 -------------------------------------------------------------------------------- /stix_validator_service/templates/stix_validator_service_nav_items.html: -------------------------------------------------------------------------------- 1 | 2 |
  • 3 | STIX Validator 4 |
    • 5 | -------------------------------------------------------------------------------- /totalhash_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The pehash service requires: 2 | 3 | pefile: https://code.google.com/p/pefile/ 4 | bitstring: https://pypi.python.org/pypi/bitstring 5 | lxml: https://pypi.python.org/pypi/lxml 6 | -------------------------------------------------------------------------------- /whois_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The WHOIS CRITs service requires the requests and pythonwhois modules. 2 | 3 | Optionally, you can configure this service to use pyDat 2.0 or greater 4 | as a source of WHOIS data. 5 | -------------------------------------------------------------------------------- /anb_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^(?P.+?)/(?P.+?)/$', views.get_anb_data, name='anb_service-views-get_anb_data'), 7 | ] 8 | -------------------------------------------------------------------------------- /threatgrid_service/README: -------------------------------------------------------------------------------- 1 | A service to support the submission of files to ThreatGRID. The 2 | service will return and display a subset of ThreatGRID results 3 | and allow network indicators to be easily added to the sample. 4 | -------------------------------------------------------------------------------- /timeline_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^(?P.+?)/(?P.+?)/$', views.get_timeline, name='timeline_service-views-get_timeline'), 7 | ] 8 | -------------------------------------------------------------------------------- /yara_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^test_yara_rule/(?P.+?)/$', views.get_yara_result, name='yara_service-views-get_yara_result'), 7 | ] 8 | -------------------------------------------------------------------------------- /cuckoo_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Cuckoo service requires the `requests` library [1], along with an instance 2 | of Cuckoo Sandbox, in order to function. 3 | 4 | [1] http://docs.python-requests.org/ 5 | [2] http://www.cuckoosandbox.org/ 6 | -------------------------------------------------------------------------------- /yara_service/CHANGELOG: -------------------------------------------------------------------------------- 1 | Version 1.1.0 2 | ------------- 3 | Convert 'sigfiles' config option from a comma-separated list (STRING type) 4 | to the new LIST type. 5 | 6 | 7 | Version 1.0.0 8 | ------------- 9 | Initial version. 10 | -------------------------------------------------------------------------------- /crits_scripts/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Most CRITs scripts only require the core dependencies for CRITs to run. The 2 | major exception currently is wss.py which is a web-socket server for CRITs. It 3 | requires mod_pywebsocket and its dependencies to run. 4 | -------------------------------------------------------------------------------- /xforce_exchange/README: -------------------------------------------------------------------------------- 1 | The XForce Exchange Service will query the XFE API to gather additional infomration based on hash values. 2 | 3 | A free XForce Exchange account can be obtained here: 4 | 5 | https://exchange.xforce.ibmcloud.com/new 6 | 7 | -------------------------------------------------------------------------------- /backscatter_service/README: -------------------------------------------------------------------------------- 1 | This service checks the Backscatter.io database to see if it contains this IP. It will then collect relevant data. 2 | 3 | Works on Indicators with the IPv4 Address Indicator Type. 4 | 5 | Requires an API key available from backscatter.io 6 | -------------------------------------------------------------------------------- /pyew/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^pyew_port/$', views.pyew_port, name='pyew-views-pyew_port'), 7 | url(r'^pyew_token/$', views.pyew_tokenize, name='pyew-views-pyew_tokenize'), 8 | ] 9 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/UPX.yar: -------------------------------------------------------------------------------- 1 | rule UPX 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | 7 | strings: 8 | $a = "UPX0" 9 | $b = "UPX1" 10 | $c = "UPX!" 11 | 12 | condition: 13 | all of them 14 | } -------------------------------------------------------------------------------- /clamd_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | Dependencies for clamd (is/are): 2 | 3 | clamav 4 | clamd (ClamAv Daemon that listens on either an Unix socket or a TCP port) 5 | freshclam - if you want to auto update the AV defs 6 | pyClamd 0.3.10 - http://xael.org/norman/python/pyclamd/ 7 | 8 | -------------------------------------------------------------------------------- /crits_scripts/scripts/email_no_headers.js: -------------------------------------------------------------------------------- 1 | var source_name = "your organization"; 2 | db.email.find({'raw_headers': {$exists: false}, 'source.name': source_name}).forEach(function(z) { 3 | print(z.subject + "," + z.from + "," + z.source[0].instances[0].date); 4 | }); 5 | -------------------------------------------------------------------------------- /meta_checker/README: -------------------------------------------------------------------------------- 1 | The meta-checker service compares the Analysis results for a given sample to 2 | other samples in the database. It provided some basic counts and search links 3 | for you to quick discover and look at the other samples that have those similar 4 | results. 5 | -------------------------------------------------------------------------------- /peinfo_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The peinfo service requires: 2 | 3 | bitstring: https://pypi.python.org/pypi/bitstring/ 4 | pefile: https://code.google.com/p/pefile/ 5 | 6 | It is recommended that you get at least version 1.2.10-139 as that has support 7 | for import hashing (imphash). 8 | -------------------------------------------------------------------------------- /taxii_service/templates/taxii_service_nav_items.html: -------------------------------------------------------------------------------- 1 | 2 |
  • 3 | TAXII Agent 4 |
    • 5 |
  • 6 | STIX Upload 7 |
    • 8 | -------------------------------------------------------------------------------- /prettythings/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^main/$', views.main, name='prettythings-views-main'), 7 | url(r'^campaign_heatmap/$', views.campaign_heatmap, name='prettythings-views-campaign_heatmap'), 8 | ] 9 | -------------------------------------------------------------------------------- /diffie_service/templates/diffie_service_form.html: -------------------------------------------------------------------------------- 1 | {% for hidden in form.hidden_fields %} 2 | {{ hidden }} 3 | {% endfor %} 4 | {% for field in form.visible_fields %} 5 | 6 | {{ field.errors }} 7 | {{ field.label_tag }} {{ field }} 8 | 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /preview_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | antiword 2 | poppler-utils 3 | Pillow 4 | 5 | Dependencies for Pillow on Ubuntu to get the wide variety of image formats supported: 6 | liblcms2-dev 7 | libfreetype6-dev 8 | libtiff-dev 9 | zlib1g-dev 10 | libwebp-dev 11 | libjpeg-dev 12 | libopenjpeg-dev 13 | -------------------------------------------------------------------------------- /threatexchange/README: -------------------------------------------------------------------------------- 1 | The ThreatExchange service provides an interface which allows you to 2 | send/receive information through Facebook's ThreatExchange. 3 | 4 | You will need to contact Facebook to sign up for ThreatExchange and acquire the 5 | necessary information to configure this service. 6 | -------------------------------------------------------------------------------- /threatexchange/templates/tx_group.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{group.name}} 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /pdf2txt_service/README: -------------------------------------------------------------------------------- 1 | Version 0.0.1 2 | ------------- 3 | 4 | This is an attempt at integrating a crits service with pdftotext - a part of Poppler-utils (http://poppler.freedesktop.org). 5 | 6 | 7 | Version 0.0.2 8 | ------------- 9 | Added text extraction from word documents using Antiword 10 | -------------------------------------------------------------------------------- /preview_service/README: -------------------------------------------------------------------------------- 1 | Version 0.0.4 2 | ------------- 3 | 4 | This is an attempt at integrating a crits service that generates screenshots of PDF, Word docuemnts and other image files leveraging Pillow library, antiword, and pdftoppm - a part of Poppler-utils (http://poppler.freedesktop.org). 5 | 6 | 7 | -------------------------------------------------------------------------------- /shodan_service/README: -------------------------------------------------------------------------------- 1 | Check the Shodan database to see if it contains this IP. 2 | 3 | Requires an API key available from https://www.shodan.io 4 | 5 | Free accounts get a free API key which can be found at https://account.shodan.io. 6 | The Shodan API for IP-based lookups has no restrictions with the free API key! 7 | -------------------------------------------------------------------------------- /stix_validator_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^stix_validator/$', views.stix_validator, name='stix_validator_service-views-stix_validator'), 7 | url(r'^validate/$', views.validate, name='stix_validator_service-views-validate'), 8 | ] 9 | -------------------------------------------------------------------------------- /totalhash_service/README: -------------------------------------------------------------------------------- 1 | PEHash is a hash calculated of certain pieces of a PE executable file that was 2 | described by Georg Wicherski in the paper: 3 | 4 | peHash: A Novel Approach to Fast Malware Clustering 5 | 6 | It can be found here: 7 | 8 | https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/ 9 | -------------------------------------------------------------------------------- /pyew/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | The Pyew service requires: 2 | 3 | pexpect 2.4: https://pypi.python.org/pypi/pexpect 4 | mod_pywebsocket 0.7.9: https://code.google.com/p/pywebsocket/downloads/list 5 | pyew 2.0: https://code.google.com/p/pyew/downloads/list 6 | distorm64: https://code.google.com/p/pyew/downloads/list 7 | -------------------------------------------------------------------------------- /threatexchange/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | ThreatExchange requires the pytx python library. It also requires that you add a 2 | source of "ThreatExchange" to CRITs and give appropriate users access to that 3 | source. 4 | 5 | You will need to contact Facebook to sign up for ThreatExchange and acquire the 6 | necessary information to configure this service. 7 | -------------------------------------------------------------------------------- /prettythings/templates/prettythings_nav_items.html: -------------------------------------------------------------------------------- 1 |
  • 2 | Pretty Things 3 | 8 |
    • 9 | -------------------------------------------------------------------------------- /stix_validator_service/README: -------------------------------------------------------------------------------- 1 | The STIX Validator service allows you to provide what you think is a STIX XML 2 | structure and validate it using stix-validator. 3 | 4 | With this service you will see a new Nav Menu item under Services called "STIX 5 | Validator". Clicking on that will bring you to the interface for validating your 6 | STIX document. 7 | -------------------------------------------------------------------------------- /virustotal_service/README: -------------------------------------------------------------------------------- 1 | This service checks the VirusTotal database to see if it contains this sample, domain or IP. It will then collect relevant data using either a public or 2 | private key. 3 | 4 | This does not submit the file to VirusTotal, but only performs a lookup of the 5 | sample's MD5. 6 | 7 | Requires an API key available from virustotal.com 8 | -------------------------------------------------------------------------------- /chopshop_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^filecarver/get_form/$', views.get_filecarver_config_form, name='chopshop_service-views-get_filecarver_config_form'), 7 | url(r'^filecarver/(?P.+?)/$', views.run_filecarver, name='chopshop_service-views-run_filecarver'), 8 | ] 9 | -------------------------------------------------------------------------------- /threatexchange/templates/threatexchange_nav_items.html: -------------------------------------------------------------------------------- 1 |
  • 2 | ThreatExchange Query 3 | 8 |
    • 9 | -------------------------------------------------------------------------------- /relationships_service/README: -------------------------------------------------------------------------------- 1 | The Relationships service works for every top-level object. It leverages the D3 2 | javascript framework to generate a visual representation of the relationships a 3 | top-level object has. 4 | 5 | You can alter the data in the graph by adjusting the relationships depth to 6 | traverse as well as what types of top-level objects to render. 7 | -------------------------------------------------------------------------------- /yara_service/README: -------------------------------------------------------------------------------- 1 | The Yara service will run a binary through yara with a given set of rule files. 2 | It will return the results and store them for reference. 3 | 4 | Along with the Yara service comes the Yara Rule Checker. This adds a tab to the 5 | UI which allows you to craft and test yara rules against a binary without having 6 | to download the binary locally. 7 | -------------------------------------------------------------------------------- /diffie_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^diffie/form/(?P\w+)/(?P\w+)/$', views.get_diffie_config_form, name='diffie_service-views-get_diffie_config_form'), 7 | url(r'^diffie/run/(?P\w+)/(?P\w+)/$', views.diffie_results, name='diffie_service-views-diffie_results'), 8 | ] 9 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | ## Licensing 4 | CRITs is licensed under the MIT license. 5 | To avoid legal issues CRITs can only merge Services that do not mandate sharing changes back. 6 | 7 | Services released under the following licenses can be merged without issue: 8 | * MIT 9 | * BSD 10 | * Apache 2 11 | 12 | Services released under the following licenses will **NOT** be accepted: 13 | * GPL 14 | -------------------------------------------------------------------------------- /crits_scripts/scripts/email_report.js: -------------------------------------------------------------------------------- 1 | var results = new Object(); 2 | db.email.find({}, {'from': 1, 'source': 1}).forEach(function(z) { 3 | var output = ""; 4 | datetime = z.source[0].instances[0].date; 5 | from = z.from 6 | name = z.source[0].name 7 | reference = z.source[0].instances[0].reference 8 | output += datetime + "," + from + "," + name + "," + reference + "\n"; 9 | print(output); 10 | } ); 11 | -------------------------------------------------------------------------------- /crits_scripts/scripts/md5_by_date.js: -------------------------------------------------------------------------------- 1 | // Change the date to one of your choosing. 2 | // Can also use this for an upper bound: 3 | //var a = db.samples.find({'source.instances.date': {$gte: ISODate("2011-06-11T00:00:00.000Z"), $lte: ISODate("2012-06-13T00:00:00.000Z")}}, {'md5': 1}); 4 | var a = db.sample.find({'source.instances.date': {$gte: ISODate("2011-06-11T00:00:00.000Z")}}, {'md5': 1}); 5 | a.forEach(function(z) { print(z.md5); }); 6 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/adWind.yar: -------------------------------------------------------------------------------- 1 | rule adWind 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/AAR" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $meta = "META-INF" 12 | $conf = "config.xml" 13 | $a = "Adwind.class" 14 | $b = "Principal.adwind" 15 | 16 | condition: 17 | all of them 18 | } -------------------------------------------------------------------------------- /timeline_service/README: -------------------------------------------------------------------------------- 1 | The Timeline service works for any top-level object. It parses the object and 2 | generates a timeline of things that happened to that object. It is an easy way 3 | to see what things happened on which days in chronological order such as: 4 | 5 | - Adding the content to CRITs 6 | - Adding bucket list items 7 | - Adding relationships 8 | - Adding objects 9 | - Adding comments 10 | - Running services 11 | - etc. 12 | -------------------------------------------------------------------------------- /entropycalc_service/CHANGELOG: -------------------------------------------------------------------------------- 1 | Version 0.0.1 2 | ------------- 3 | Initial version of cryptodetect service 4 | 5 | For now it only computes entropy for any file (except an empty one). Code for entropy taken from pefile. 6 | No external dependencies other than math and array imports. 7 | 8 | For future inspiration: 9 | http://kerckhoffs.googlecode.com/files/Groebert-Automatic.Identification.of.Cryptographic.Primitives.in.Software.pdfi 10 | 11 | -------------------------------------------------------------------------------- /preview_service/CHANGELOG: -------------------------------------------------------------------------------- 1 | Version 0.0.1 2 | ------------- 3 | 4 | This is an attempt at integrating a crits service with pdftotext - a part of Poppler-utils (http://poppler.freedesktop.org). 5 | 6 | Version 0.0.2 7 | ------------- 8 | Misc fixes 9 | 10 | Version 0.0.3 11 | ------------- 12 | Added Pillow for image conversion and screenshots 13 | 14 | Version 0.0.4 15 | ------------- 16 | Added Antiword for previewing Word documents 17 | 18 | -------------------------------------------------------------------------------- /crits_scripts/README: -------------------------------------------------------------------------------- 1 | This is a collection of scripts that developers have contributed which assist in 2 | the administration and use of CRITs. 3 | 4 | Many scripts are designed to perform bulk tasks which normally take a long time 5 | to run and are not suitable for executing through a web interface. Others allow 6 | you to perform database tasks which are normally not safe to allow users to run 7 | but might be necessary for administrators or "power users". 8 | -------------------------------------------------------------------------------- /passivetotal_service/README: -------------------------------------------------------------------------------- 1 | Use PassiveTotal in order to enrich your existing indicators. This service 2 | faciliates queries to PassiveTotal using their public API. Datasets include 3 | passive DNS, WHOIS, SSL certificates, web components, OSINT, malware and trackers. 4 | 5 | Registration to PassiveTotal is free and is required to use this service. Users 6 | need to associate their email address and API key with the service in order to 7 | successfully make calls. -------------------------------------------------------------------------------- /taxii_service/README.md: -------------------------------------------------------------------------------- 1 | The TAXII service allows you to send and receive content between a CRITs 2 | instance and a TAXII server. It also enables import of STIX 1.x data, and 3 | creation of STIX 1.x documents from CRITs TLOs. 4 | 5 | For an example of how to configure for communication with hailataxii.com, 6 | please see image "HailaTAXII Example Config.png" in the repository or below. 7 | 8 | ![HailaTAXII Example Config.png](./HailaTAXII%20Example%20Config.png) 9 | -------------------------------------------------------------------------------- /chopshop_service/README: -------------------------------------------------------------------------------- 1 | The Chopshop service adds the ability to process a PCAP with Chopshop modules. 2 | Currently the service only supports http_extractor and dns_extractor. 3 | 4 | It also comes with a carver feature which will allow you to carve HTTP 5 | Requests/Responses, SMTP, and Raw data. It also allows you to specify the 6 | Content-Types you wish to limit to (if any). Any content carved will be added to 7 | CRITs and automatically related back to the PCAP. 8 | -------------------------------------------------------------------------------- /metacap_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^pdml/(?P.+?)/$', views.get_pcap_pdml, name='metacap_service-views-get_pcap_pdml'), 7 | url(r'^tcpdump/get_form/$', views.get_tcpdump_config_form, name='metacap_service-views-get_tcpdump_config_form'), 8 | url(r'^tcpdump/(?P.+?)/$', views.get_pcap_tcpdump, name='metacap_service-views-get_pcap_tcpdump'), 9 | ] 10 | -------------------------------------------------------------------------------- /threatexchange/templates/tx_member.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {% if member.email %} 4 | 5 | {% endif %} 6 | {{member.name}} 7 | {% if member.email %} 8 | 9 | {% endif %} 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Ap0calypse.yar: -------------------------------------------------------------------------------- 1 | rule Ap0calypse 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Ap0calypse" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "Ap0calypse" 12 | $b = "Sifre" 13 | $c = "MsgGoster" 14 | $d = "Baslik" 15 | $e = "Dosyalars" 16 | $f = "Injecsiyon" 17 | 18 | condition: 19 | all of them 20 | } 21 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Bozok.yar: -------------------------------------------------------------------------------- 1 | rule Bozok 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Bozok" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "getVer" nocase 12 | $b = "StartVNC" nocase 13 | $c = "SendCamList" nocase 14 | $d = "untPlugin" nocase 15 | $e = "gethostbyname" nocase 16 | 17 | condition: 18 | all of them 19 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/BlackNix.yar: -------------------------------------------------------------------------------- 1 | rule BlackNix 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/BlackNix" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a1 = "SETTINGS" wide 12 | $a2 = "Mark Adler" 13 | $a3 = "Random-Number-Here" 14 | $a4 = "RemoteShell" 15 | $a5 = "SystemInfo" 16 | 17 | 18 | condition: 19 | all of them 20 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/LuxNet.yar: -------------------------------------------------------------------------------- 1 | rule LuxNet 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/LuxNet" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "GetHashCode" 12 | $b = "Activator" 13 | $c = "WebClient" 14 | $d = "op_Equality" 15 | $e = "dickcursor.cur" wide 16 | $f = "{0}|{1}|{2}" wide 17 | 18 | condition: 19 | all of them 20 | } 21 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/unrecom.yar: -------------------------------------------------------------------------------- 1 | rule unrecom 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/AAR" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $meta = "META-INF" 12 | $conf = "load/ID" 13 | $a = "load/JarMain.class" 14 | $b = "load/MANIFEST.MF" 15 | $c = "plugins/UnrecomServer.class" 16 | 17 | condition: 18 | all of them 19 | } 20 | -------------------------------------------------------------------------------- /timeline_service/views.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from django.contrib.auth.decorators import user_passes_test 4 | from django.shortcuts import HttpResponse 5 | 6 | from crits.core.user_tools import user_can_view_data 7 | from . import handlers 8 | 9 | @user_passes_test(user_can_view_data) 10 | def get_timeline(request, ctype, cid): 11 | result = handlers.generate_timeline(ctype, cid, "%s" % request.user) 12 | return HttpResponse(json.dumps(result), content_type="application/json") 13 | -------------------------------------------------------------------------------- /metacap_service/DEPENDENCIES: -------------------------------------------------------------------------------- 1 | MetaCap has several dependencies outside of those required for CRITs to run. 2 | 3 | - Chopshop >= v4.0 4 | - tcpdump 5 | - tshark (part of wireshark) 6 | 7 | Chopshop is necessary for running the Metacap service. 8 | tcpdump is used for running the PCAP through tcpdump and displaying the output 9 | in the UI. 10 | tshark is used for generating a PDML representation of the PCAP which allows us 11 | to provide a "wireshark-like" lazy-browsing interface in the UI. 12 | -------------------------------------------------------------------------------- /relationships_service/__init__.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from crits.services.core import Service 4 | 5 | logger = logging.getLogger(__name__) 6 | 7 | class RelationshipsService(Service): 8 | name = "relationships_service" 9 | version = '0.0.2' 10 | description = "Generate relationship graphs between objects." 11 | 12 | def __init__(self, *args, **kwargs): 13 | pass 14 | 15 | def _scan(self, obj): 16 | pass 17 | 18 | def stop(self): 19 | pass 20 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Paradox.yar: -------------------------------------------------------------------------------- 1 | rule Paradox 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Paradox" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "ParadoxRAT" 12 | $b = "Form1" 13 | $c = "StartRMCam" 14 | $d = "Flooders" 15 | $e = "SlowLaris" 16 | $f = "SHITEMID" 17 | $g = "set_Remote_Chat" 18 | 19 | condition: 20 | all of them 21 | } 22 | -------------------------------------------------------------------------------- /stix_validator_service/__init__.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from crits.services.core import Service 4 | 5 | logger = logging.getLogger(__name__) 6 | 7 | class StixValidatorService(Service): 8 | name = "stix_validator_service" 9 | version = '0.0.1' 10 | supported_types = [] 11 | description = "Validate STIX XML." 12 | 13 | def __init__(self, *args, **kwargs): 14 | pass 15 | 16 | def _scan(self, obj): 17 | pass 18 | 19 | def stop(self): 20 | pass 21 | -------------------------------------------------------------------------------- /timeline_service/__init__.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from crits.services.core import Service 4 | 5 | logger = logging.getLogger(__name__) 6 | 7 | class TimelineService(Service): 8 | name = "timeline_service" 9 | version = '0.0.1' 10 | supported_types = [] 11 | description = "Generate a timeline for an object." 12 | 13 | def __init__(self, *args, **kwargs): 14 | pass 15 | 16 | def _scan(self, obj): 17 | pass 18 | 19 | def stop(self): 20 | pass 21 | -------------------------------------------------------------------------------- /c1fapp_service/README.md: -------------------------------------------------------------------------------- 1 | # Beta c1fapp_service 2 | C1fApp Threat feed lookup service for CRITS 3 | 4 | C1fapp is a threat feed aggregator service. It can be used to lookup an 5 | IP or domain from the C1fApp threat feed repository. 6 | It contains major Open source feeds and also provides access to private feeds 7 | 8 | API key can be requested from www.c1fapp.com for free. 9 | 10 | Note: Account approvals are manual. If you do not use your company email 11 | try to provide identifiable information. 12 | 13 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/BlackShades.yar: -------------------------------------------------------------------------------- 1 | rule BlackShades 2 | { 3 | meta: 4 | author = "Brian Wallace (@botnet_hunter)" 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/PoisonIvy" 7 | ref = "http://blog.cylance.com/a-study-in-bots-blackshades-net" 8 | family = "blackshades" 9 | 10 | strings: 11 | $string1 = "bss_server" 12 | $string2 = "txtChat" 13 | $string3 = "UDPFlood" 14 | condition: 15 | all of them 16 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Xtreme.yar: -------------------------------------------------------------------------------- 1 | rule Xtreme 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Xtreme" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | ver = "2.9, 3.1, 3.2, 3.5" 10 | 11 | strings: 12 | $a = "XTREME" wide 13 | $b = "ServerStarted" wide 14 | $c = "XtremeKeylogger" wide 15 | $d = "x.html" wide 16 | $e = "Xtreme RAT" wide 17 | 18 | condition: 19 | all of them 20 | } 21 | -------------------------------------------------------------------------------- /pyinstaller_service/README: -------------------------------------------------------------------------------- 1 | The pyinstaller service will run the archive_viewer against a binary in an 2 | attempt to find out more information about a binary. 3 | 4 | For each object found with a type of "s", it will attempt to extract it, decode 5 | it, add it as Raw Data, and relate it back to the Sample. 6 | 7 | NOTE: For this to work make sure to add a new Raw Data Type called "Python" 8 | (with the capital). It uses this when adding Raw Data and will fail if 9 | the DataType isn't available. 10 | -------------------------------------------------------------------------------- /relationships_service/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'add_campaign/$', views.add_campaign, name='relationships_service-views-add_campaign'), 7 | url(r'^(?P.+?)/(?P.+?)/$', views.get_relationships, name='relationships_service-views-get_relationships'), 8 | ] 9 | 10 | def register_api(v1_api): 11 | from relationships_service.api import RelationshipsServiceResource 12 | v1_api.register(RelationshipsServiceResource()) 13 | -------------------------------------------------------------------------------- /anb_service/__init__.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from crits.services.core import Service 4 | 5 | logger = logging.getLogger(__name__) 6 | 7 | class ANBService(Service): 8 | name = "anb" 9 | version = '0.0.1' 10 | template = None 11 | supported_types = ['Campaign'] 12 | description = "Generate CSV data for Analyst's Notebook." 13 | 14 | def __init__(self, *args, **kwargs): 15 | pass 16 | 17 | def _scan(self, obj): 18 | pass 19 | 20 | def stop(self): 21 | pass 22 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/BlueBanana.yar: -------------------------------------------------------------------------------- 1 | rule BlueBanana 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/BlueBanana" 7 | maltype = "Remote Access Trojan" 8 | filetype = "Java" 9 | 10 | strings: 11 | $meta = "META-INF" 12 | $conf = "config.txt" 13 | $a = "a/a/a/a/f.class" 14 | $b = "a/a/a/a/l.class" 15 | $c = "a/a/a/b/q.class" 16 | $d = "a/a/a/b/v.class" 17 | 18 | 19 | condition: 20 | all of them 21 | } 22 | -------------------------------------------------------------------------------- /carbonblack_service/README: -------------------------------------------------------------------------------- 1 | The Carbon Black service for CRITs 2 | 3 | To configure, you'll need to enter the address of your 4 | Carbon Black server and an API token to authenticate 5 | to the server. 6 | 7 | You will need to install the carbon black API. You can 8 | optionally install pympler. The Carbon Black API can 9 | return a lot of data, and the BSON limit is 16 MB, 10 | installing this package will make sure that this limit 11 | is not exceeded. 12 | 13 | The service works on Samples, IPs, and Domains. 14 | 15 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/AAR.yar: -------------------------------------------------------------------------------- 1 | rule AAR 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/AAR" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "Hashtable" 12 | $b = "get_IsDisposed" 13 | $c = "TripleDES" 14 | $d = "testmemory.FRMMain.resources" 15 | $e = "$this.Icon" wide 16 | $f = "{11111-22222-20001-00001}" wide 17 | $g = "@@@@@" 18 | 19 | condition: 20 | all of them 21 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/SmallNet.yar: -------------------------------------------------------------------------------- 1 | rule SmallNet 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/SmallNet" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $split1 = "!!<3SAFIA<3!!" 12 | $split2 = "!!ElMattadorDz!!" 13 | $a1 = "stub_2.Properties" 14 | $a2 = "stub.exe" wide 15 | $a3 = "get_CurrentDomain" 16 | 17 | condition: 18 | ($split1 or $split2) and (all of ($a*)) 19 | } 20 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/PythoRAT.yar: -------------------------------------------------------------------------------- 1 | rule PythoRAT 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/PythoRAT" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "TKeylogger" 12 | $b = "uFileTransfer" 13 | $c = "TTDownload" 14 | $d = "SETTINGS" 15 | $e = "Unknown" wide 16 | $f = "#@#@#" 17 | $g = "PluginData" 18 | $i = "OnPluginMessage" 19 | 20 | condition: 21 | all of them 22 | } 23 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/DarkRAT.yar: -------------------------------------------------------------------------------- 1 | rule DarkRAT 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/DarkRAT" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "@1906dark1996coder@" 12 | $b = "SHEmptyRecycleBinA" 13 | $c = "mciSendStringA" 14 | $d = "add_Shutdown" 15 | $e = "get_SaveMySettingsOnExit" 16 | $f = "get_SpecialDirectories" 17 | $g = "Client.My" 18 | 19 | condition: 20 | all of them 21 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/ShadowTech.yar: -------------------------------------------------------------------------------- 1 | rule ShadowTech 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/ShadowTech" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "ShadowTech" nocase 12 | $b = "DownloadContainer" 13 | $c = "MySettings" 14 | $d = "System.Configuration" 15 | $newline = "#-@NewLine@-#" wide 16 | $split = "pSIL" wide 17 | $key = "ESIL" wide 18 | 19 | condition: 20 | 4 of them 21 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Vertex.yar: -------------------------------------------------------------------------------- 1 | rule Vertex 2 | { 3 | 4 | meta: 5 | author = " Kevin Breen " 6 | date = "2014/04" 7 | ref = "http://malwareconfig.com/stats/Vertex" 8 | maltype = "Remote Access Trojan" 9 | filetype = "exe" 10 | 11 | strings: 12 | $string1 = "DEFPATH" 13 | $string2 = "HKNAME" 14 | $string3 = "HPORT" 15 | $string4 = "INSTALL" 16 | $string5 = "IPATH" 17 | $string6 = "MUTEX" 18 | $res1 = "PANELPATH" 19 | $res2 = "ROOTURL" 20 | 21 | condition: 22 | all of them 23 | } 24 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/QRat.yar: -------------------------------------------------------------------------------- 1 | rule QRat 2 | { 3 | meta: 4 | author = "Kevin Breen @KevTheHermit" 5 | date = "2015/08" 6 | ref = "http://malwareconfig.com" 7 | maltype = "Remote Access Trojan" 8 | filetype = "jar" 9 | 10 | strings: 11 | $a0 = "e-data" 12 | $a1 = "quaverse/crypter" 13 | $a2 = "Qrypt.class" 14 | $a3 = "Jarizer.class" 15 | $a4 = "URLConnection.class" 16 | 17 | 18 | condition: 19 | 4 of them 20 | 21 | 22 | } -------------------------------------------------------------------------------- /totalhash_service/CHANGELOG: -------------------------------------------------------------------------------- 1 | Version 0.0.1 2 | ------------- 3 | Initial version of PEhash service 4 | 5 | It computes PEHash that looks very similar to sha1 output, and is good for clustering PE files. 6 | 7 | For all the details please see http://totalhash.com/pehash-source-code/. The code came from http://totalhash.com/download/pehash.py , all I did was wraping it up for CRITs. 8 | 9 | It requires bitstring(https://pypi.python.org/pypi/bitstring) and pefile. 10 | 11 | https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/ 12 | -------------------------------------------------------------------------------- /crits_scripts/scripts/email_map.js: -------------------------------------------------------------------------------- 1 | var results = new Object(); 2 | map = function() { 3 | if ("x_mailer" in this) { 4 | emit({name: this.x_mailer}, {count: 1}) 5 | } 6 | } 7 | reduce = function(k,v) { 8 | var count=0; 9 | v.forEach(function(v) { 10 | count += v["count"]; }); 11 | return {count: count}; 12 | } 13 | //db.email.mapReduce(map, reduce, {out: "email_test"}) 14 | var results = db.email.mapReduce(map, reduce, {out: {inline: 1}}) 15 | results.results.forEach(function(z) { 16 | print("'" + z._id.name + "' = " + z.value.count) 17 | }) 18 | 19 | -------------------------------------------------------------------------------- /peinfo_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class PEInfoRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | resource = forms.BooleanField(required=False, 7 | label="Resources", 8 | help_text="New samples from resources.", 9 | initial=True) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(PEInfoRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /ssdeep_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class SSDeepRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | threshold = forms.IntegerField(required=True, 7 | label="Threshold", 8 | help_text="Minimum threshold for match.", 9 | initial=50) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(SSDeepRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /taxii_service/templates/new-standards.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
    4 |
    8 | {{ upload_standards.as_table }}
    9 | 10 |
    11 |
    12 | -------------------------------------------------------------------------------- /diffie_service/__init__.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from django.template.loader import render_to_string 4 | 5 | from crits.services.core import Service, ServiceConfigError 6 | 7 | from . import forms 8 | 9 | logger = logging.getLogger(__name__) 10 | 11 | class DiffieService(Service): 12 | """ 13 | Display two Analysis Results side by side. 14 | """ 15 | 16 | name = "diffie" 17 | version = '0.0.1' 18 | description = "Display two Analysis Results side by side." 19 | supported_types = [] 20 | 21 | def run(self, obj, config): 22 | return 23 | -------------------------------------------------------------------------------- /impfuzzy_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class impfuzzyRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | threshold = forms.IntegerField(required=True, 7 | label="Threshold", 8 | help_text="Minimum threshold for match.", 9 | initial=50) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(impfuzzyRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Infinity.yar: -------------------------------------------------------------------------------- 1 | rule Infinity 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Infinity" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "CRYPTPROTECT_PROMPTSTRUCT" 12 | $b = "discomouse" 13 | $c = "GetDeepInfo" 14 | $d = "AES_Encrypt" 15 | $e = "StartUDPFlood" 16 | $f = "BATScripting" wide 17 | $g = "FBqINhRdpgnqATxJ.html" wide 18 | $i = "magic_key" wide 19 | 20 | condition: 21 | all of them 22 | } 23 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Punisher.yar: -------------------------------------------------------------------------------- 1 | rule Punisher 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Punisher" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "abccba" 12 | $b = {5C 00 68 00 66 00 68 00 2E 00 76 00 62 00 73} 13 | $c = {5C 00 73 00 63 00 2E 00 76 00 62 00 73} 14 | $d = "SpyTheSpy" wide ascii 15 | $e = "wireshark" wide 16 | $f = "apateDNS" wide 17 | $g = "abccbaDanabccb" 18 | 19 | condition: 20 | all of them 21 | } 22 | -------------------------------------------------------------------------------- /rtfmeta_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class RTFMetaRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | save_streams = forms.BooleanField(required=False, 7 | label="Save streams", 8 | help_text="Add embedded streams as new samples.", 9 | initial=True) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(RTFMetaRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /chminfo_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class CHMInfoRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | chm_items = forms.BooleanField(required=False, 7 | label="Items", 8 | help_text="New samples from CHM Items (insert child pages).", 9 | initial=True) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(CHMInfoRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /office_meta_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class OfficeMetaRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | save_streams = forms.BooleanField(required=False, 7 | label="Save streams", 8 | help_text="Add embedded streams as new samples.", 9 | initial=True) 10 | 11 | def __init__(self, *args, **kwargs): 12 | kwargs.setdefault('label_suffix', ':') 13 | super(OfficeMetaRunForm, self).__init__(*args, **kwargs) 14 | -------------------------------------------------------------------------------- /threatexchange/templates/privacy_form.html: -------------------------------------------------------------------------------- 1 |
    2 |
    3 |
    4 |
    8 | 9 | {{privacy_group_form.as_table }} 10 |
    11 |
    12 |
    13 |
    14 |
    15 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Arcom.yar: -------------------------------------------------------------------------------- 1 | rule Arcom 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Arcom" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a1 = "CVu3388fnek3W(3ij3fkp0930di" 12 | $a2 = "ZINGAWI2" 13 | $a3 = "clWebLightGoldenrodYellow" 14 | $a4 = "Ancestor for '%s' not found" wide 15 | $a5 = "Control-C hit" wide 16 | $a6 = {A3 24 25 21} 17 | 18 | condition: 19 | all of them 20 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/PoisonIvy.yar: -------------------------------------------------------------------------------- 1 | rule PoisonIvy 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/PoisonIvy" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $stub = {04 08 00 53 74 75 62 50 61 74 68 18 04} 12 | $string1 = "CONNECT %s:%i HTTP/1.0" 13 | $string2 = "ws2_32" 14 | $string3 = "cks=u" 15 | $string4 = "thj@h" 16 | $string5 = "advpack" 17 | condition: 18 | $stub at 0x1620 and all of ($string*) or (all of them) 19 | } 20 | -------------------------------------------------------------------------------- /upx_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class UPXConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | upx_path = forms.CharField(required=True, 7 | label="UPX Binary", 8 | initial='', 9 | widget=forms.TextInput(), 10 | help_text="Full path to UPX binary.") 11 | 12 | def __init__(self, *args, **kwargs): 13 | kwargs.setdefault('label_suffix', ':') 14 | super(UPXConfigForm, self).__init__(*args, **kwargs) 15 | -------------------------------------------------------------------------------- /crits_scripts/scripts/target_data.js: -------------------------------------------------------------------------------- 1 | var results = new Object(); 2 | db.targets.find({}).forEach(function(z) { 3 | var output = ""; 4 | department = z.department; 5 | division = z.division; 6 | email_address = z.email_address; 7 | email_count = z.email_count; 8 | organization_id = z.organization_id; 9 | firstname = z.firstname; 10 | lastname = z.lastname; 11 | title = z.title; 12 | site = z.site; 13 | output += department + "," + division + "," + email_address + "," + email_count + "," + organization_id + "," + firstname + "," + lastname + "," + title + "," + site + "\n"; 14 | print(output); 15 | } ); 16 | -------------------------------------------------------------------------------- /carver_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class CarverRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | start = forms.IntegerField(required=True, 7 | label="Start offset", 8 | initial=0) 9 | end = forms.IntegerField(required=True, 10 | label="End offset", 11 | initial=0) 12 | 13 | def __init__(self, *args, **kwargs): 14 | kwargs.setdefault('label_suffix', ':') 15 | super(CarverRunForm, self).__init__(*args, **kwargs) 16 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/ClientMesh.yar: -------------------------------------------------------------------------------- 1 | rule ClientMesh 2 | { 3 | meta: 4 | author = "Kevin Breen " 5 | date = "2014/06" 6 | ref = "http://malwareconfig.com/stats/ClientMesh" 7 | family = "torct" 8 | 9 | strings: 10 | $string1 = "machinedetails" 11 | $string2 = "MySettings" 12 | $string3 = "sendftppasswords" 13 | $string4 = "sendbrowserpasswords" 14 | $string5 = "arma2keyMass" 15 | $string6 = "keylogger" 16 | $conf = {00 00 00 00 00 00 00 00 00 7E} 17 | 18 | condition: 19 | all of them 20 | } 21 | -------------------------------------------------------------------------------- /exiftool_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class ExiftoolConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | exiftool_path = forms.CharField(required=True, 7 | label="exiftool Binary", 8 | initial='', 9 | widget=forms.TextInput(), 10 | help_text="Full path to exiftool binary.") 11 | 12 | def __init__(self, *args, **kwargs): 13 | kwargs.setdefault('label_suffix', ':') 14 | super(ExiftoolConfigForm, self).__init__(*args, **kwargs) 15 | -------------------------------------------------------------------------------- /entropycalc_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class EntropyCalcRunForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | start = forms.IntegerField(required=True, 7 | label="Start offset", 8 | initial=0) 9 | end = forms.IntegerField(required=True, 10 | label="End offset", 11 | initial=-1) 12 | 13 | def __init__(self, *args, **kwargs): 14 | kwargs.setdefault('label_suffix', ':') 15 | super(EntropyCalcRunForm, self).__init__(*args, **kwargs) 16 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Adzok.yar: -------------------------------------------------------------------------------- 1 | rule Adzok 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | Description = "Adzok Rat" 6 | Versions = "Free 1.0.0.3," 7 | date = "2015/05" 8 | ref = "http://malwareconfig.com/stats/Adzok" 9 | maltype = "Remote Access Trojan" 10 | filetype = "jar" 11 | 12 | strings: 13 | $a1 = "config.xmlPK" 14 | $a2 = "key.classPK" 15 | $a3 = "svd$1.classPK" 16 | $a4 = "svd$2.classPK" 17 | $a5 = "Mensaje.classPK" 18 | $a6 = "inic$ShutdownHook.class" 19 | $a7 = "Uninstall.jarPK" 20 | $a8 = "resources/icono.pngPK" 21 | 22 | condition: 23 | 7 of ($a*) 24 | } -------------------------------------------------------------------------------- /maliciousmacrobot_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class MMBotConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | 7 | model = forms.CharField(required=True, 8 | label="Model Path", 9 | initial='', 10 | widget=forms.TextInput(), 11 | help_text="Path where the model pickle and vocab is stored") 12 | 13 | def __init__(self, *args, **kwargs): 14 | kwargs.setdefault('label_suffix', ':') 15 | super(MMBotConfigForm, self).__init__(*args, **kwargs) 16 | 17 | -------------------------------------------------------------------------------- /malshare_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class MalShareConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | malshare_api_key = forms.CharField(required=True, 7 | label="MalShare API Key", 8 | widget=forms.TextInput(), 9 | help_text="Obtain API key from MalShare.", 10 | initial='') 11 | 12 | def __init__(self, *args, **kwargs): 13 | kwargs.setdefault('label_suffix', ':') 14 | super(MalShareConfigForm, self).__init__(*args, **kwargs) 15 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/JavaDropper.yar: -------------------------------------------------------------------------------- 1 | rule JavaDropper 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2015/10" 6 | ref = "http://malwareconfig.com/stats/AlienSpy" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $jar = "META-INF/MANIFEST.MF" 12 | 13 | $a1 = "ePK" 14 | $a2 = "kPK" 15 | 16 | $b1 = "config.ini" 17 | $b2 = "password.ini" 18 | 19 | $c1 = "stub/stub.dll" 20 | 21 | $d1 = "c.dat" 22 | 23 | condition: 24 | $jar and (all of ($a*) or all of ($b*) or all of ($c*) or all of ($d*)) 25 | } -------------------------------------------------------------------------------- /shodan_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | 4 | class ShodanConfigForm(forms.Form): 5 | error_css_class = 'error' 6 | required_css_class = 'required' 7 | shodan_api_key = forms.CharField(required=True, 8 | label="API Key", 9 | widget=forms.TextInput(), 10 | help_text="Obtain API key from Shodan.", 11 | initial='') 12 | 13 | def __init__(self, *args, **kwargs): 14 | kwargs.setdefault('label_suffix', ':') 15 | super(ShodanConfigForm, self).__init__(*args, **kwargs) 16 | -------------------------------------------------------------------------------- /timeline_service/templates/timeline_service_all_tab.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 18 | 20 | 21 |
    22 |
    23 | -------------------------------------------------------------------------------- /bit9_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | 4 | class Bit9ConfigForm(forms.Form): 5 | error_css_class = 'error' 6 | required_css_class = 'required' 7 | bit9_api_key = forms.CharField(required=True, label="API Key:", widget=forms.TextInput(), help_text="API key from Bit9.",initial='') 8 | bit9_server = forms.CharField(required=True, label="Bit9 Server URL:", widget=forms.TextInput(), help_text="Bit9 server hostname/IP URL: (https://bit9.myorganization.com).",initial='') 9 | 10 | def __init__(self, *args, **kwargs): 11 | kwargs.setdefault('label_suffix', ':') 12 | super(Bit9ConfigForm, self).__init__(*args, **kwargs) 13 | -------------------------------------------------------------------------------- /threatexchange/templates/tx_group_member.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{group.name}} 4 | 5 | 6 | {{group.description}} 7 | 8 | 9 | {% if group.members %} 10 | {{group.members}} 11 | {% else %} 12 | None 13 | {% endif %} 14 | 15 | 16 | {% if group.members_can_see %} 17 | Yes 18 | {% else %} 19 | No 20 | {% endif %} 21 | 22 | 23 | {% if group.members_can_use %} 24 | Yes 25 | {% else %} 26 | No 27 | {% endif %} 28 | 29 | 30 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Bandook.yar: -------------------------------------------------------------------------------- 1 | rule Bandook 2 | { 3 | 4 | meta: 5 | author = " Kevin Breen " 6 | date = "2014/04" 7 | ref = "http://malwareconfig.com/stats/bandook" 8 | maltype = "Remote Access Trojan" 9 | filetype = "exe" 10 | 11 | strings: 12 | $a = "aaaaaa1|" 13 | $b = "aaaaaa2|" 14 | $c = "aaaaaa3|" 15 | $d = "aaaaaa4|" 16 | $e = "aaaaaa5|" 17 | $f = "%s%d.exe" 18 | $g = "astalavista" 19 | $h = "givemecache" 20 | $i = "%s\\system32\\drivers\\blogs\\*" 21 | $j = "bndk13me" 22 | 23 | 24 | 25 | condition: 26 | all of them 27 | } 28 | -------------------------------------------------------------------------------- /yara_service/views.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from django.contrib.auth.decorators import user_passes_test 4 | from django.shortcuts import HttpResponse, render 5 | 6 | from crits.core.user_tools import user_can_view_data 7 | from . import handlers 8 | 9 | @user_passes_test(user_can_view_data) 10 | def get_yara_result(request, id_): 11 | if request.method == "POST" and request.is_ajax(): 12 | rule = request.POST['rule'] 13 | result = handlers.test_yara_rule(id_, rule) 14 | return HttpResponse(json.dumps(result), content_type="application/json") 15 | else: 16 | return render(request, "error.html", {"error" : "Expected AJAX POST" }) 17 | -------------------------------------------------------------------------------- /crits_scripts/scripts/remove_detection.py: -------------------------------------------------------------------------------- 1 | from crits import settings 2 | from crits.core.mongo_tools import mongo_connector 3 | from crits.core.basescript import CRITsBaseScript 4 | 5 | class CRITsScript(CRITsBaseScript): 6 | 7 | def __init__(self, user=None): 8 | super(CRITsScript, self).__init__(user=user) 9 | 10 | def run(self, argv): 11 | print "Removing old detection results..." 12 | samples = mongo_connector(settings.COL_SAMPLES) 13 | 14 | samples.update({}, 15 | {"$unset": {'detection': 1, 16 | 'unsupported_attrs.detection': 1}}, 17 | multi=True) 18 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Sub7Nation.yar: -------------------------------------------------------------------------------- 1 | rule Sub7Nation 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Sub7Nation" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "EnableLUA /t REG_DWORD /d 0 /f" 12 | $b = "*A01*" 13 | $c = "*A02*" 14 | $d = "*A03*" 15 | $e = "*A04*" 16 | $f = "*A05*" 17 | $g = "*A06*" 18 | $h = "#@#@#" 19 | $i = "HostSettings" 20 | $verSpecific1 = "sevane.tmp" 21 | $verSpecific2 = "cmd_.bat" 22 | $verSpecific3 = "a2b7c3d7e4" 23 | $verSpecific4 = "cmd.dll" 24 | 25 | 26 | condition: 27 | all of them 28 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Greame.yar: -------------------------------------------------------------------------------- 1 | rule Greame 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Greame" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = {23 23 23 23 40 23 23 23 23 E8 EE E9 F9 23 23 23 23 40 23 23 23 23} 12 | $b = {23 23 23 23 40 23 23 23 23 FA FD F0 EF F9 23 23 23 23 40 23 23 23 23} 13 | $c = "EditSvr" 14 | $d = "TLoader" 15 | $e = "Stroks" 16 | $f = "Avenger by NhT" 17 | $g = "####@####" 18 | $h = "GREAME" 19 | 20 | 21 | 22 | condition: 23 | all of them 24 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/NetWire.yar: -------------------------------------------------------------------------------- 1 | rule NetWire 2 | { 3 | meta: 4 | author = " Kevin Breen & David Cannings" 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/NetWire" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | 12 | $exe1 = "%.2d-%.2d-%.4d" 13 | $exe2 = "%s%.2d-%.2d-%.4d" 14 | $exe3 = "[%s] - [%.2d/%.2d/%d %.2d:%.2d:%.2d]" 15 | $exe4 = "wcnwClass" 16 | $exe5 = "[Ctrl+%c]" 17 | $exe6 = "SYSTEM\\CurrentControlSet\\Control\\ProductOptions" 18 | $exe7 = "%s\\.purple\\accounts.xml" 19 | 20 | condition: 21 | all of them 22 | } 23 | 24 | -------------------------------------------------------------------------------- /crits_scripts/scripts/yara_mapreduce.js: -------------------------------------------------------------------------------- 1 | map = function() { 2 | this.analysis.forEach(function(z) { 3 | if ("results" in z && z.service_name == "yara") { 4 | z.results.forEach(function(x) { 5 | emit({engine: z.service_name, version: z.version, result: x.result} ,{count: 1}); 6 | }) 7 | } 8 | }) 9 | } 10 | reduce = function(k,v) { var count=0; v.forEach(function(v) { count += v["count"]; }); return {count: count}; } 11 | out = db.sample.mapReduce(map, reduce, {out: {inline: 1}}); 12 | print(out); 13 | -------------------------------------------------------------------------------- /prettythings/templates/pt_main.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block title %}Pretty Things{% endblock %} 4 | 5 | {% block content %} 6 | 7 | 9 | 10 |
    11 |

    12 | Available Graphs: 13 | 14 |

    15 |
    16 | Campaign 17 | Heatmap 18 |
    19 |
    20 | 21 | 25 | 26 | {% endblock %} 27 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/jRat.yar: -------------------------------------------------------------------------------- 1 | rule jRat 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/jRat" 7 | maltype = "Remote Access Trojan" 8 | filetype = "Java" 9 | 10 | strings: 11 | $meta = "META-INF" 12 | $key = "key.dat" 13 | $conf = "config.dat" 14 | $jra1 = "enc.dat" 15 | $jra2 = "a.class" 16 | $jra3 = "b.class" 17 | $jra4 = "c.class" 18 | $reClass1 = /[a-z]\.class/ 19 | $reClass2 = /[a-z][a-f]\.class/ 20 | 21 | condition: 22 | ($meta and $key and $conf and #reClass1 > 10 and #reClass2 > 10) or ($meta and $key and all of ($jra*)) 23 | } 24 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/CyberGate.yar: -------------------------------------------------------------------------------- 1 | rule CyberGate 2 | { 3 | 4 | meta: 5 | author = " Kevin Breen " 6 | date = "2014/04" 7 | ref = "http://malwareconfig.com/stats/CyberGate" 8 | maltype = "Remote Access Trojan" 9 | filetype = "exe" 10 | 11 | strings: 12 | $string1 = {23 23 23 23 40 23 23 23 23 E8 EE E9 F9 23 23 23 23 40 23 23 23 23} 13 | $string2 = {23 23 23 23 40 23 23 23 23 FA FD F0 EF F9 23 23 23 23 40 23 23 23 23} 14 | $string3 = "EditSvr" 15 | $string4 = "TLoader" 16 | $string5 = "Stroks" 17 | $string6 = "####@####" 18 | $res1 = "XX-XX-XX-XX" 19 | $res2 = "CG-CG-CG-CG" 20 | 21 | condition: 22 | all of ($string*) and any of ($res*) 23 | } 24 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/njRat.yar: -------------------------------------------------------------------------------- 1 | rule njRat 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/njRat" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | 12 | $s1 = {7C 00 27 00 7C 00 27 00 7C} // |'|'| 13 | $s2 = "netsh firewall add allowedprogram" wide 14 | $s3 = "Software\\Microsoft\\Windows\\CurrentVersion\\Run" wide 15 | $s4 = "yyyy-MM-dd" wide 16 | 17 | $v1 = "cmd.exe /k ping 0 & del" wide 18 | $v2 = "cmd.exe /c ping 127.0.0.1 & del" wide 19 | $v3 = "cmd.exe /c ping 0 -n 2 & del" wide 20 | 21 | 22 | condition: 23 | all of ($s*) and any of ($v*) 24 | } 25 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/HawkEye.yar: -------------------------------------------------------------------------------- 1 | rule HawkEye 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2015/06" 6 | ref = "http://malwareconfig.com/stats/HawkEye" 7 | maltype = "KeyLogger" 8 | filetype = "exe" 9 | 10 | strings: 11 | $key = "HawkEyeKeylogger" wide 12 | $salt = "099u787978786" wide 13 | $string1 = "HawkEye_Keylogger" wide 14 | $string2 = "holdermail.txt" wide 15 | $string3 = "wallet.dat" wide 16 | $string4 = "Keylog Records" wide 17 | $string5 = "" wide 18 | $string6 = "\\pidloc.txt" wide 19 | $string7 = "BSPLIT" wide 20 | 21 | 22 | condition: 23 | $key and $salt and all of ($string*) 24 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/NanoCore.yar: -------------------------------------------------------------------------------- 1 | rule NanoCore 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/NanoCore" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "NanoCore" 12 | $b = "ClientPlugin" 13 | $c = "ProjectData" 14 | $d = "DESCrypto" 15 | $e = "KeepAlive" 16 | $f = "IPNETROW" 17 | $g = "LogClientMessage" 18 | $h = "|ClientHost" 19 | $i = "get_Connected" 20 | $j = "#=q" 21 | $key = {43 6f 24 cb 95 30 38 39} 22 | 23 | 24 | condition: 25 | 6 of them 26 | } 27 | -------------------------------------------------------------------------------- /threatexchange/templates/tx_threat_indicator.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 22 | 23 |
    7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
    Indicator:{{ data.indicator }}
    Type:{{ data.type }}
    21 |
    24 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/DarkComet.yar: -------------------------------------------------------------------------------- 1 | rule DarkComet 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/DarkComet" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | // Versions 2x 12 | $a1 = "#BOT#URLUpdate" 13 | $a2 = "Command successfully executed!" 14 | $a3 = "MUTEXNAME" wide 15 | $a4 = "NETDATA" wide 16 | // Versions 3x & 4x & 5x 17 | $b1 = "FastMM Borland Edition" 18 | $b2 = "%s, ClassID: %s" 19 | $b3 = "I wasn't able to open the hosts file" 20 | $b4 = "#BOT#VisitUrl" 21 | $b5 = "#KCMDDC" 22 | 23 | 24 | 25 | condition: 26 | all of ($a*) or all of ($b*) 27 | } 28 | -------------------------------------------------------------------------------- /crits_scripts/scripts/daily_indicators.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | import settings 3 | 4 | from crits.core.mongo_tools import mongo_connector 5 | from crits.core.basescript import CRITsBaseScript 6 | 7 | class CRITsScript(CRITsBaseScript): 8 | 9 | def __init__(self, user=None): 10 | super(CRITsScript, self).__init__(user=user) 11 | 12 | def run(self, argv): 13 | indicators = mongo_connector(settings.COL_INDICATORS) 14 | today = datetime.datetime.today() 15 | yesterday = today - datetime.timedelta(days=1) 16 | i = indicators.find({'created': {'$gte': yesterday, '$lt': today}}, {'type': 1, 'value': 1}) 17 | for a in i: 18 | print "%s, %s" % (a['type'], a['value']) 19 | -------------------------------------------------------------------------------- /pdfinfo_service/README: -------------------------------------------------------------------------------- 1 | PDFInfo will parse a PDF file and generate rich metadata about the document. It 2 | leverages the pdf-parser script from Didier Stevens. 3 | 4 | http://blog.didierstevens.com/programs/pdf-tools/ 5 | 6 | How to upgrade PDF tools: 7 | PDF-Parser: 8 | Requires script to be renamed from pdf-parser.py to pdfparser.py 9 | cPDFDocument class needs to support StringIO: 10 | - self.infile = open(file, 'rb') 11 | + import io 12 | + self.infile = io.BytesIO(file) 13 | PDFid 14 | cBinaryFile class needs to support StringIO: 15 | - self.infile = open(file, 'rb') 16 | + import io 17 | + self.infile = io.BytesIO(file) 18 | -------------------------------------------------------------------------------- /data_miner_service/README: -------------------------------------------------------------------------------- 1 | The Data Miner service works against Samples and Raw Data. It will parse out the 2 | contents of the top-level object in an attempt to find potential Domains, IPs, 3 | and Email addresses. 4 | 5 | When working against Raw Data, it will use the contents of the "data" field. If 6 | running against a Sample, it will use the output of "strings" against the 7 | filedata in GridFS. 8 | 9 | The list it returns is compared against the contents in the database. If the 10 | Domain, IP, or Email Address already exist at the time the service is run, it 11 | will be logged and a link will be provided to that top-level object. You can 12 | also add the value as a new top-level object or edit the value prior to adding 13 | if you wish. 14 | -------------------------------------------------------------------------------- /crits_scripts/scripts/dup_map.js: -------------------------------------------------------------------------------- 1 | var results = new Object(); 2 | db.getMongo().setSlaveOk(); 3 | map = function() { 4 | if ("md5" in this) { 5 | emit({name: this.md5}, {count: 1}) 6 | } 7 | } 8 | reduce = function(k,v) { 9 | var count=0; 10 | v.forEach(function(v) { 11 | count += v["count"]; }); 12 | return {count: count}; 13 | } 14 | finalize = function(k, v) { 15 | if (value.count > 1) { 16 | return value; } 17 | } 18 | //db.samples.mapReduce(map, reduce, {out: "dup_md5"}) 19 | var cmd = { 20 | mapreduce: "sample", 21 | map: map, 22 | reduce: reduce, 23 | finalize: finalize, 24 | out: {inline: 1} 25 | } 26 | var results = db.runCommand(cmd) 27 | for (foo in results.results) { 28 | print(foo._id.name, foo.value.count); 29 | } 30 | 31 | -------------------------------------------------------------------------------- /crits_scripts/scripts/campaign_backdoors.js: -------------------------------------------------------------------------------- 1 | var results = new Object(); 2 | db.getMongo().setSlaveOk(); 3 | map = function() { 4 | if ("md5" in this) { 5 | emit({name: this.md5}, {count: 1}) 6 | } 7 | } 8 | reduce = function(k,v) { 9 | var count=0; 10 | v.forEach(function(v) { 11 | count += v["count"]; }); 12 | return {count: count}; 13 | } 14 | finalize = function(k, v) { 15 | if (value.count > 1) { 16 | return value; } 17 | } 18 | //db.samples.mapReduce(map, reduce, {out: "dup_md5"}) 19 | var cmd = { 20 | mapreduce: "sample", 21 | map: map, 22 | reduce: reduce, 23 | finalize: finalize, 24 | out: {inline: 1} 25 | } 26 | var results = db.runCommand(cmd) 27 | for (foo in results.results) { 28 | print(foo._id.name, foo.value.count); 29 | } 30 | 31 | -------------------------------------------------------------------------------- /clamd_service/README: -------------------------------------------------------------------------------- 1 | clamd_service 0.0.3 2 | ------------- 3 | 4 | Scan your samples with ClamAV. 5 | 6 | Default settings: 7 | 8 | clamd_sock_path /var/run/clamav/clamd.ctl 9 | - This is a path for the Unix socket to communicate with clamd daemon. Usually, it's at /var/run/clamav/clamd.ctl or /var/run/clamav/clamd.sock 10 | If you want to use clamd through the network connection, just leave this blank and fill in clamd_host_name and clamd_host_port. 11 | 12 | clamd_host_name 127.0.0.1 13 | - This is used when you want to use local or remote instance of clamd 14 | 15 | clamd_host_port 3310 16 | - This is used when you want to use local or remote instance of clamd 17 | 18 | clamd_force_reload False 19 | - Force clamd daemon to reload signature database 20 | 21 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/LostDoor.yar: -------------------------------------------------------------------------------- 1 | rule LostDoor 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/LostDoor" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a0 = {0D 0A 2A 45 44 49 54 5F 53 45 52 56 45 52 2A 0D 0A} 12 | $a1 = "*mlt* = %" 13 | $a2 = "*ip* = %" 14 | $a3 = "*victimo* = %" 15 | $a4 = "*name* = %" 16 | $b5 = "[START]" 17 | $b6 = "[DATA]" 18 | $b7 = "We Control Your Digital World" wide ascii 19 | $b8 = "RC4Initialize" wide ascii 20 | $b9 = "RC4Decrypt" wide ascii 21 | 22 | condition: 23 | all of ($a*) or all of ($b*) 24 | } -------------------------------------------------------------------------------- /crits_scripts/scripts/replace_yara_value.js: -------------------------------------------------------------------------------- 1 | value = "ups_h101_constants"; 2 | replace = "md5_constants"; 3 | save = false; 4 | db.sample.find({'analysis.results.result': value}).forEach(function(x) { 5 | try { 6 | x.analysis.forEach(function(y) { 7 | y.results.forEach(function(z) { 8 | if (z.result == value) { 9 | z.result = replace; 10 | print("replacing for " + x.md5); 11 | save = true; 12 | } 13 | }) 14 | }) 15 | } 16 | catch (err) { print("error on " + x.md5); } 17 | if (save == true) { 18 | db.sample.save(x); 19 | } 20 | }) 21 | 22 | -------------------------------------------------------------------------------- /prettythings/__init__.py: -------------------------------------------------------------------------------- 1 | from crits.services.core import Service 2 | 3 | class PrettyThings(Service): 4 | """ 5 | Mockup for PrettyThings. 6 | """ 7 | 8 | name = "PrettyThings" 9 | version = '0.0.1' 10 | template = None 11 | description = "Pretty Things for wonderful people." 12 | supported_types = [] 13 | compatability_mode = True 14 | 15 | @staticmethod 16 | def parse_config(config): 17 | pass 18 | 19 | @staticmethod 20 | def get_config(existing_config): 21 | return {} 22 | 23 | @staticmethod 24 | def get_config_details(config): 25 | return {} 26 | 27 | @classmethod 28 | def generate_config_form(self, config): 29 | pass 30 | 31 | def run(self, obj, config): 32 | pass 33 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Pandora.yar: -------------------------------------------------------------------------------- 1 | rule Pandora 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Pandora" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "Can't get the Windows version" 12 | $b = "=M=Q=U=Y=]=a=e=i=m=q=u=y=}=" 13 | $c = "JPEG error #%d" wide 14 | $d = "Cannot assign a %s to a %s" wide 15 | $g = "%s, ProgID:" 16 | $h = "clave" 17 | $i = "Shell_TrayWnd" 18 | $j = "melt.bat" 19 | $k = "\\StubPath" 20 | $l = "\\logs.dat" 21 | $m = "1027|Operation has been canceled!" 22 | $n = "466|You need to plug-in! Double click to install... |" 23 | $0 = "33|[Keylogger Not Activated!]" 24 | 25 | condition: 26 | all of them 27 | } -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/VirusRat.yar: -------------------------------------------------------------------------------- 1 | rule VirusRat 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/VirusRat" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $string0 = "virustotal" 12 | $string1 = "virusscan" 13 | $string2 = "abccba" 14 | $string3 = "pronoip" 15 | $string4 = "streamWebcam" 16 | $string5 = "DOMAIN_PASSWORD" 17 | $string6 = "Stub.Form1.resources" 18 | $string7 = "ftp://{0}@{1}" wide 19 | $string8 = "SELECT * FROM moz_logins" wide 20 | $string9 = "SELECT * FROM moz_disabledHosts" wide 21 | $string10 = "DynDNS\\Updater\\config.dyndns" wide 22 | $string11 = "|BawaneH|" wide 23 | 24 | condition: 25 | all of them 26 | } 27 | -------------------------------------------------------------------------------- /crits_scripts/scripts/header_query.js: -------------------------------------------------------------------------------- 1 | if (typeof campaign == 'undefined') { 2 | campaign = "Unknown"; } 3 | if (typeof sanitize == 'undefined') { 4 | sanitize = false; } 5 | var results = new Object(); 6 | db.email.find({'campaign.name': campaign, 'raw_headers': {$exists: true}}).forEach(function(z) { 7 | var output = ""; 8 | raw_headers = z.raw_headers; 9 | raw_headers = raw_headers.replace(/ (\S+: )/g, "\r\n$1"); 10 | if (sanitize) { 11 | raw_headers = raw_headers.replace(/((To|CC|Bcc): .*)/, "To: xxx@xxx.xxx"); 12 | } 13 | output += raw_headers + "\r\n\r\n"; 14 | 15 | if (z.raw_body != undefined) { output += z.raw_body; }; 16 | output += "\r\n--------------------------------------------------------------\r\n"; 17 | print(output); 18 | } ); 19 | -------------------------------------------------------------------------------- /virustotal_download_service/README: -------------------------------------------------------------------------------- 1 | This service checks the VirusTotal database to see if it contains a sample matching the given MD5. 2 | If VirusTotal has the sample, the sample is downloaded to CRITs. 3 | 4 | By default, this service leverages the VirusTotal Intelligence service. You can instead use the VirusTotal Private API by changing the Download URL in the service configuration. 5 | VirusTotal Intelligence: https://www.virustotal.com/intelligence/download 6 | VirusTotal Private API: https://www.virustotal.com/vtapi/v2/file/download 7 | 8 | Requirements: 9 | -Paid access to either VirusTotal's Intelligence service, or VirusTotal's Private API 10 | -An API key available from virustotal.com 11 | -Add Source "VirusTotal" to CRITs and assign to User for viewing of related Source Instances 12 | -------------------------------------------------------------------------------- /prettythings/views.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from django.contrib.auth.decorators import user_passes_test 4 | from django.shortcuts import HttpResponse, render 5 | 6 | from crits.core.user_tools import user_can_view_data 7 | from . import handlers 8 | 9 | @user_passes_test(user_can_view_data) 10 | def main(request): 11 | return render(request, 'pt_main.html', 12 | {}) 13 | 14 | @user_passes_test(user_can_view_data) 15 | def campaign_heatmap(request): 16 | if request.method == "POST" and request.is_ajax(): 17 | results = handlers.campaign_heatmap(request) 18 | return HttpResponse(json.dumps(results), 19 | content_type="application/json") 20 | else: 21 | return render(request, 'pt_campaign_heatmap.html', 22 | {}) 23 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Plasma.yar: -------------------------------------------------------------------------------- 1 | rule Plasma 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Plasma" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "Miner: Failed to Inject." wide 12 | $b = "Started GPU Mining on:" wide 13 | $c = "BK: Hard Bot Killer Ran Successfully!" wide 14 | $d = "Uploaded Keylogs Successfully!" wide 15 | $e = "No Slowloris Attack is Running!" wide 16 | $f = "An ARME Attack is Already Running on" wide 17 | $g = "Proactive Bot Killer Enabled!" wide 18 | $h = "PlasmaRAT" wide ascii 19 | $i = "AntiEverything" wide ascii 20 | 21 | condition: 22 | all of them 23 | } -------------------------------------------------------------------------------- /stix_validator_service/views.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from django.shortcuts import render, HttpResponse 4 | from django.contrib.auth.decorators import user_passes_test 5 | 6 | from crits.core.user_tools import user_can_view_data 7 | 8 | from . import handlers 9 | 10 | @user_passes_test(user_can_view_data) 11 | def validate(request): 12 | 13 | if request.method == "POST" and request.is_ajax(): 14 | xml = request.POST['xml'] 15 | results = {'results': handlers.validate_stix(xml)} 16 | return HttpResponse(json.dumps(results), 17 | content_type="application/json") 18 | else: 19 | return render(request, "error.html", {"error" : 'Expected AJAX POST.'}) 20 | 21 | 22 | @user_passes_test(user_can_view_data) 23 | def stix_validator(request): 24 | return render(request, "stix_validator.html", {}) 25 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/SpyGate.yar: -------------------------------------------------------------------------------- 1 | rule SpyGate 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/SpyGate" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $split = "abccba" 12 | $a1 = "abccbaSpyGateRATabccba" //$a = Version 0.2.6 13 | $a2 = "StubX.pdb" 14 | $a3 = "abccbaDanabccb" 15 | $b1 = "monikerString" nocase //$b = Version 2.0 16 | $b2 = "virustotal1" 17 | $b3 = "get_CurrentDomain" 18 | $c1 = "shutdowncomputer" wide //$c = Version 2.9 19 | $c2 = "shutdown -r -t 00" wide 20 | $c3 = "set cdaudio door closed" wide 21 | $c4 = "FileManagerSplit" wide 22 | $c5 = "Chating With >> [~Hacker~]" wide 23 | 24 | condition: 25 | (all of ($a*) and #split > 40) or (all of ($b*) and #split > 10) or (all of ($c*)) 26 | } 27 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/LuminosityLink.yar: -------------------------------------------------------------------------------- 1 | rule LuminosityLink 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/LuminosityLink" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $a = "SMARTLOGS" wide 12 | $b = "RUNPE" wide 13 | $c = "b.Resources" wide 14 | $d = "CLIENTINFO*" wide 15 | $e = "Invalid Webcam Driver Download URL, or Failed to Download File!" wide 16 | $f = "Proactive Anti-Malware has been manually activated!" wide 17 | $g = "REMOVEGUARD" wide 18 | $h = "C0n1f8" wide 19 | $i = "Luminosity" wide 20 | $j = "LuminosityCryptoMiner" wide 21 | $k = "MANAGER*CLIENTDETAILS*" wide 22 | 23 | condition: 24 | all of them 25 | } -------------------------------------------------------------------------------- /c1fapp_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class C1fappConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | cif_api_key = forms.CharField(required=True, 7 | label="API Key", 8 | widget=forms.TextInput(), 9 | help_text="Obtain API key from www.c1fapp.com", 10 | initial='') 11 | cif_query_url = forms.CharField(required=True, 12 | label="Query URL", 13 | widget=forms.TextInput(), 14 | initial='https://www.c1fapp.com/cifapp/api/') 15 | 16 | def __init__(self, *args, **kwargs): 17 | kwargs.setdefault('label_suffix', ':') 18 | super(C1fappConfigForm, self).__init__(*args, **kwargs) 19 | -------------------------------------------------------------------------------- /threatrecon_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class ThreatreconConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | tr_api_key = forms.CharField(required=True, 7 | label="API Key", 8 | widget=forms.TextInput(), 9 | help_text="Obtain API key from Threatrecon.", 10 | initial='') 11 | tr_query_url = forms.CharField(required=True, 12 | label="Query URL", 13 | widget=forms.TextInput(), 14 | initial='https://api.threatrecon.co/api/v1/search') 15 | 16 | def __init__(self, *args, **kwargs): 17 | kwargs.setdefault('label_suffix', ':') 18 | super(ThreatreconConfigForm, self).__init__(*args, **kwargs) 19 | -------------------------------------------------------------------------------- /crits_scripts/scripts/missing_email_md5.js: -------------------------------------------------------------------------------- 1 | var source_name = "your organization"; 2 | if (typeof search_type == 'undefined') { 3 | search_type = 'md5'; } 4 | db.email.find({'attachment.md5': {$exists: true}, 'source.name': source_name}).forEach(function(z) { 5 | z.attachment.forEach(function(y) { 6 | if (search_type == 'md5') { 7 | if (y.md5 != null) { 8 | var a = db.sample.findOne({'md5': y.md5.toLowerCase()}, {'md5': 1}); 9 | if (a == null) { print(z.from + "," + z.source[0].instances[0].date + "," + y.md5.toLowerCase() + "," + y.filename); } 10 | } 11 | } 12 | else if (search_type == 'filename') { 13 | if (y.filename != null && y.md5 == null) { 14 | print(z.from + "," + z.source[0].instances[0].date + ",," + y.filename + "," + z.source[0].instances[0].reference); } 15 | } 16 | } ); 17 | } ); 18 | -------------------------------------------------------------------------------- /threatexchange/templates/tx_group_owner.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{group.name}} 4 | 5 | 6 | {{group.description}} 7 | 8 | 9 | {% if group.members %} 10 | {{group.members}} 11 | {% else %} 12 | None 13 | {% endif %} 14 | 15 | 16 | {% if group.members_can_see %} 17 | Yes 18 | {% else %} 19 | No 20 | {% endif %} 21 | 22 | 23 | {% if group.members_can_use %} 24 | Yes 25 | {% else %} 26 | No 27 | {% endif %} 28 | 29 | 30 | -------------------------------------------------------------------------------- /farsight_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | 4 | class FarsightConfigForm(forms.Form): 5 | error_css_class = 'error' 6 | required_css_class = 'required' 7 | farsight_api_key = forms.CharField(required=True, 8 | label="API Key", 9 | widget=forms.TextInput(), 10 | help_text="Obtain API key from Farsight.", 11 | initial='') 12 | farsight_api_url = forms.CharField(required=True, 13 | label="API URL", 14 | widget=forms.TextInput(), 15 | initial='https://api.dnsdb.info') 16 | 17 | def __init__(self, *args, **kwargs): 18 | kwargs.setdefault('label_suffix', ':') 19 | super(FarsightConfigForm, self).__init__(*args, **kwargs) 20 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/PredatorPain.yar: -------------------------------------------------------------------------------- 1 | rule PredatorPain 2 | { 3 | 4 | meta: 5 | author = " Kevin Breen " 6 | date = "2014/04" 7 | ref = "http://malwareconfig.com/stats/PredatorPain" 8 | maltype = "Remote Access Trojan" 9 | filetype = "exe" 10 | 11 | strings: 12 | $string1 = "holderwb.txt" wide 13 | $string3 = "There is a file attached to this email" wide 14 | $string4 = "screens\\screenshot" wide 15 | $string5 = "Disablelogger" wide 16 | $string6 = "\\pidloc.txt" wide 17 | $string7 = "clearie" wide 18 | $string8 = "clearff" wide 19 | $string9 = "emails should be sent to you shortly" wide 20 | $string10 = "jagex_cache\\regPin" wide 21 | $string11 = "open=Sys.exe" wide 22 | $ver1 = "PredatorLogger" wide 23 | $ver2 = "EncryptedCredentials" wide 24 | $ver3 = "Predator Pain" wide 25 | 26 | condition: 27 | 7 of ($string*) and any of ($ver*) 28 | } -------------------------------------------------------------------------------- /anb_service/views.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from django.contrib.auth.decorators import user_passes_test 4 | from django.shortcuts import HttpResponse 5 | 6 | from crits.core.user_tools import user_can_view_data, user_sources 7 | from . import handlers 8 | 9 | @user_passes_test(user_can_view_data) 10 | def get_anb_data(request, ctype, cid): 11 | result = { "success": "false", "message": "No data available." } 12 | 13 | sources = user_sources("%s" % request.user) 14 | if not sources: 15 | return HttpResponse(json.dumps(result), content_type="application/json") 16 | 17 | data = handlers.execute_anb(ctype, cid, sources) 18 | # If any of the values are not an empty string we have data. 19 | for v in data.values(): 20 | if v != "": 21 | result['success'] = "true" 22 | result['message'] = data 23 | break 24 | 25 | return HttpResponse(json.dumps(result), content_type="application/json") 26 | -------------------------------------------------------------------------------- /opendns_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class OpenDNSConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | Investigate_API_Token = forms.CharField(required=True, 7 | label="API Token", 8 | widget=forms.TextInput(), 9 | help_text="Obtain from OpenDNS.", 10 | initial='') 11 | Investigate_URI = forms.CharField(required=True, 12 | label="Query URL", 13 | widget=forms.TextInput(), 14 | initial='https://investigate.api.opendns.com/') 15 | 16 | def __init__(self, *args, **kwargs): 17 | kwargs.setdefault('label_suffix', ':') 18 | super(OpenDNSConfigForm, self).__init__(*args, **kwargs) 19 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/xRAT.yar: -------------------------------------------------------------------------------- 1 | rule xRAT 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/xRat" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $v1a = "DecodeProductKey" 12 | $v1b = "StartHTTPFlood" 13 | $v1c = "CodeKey" 14 | $v1d = "MESSAGEBOX" 15 | $v1e = "GetFilezillaPasswords" 16 | $v1f = "DataIn" 17 | $v1g = "UDPzSockets" 18 | $v1h = {52 00 54 00 5F 00 52 00 43 00 44 00 41 00 54 00 41} 19 | 20 | $v2a = "k__BackingField" 21 | $v2b = "k__BackingField" 22 | $v2c = "DownloadAndExecute" 23 | $v2d = "-CHECK & PING -n 2 127.0.0.1 & EXIT" wide 24 | $v2e = "england.png" wide 25 | $v2f = "Showed Messagebox" wide 26 | condition: 27 | all of ($v1*) or all of ($v2*) 28 | } -------------------------------------------------------------------------------- /pdf2txt_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class pdf2txtConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | pdf2txt_path = forms.CharField(required=True, 7 | label="pdftotext binary", 8 | initial='/usr/bin/pdftotext', 9 | widget=forms.TextInput(), 10 | help_text="Full path to pdftotext binary.") 11 | antiword_path = forms.CharField(required=True, 12 | label="antiword binary", 13 | initial='/usr/bin/antiword', 14 | widget=forms.TextInput(), 15 | help_text="Full path to antiword binary.") 16 | 17 | def __init__(self, *args, **kwargs): 18 | kwargs.setdefault('label_suffix', ':') 19 | super(pdf2txtConfigForm, self).__init__(*args, **kwargs) 20 | -------------------------------------------------------------------------------- /crits_scripts/scripts/prod_to_dev.py: -------------------------------------------------------------------------------- 1 | from optparse import OptionParser 2 | 3 | from crits.core.mongo_tools import mongo_connector 4 | import settings 5 | import pymongo 6 | from crits.core.basescript import CRITsBaseScript 7 | 8 | class CRITsScript(CRITsBaseScript): 9 | 10 | def __init__(self, user=None): 11 | super(CRITsScript, self).__init__(user=user) 12 | 13 | def run(self, argv): 14 | parser = OptionParser() 15 | parser.add_option("-i", "--indicators", action="store_true", dest="indicators", 16 | help="copy over indicators") 17 | (opts, args) = parser.parse_args(argv) 18 | 19 | indicators = mongo_connector(settings.COL_INDICATORS) 20 | if opts.indicators: 21 | conn = pymongo.Connection() 22 | db = conn.crits 23 | coll = db.indicators 24 | prod_indicators = coll.find() 25 | for i in prod_indicators: 26 | indicators.insert(i) 27 | -------------------------------------------------------------------------------- /preview_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class previewConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | pdftoppm_path = forms.CharField(required=True, 7 | label="pdftoppm binary", 8 | initial='/usr/bin/pdftoppm', 9 | widget=forms.TextInput(), 10 | help_text="Full path to pdftoppm binary.") 11 | 12 | antiword_path = forms.CharField(required=True, 13 | label="antiword binary", 14 | initial='/usr/bin/antiword', 15 | widget=forms.TextInput(), 16 | help_text="Full path to antiword binary.") 17 | 18 | def __init__(self, *args, **kwargs): 19 | kwargs.setdefault('label_suffix', ':') 20 | super(previewConfigForm, self).__init__(*args, **kwargs) 21 | -------------------------------------------------------------------------------- /pyew/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class pyewConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | pyew = forms.CharField(required=True, 7 | initial='', 8 | label='Pyew Script', 9 | help_text="Full path to pyew py file.") 10 | port = forms.CharField(required=True, 11 | initial='9876', 12 | label='Port', 13 | help_text="Port the pyew websocket is listening on.") 14 | secure = forms.BooleanField(required=False, 15 | initial=True, 16 | label='HTTPs', 17 | help_text="Use secure websockets.") 18 | 19 | def __init__(self, *args, **kwargs): 20 | kwargs.setdefault('label_suffix', ':') 21 | super(pyewConfigForm, self).__init__(*args, **kwargs) 22 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/Imminent3.yar: -------------------------------------------------------------------------------- 1 | rule Imminent 2 | { 3 | meta: 4 | author = " Kevin Breen " 5 | date = "2014/04" 6 | ref = "http://malwareconfig.com/stats/Imminent" 7 | maltype = "Remote Access Trojan" 8 | filetype = "exe" 9 | 10 | strings: 11 | $v1a = "DecodeProductKey" 12 | $v1b = "StartHTTPFlood" 13 | $v1c = "CodeKey" 14 | $v1d = "MESSAGEBOX" 15 | $v1e = "GetFilezillaPasswords" 16 | $v1f = "DataIn" 17 | $v1g = "UDPzSockets" 18 | $v1h = {52 00 54 00 5F 00 52 00 43 00 44 00 41 00 54 00 41} 19 | 20 | $v2a = "k__BackingField" 21 | $v2b = "k__BackingField" 22 | $v2c = "DownloadAndExecute" 23 | $v2d = "-CHECK & PING -n 2 127.0.0.1 & EXIT" wide 24 | $v2e = "england.png" wide 25 | $v2f = "Showed Messagebox" wide 26 | condition: 27 | all of ($v1*) or all of ($v2*) 28 | } 29 | -------------------------------------------------------------------------------- /OPSWAT_Service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class OPSWATConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | url = forms.CharField(required=True, 7 | label="OPSWAT URL", 8 | widget=forms.TextInput(), 9 | initial='', 10 | help_text="URL for the OPSWAT REST API, example: " 11 | "http://example.org:8008/metascan_rest/scanner?method=scan&archive_pwd=infected") 12 | use_proxy = forms.BooleanField(required=False, 13 | label="Proxy", 14 | initial=False, 15 | help_text="Use proxy for connecting to OPSWAT service") 16 | 17 | def __init__(self, *args, **kwargs): 18 | kwargs.setdefault('label_suffix', ':') 19 | super(OPSWATConfigForm, self).__init__(*args, **kwargs) 20 | -------------------------------------------------------------------------------- /crits_scripts/scripts/email_target_overlap.js: -------------------------------------------------------------------------------- 1 | Array.prototype.has= function (v) { 2 | for (i = 0; i < this.length; i++) { 3 | if (this[i] == v) { 4 | return i; 5 | } 6 | } 7 | return false; 8 | } 9 | var source_name = "your organization"; 10 | var campaign_name = "the campaign"; 11 | 12 | var msgs = db.email.find({'campaign.name': campaign_name, 'source.name': source_name}).sort({'source.instances.date': -1}); 13 | var baseline = 0; 14 | var base = msgs[0].to; 15 | var msgs = db.email.find({'campaign.name': campaign_name, 'source.name': source_name}).sort({'source.instances.date': -1}); 16 | msgs.forEach(function(z) { 17 | var overlap = 0; 18 | z.to.forEach(function(y) { 19 | if (base.has(y)) {overlap += 1; } 20 | }); 21 | var ratio = overlap / z.to.length * 100; 22 | print(z.source[0].instances[0].date.getMonth() + 1 + "/" + z.source[0].instances[0].date.getFullYear() + "\t", overlap + "\t", z.to.length + "\t", ratio + '%'); 23 | }); 24 | 25 | -------------------------------------------------------------------------------- /crits_scripts/scripts/get_id_by_md5.py: -------------------------------------------------------------------------------- 1 | """ 2 | Example Usage: 3 | python get_id_by_md5.py -m md5" 4 | """ 5 | 6 | from optparse import OptionParser 7 | from django.conf import settings 8 | from crits.samples.sample import Sample 9 | from crits.core.basescript import CRITsBaseScript 10 | 11 | settings.MONGO_READ_PREFERENCE = 'secondary' 12 | 13 | class CRITsScript(CRITsBaseScript): 14 | 15 | def __init__(self, user=None): 16 | super(CRITsScript, self).__init__(user=user) 17 | 18 | def run(self, argv): 19 | parser = OptionParser() 20 | parser.add_option("-m", "--md5", action="store", dest="md5", 21 | type="string", help="filetype filter") 22 | (opts, args) = parser.parse_args(argv) 23 | 24 | try: 25 | if opts.md5: 26 | sample = Sample.objects(md5=opts.md5).first() 27 | except Exception as e: 28 | print "Bad things - '%s'" % e 29 | if sample: 30 | print sample.id 31 | -------------------------------------------------------------------------------- /xforce_exchange/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | class XFEConfigForm(forms.Form): 3 | error_css_class = 'error' 4 | required_css_class = 'required' 5 | xfe_api_key = forms.CharField(required=True, 6 | label="API Key", 7 | widget=forms.TextInput(), 8 | help_text="API key from X-Force Exchange.", 9 | initial='') 10 | 11 | xfe_api_password = forms.CharField(required=True, 12 | label="API Password", 13 | widget=forms.TextInput(), 14 | help_text="API password from X-Force Exchange.", 15 | initial='') 16 | 17 | def __init__(self, *args, **kwargs): 18 | kwargs.setdefault('label_suffix', ':') 19 | super(XFEConfigForm, self).__init__(*args, **kwargs) 20 | 21 | -------------------------------------------------------------------------------- /crits_scripts/scripts/del_pe_dup.js: -------------------------------------------------------------------------------- 1 | var stringlist = {}; 2 | for (i=0; i 3 |

    Before sending a TAXII message, you must first configure a TAXII server and feed.

    4 | 5 | {% else %} 6 | 7 | 8 | 9 | {{ form.rcpts.label }} 10 | 11 | ({{ form.rcpts.field.choices|length }}) 12 |
    13 | {{ form.rcpts }} 14 | 15 | 16 | {% for item in form %} 17 | {% if forloop.counter != 1 %} 18 | {% if forloop.counter|divisibleby:2 %} 19 | 20 | {% endif %} 21 | 22 | 23 | 24 | {{ item.label }} 25 | 26 | ({{ item.field.choices|length }}) 27 |
    28 | {{ item }} 29 | 30 | 31 | {% if not forloop.counter|divisibleby:2 %} 32 | 33 | {% endif %} 34 | {% endif %} 35 | {% endfor %} 36 | {% endif %} 37 | -------------------------------------------------------------------------------- /totalhash_service/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | class TotalHashConfigForm(forms.Form): 4 | error_css_class = 'error' 5 | required_css_class = 'required' 6 | th_api_key = forms.CharField(required=True, 7 | label="API Key", 8 | widget=forms.TextInput(), 9 | help_text="Obtain from TotalHash.", 10 | initial='') 11 | th_user = forms.CharField(required=True, 12 | label="Username", 13 | widget=forms.TextInput(), 14 | initial='') 15 | th_query_url = forms.CharField(required=True, 16 | label="Query URL", 17 | widget=forms.TextInput(), 18 | initial='https://api.totalhash.com/') 19 | 20 | def __init__(self, *args, **kwargs): 21 | kwargs.setdefault('label_suffix', ':') 22 | super(TotalHashConfigForm, self).__init__(*args, **kwargs) 23 | -------------------------------------------------------------------------------- /taxii_service/formats.py: -------------------------------------------------------------------------------- 1 | def get_format(item_type): 2 | """ 3 | Create format string to represent crits types in TAXII service's multi choice boxes. 4 | :param item_type The type of object for which we need a format string 5 | """ 6 | fmt = "" 7 | if item_type == 'Certificate': # Good 8 | fmt = "{0[filename]} - {0[md5]}" 9 | elif item_type == 'Domain': # Good 10 | fmt = "{0[domain]} - {0[analyst]}" 11 | elif item_type == 'Email': # needs to be reworked somehow... 12 | fmt = "{0[subject]} - {0[date]}" 13 | elif item_type == 'Indicator': # good 14 | fmt = "{0[ind_type]} - {0[value]}" 15 | elif item_type == 'IP': # good 16 | fmt = "{0[ip]} - {0[ip_type]}" 17 | elif item_type == 'PCAP': # good? 18 | fmt = "{0[filename]} - {0[md5]}" 19 | elif item_type == 'RawData': # good 20 | fmt = "{0[title]} ({0[data_type]})" # - tool: '{0[tool].name}'" 21 | elif item_type == 'Sample': # good 22 | fmt = "{0[filename]} - {0[md5]}" 23 | elif item_type == 'Event': 24 | fmt = "{0[title]} - {0[event_type]}" 25 | return fmt 26 | -------------------------------------------------------------------------------- /crits_scripts/scripts/daily_samples.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | import tarfile 3 | import time 4 | from io import BytesIO 5 | 6 | from crits.core.mongo_tools import mongo_connector, get_file 7 | from crits.core.basescript import CRITsBaseScript 8 | import settings 9 | 10 | class CRITsScript(CRITsBaseScript): 11 | 12 | def __init__(self, user=None): 13 | super(CRITsScript, self).__init__(user=user) 14 | 15 | def run(self, argv): 16 | samples = mongo_connector(settings.COL_SAMPLES) 17 | today = datetime.datetime.fromordinal(datetime.datetime.now().toordinal()) 18 | md5s = samples.find({"source.instances.date": {"$gte": today}}) 19 | filename = "%s/%s.tar.bz2" % ("/tmp/samples", today.strftime("%Y-%m-%d")) 20 | tar = tarfile.open(filename, "w:bz2") 21 | for md5 in md5s: 22 | m = md5['md5'] 23 | f = md5['filename'] 24 | s = get_file(m) 25 | info = tarfile.TarInfo(name="%s" % f) 26 | info.mtime = time.time() 27 | info.size = len(s) 28 | tar.addfile(info, BytesIO(s)) 29 | tar.close() 30 | 31 | -------------------------------------------------------------------------------- /ratdecoder_service/decoders/DarkRAT.py: -------------------------------------------------------------------------------- 1 | import string 2 | 3 | 4 | def string_print(line): 5 | return filter(lambda x: x in string.printable, line) 6 | 7 | 8 | def config(data): 9 | config_dict = {} 10 | raw_config = data.split('@1906dark1996coder@') 11 | if len(raw_config) > 3: 12 | config_dict['Domain'] = raw_config[1][7:-1] 13 | config_dict['AutoRun'] = raw_config[2] 14 | config_dict['USB Spread'] = raw_config[3] 15 | config_dict['Hide Form'] = raw_config[4] 16 | config_dict['Msg Box Title'] = raw_config[6] 17 | config_dict['Msg Box Text'] = raw_config[7] 18 | config_dict['Timer Interval'] = raw_config[8] 19 | if raw_config[5] == 4: 20 | config_dict['Msg Box Type'] = 'Information' 21 | elif raw_config[5] == 2: 22 | config_dict['Msg Box Type'] = 'Question' 23 | elif raw_config[5] == 3: 24 | config_dict['Msg Box Type'] = 'Exclamation' 25 | elif raw_config[5] == 1: 26 | config_dict['Msg Box Type'] = 'Critical' 27 | else: 28 | config_dict['Msg Box Type'] = 'None' 29 | return config_dict 30 | -------------------------------------------------------------------------------- /ratdecoder_service/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Kevin Breen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /bit9_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015, Karl Voss. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /chminfo_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Karl Voss. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /rtfmeta_service/LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015, Facebook. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /xforce_exchange/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015, Karl Voss. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /SEPLQ_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /clamd_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /pdf2txt_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /preview_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /threatgrid_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Karl Voss. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /unswf_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /impfuzzy_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Adam Polkosnik. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /passivetotal_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Brandon Dixon. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /farsight_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The Cisco Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /shodan_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The Cisco Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /threatexchange/urls.py: -------------------------------------------------------------------------------- 1 | from django.conf.urls import url 2 | 3 | from . import views 4 | 5 | urlpatterns = [ 6 | url(r'^query/$', views.query, name='threatexchange-views-query'), 7 | url(r'^privacy_groups/$', views.privacy_groups, name='threatexchange-views-privacy_groups'), 8 | url(r'^submit_query/$', views.submit_query, name='threatexchange-views-submit_query'), 9 | url(r'^submit_related_query/$', views.submit_related_query, name='threatexchange-views-submit_related_query'), 10 | url(r'^export_object/$', views.export_object, name='threatexchange-views-export_object'), 11 | url(r'^import_object/$', views.import_object, name='threatexchange-views-import_object'), 12 | url(r'^get_members/$', views.get_members, name='threatexchange-views-get_members'), 13 | url(r'^get_groups/$', views.get_groups, name='threatexchange-views-get_groups'), 14 | url(r'^get_dropdowns/$', views.get_dropdowns, name='threatexchange-views-get_dropdowns'), 15 | url(r'^get_privacy_group_form/$', views.get_privacy_group_form, name='threatexchange-views-get_privacy_group_form'), 16 | url(r'^add_edit_privacy_group/$', views.add_edit_privacy_group, name='threatexchange-views-add_edit_privacy_group'), 17 | ] 18 | -------------------------------------------------------------------------------- /c1fapp_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Evox Comptuing Ltd. (dev@evoxco.com). All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /threatrecon_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, villain (villain@evilthings.org). All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /exiftool_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Csaba Fitzl. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /malshare_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, Csaba Fitzl. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /pyew/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /anb_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /meta_checker/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /prettythings/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /ratdecoder_service/yaraRules/yaraRules.yar: -------------------------------------------------------------------------------- 1 | include "Adzok.yar" 2 | include "LostDoor.yar" 3 | include "ShadowTech.yar" 4 | include "xRAT.yar" 5 | include "jRat.yar" 6 | include "UPX.yar" 7 | include "DarkRAT.yar" 8 | include "PoisonIvy.yar" 9 | include "AAR.yar" 10 | include "PythoRAT.yar" 11 | include "VirusRat.yar" 12 | include "unrecom.yar" 13 | include "Imminent3.yar" 14 | include "ClientMesh.yar" 15 | include "Punisher.yar" 16 | include "BlackShades.yar" 17 | include "Xtreme.yar" 18 | include "Sub7Nation.yar" 19 | include "BlackNix.yar" 20 | include "Ap0calypse.yar" 21 | include "Bozok.yar" 22 | include "NetWire.yar" 23 | include "Pandora.yar" 24 | include "Bandook.yar" 25 | include "LuxNet.yar" 26 | include "Vertex.yar" 27 | include "Infinity.yar" 28 | include "Arcom.yar" 29 | include "adWind.yar" 30 | include "Paradox.yar" 31 | include "njRat.yar" 32 | include "SmallNet.yar" 33 | include "Greame.yar" 34 | include "DarkComet.yar" 35 | include "SpyGate.yar" 36 | include "NanoCore.yar" 37 | include "CyberGate.yar" 38 | include "BlueBanana.yar" 39 | include "HawkEye.yar" 40 | include "PredatorPain.yar" 41 | include "Plasma.yar" 42 | include "LuminosityLink.yar" 43 | include "QRat.yar" 44 | include "AlienSpy.yar" 45 | include "JavaDropper.yar" 46 | include "Sakula.yar" 47 | -------------------------------------------------------------------------------- /upx_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /yara_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /OPSWAT_Service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /carver_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /chopshop_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /crits_scripts/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /cuckoo_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 13-0103 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /diffie_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /machoinfo_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /metacap_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /pdfinfo_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /peinfo_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /ssdeep_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /taxii_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /threatexchange/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /timeline_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /totalhash_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /whois_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /zip_meta_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /backscatter_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2019, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /data_miner_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /entropycalc_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /macro_extract_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /office_meta_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /pyinstaller_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /relationships_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /stix_validator_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /virustotal_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /maliciousmacrobot_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017, The MITRE Corporation. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /virustotal_download_service/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016, The Boeing Company. All rights reserved. 4 | 5 | Approved for Public Release; Distribution Unlimited 14-1511 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /crits_scripts/scripts/get_md5s.py: -------------------------------------------------------------------------------- 1 | """ 2 | Example Usage: 3 | python get_md5s.py -f "{'source.name': 'foo'}" 4 | """ 5 | 6 | import ast 7 | from optparse import OptionParser 8 | 9 | from crits import settings 10 | from crits.core.mongo_tools import mongo_connector 11 | from crits.core.basescript import CRITsBaseScript 12 | 13 | settings.MONGO_READ_PREFERENCE = 'secondary' 14 | 15 | class CRITsScript(CRITsBaseScript): 16 | 17 | def __init__(self, user=None): 18 | super(CRITsScript, self).__init__(user=user) 19 | 20 | def run(self, argv): 21 | parser = OptionParser() 22 | parser.add_option("-f", "--filter", action="store", dest="filter", 23 | type="string", help="filetype filter") 24 | (opts, args) = parser.parse_args(argv) 25 | 26 | try: 27 | samples = mongo_connector(settings.COL_SAMPLES) 28 | if opts.filter: 29 | query = ast.literal_eval(opts.filter) 30 | else: 31 | query = {} 32 | 33 | md5_list = samples.find(query, {"md5": 1}) 34 | 35 | for item in md5_list: 36 | try: 37 | if item['md5'] != None: 38 | print item['md5'] 39 | except: 40 | pass 41 | except: 42 | pass 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | crits_services 2 | ============== 3 | 4 | This repo contains services for CRITs that allow you to extend its 5 | functionality. Information on how to use, install, and leverage these services 6 | can be found in the main CRITs repository: 7 | 8 | https://www.github.com/crits/crits 9 | 10 | Each service comes with its own README, LICENSE, DEPENDENCIES, bootstrap, and requirements.txt file. If you 11 | choose to leverage a service, make sure you read the DEPENDENCIES file to 12 | determine what you’ll need to install to use it. The README will be a good guide 13 | to determine what a service does, and in some cases how to set it up and use it. 14 | 15 | The bootstrap in the crits_services folder is supposed to run the bootstrap in each services' folder. Each service's bootstrap in turn, after installing any OS level dependencies, kicks off pip to install the python dependencies listed in requirements.txt 16 | 17 | At this point there are a few services that require some additional manual installation, this might change in the future as any pull requests to fix these issues are greatly appreciated. 18 | 19 | The services that currently require some manual installation are (at least until somebody fixes them): 20 | 21 | - chopshop_service 22 | - metacap_service (it needs chopshop) 23 | - pyew 24 | - snugglefish_service 25 | - taxii_service 26 | 27 | --------------------------------------------------------------------------------