Merge pull request #28 from kam193/patch-1

Add campaign attribution support
CybercentreCanada · Sep 13, 2024 · 6961708 · 6961708
2 parents 5a959d7 + 8acc195
commit 6961708
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/badlist/update_server.py b/badlist/update_server.py
@@ -118,6 +118,7 @@ def update_blocklist(
             ioc_value: str,
             malware_family: List[str],
             attribution: List[str],
+            campaign: List[str],
             references: List[str],
             bl_type: str,
         ):
@@ -130,6 +131,9 @@ def prepare_item(bl_item):
                 if attribution:
                     attr["actor"] = list(set(attribution))
 
+                if campaign:
+                    attr["campaign"] = list(set(campaign))
+
                 bl_item["attribution"] = attr
 
                 # Optionally set an expiration DTL based on the source
@@ -214,18 +218,24 @@ def prepare_item(bl_item):
                                 # Skip row
                                 continue
 
-                            references = [] if not source_cfg.get("reference") else [row[source_cfg["reference"]]]
+                            references = [] if source_cfg.get("reference") is None else [row[source_cfg["reference"]]]
                             # Get malware family
                             malware_family = (
                                 sanitize_data(row[source_cfg["malware_family"]], type="malware_family")
-                                if source_cfg.get("malware_family")
+                                if source_cfg.get("malware_family") is not None
                                 else []
                             )
 
                             # Get attribution
                             attribution = (
                                 sanitize_data(row[source_cfg["attribution"]], type="attribution")
-                                if source_cfg.get("attribution")
+                                if source_cfg.get("attribution") is not None
+                                else []
+                            )
+
+                            campaign = (
+                                sanitize_data(row[source_cfg["campaign"]], type="campaign", validate=False)
+                                if source_cfg.get("campaign") is not None
                                 else []
                             )
 
@@ -247,6 +257,7 @@ def prepare_item(bl_item):
                                     ioc_value,
                                     malware_family,
                                     attribution,
+                                    campaign,
                                     references,
                                     bl_type="tag" if ioc_type in NETWORK_IOC_TYPES else "file",
                                 )
@@ -271,6 +282,8 @@ def prepare_item(bl_item):
                                 # Get attribution
                                 attribution = sanitize_data(data.get(source_cfg.get("attribution")), type="attribution")
 
+                                campaign = sanitize_data(data.get(source_cfg.get("campaign")), type="campaign", validate=False)
+
                                 for ioc_type in NETWORK_IOC_TYPES + FILEHASH_TYPES:
                                     ioc_value = data.get(source_cfg.get(ioc_type))
                                     if ioc_value:
@@ -279,6 +292,7 @@ def prepare_item(bl_item):
                                             ioc_value,
                                             malware_family,
                                             attribution,
+                                            campaign,
                                             references,
                                             bl_type="tag" if ioc_type in NETWORK_IOC_TYPES else "file",
                                         )