malware HASH Queries

Showing 1-2 of 2 messages
malware HASH Queries kl 9/22/12 6:41 PM
Hi
I'm trying to query this feed http://www.malware.com.br/cgi/submit?action=list_hashes via the webAPI using the md5 value.
Some are returning and some aren't (the cron jobs ran ok recently).

Moreover, using the sha1 value (the last column), no results are returning.
Is there a reason for this?

Thanks (:


Re: [ci-framework] malware HASH Queries wes 9/24/12 5:11 AM
this is a little ... wonky to say the least... malware was one of those last min "hey we should try this out", so some of the results may vary a bit.

the malware stuff (for the most part) ends up being populated by the analytics process:

https://github.com/collectiveintel/cif-v0/blob/master/lib/CIF/Archive/Analytic/Plugin/ResolveMalware.pm

when the config terms things as "malware_sha1" or "malware_md5" instead of just "md5" or "sha1"

i think this might be a bug in the config for malware.com.br where it should be:

https://github.com/collectiveintel/cif-v0/commit/538102b2d687603f7dbae2224729d5a3a4ecfb38#etc/misc.cfg

but i'll have to do some testing to make sure.

so your sluggish population problem is due these things not be directly inserted, but waiting on analytics to pick them up.

you can change that line in your misc.cfg to test if you'd like. it could be a day or two before i can.
--
Wes
wesyoung.me