From 355913c5163b8b030512497a2994d0c801ae8c50 Mon Sep 17 00:00:00 2001
From: Jerome Leonard <jerome@upbeat.fr>
Date: Tue, 20 Jun 2017 09:04:49 +0200
Subject: [PATCH] #56 Virusshare() and short reports  + bump version

---
 analyzers/Virusshare/Virusshare.json        |  2 +-
 analyzers/Virusshare/virusshare.py          | 15 +++++-
 thehive-templates/Virusshare_1_0/long.html  | 58 ---------------------
 thehive-templates/Virusshare_1_0/short.html |  3 --
 4 files changed, 15 insertions(+), 63 deletions(-)
 delete mode 100644 thehive-templates/Virusshare_1_0/long.html
 delete mode 100644 thehive-templates/Virusshare_1_0/short.html

diff --git a/analyzers/Virusshare/Virusshare.json b/analyzers/Virusshare/Virusshare.json
index 8c472c5e6..298e48c0b 100644
--- a/analyzers/Virusshare/Virusshare.json
+++ b/analyzers/Virusshare/Virusshare.json
@@ -3,7 +3,7 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "Virusshare",
     "config": {},
     "description": "Search for MD5 hashes in Virusshare.com hash list",
diff --git a/analyzers/Virusshare/virusshare.py b/analyzers/Virusshare/virusshare.py
index 1f11918a5..2616dff65 100755
--- a/analyzers/Virusshare/virusshare.py
+++ b/analyzers/Virusshare/virusshare.py
@@ -21,7 +21,20 @@ def __init__(self):
         self.filelist = os.listdir(self.path)
 
     def summary(self, raw):
-        return {'isonvs': raw["isonvs"]}
+        taxonomy = {"level": "safe", "namespace": "Virusshare", "predicate": "Search", "value": 0}
+        taxonomies = []
+        if raw["isonvs"]:
+            if raw["isonvs"] == "unknown":
+                taxonomy['value'] = "\"{}\"".format("Not MD5")
+                taxonomy['level'] = "suspicious"
+            else:
+                taxonomy['value'] "\"{}\"".format("Found")
+                taxonomy['level'] = "malicious"
+        else:
+            taxonomy['value'] = "\"{}\"".format("Not found")
+
+        taxonomies.append(taxonomy)
+        return {'taxonomies': taxonomies}
 
     def run(self):
         searchhash = ''
diff --git a/thehive-templates/Virusshare_1_0/long.html b/thehive-templates/Virusshare_1_0/long.html
deleted file mode 100644
index 268304c24..000000000
--- a/thehive-templates/Virusshare_1_0/long.html
+++ /dev/null
@@ -1,58 +0,0 @@
-<div class="panel panel-danger" ng-if="success && content.isonvs && content.isonvs != 'unknown'">
-	<div class="panel-heading">
-		Virusshare Report
-	</div>
-	<div class="panel-body">
-		<dl class="dl-horizontal">
-			<dt>MD5</dt>
-			<dd>{{content.md5}}</dd>
-			<dt></dt>
-			<dd>
-				<form method="POST" action="https://virusshare.com/search.4n6" target="_blank">
-					<input type="hidden" value="{{content.md5}}" name="search">
-					<input class="btn btn-danger" type="submit" value="Open on Virusshare.com (Login first!)">
-				</form>
-			</dd>
-		</dl>
-	</div>
-</div>
-<div class="panel panel-danger" ng-if="success && content.isonvs === 'unknown'">
-	<div class="panel-heading">
-		Virusshare Report
-	</div>
-	<div class="panel-body">
-		<dl class="dl-horizontal">
-			<dt>Error</dt>
-			<dd>{{content.hash}} is not MD5</dd>
-			<dt></dt>
-			<dd>Still try to search:<br />
-				<form method="POST" action="https://virusshare.com/search.4n6" target="_blank">
-					<input type="hidden" value="{{content.hash}}" name="search">
-					<input class="btn btn-danger" type="submit" value="Open on Virusshare.com (Login first!)">
-				</form>
-			</dd>
-		</dl>
-	</div>
-</div>
-
-<div class="panel panel-success" ng-if="success && !content.isonvs">
-	<div class="panel-heading">
-		Virusshare Report
-	</div>
-	<div class="panel-body">
-		<span>No match.</span>
-	</div>
-</div>
-
-<!-- General error  -->
-<div class="panel panel-danger" ng-if="!success">
-    <div class="panel-heading">
-        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
-    </div>
-    <div class="panel-body">
-    	<dl class="dl-horizontal" ng-if="content.errorMessage">
-            <dt><i class="fa fa-warning"></i> PassiveDNS: </dt>
-            <dd class="wrap">{{content.errorMessage}}</dd>
-        </dl>
-    </div>
-</div>
diff --git a/thehive-templates/Virusshare_1_0/short.html b/thehive-templates/Virusshare_1_0/short.html
deleted file mode 100644
index ce9d596ea..000000000
--- a/thehive-templates/Virusshare_1_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<span class="label label-success" ng-if="success && !content.isonvs">Virusshare: No match</span>&nbsp;
-<span class="label label-warning" ng-if="success && content.isonvs === 'unknown'">Virusshare: Not MD5</span>&nbsp;
-<span class="label label-danger" ng-if="success && content.isonvs && content.isonvs != 'unknown'">Virusshare: Match!</span>&nbsp;
\ No newline at end of file