This code pulls SHA-256 hashes from MalwareBazaar and uploads the hashes into Cisco AMP's Simple Custom Detections Lists. The individual strain list along with the aggregate list are updated. Screenshots accompany the function calls and show the results. Yes, I am aware that most malware is polymorphic or metamorpic. Thank you, Ross, for improving upon the codebase!
- pull_from_malware_bazaar_api() Create text files for all malware strains.
- create_master_df_from_malware_bazaar() Add all strains into one text file.
- all_hashes_in_amp_df = pull_main_hash_list() Create a text file with all hashes from AMP.
- compare_differences(all_hashes_in_amp_df) Compare the differences on a txt file basis. If no differences exist delete text file. If differences exist, leave only differences in the txt file and delete the remaining hashes.
- insert_amp_sha256() Update list with new hashes. This is on a per strain basis and the one dominant hash list.