def run(self, obj, config):
logger.debug("Scanning...")
if obj.filedata.grid_id == None:
self._info("No data to scan, skipping")
return
if config['distribution_url']:
msg = {
'type': 'fileref',
'source': {
'type': 'crits',
'zip_password': '******',
'crits': {
'location': settings.INSTANCE_URL,
'object_type': obj._meta['crits_type'],
'object_id': str(obj.id),
'analysis_id': self.current_task.task_id,
'start_date': self.current_task.start_date,
'username': self.current_task.username,
'api_key': config['api_key']
}
},
'destination': {
'type': 'crits',
'crits': {
'location': settings.INSTANCE_URL,
'object_type': obj._meta['crits_type'],
'object_id': str(obj.id),
'analysis_id': self.current_task.task_id,
'start_date': self.current_task.start_date,
'username': self.current_task.username,
'api_key': config['api_key']
}
},
'config': {
'sigfiles': self.config['sigfiles']
}
}
exch = config['exchange']
routing_key = config['routing_key']
try:
from crits.services.connector import Connector
conn = Connector(connector="amqp",
uri=config['distribution_url'],
ssl=True)
conn.send_msg(msg, exch, routing_key)
conn.release()
except Exception as e:
self._error("Distribution error: %s" % e)
return
self._info("Submitted job to yara queue.")
else:
data = obj.filedata.read()
sigsets = self._compile_rules(config['sigdir'], config['sigfiles'])
for sigset in sigsets:
logger.debug("Signature set name: %s" % sigset['name'])
self._info("Scanning with %s" % sigset['name'])
matches = sigset['rules'].match(data=data)
for match in matches:
strings = {}
for s in match.strings:
s_name = s[1]
s_offset = s[0]
try:
s_data = s[2].decode('ascii')
except UnicodeError:
s_data = "Hex: " + binascii.hexlify(s[2])
s_key = "{0}-{1}".format(s_name, s_data)
if s_key in strings:
strings[s_key]['offset'].append(s_offset)
else:
strings[s_key] = {
'offset': [s_offset],
'name': s_name,
'data': s_data,
}
string_list = []
for key in strings:
string_list.append(strings[key])
self._add_result(self.name, match.rule,
{'strings': string_list})
self.current_task.finish()
def run(self, obj, config):
logger.debug("Scanning...")
if obj.filedata.grid_id == None:
self._info("No data to scan, skipping")
return
if config['distribution_url']:
msg = {
'source': {
'type': 'crits',
'crits': {
'zip_password': '******',
'location': settings.INSTANCE_URL,
'object_type': obj._meta['crits_type'],
'object_id': str(obj.id),
'analysis_id': self.current_task.task_id,
'start_date': self.current_task.start_date,
'username': self.current_task.username,
'api_key': config['api_key']
}
},
'destination': {
'type': 'crits',
'crits': {
'location': settings.INSTANCE_URL,
'object_type': obj._meta['crits_type'],
'object_id': str(obj.id),
'analysis_id': self.current_task.task_id,
'start_date': self.current_task.start_date,
'username': self.current_task.username,
'api_key': config['api_key']
}
},
'route': {
'yara': {
'route': {},
'config': {
'sigfiles': self.config['sigfiles']
}
}
}
}
exch = config['exchange']
routing_key = config['routing_key']
try:
from crits.services.connector import Connector
conn = Connector(connector="amqp",
uri=config['distribution_url'], ssl=True)
conn.send_msg(msg, exch, routing_key)
conn.release()
except Exception as e:
self._error("Distribution error: %s" % e)
return
self._info("Submitted job to yara queue.")
else:
data = obj.filedata.read()
sigsets = self._compile_rules(config['sigdir'], config['sigfiles'])
for sigset in sigsets:
logger.debug("Signature set name: %s" % sigset['name'])
self._info("Scanning with %s" % sigset['name'])
matches = sigset['rules'].match(data=data)
for match in matches:
strings = {}
for s in match.strings:
s_name = s[1]
s_offset = s[0]
try:
s_data = s[2].decode('ascii')
except UnicodeError:
s_data = "Hex: " + binascii.hexlify(s[2])
s_key = "{0}-{1}".format(s_name, s_data)
if s_key in strings:
strings[s_key]['offset'].append(s_offset)
else:
strings[s_key] = {
'offset': [s_offset],
'name': s_name,
'data': s_data,
}
string_list = []
for key in strings:
string_list.append(strings[key])
self._add_result(self.name, match.rule, {'strings': string_list})
self.current_task.finish()
def run(self, obj, config):
logger.debug("Scanning...")
if obj.filedata.grid_id == None:
self._info("No data to scan, skipping")
return
if config["distribution_url"]:
msg = {
"source": {
"type": "crits",
"crits": {
"zip_password": "******",
"location": settings.INSTANCE_URL,
"object_type": obj._meta["crits_type"],
"object_id": str(obj.id),
"analysis_id": self.current_task.task_id,
"start_date": self.current_task.start_date,
"username": self.current_task.username,
"api_key": config["api_key"],
},
},
"destination": {
"type": "crits",
"crits": {
"location": settings.INSTANCE_URL,
"object_type": obj._meta["crits_type"],
"object_id": str(obj.id),
"analysis_id": self.current_task.task_id,
"start_date": self.current_task.start_date,
"username": self.current_task.username,
"api_key": config["api_key"],
},
},
"route": {"yara": {"route": {}, "config": {"sigfiles": self.config["sigfiles"]}}},
}
exch = config["exchange"]
routing_key = config["routing_key"]
try:
from crits.services.connector import Connector
conn = Connector(connector="amqp", uri=config["distribution_url"], ssl=True)
conn.send_msg(msg, exch, routing_key)
conn.release()
except Exception as e:
self._error("Distribution error: %s" % e)
return
self._info("Submitted job to yara queue.")
else:
data = obj.filedata.read()
sigsets = self._compile_rules(config["sigdir"], config["sigfiles"])
for sigset in sigsets:
logger.debug("Signature set name: %s" % sigset["name"])
self._info("Scanning with %s" % sigset["name"])
matches = sigset["rules"].match(data=data)
for match in matches:
strings = {}
for s in match.strings:
s_name = s[1]
s_offset = s[0]
try:
s_data = s[2].decode("ascii")
except UnicodeError:
s_data = "Hex: " + binascii.hexlify(s[2])
s_key = "{0}-{1}".format(s_name, s_data)
if s_key in strings:
strings[s_key]["offset"].append(s_offset)
else:
strings[s_key] = {"offset": [s_offset], "name": s_name, "data": s_data}
string_list = []
for key in strings:
string_list.append(strings[key])
self._add_result(self.name, match.rule, {"strings": string_list})
self.current_task.finish()