forked from OpenCTI-Platform/client-python
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_hashes_and_link_together.py
59 lines (54 loc) · 1.57 KB
/
create_hashes_and_link_together.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# coding: utf-8
from pycti import OpenCTIApiClient
# Variables
api_url = 'https://demo.opencti.io'
api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
# OpenCTI initialization
opencti_api_client = OpenCTIApiClient(api_url, api_token)
# Create observables
hash_md5 = opencti_api_client.stix_observable.create(
type='File-MD5',
observable_value='16b3f663d0f0371a4706642c6ac04e42',
description='Hash linked to Emotet',
update=True
)
print(hash_md5)
hash_sha1 = opencti_api_client.stix_observable.create(
type='File-SHA1',
observable_value='3a1f908941311fc357051b5c35fd2a4e0c834e37',
description='Hash linked to Emotet',
update=True
)
print(hash_sha1)
hash_sha256 = opencti_api_client.stix_observable.create(
type='File-SHA256',
observable_value='bcc70a49fab005b4cdbe0cbd87863ec622c6b2c656987d201adbb0e05ec03e56',
description='Hash linked to Emotet',
update=True
)
print(hash_sha256)
# Create relations
opencti_api_client.stix_observable_relation.create(
relationship_type='corresponds',
fromType='File-MD5',
fromId=hash_md5['id'],
toType='File-SHA1',
toId=hash_sha1['id'],
ignore_dates=True
)
opencti_api_client.stix_observable_relation.create(
relationship_type='corresponds',
fromType='File-MD5',
fromId=hash_md5['id'],
toType='File-SHA256',
toId=hash_sha256['id'],
ignore_dates=True
)
opencti_api_client.stix_observable_relation.create(
relationship_type='corresponds',
fromType='File-SHA1',
fromId=hash_sha1['id'],
toType='File-SHA256',
toId=hash_sha256['id'],
ignore_dates=True
)