def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
target = target_info(report(task))['file']
response += CuckooHash(target['sha1'].decode('ascii'), taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
netw = network(report(task))
for d in netw['http']:
response += Website(d['uri'].decode('ascii'), taskid=task)
return response
def dotransform(request, response, config):
if "taskid" in request.fields:
task = request.fields["taskid"]
else:
task = request.value
files = behavior(report(task))["summary"]["files"]
for d in files:
response += CuckooOpenFile(d.decode("ascii"), taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
reg = behavior(report(task))['summary']['keys']
for d in reg:
response += Phrase(d.decode('ascii'))
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
reg = behavior(report(task))['summary']['keys']
for d in reg:
response += Phrase(d.decode('ascii'))
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
netw = network(report(task))
for d in netw['domains']:
response += IPv4Address(d['ip'].decode('ascii'), taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
target = target_info(report(task))['file']
response += CuckooHash(target['sha1'].decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
secs = static_results(report(task))['pe_sections']
for d in secs:
response += Phrase(d['name'].decode('ascii'))
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
files = behavior(report(task))['summary']['files']
for d in files:
response += CuckooOpenFile(d.decode('ascii'), taskid=task)
return response
def dotransform(request, response, config):
if "taskid" in request.fields:
task = request.fields["taskid"]
else:
task = request.value
netw = network(report(task))
for d in netw["http"]:
response += Website(d["uri"].decode("ascii"), taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
secs = static_results(report(task))['pe_sections']
for d in secs:
response += Phrase(d['name'].decode('ascii'))
return response
def dotransform(request, response, config):
fname = request.value
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
dropped = dropped_files(report(task))
for d in dropped:
if d['name'] == fname:
response += CuckooHash(d['md5'].decode('ascii'))
return response
def dotransform(request, response, config):
fname = request.value
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
dropped = dropped_files(report(task))
for d in dropped:
if d['name'] == fname:
response += CuckooHash(d['md5'].decode('ascii'))
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
target = target_info(report(task))
response += CuckooMalwareFilename(target['file']['name'].decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
processes = behavior(report(task))['processes']
for d in processes:
response += CuckooProcess(
d['process_name'].decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
dropped = dropped_files(report(task))
for d in dropped:
response += CuckooDropped(d['name'].decode('ascii'),
taskid=task,
ftype=d['type'])
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
target = target_info(report(task))
response += CuckooMalwareFilename(
target['file']['name'].decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
netw = network(report(task))
for d in netw['domains']:
response += IPv4Address(
d['ip'].decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
mutexes = behavior(report(task))['summary']['mutexes']
for d in mutexes:
response += CuckooMutex(
d.decode('ascii'),
taskid=task)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
dropped = dropped_files(report(task))
for d in dropped:
response += CuckooDropped(
d['name'].decode('ascii'),
taskid=task,
ftype=d['type'])
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
csigz = cuckoo_sigs(report(task))
for d in csigz:
response += CuckooSig(
d['description'].decode('ascii'),
taskid=task,
)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
secs = static_results(report(task))['peid_signatures']
if secs is None:
pass
else:
for i in secs:
response += Phrase(i)
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
netw = network(report(task))
dns_lst = []
for d in netw['dns']:
if d['request'] not in dns_lst:
response += NSRecord(d['request'].decode('ascii'), taskid=task)
dns_lst.append(d['request'])
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
csigz = cuckoo_sigs(report(task))
for d in csigz:
response += CuckooSig(
d['description'].decode('ascii'),
taskid = task,
)
return response
def dotransform(request, response, config):
if "taskid" in request.fields:
task = request.fields["taskid"]
else:
task = request.value
netw = network(report(task))
dns_lst = []
for d in netw["dns"]:
if d["request"] not in dns_lst:
response += NSRecord(d["request"].decode("ascii"), taskid=task)
dns_lst.append(d["request"])
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
ysigz = yara_sigs(report(task))
for d in ysigz:
for k, v in d.iteritems():
if 'meta' in k:
response += CuckooYara(
v['description'].decode('ascii'),
taskid=task,
)
return response
def dotransform(request, response, config):
if "taskid" in request.fields:
task = request.fields["taskid"]
else:
task = request.value
vt = vt_results(report(task))
if vt["response_code"] == 1:
for k, v in vt["scans"].iteritems():
if None != v["result"]:
value = k + " - " + v["result"]
response += CuckooVT(value.decode("ascii"), taskid=task, vtlink=vt["permalink"])
else:
pass
return response
def dotransform(request, response, config):
if 'taskid' in request.fields:
task = request.fields['taskid']
else:
task = request.value
vt = vt_results(report(task))
if vt['response_code'] == 1:
for k, v in vt['scans'].iteritems():
if None != v['result']:
value = k + ' - ' + v['result']
response += CuckooVT(value.decode('ascii'),
taskid=task,
vtlink=vt['permalink'])
else:
pass
return response
