def run(md5s): """ Print the malware object for each md5 hash passed in. :param md5s: A list of hashes :type md5s: enumerable strs """ for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
def run(md5s, output_dir): print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): if not os.path.exists(output_dir): os.path.makedirs(output_dir) with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write( zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
def import_object(request, type_, id_): setup_access() if type_ == "Threat Descriptors": obj = ThreatDescriptor(id=id_) obj.details(fields=[ f for f in ThreatDescriptor._default_fields if f not in (td.PRIVACY_MEMBERS, td.METADATA) ]) itype = get_mapped_itype(obj.get(td.TYPE)) if itype is None: return { 'success': False, 'message': "Descriptor type is not supported by CRITs" } ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE)) results = handle_indicator_ind( obj.get(td.RAW_INDICATOR), "ThreatExchange", itype, ithreat_type, None, request.user.username, method="ThreatExchange Service", reference="id: %s, owner: %s, share_level: %s" % (obj.get( td.ID), obj.get(td.OWNER)['name'], obj.get(td.SHARE_LEVEL)), add_domain=True, add_relationship=True, confidence=build_ci(obj.get(td.CONFIDENCE)), description=obj.get(td.DESCRIPTION)) return results elif type_ == "Malware Analyses": obj = Malware(id=id_) obj.details( fields=[f for f in Malware._fields if f not in (m.METADATA)]) filename = obj.get(m.MD5) try: data = obj.rf except: data = None results = handle_file( filename, data, "ThreatExchange", method="ThreatExchange Service", reference="id: %s, share_level: %s" % (obj.get(td.ID), obj.get(td.SHARE_LEVEL)), user=request.user.username, md5_digest=obj.get(m.MD5), sha1_digest=obj.get(m.SHA1), sha256_digest=obj.get(m.SHA256), size=obj.get(m.SAMPLE_SIZE), mimetype=obj.get(m.SAMPLE_TYPE), ) return {'success': True, 'md5': results} else: return {'success': False, 'message': "Invalid Type"} return {'success': True}
def malware_main(args): """ Call the /malware_analyses API endpoint and print the results. :param args: Command line arguments :type args: ArgumentParser """ malwares = Malware.objects(text=args.text, strict_text=args.strict_text, limit=args.limit, since=args.since, until=args.until, dict_generator=True) for malware in malwares: sys.stdout.write(json.dumps(malware)) sys.stdout.write('\n')
def save_sample(malware_id, output_dir): sample = Malware.details(id=malware_id, fields=VARIANT_SAMPLE_FIELDS) if sample.get(m.SAMPLE) == '': print 'No sample available for %s, skipping' % sample.get(m.ID) try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(sample.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): if not os.path.exists(output_dir): os.makedirs(output_dir) with open(os.path.join(output_dir, sample.get(m.SHA1)), 'wb') as f: print('Writing to %s' % sample.get(m.SHA1)) f.write(zf.read(entry.filename, sample.get(m.PASSWORD))) except Exception, e: print 'Error saving to file: %s' % str(e)
def run(md5s, output_dir): print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): if not os.path.exists(output_dir): os.path.makedirs(output_dir) with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write(zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
#!/usr/bin/env python from pytx import init from pytx import Malware md5s = [ '681f1b31baa671a81e4b803dbf8a9f10' ] app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
output_dir = 'out' app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) md5s = [] with open(input_md5s_filename) as f: for l in f: md5s.append(l.strip()) print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write(zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
def main(): s = get_args() format_ = '%d-%m-%Y' for day_counter in range(s.days_back): until_param, until_param_string, since_param, since_param_string = \ utils.get_time_params(s.end_date, day_counter, format_) output_file = 'malware_analyses_' + since_param_string + '_to_' + \ until_param_string + '.csv' with open(output_file, 'wb') as fout: writer = csv.writer(fout) # TODO: Remove this once querying the fields related to a sample # Doesn't break TX, and fix all the things below fields = Malware._default_fields if (s.full_sample): fields += ['sample_size', 'sample'] results = Malware.objects( fields=fields, limit=1000, sample_type=s.sample_type, share_level=s.share_level, text=s.text, status=s.status, strict_text=s.strict_text, since=since_param_string, until=until_param_string, ) fields_list = [ MA.ID, MA.ADDED_ON, MA.CRX, MA.IMPHASH, MA.MD5, MA.PASSWORD, MA.PE_RICH_HEADER, MA.SAMPLE_TYPE, MA.SAMPLE_SIZE_COMPRESSED, MA.SHA1, MA.SHA256, MA.SHARE_LEVEL, MA.SSDEEP, MA.STATUS, MA.SUBMITTER_COUNT, MA.VICTIM_COUNT, MA.XPI, ] if (s.full_sample): fields_list += [ MA.SAMPLE, MA.SAMPLE_SIZE, ] # Headers writer.writerow(map(utils.convert_to_header, fields_list)) for result in results: writer.writerow( map(lambda x: utils.get_data_field(x, result), fields_list))
#!/usr/bin/env python from pytx import init from pytx import Malware md5s = ['681f1b31baa671a81e4b803dbf8a9f10'] app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
def main(): s = get_args() format_ = '%d-%m-%Y' for day_counter in range(s.days_back): until_param, until_param_string, since_param, since_param_string = \ utils.get_time_params(s.end_date, day_counter, format_) output_file = 'malware_analyses_' + since_param_string + '_to_' + \ until_param_string + '.csv' with open(output_file,'wb') as fout: writer = csv.writer(fout) # TODO: Remove this once querying the fields related to a sample # Doesn't break TX, and fix all the things below fields = Malware._default_fields if (s.full_sample): fields += ['sample_size', 'sample'] results = Malware.objects( fields=fields, limit=1000, sample_type=s.sample_type, share_level=s.share_level, text=s.text, status=s.status, strict_text=s.strict_text, since=since_param_string, until=until_param_string, ) fields_list = [ MA.ID, MA.ADDED_ON, MA.CRX, MA.IMPHASH, MA.MD5, MA.PASSWORD, MA.PE_RICH_HEADER, MA.SAMPLE_TYPE, MA.SAMPLE_SIZE_COMPRESSED, MA.SHA1, MA.SHA256, MA.SHARE_LEVEL, MA.SSDEEP, MA.STATUS, MA.SUBMITTER_COUNT, MA.VICTIM_COUNT, MA.XPI, ] if (s.full_sample): fields_list += [ MA.SAMPLE, MA.SAMPLE_SIZE, ] # Headers writer.writerow(map(utils.convert_to_header,fields_list)) for result in results: writer.writerow( map(lambda x: utils.get_data_field(x, result), fields_list) )