def run(self, obj, config):
if isinstance(obj, RawData):
data = obj.data
elif isinstance(obj, Sample):
samp_data = obj.filedata.read()
data = make_ascii_strings(data=samp_data)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': "IP Address"}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': "Domain"}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': "Email"}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)
def run(self, obj, config):
if isinstance(obj, RawData):
data = obj.data
elif isinstance(obj, Sample):
samp_data = obj.filedata.read()
data = make_ascii_strings(data=samp_data)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': "IP Address"}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': "Domain"}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': "Email"}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)
def run(self, obj, config):
if isinstance(obj, Event):
data = obj.description
elif isinstance(obj, RawData):
data = obj.data
elif isinstance(obj, Sample):
samp_data = obj.filedata.read()
data = make_ascii_strings(data=samp_data)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': IndicatorTypes.IPV4_ADDRESS}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': IndicatorTypes.DOMAIN}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': IndicatorTypes.EMAIL_ADDRESS}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)
hashes = extract_hashes(data)
for hash_ in hashes:
type_ = hash_[0]
val = hash_[1]
tdict = {'Type': type_}
if type_ == IndicatorTypes.MD5:
id_ = Sample.objects(md5=val).only('id').first()
elif type_ == IndicatorTypes.SHA1:
id_ = Sample.objects(sha1=val).only('id').first()
elif type_ == IndicatorTypes.SHA256:
id_ = Sample.objects(sha256=val).only('id').first()
elif type_ == IndicatorTypes.SSDEEP:
id_ = Sample.objects(ssdeep=val).only('id').first()
else:
id_ = None
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Samples', val, tdict)
def strings(request, sample_md5):
"""
Generate strings for a sample. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param sample_md5: The MD5 of the sample to use.
:type sample_md5: str
:returns: :class:`django.http.HttpResponse`
"""
if request.is_ajax():
strings_data = make_ascii_strings(md5=sample_md5)
strings_data += make_unicode_strings(md5=sample_md5)
result = {"strings": strings_data}
return HttpResponse(json.dumps(result),
content_type="application/json")
else:
return render(request, 'error.html', {'error': "Expected AJAX."})
def strings(request, sample_md5):
"""
Generate strings for a sample. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param sample_md5: The MD5 of the sample to use.
:type sample_md5: str
:returns: :class:`django.http.HttpResponse`
"""
if request.is_ajax():
strings_data = make_ascii_strings(md5=sample_md5)
strings_data += make_unicode_strings(md5=sample_md5)
result = {"strings": strings_data}
return HttpResponse(json.dumps(result),
content_type="application/json")
else:
return render(request, 'error.html', {'error': "Expected AJAX."})
def xor(request, sample_md5):
"""
Generate xor results for a sample. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param sample_md5: The MD5 of the sample to use.
:type sample_md5: str
:returns: :class:`django.http.HttpResponse`
"""
if request.is_ajax():
key = request.GET.get('key')
key = int(key)
xor_data = xor_string(md5=sample_md5, key=key)
xor_data = make_ascii_strings(data=xor_data)
result = {"strings": xor_data}
return HttpResponse(json.dumps(result),
content_type="application/json")
else:
return render(request, 'error.html', {'error': "Expected AJAX."})
def xor(request,sample_md5):
"""
Generate xor results for a sample. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param sample_md5: The MD5 of the sample to use.
:type sample_md5: str
:returns: :class:`django.http.HttpResponse`
"""
if request.is_ajax():
key = request.GET.get('key')
key = int(key)
xor_data = xor_string(md5=sample_md5,
key=key)
xor_data = make_ascii_strings(data=xor_data)
result = {"strings": xor_data}
return HttpResponse(json.dumps(result),
content_type="application/json")
else:
return render(request, 'error.html', {'error': "Expected AJAX."})
def _scan(self, context):
if isinstance(context, RawDataContext):
raw_data = RawData.objects(id=context.identifier).first()
if not raw_data:
self._debug("Could not find raw data to parse.")
return
data = raw_data.data
elif isinstance(context, SampleContext):
data = make_ascii_strings(md5=context.identifier)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': "IP Address"}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': "Domain"}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': "Email"}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)
def _scan(self, context):
if isinstance(context, RawDataContext):
raw_data = RawData.objects(id=context.identifier).first()
if not raw_data:
self._debug("Could not find raw data to parse.")
return
data = raw_data.data
elif isinstance(context, SampleContext):
data = make_ascii_strings(md5=context.identifier)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {"Type": "IP Address"}
id_ = Indicator.objects(value=ip).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential IP Address", ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {"Type": "Domain"}
id_ = Indicator.objects(value=domain).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential Domains", domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {"Type": "Email"}
id_ = Indicator.objects(value=email).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential Emails", email, tdict)
