def run(md5s): """ Print the malware object for each md5 hash passed in. :param md5s: A list of hashes :type md5s: enumerable strs """ for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
def run(md5s, output_dir): print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): if not os.path.exists(output_dir): os.path.makedirs(output_dir) with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write( zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
def malware_main(args): """ Call the /malware_analyses API endpoint and print the results. :param args: Command line arguments :type args: ArgumentParser """ malwares = Malware.objects(text=args.text, strict_text=args.strict_text, limit=args.limit, since=args.since, until=args.until, dict_generator=True) for malware in malwares: sys.stdout.write(json.dumps(malware)) sys.stdout.write('\n')
def run(md5s, output_dir): print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): if not os.path.exists(output_dir): os.path.makedirs(output_dir) with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write(zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
#!/usr/bin/env python from pytx import init from pytx import Malware md5s = [ '681f1b31baa671a81e4b803dbf8a9f10' ] app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
output_dir = 'out' app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) md5s = [] with open(input_md5s_filename) as f: for l in f: md5s.append(l.strip()) print('Fetching %d MD5s' % len(md5s)) for md5 in md5s: results = Malware.objects(text=md5, strict_text=True) for result in results: result.details() try: zipfilehandle = cStringIO.StringIO() zipfilehandle.write(base64.b64decode(result.get(m.SAMPLE))) with zipfile.ZipFile(zipfilehandle, 'r') as zf: for entry in zf.infolist(): with open(os.path.join(output_dir, entry.filename), 'w') as f: print('Writing to %s' % entry.filename) f.write(zf.read(entry.filename, result.get(m.PASSWORD))) except Exception, e: print str(e)
def main(): s = get_args() format_ = '%d-%m-%Y' for day_counter in range(s.days_back): until_param, until_param_string, since_param, since_param_string = \ utils.get_time_params(s.end_date, day_counter, format_) output_file = 'malware_analyses_' + since_param_string + '_to_' + \ until_param_string + '.csv' with open(output_file, 'wb') as fout: writer = csv.writer(fout) # TODO: Remove this once querying the fields related to a sample # Doesn't break TX, and fix all the things below fields = Malware._default_fields if (s.full_sample): fields += ['sample_size', 'sample'] results = Malware.objects( fields=fields, limit=1000, sample_type=s.sample_type, share_level=s.share_level, text=s.text, status=s.status, strict_text=s.strict_text, since=since_param_string, until=until_param_string, ) fields_list = [ MA.ID, MA.ADDED_ON, MA.CRX, MA.IMPHASH, MA.MD5, MA.PASSWORD, MA.PE_RICH_HEADER, MA.SAMPLE_TYPE, MA.SAMPLE_SIZE_COMPRESSED, MA.SHA1, MA.SHA256, MA.SHARE_LEVEL, MA.SSDEEP, MA.STATUS, MA.SUBMITTER_COUNT, MA.VICTIM_COUNT, MA.XPI, ] if (s.full_sample): fields_list += [ MA.SAMPLE, MA.SAMPLE_SIZE, ] # Headers writer.writerow(map(utils.convert_to_header, fields_list)) for result in results: writer.writerow( map(lambda x: utils.get_data_field(x, result), fields_list))
#!/usr/bin/env python from pytx import init from pytx import Malware md5s = ['681f1b31baa671a81e4b803dbf8a9f10'] app_id = '<your-app-id>' app_secret = '<your-app-secret>' init(app_id, app_secret) for md5 in md5s: print Malware.objects(text=md5, strict_text=True, full_response=True)
def main(): s = get_args() format_ = '%d-%m-%Y' for day_counter in range(s.days_back): until_param, until_param_string, since_param, since_param_string = \ utils.get_time_params(s.end_date, day_counter, format_) output_file = 'malware_analyses_' + since_param_string + '_to_' + \ until_param_string + '.csv' with open(output_file,'wb') as fout: writer = csv.writer(fout) # TODO: Remove this once querying the fields related to a sample # Doesn't break TX, and fix all the things below fields = Malware._default_fields if (s.full_sample): fields += ['sample_size', 'sample'] results = Malware.objects( fields=fields, limit=1000, sample_type=s.sample_type, share_level=s.share_level, text=s.text, status=s.status, strict_text=s.strict_text, since=since_param_string, until=until_param_string, ) fields_list = [ MA.ID, MA.ADDED_ON, MA.CRX, MA.IMPHASH, MA.MD5, MA.PASSWORD, MA.PE_RICH_HEADER, MA.SAMPLE_TYPE, MA.SAMPLE_SIZE_COMPRESSED, MA.SHA1, MA.SHA256, MA.SHARE_LEVEL, MA.SSDEEP, MA.STATUS, MA.SUBMITTER_COUNT, MA.VICTIM_COUNT, MA.XPI, ] if (s.full_sample): fields_list += [ MA.SAMPLE, MA.SAMPLE_SIZE, ] # Headers writer.writerow(map(utils.convert_to_header,fields_list)) for result in results: writer.writerow( map(lambda x: utils.get_data_field(x, result), fields_list) )