def run(md5s):
"""
Print the malware object for each md5 hash passed in.
:param md5s: A list of hashes
:type md5s: enumerable strs
"""
for md5 in md5s:
print Malware.objects(text=md5, strict_text=True, full_response=True)
def run(md5s):
"""
Print the malware object for each md5 hash passed in.
:param md5s: A list of hashes
:type md5s: enumerable strs
"""
for md5 in md5s:
print Malware.objects(text=md5, strict_text=True, full_response=True)
def run(md5s, output_dir):
print('Fetching %d MD5s' % len(md5s))
for md5 in md5s:
results = Malware.objects(text=md5, strict_text=True)
for result in results:
result.details()
try:
zipfilehandle = cStringIO.StringIO()
zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE)))
with zipfile.ZipFile(zipfilehandle, 'r') as zf:
for entry in zf.infolist():
if not os.path.exists(output_dir):
os.path.makedirs(output_dir)
with open(os.path.join(output_dir, entry.filename),
'w') as f:
print('Writing to %s' % entry.filename)
f.write(
zf.read(entry.filename,
result.get(m.PASSWORD)))
except Exception, e:
print str(e)
def import_object(request, type_, id_):
setup_access()
if type_ == "Threat Descriptors":
obj = ThreatDescriptor(id=id_)
obj.details(fields=[
f for f in ThreatDescriptor._default_fields
if f not in (td.PRIVACY_MEMBERS, td.METADATA)
])
itype = get_mapped_itype(obj.get(td.TYPE))
if itype is None:
return {
'success': False,
'message': "Descriptor type is not supported by CRITs"
}
ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE))
results = handle_indicator_ind(
obj.get(td.RAW_INDICATOR),
"ThreatExchange",
itype,
ithreat_type,
None,
request.user.username,
method="ThreatExchange Service",
reference="id: %s, owner: %s, share_level: %s" % (obj.get(
td.ID), obj.get(td.OWNER)['name'], obj.get(td.SHARE_LEVEL)),
add_domain=True,
add_relationship=True,
confidence=build_ci(obj.get(td.CONFIDENCE)),
description=obj.get(td.DESCRIPTION))
return results
elif type_ == "Malware Analyses":
obj = Malware(id=id_)
obj.details(
fields=[f for f in Malware._fields if f not in (m.METADATA)])
filename = obj.get(m.MD5)
try:
data = obj.rf
except:
data = None
results = handle_file(
filename,
data,
"ThreatExchange",
method="ThreatExchange Service",
reference="id: %s, share_level: %s" %
(obj.get(td.ID), obj.get(td.SHARE_LEVEL)),
user=request.user.username,
md5_digest=obj.get(m.MD5),
sha1_digest=obj.get(m.SHA1),
sha256_digest=obj.get(m.SHA256),
size=obj.get(m.SAMPLE_SIZE),
mimetype=obj.get(m.SAMPLE_TYPE),
)
return {'success': True, 'md5': results}
else:
return {'success': False, 'message': "Invalid Type"}
return {'success': True}
def malware_main(args):
"""
Call the /malware_analyses API endpoint and print the results.
:param args: Command line arguments
:type args: ArgumentParser
"""
malwares = Malware.objects(text=args.text, strict_text=args.strict_text, limit=args.limit,
since=args.since, until=args.until, dict_generator=True)
for malware in malwares:
sys.stdout.write(json.dumps(malware))
sys.stdout.write('\n')
def save_sample(malware_id, output_dir):
sample = Malware.details(id=malware_id, fields=VARIANT_SAMPLE_FIELDS)
if sample.get(m.SAMPLE) == '':
print 'No sample available for %s, skipping' % sample.get(m.ID)
try:
zipfilehandle = cStringIO.StringIO()
zipfilehandle.write(base64.b64decode(sample.get(m.SAMPLE)))
with zipfile.ZipFile(zipfilehandle, 'r') as zf:
for entry in zf.infolist():
if not os.path.exists(output_dir):
os.makedirs(output_dir)
with open(os.path.join(output_dir, sample.get(m.SHA1)), 'wb') as f:
print('Writing to %s' % sample.get(m.SHA1))
f.write(zf.read(entry.filename, sample.get(m.PASSWORD)))
except Exception, e:
print 'Error saving to file: %s' % str(e)
def run(md5s, output_dir):
print('Fetching %d MD5s' % len(md5s))
for md5 in md5s:
results = Malware.objects(text=md5, strict_text=True)
for result in results:
result.details()
try:
zipfilehandle = cStringIO.StringIO()
zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE)))
with zipfile.ZipFile(zipfilehandle, 'r') as zf:
for entry in zf.infolist():
if not os.path.exists(output_dir):
os.path.makedirs(output_dir)
with open(os.path.join(output_dir,
entry.filename), 'w') as f:
print('Writing to %s' % entry.filename)
f.write(zf.read(entry.filename,
result.get(m.PASSWORD)))
except Exception, e:
print str(e)
#!/usr/bin/env python from pytx import init from pytx import Malware md5s = [ '681f1b31baa671a81e4b803dbf8a9f10' ] app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
output_dir = 'out'
app_id = '<your-app-id>'
app_secret = '<your-app-secret>'
init(app_id, app_secret)
md5s = []
with open(input_md5s_filename) as f:
for l in f:
md5s.append(l.strip())
print('Fetching %d MD5s' % len(md5s))
for md5 in md5s:
results = Malware.objects(text=md5, strict_text=True)
for result in results:
result.details()
try:
zipfilehandle = cStringIO.StringIO()
zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE)))
with zipfile.ZipFile(zipfilehandle, 'r') as zf:
for entry in zf.infolist():
with open(os.path.join(output_dir, entry.filename),
'w') as f:
print('Writing to %s' % entry.filename)
f.write(zf.read(entry.filename,
result.get(m.PASSWORD)))
except Exception, e:
print str(e)
def main():
s = get_args()
format_ = '%d-%m-%Y'
for day_counter in range(s.days_back):
until_param, until_param_string, since_param, since_param_string = \
utils.get_time_params(s.end_date, day_counter, format_)
output_file = 'malware_analyses_' + since_param_string + '_to_' + \
until_param_string + '.csv'
with open(output_file, 'wb') as fout:
writer = csv.writer(fout)
# TODO: Remove this once querying the fields related to a sample
# Doesn't break TX, and fix all the things below
fields = Malware._default_fields
if (s.full_sample):
fields += ['sample_size', 'sample']
results = Malware.objects(
fields=fields,
limit=1000,
sample_type=s.sample_type,
share_level=s.share_level,
text=s.text,
status=s.status,
strict_text=s.strict_text,
since=since_param_string,
until=until_param_string,
)
fields_list = [
MA.ID,
MA.ADDED_ON,
MA.CRX,
MA.IMPHASH,
MA.MD5,
MA.PASSWORD,
MA.PE_RICH_HEADER,
MA.SAMPLE_TYPE,
MA.SAMPLE_SIZE_COMPRESSED,
MA.SHA1,
MA.SHA256,
MA.SHARE_LEVEL,
MA.SSDEEP,
MA.STATUS,
MA.SUBMITTER_COUNT,
MA.VICTIM_COUNT,
MA.XPI,
]
if (s.full_sample):
fields_list += [
MA.SAMPLE,
MA.SAMPLE_SIZE,
]
# Headers
writer.writerow(map(utils.convert_to_header, fields_list))
for result in results:
writer.writerow(
map(lambda x: utils.get_data_field(x, result),
fields_list))
#!/usr/bin/env python
from pytx import init
from pytx import Malware
md5s = ['681f1b31baa671a81e4b803dbf8a9f10']
app_id = '<your-app-id>'
app_secret = '<your-app-secret>'
init(app_id, app_secret)
for md5 in md5s:
print Malware.objects(text=md5, strict_text=True, full_response=True)
output_dir = 'out'
app_id = '<your-app-id>'
app_secret = '<your-app-secret>'
init(app_id, app_secret)
md5s = []
with open(input_md5s_filename) as f:
for l in f:
md5s.append(l.strip())
print('Fetching %d MD5s' % len(md5s))
for md5 in md5s:
results = Malware.objects(text=md5, strict_text=True)
for result in results:
result.details()
try:
zipfilehandle = cStringIO.StringIO()
zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE)))
with zipfile.ZipFile(zipfilehandle, 'r') as zf:
for entry in zf.infolist():
with open(os.path.join(output_dir,
entry.filename), 'w') as f:
print('Writing to %s' % entry.filename)
f.write(zf.read(entry.filename,
result.get(m.PASSWORD)))
except Exception, e:
print str(e)
def main():
s = get_args()
format_ = '%d-%m-%Y'
for day_counter in range(s.days_back):
until_param, until_param_string, since_param, since_param_string = \
utils.get_time_params(s.end_date, day_counter, format_)
output_file = 'malware_analyses_' + since_param_string + '_to_' + \
until_param_string + '.csv'
with open(output_file,'wb') as fout:
writer = csv.writer(fout)
# TODO: Remove this once querying the fields related to a sample
# Doesn't break TX, and fix all the things below
fields = Malware._default_fields
if (s.full_sample):
fields += ['sample_size', 'sample']
results = Malware.objects(
fields=fields,
limit=1000,
sample_type=s.sample_type,
share_level=s.share_level,
text=s.text,
status=s.status,
strict_text=s.strict_text,
since=since_param_string,
until=until_param_string,
)
fields_list = [
MA.ID,
MA.ADDED_ON,
MA.CRX,
MA.IMPHASH,
MA.MD5,
MA.PASSWORD,
MA.PE_RICH_HEADER,
MA.SAMPLE_TYPE,
MA.SAMPLE_SIZE_COMPRESSED,
MA.SHA1,
MA.SHA256,
MA.SHARE_LEVEL,
MA.SSDEEP,
MA.STATUS,
MA.SUBMITTER_COUNT,
MA.VICTIM_COUNT,
MA.XPI,
]
if (s.full_sample):
fields_list += [
MA.SAMPLE,
MA.SAMPLE_SIZE,
]
# Headers
writer.writerow(map(utils.convert_to_header,fields_list))
for result in results:
writer.writerow(
map(lambda x: utils.get_data_field(x, result), fields_list)
)
