def analyze(self, dict):
evil = dict
url = Url(
re.search("URL: (?P<url>\S+),", dict['description']).group('url'))
evil['id'] = md5.new(
re.search(r"id=(?P<id>[a-f0-9]+)",
dict['guid']).group('id')).hexdigest()
try:
date_string = re.search(r"\((?P<date>[0-9\-]+)\)",
dict['title']).group('date')
evil['date_added'] = datetime.datetime.strptime(
date_string, "%Y-%m-%d")
except AttributeError:
pass
try:
evil['status'] = re.search(r"status: (?P<status>[^,]+)",
dict['description']).group('status')
except Exception:
pass
url.add_evil(evil)
url.seen(first=evil['date_added'])
self.commit_to_db(url)
def analyze(self, line):
if line[0] == 'Number':
return
# split the entry into elements
Number, Status, CC, Host, Port, Protocol, ASN, Last_Updated, First_Seen, Last_Seen, First_Active, Last_Active, SBL, Abuse_Contact, Details = line
url = Url(url="{}://{}:{}".format(Protocol, Host, Port))
url['tags'] = ['asprox']
evil = {}
evil['status'] = Status
evil['cc'] = CC
evil['status'] = Status
evil['date_added'] = datetime.datetime.strptime(First_Seen, "%Y-%m-%d %H:%M:%S")
evil['last_seen'] = datetime.datetime.strptime(Last_Seen, "%Y-%m-%d %H:%M:%S") if Last_Seen else datetime.datetime.utcnow()
evil['sbl'] = SBL
evil['abuse_contact'] = Abuse_Contact
evil['description'] = Details if Details else "N/A"
evil['id'] = md5.new(First_Seen+Host).hexdigest()
evil['source'] = self.name
url.seen(first=evil['date_added'], last=evil['last_seen'])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
evil = dict
evil['date_added'] = datetime.datetime.strptime(dict['first_seen'], "%d-%m-%Y")
# url
evil['url'] = dict['url']
evil['id'] = md5.new(evil['url'] + dict['first_seen']).hexdigest()
evil['description'] = self.description
evil['source'] = self.name
url = Url(url=evil['url'], tags=[dict['malware']])
url.seen(first=evil['date_added'])
url.add_evil(evil)
self.commit_to_db(url)
# ip
evil['url'] = dict['ip']
evil['id'] = md5.new(evil['url'] + dict['first_seen']).hexdigest()
ip = Ip(ip=dict['ip'], tags=[dict['malware']])
ip.seen(first=evil['date_added'])
ip.add_evil(evil)
self.commit_to_db(ip)
def analyze(self, line):
if line[0] == 'Number':
return
Number,Status,CC,Host,Port,Protocol, ASN, Last_Updated, First_Seen, Last_Seen, First_Active, Last_Active, SBL, Abuse_Contact, Details = line # split the entry into elements
url = Url(url="{}://{}:{}".format(Protocol, Host, Port))
url['tags'] = ['asprox']
evil = {}
evil['status'] = Status
evil['cc'] = CC
evil['status'] = Status
print First_Seen
evil['date_added'] = datetime.datetime.strptime(First_Seen, "%Y-%m-%d %H:%M:%S")
print Last_Seen
evil['last_seen'] = datetime.datetime.strptime(Last_Seen, "%Y-%m-%d %H:%M:%S") if Last_Seen else datetime.datetime.utcnow()
evil['sbl'] = SBL
evil['abuse_contact'] = Abuse_Contact
evil['description'] = Details if Details else "N/A"
evil['id'] = md5.new(First_Seen+Host).hexdigest()
evil['source'] = self.name
url.seen(first=evil['date_added'], last=evil['last_seen'])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
# Create the new URL and store it in the DB
evil = dict
url = Url(url=re.search("Host: (?P<url>[^,]+),", dict['description']).group('url'))
evil['id'] = md5.new(dict['guid']).hexdigest()
url.add_evil(evil)
url.seen()
self.commit_to_db(url)
def analyze(self, dict):
# Create the new URL and store it in the DB
evil = dict
url = Url(url=re.search("Host: (?P<url>[^,]+),", dict['description']).group('url'))
evil['id'] = md5.new(dict['guid']).hexdigest()
url.add_evil(evil)
url.seen()
self.commit_to_db(url)
def analyze(self, dict):
evil = dict
evil['url'] = dict['url']
evil['id'] = md5.new(evil['url'] + 'HostsFileEXP').hexdigest()
evil['description'] = self.description
evil['source'] = self.name
url = Url(url=evil['url'])
url.seen()
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
evil = dict
evil['url'] = dict['url']
evil['id'] = md5.new('fumik0' + evil['url']).hexdigest()
evil['description'] = 'Mark by tracker.fumik0.com'
evil['source'] = self.name
url = Url(url=evil['url'])
url.seen()
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
g = re.match(r'^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$', dict['description'])
if g:
evil = g.groupdict()
evil['description'] = "N/A"
evil['link'] = dict['link']
try:
d = dict['description'].encode('UTF-8')
evil['id'] = md5.new(d).hexdigest()
evil['source'] = self.name
url = Url(url=evil['url'])
url.add_evil(evil)
url.seen()
self.commit_to_db(url)
except UnicodeError:
sys.stderr.write('error Unicode : %s' % dict['description'])
def analyze(self, dict):
g = re.match(r'^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$', dict['description'])
if g:
evil = g.groupdict()
evil['description'] = "N/A"
evil['link'] = dict['link']
try:
d = dict['description'].encode('UTF-8')
evil['id'] = md5.new(d).hexdigest()
evil['source'] = self.name
url = Url(url=evil['url'])
url.add_evil(evil)
url.seen()
self.commit_to_db(url)
except UnicodeError:
sys.stderr.write('error Unicode : %s' % dict['description'])
def analyze(self, dict):
try:
url = toolbox.find_urls(dict["title"])[0]
except Exception:
return # if no URL is found, bail
url = Url(url=url, tags=[dict["description"].lower()])
evil = {}
evil["description"] = "%s CC" % (dict["description"].lower())
evil["date_added"] = datetime.datetime.strptime(dict["pubDate"], "%d-%m-%Y")
evil["id"] = md5.new(dict["title"] + dict["pubDate"] + dict["description"]).hexdigest()
evil["source"] = self.name
url.seen(first=evil["date_added"])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
evil = {}
evil['description'] = dict['title']
try:
evil['date_added'] = datetime.datetime.strptime(dict['description'], "%d/%b/%Y")
except ValueError:
evil['date_added'] = datetime.datetime.strptime(dict['description'], "%b/%Y")
evil['source'] = self.name
# nasty hack because of utf-8 encoded strings
evil['id'] = md5.new(dict['title'].encode('utf-8').encode('hex') + dict['link'] + dict['description']).hexdigest()
url = Url(url=dict['link'], tags=[dict['title'].lower()])
url.seen(first=evil['date_added'])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
try:
url = toolbox.find_urls(dict['title'])[0]
except Exception:
return # if no URL is found, bail
url = Url(url=url, tags=['evil'])
evil = {}
dict['pubDate'] = dict['pubDate'].split('+')[0]
evil['description'] = "%s CC" % (dict['description'].lower())
evil['date_added'] = datetime.datetime.strptime(dict['pubDate'], "%a, %d %b %Y %X ")
evil['id'] = md5.new(dict['title']+dict['pubDate']+dict['description']).hexdigest()
evil['source'] = self.name
url.seen(first=evil['date_added'])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
g = re.match(
r"^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$",
dict["description"],
)
if g:
evil = g.groupdict()
evil["description"] = "N/A"
evil["link"] = dict["link"]
try:
d = dict["description"].encode("UTF-8")
evil["id"] = md5.new(d).hexdigest()
evil["source"] = self.name
url = Url(url=evil["url"])
url.add_evil(evil)
url.seen()
self.commit_to_db(url)
except UnicodeError:
sys.stderr.write("error Unicode : %s" % dict["description"])
def analyze(self, dict):
evil = {}
evil['description'] = dict['title']
try:
evil['date_added'] = datetime.datetime.strptime(
dict['description'], "%d/%b/%Y")
except ValueError:
evil['date_added'] = datetime.datetime.strptime(
dict['description'], "%b/%Y")
evil['source'] = self.name
# nasty hack because of utf-8 encoded strings
evil['id'] = md5.new(dict['title'].encode('utf-8').encode('hex') +
dict['link'] + dict['description']).hexdigest()
url = Url(url=dict['link'], tags=[dict['title'].lower()])
url.seen(first=evil['date_added'])
url.add_evil(evil)
self.commit_to_db(url)
def analyze(self, dict):
evil = dict
url = Url(re.search("URL: (?P<url>\S+),", dict["description"]).group("url"))
evil["id"] = md5.new(re.search(r"id=(?P<id>[a-f0-9]+)", dict["guid"]).group("id")).hexdigest()
try:
date_string = re.search(r"\((?P<date>[0-9\-]+)\)", dict["title"]).group("date")
evil["date_added"] = datetime.datetime.strptime(date_string, "%Y-%m-%d")
except AttributeError:
pass
try:
evil["status"] = re.search(r"status: (?P<status>[^,]+)", dict["description"]).group("status")
except Exception:
pass
url.add_evil(evil)
url.seen(first=evil["date_added"])
self.commit_to_db(url)
