... Upload and query IOCs to/from a MISP instance positional arguments: {upload,download,search,check_hashes,yara,get_event,create_event,add,show,publish,version} upload Send malware sample to MISP. download Download malware samples from MISP. search Search in all the attributes. check_hashes Crosscheck hashes on VT. yara Get YARA rules of an event. get_event Initialize the session with an existing MISP event. create_event Create a new event on MISP and initialize the session with it. add Add attributes to an existing MISP event. show Show attributes to an existing MISP event. publish Publish an existing MISP event. version Returns the version of the MISP instance. optional arguments: -h, --help show this help message and exit --url URL URL of the MISP instance -k KEY, --key KEY Your key on the MISP instance -v, --verify Disable certificate verification (for self-signed) viper > misp search summit [+] summit matches on the following events: - OSINT - TLP:WHITE (0 samples, 7 hashes) - https://misppriv.circl.lu/events/view/94 - Targeted attacks (0 samples, 4 hashes) - https://misppriv.circl.lu/events/view/126 - interesting list of CCs, some confirmed as APT (0 samples, 0 hashes) - https://misppriv.circl.lu/events/view/191 - OSINT G20 Themed campaign analysis by Rapid7 (0 samples, 7 hashes) - https://misppriv.circl.lu/events/view/239 - OSINT pDNS Enrichment based on event 581 (Kaspersky / securlist NetTraveler) (0 samples, 0 hashes) - https://misppriv.circl.lu/events/view/296 - OSINT - Annual G20 summit is attractive target for Flea attack group Attackers attempt to steal information from targeted officials through spear-phishing emails. (0 samples, 61 hashes) - https://misppriv.circl.lu/events/view/675 - OSINT - G20 2014 Summit Lure used to target Tibetan activists (0 samples, 2 hashes) - https://misppriv.circl.lu/events/view/688 - Dump of TextWrangler unnamed buffer 18 (Passive dns Expansion based on the list of /24 from mapping hacking team report) (0 samples, 0 hashes) - https://misppriv.circl.lu/events/view/745 - Dump of TextWrangler unnamed buffer 31 (0 samples, 0 hashes) - https://misppriv.circl.lu/events/view/746 - Test Event for User summit (2 samples, 4 hashes) - https://misppriv.circl.lu/events/view/2346 - https://community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations (0 samples, 11 hashes) - https://misppriv.circl.lu/events/view/23 - Test event misp summit (1 samples, 8 hashes) - https://misppriv.circl.lu/events/view/2347 viper > misp get_event -h usage: misp get_event [-h] event positional arguments: event Existing Event ID. optional arguments: -h, --help show this help message and exit viper > misp get_event 2346 [*] Session opened on /home/raphael/gits/viper/binaries/b/c/f/2/bcf20b1289fcc7f2e385ebcf974d21aaff36b34b43a3903501f36bceb35ded9d [*] Session opened on MISP event 2346. [*] This event contains 2 samples. viper 23_09_2015_quittung_13Q23N42.exe [MISP 2346] > misp download [+] The following files have been downloaded: [+] EventID: 2346 - /tmp/23_09_2015_quittung_13Q23N42.zip [+] EventID: 2346 - /tmp/23_09_2015_quittung_13Q23N42.exe viper 23_09_2015_quittung_13Q23N42.exe [MISP 2346] > open -f