def run(self, obj, config): logger.debug("Scanning...") if obj.filedata.grid_id == None: self._info("No data to scan, skipping") return if config['distribution_url']: msg = { 'type': 'fileref', 'source': { 'type': 'crits', 'zip_password': '******', 'crits': { 'location': settings.INSTANCE_URL, 'object_type': obj._meta['crits_type'], 'object_id': str(obj.id), 'analysis_id': self.current_task.task_id, 'start_date': self.current_task.start_date, 'username': self.current_task.username, 'api_key': config['api_key'] } }, 'destination': { 'type': 'crits', 'crits': { 'location': settings.INSTANCE_URL, 'object_type': obj._meta['crits_type'], 'object_id': str(obj.id), 'analysis_id': self.current_task.task_id, 'start_date': self.current_task.start_date, 'username': self.current_task.username, 'api_key': config['api_key'] } }, 'config': { 'sigfiles': self.config['sigfiles'] } } exch = config['exchange'] routing_key = config['routing_key'] try: from crits.services.connector import Connector conn = Connector(connector="amqp", uri=config['distribution_url'], ssl=True) conn.send_msg(msg, exch, routing_key) conn.release() except Exception as e: self._error("Distribution error: %s" % e) return self._info("Submitted job to yara queue.") else: data = obj.filedata.read() sigsets = self._compile_rules(config['sigdir'], config['sigfiles']) for sigset in sigsets: logger.debug("Signature set name: %s" % sigset['name']) self._info("Scanning with %s" % sigset['name']) matches = sigset['rules'].match(data=data) for match in matches: strings = {} for s in match.strings: s_name = s[1] s_offset = s[0] try: s_data = s[2].decode('ascii') except UnicodeError: s_data = "Hex: " + binascii.hexlify(s[2]) s_key = "{0}-{1}".format(s_name, s_data) if s_key in strings: strings[s_key]['offset'].append(s_offset) else: strings[s_key] = { 'offset': [s_offset], 'name': s_name, 'data': s_data, } string_list = [] for key in strings: string_list.append(strings[key]) self._add_result(self.name, match.rule, {'strings': string_list}) self.current_task.finish()
def run(self, obj, config): logger.debug("Scanning...") if obj.filedata.grid_id == None: self._info("No data to scan, skipping") return if config['distribution_url']: msg = { 'source': { 'type': 'crits', 'crits': { 'zip_password': '******', 'location': settings.INSTANCE_URL, 'object_type': obj._meta['crits_type'], 'object_id': str(obj.id), 'analysis_id': self.current_task.task_id, 'start_date': self.current_task.start_date, 'username': self.current_task.username, 'api_key': config['api_key'] } }, 'destination': { 'type': 'crits', 'crits': { 'location': settings.INSTANCE_URL, 'object_type': obj._meta['crits_type'], 'object_id': str(obj.id), 'analysis_id': self.current_task.task_id, 'start_date': self.current_task.start_date, 'username': self.current_task.username, 'api_key': config['api_key'] } }, 'route': { 'yara': { 'route': {}, 'config': { 'sigfiles': self.config['sigfiles'] } } } } exch = config['exchange'] routing_key = config['routing_key'] try: from crits.services.connector import Connector conn = Connector(connector="amqp", uri=config['distribution_url'], ssl=True) conn.send_msg(msg, exch, routing_key) conn.release() except Exception as e: self._error("Distribution error: %s" % e) return self._info("Submitted job to yara queue.") else: data = obj.filedata.read() sigsets = self._compile_rules(config['sigdir'], config['sigfiles']) for sigset in sigsets: logger.debug("Signature set name: %s" % sigset['name']) self._info("Scanning with %s" % sigset['name']) matches = sigset['rules'].match(data=data) for match in matches: strings = {} for s in match.strings: s_name = s[1] s_offset = s[0] try: s_data = s[2].decode('ascii') except UnicodeError: s_data = "Hex: " + binascii.hexlify(s[2]) s_key = "{0}-{1}".format(s_name, s_data) if s_key in strings: strings[s_key]['offset'].append(s_offset) else: strings[s_key] = { 'offset': [s_offset], 'name': s_name, 'data': s_data, } string_list = [] for key in strings: string_list.append(strings[key]) self._add_result(self.name, match.rule, {'strings': string_list}) self.current_task.finish()
def run(self, obj, config): logger.debug("Scanning...") if obj.filedata.grid_id == None: self._info("No data to scan, skipping") return if config["distribution_url"]: msg = { "source": { "type": "crits", "crits": { "zip_password": "******", "location": settings.INSTANCE_URL, "object_type": obj._meta["crits_type"], "object_id": str(obj.id), "analysis_id": self.current_task.task_id, "start_date": self.current_task.start_date, "username": self.current_task.username, "api_key": config["api_key"], }, }, "destination": { "type": "crits", "crits": { "location": settings.INSTANCE_URL, "object_type": obj._meta["crits_type"], "object_id": str(obj.id), "analysis_id": self.current_task.task_id, "start_date": self.current_task.start_date, "username": self.current_task.username, "api_key": config["api_key"], }, }, "route": {"yara": {"route": {}, "config": {"sigfiles": self.config["sigfiles"]}}}, } exch = config["exchange"] routing_key = config["routing_key"] try: from crits.services.connector import Connector conn = Connector(connector="amqp", uri=config["distribution_url"], ssl=True) conn.send_msg(msg, exch, routing_key) conn.release() except Exception as e: self._error("Distribution error: %s" % e) return self._info("Submitted job to yara queue.") else: data = obj.filedata.read() sigsets = self._compile_rules(config["sigdir"], config["sigfiles"]) for sigset in sigsets: logger.debug("Signature set name: %s" % sigset["name"]) self._info("Scanning with %s" % sigset["name"]) matches = sigset["rules"].match(data=data) for match in matches: strings = {} for s in match.strings: s_name = s[1] s_offset = s[0] try: s_data = s[2].decode("ascii") except UnicodeError: s_data = "Hex: " + binascii.hexlify(s[2]) s_key = "{0}-{1}".format(s_name, s_data) if s_key in strings: strings[s_key]["offset"].append(s_offset) else: strings[s_key] = {"offset": [s_offset], "name": s_name, "data": s_data} string_list = [] for key in strings: string_list.append(strings[key]) self._add_result(self.name, match.rule, {"strings": string_list}) self.current_task.finish()