Viper - Using MISP from your terminalMISP - Threat Sharing

Threat Sharing

Team CIRCL

MISP Projecthttps://www.misp-project.org/

ESDC 20200303

Viper - Main ideas

Viper is a binary analysis and management framework.Its fundamental objective is to provide a solution to easilyorganize your collection ofmalware and exploit samplesas well as your collection of scripts you created or foundover the time to facilitate your daily research. Think ofit as a Metasploit for malware researchers: it provides aterminal interface that you can use to store, search andanalyze arbitrary �les with and a framework to easily cre-ate plugins of any sort.

1 12

Viper

Solid CLIPlenty of modules (PE �les, *o�ce, ELF, APK, ...)Connection to 3rd party services (MISP, VirusTotal, cuckoo)Connectors to 3rd party tools (IDA, radare)Locale storage of your own zooDjango interface is available (I’ve been told)

2 12

Viper

3 12

PyMISP & Viper

Full featured CLI for MISPRemote storage of your zooSearch / Cross check with VirusTotalCreate / Update / Show / Publish EventDownload / Upload SamplesMass export / Upload / DownloadGet Yara rules

4 12

MISP Module

5 12

Viper & VT

Searches for hashes/ips/domains/URLs from the currentMISP event, or download the samplesDownload samples from current MISP eventDownload all samples from all the MISP events of thecurrent session

6 12

VirusTotal Module

7 12

Extra features

Link to a MISP eventLocal storage of the MISP eventOn the �y cross-check of MISP atributes with 3rd partyservicesNever leaving your CLI!

8 12

Other modules

Fully featured CLI for Passive SSLFully featured CLI for Passive DNSCan launch Radare2 or IDA

9 12

Passive SSL

10 12

Passive DNS

11 12

Q&A

https://github.com/MISP/PyMISPhttps://github.com/MISP/https://github.com/viper-framework/viperWe welcome new functionalities and pull requests.

12 / 12