def diario(plugin_name, project_id, resource_id, resource_type, document_hash):
result_status = PluginResultStatus.STARTED
result = {"is_document": False}
try:
if not (APP_ID and SECRET_KEY):
print("No App ID key...!")
result_status = PluginResultStatus.NO_API_KEY
else:
diariosdk = Diario(APP_ID, SECRET_KEY)
response = diariosdk.search(document_hash)
if response.data:
result = get_result(diariosdk, response.data)
result_status = PluginResultStatus.COMPLETED
else:
result_status = PluginResultStatus.RETURN_NONE
PluginManager.set_plugin_results(resource_id, plugin_name,
project_id, result, result_status)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
result = None
def check(data):
api = Diario('API - ID', 'API - SECRETS')
result = api.search(data[1])
if result.error is None:
return result.data
elif result.json['error']['code'] == 406:
api.upload(data[0])
result = {'prediction': 'U', 'status': 'Q', 'sha256': data[1]}
return result
else:
result = {'prediction': 'E'}
return result
def check(hash):
diario_id = '' [id diario]
diario_key = '' [api key]
#diario_id='iTQGd8PuHkVCCDEiZef9'# The MISP auth key can be found on the MISP web interface under the automation section
api = Diario(diario_id, diario_key)
#Poner aca las keys que obtengas en https://diario.elevenpaths.com)
result = api.search(hash)
print(result.data)
print(result.error)
if result.error is None:
return result.data
else:
res = {}
res['prediction'] = 'E'
return res
def diario(document_hash):
result = {"is_document": False}
try:
if not APP_ID:
print("No App ID key...!")
return None
if not SECRET_KEY:
print("No secret key...!")
return None
diariosdk = Diario(APP_ID, SECRET_KEY)
response = diariosdk.search(document_hash)
if response.data:
result = get_result(diariosdk, response.data)
except Exception as e:
tb1 = traceback.TracebackException.from_exception(e)
print("".join(tb1.format()))
result = None
return result
class DiarioAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param('config.service', None,
'Service parameter is missing')
self.client_id = self.get_param('config.client_id', None,
'Missing Client ID')
self.secret = self.get_param('config.secret', None, 'Missing Secret')
self.polling_interval = self.get_param('config.polling_interval', 60)
self.api = Diario(self.client_id, self.secret)
_predictions = {
"M": "Malware",
"G": "Goodware",
"NM": "No Macros present", # Only applies to office documents
"U": "Unknown"
}
_stages = {
"A": "Analyzed",
"Q": "Queued",
"P": "Processing",
"F": "Failed"
}
def check_response(self, document_hash):
response = self.api.search(document_hash)
if response.error:
if response.error.code == 413:
time.sleep(self.polling_interval)
return self.check_response(document_hash)
elif response.error.code in (406, 409):
return dict(message=response.error.message)
else:
self.error(response.error)
if response.data["status"] in ("P", "Q"):
time.sleep(self.polling_interval)
return self.check_response(document_hash)
elif response.data["status"] == "F":
self.error(response.data)
data = response.data
data["prediction"] = self._predictions.get(data["prediction"])
data["status"] = self._stages.get(data["status"])
return dict(data)
def summary(self, raw):
taxonomies = []
level = "info"
namespace = "Diario"
predicate = "GetReport"
value = "Not Found"
if self.service == "scan":
predicate = "Scan"
verdicts = {
"Goodware": "safe",
"Malware": "malicious",
"Unknown": "suspicious",
"No Macros present": "info",
}
if "sha256" in raw:
value = raw["prediction"]
level = verdicts.get(value)
taxonomies.append(
self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
def run(self):
if self.service == "scan":
if self.data_type == "file":
filepath = self.get_param('file', None, 'File is missing')
response = self.api.upload(filepath)
if response.error:
self.error(response.error["message"])
data = response.data.get("hash", None)
else:
self.error("Data type has to be a File")
return
elif self.service == "get":
# If we want to only get the report of a file we get the
# SHA256 hash and check if there is a report
if self.data_type == "file":
filepath = self.get_param('file', None, 'File is missing')
sha256_hash = hashlib.sha256()
with open(filepath, "rb") as f:
# Read and update hash string value in blocks of 4K
for byte_block in iter(lambda: f.read(4096), b""):
sha256_hash.update(byte_block)
data = sha256_hash.hexdigest()
elif self.data_type == "hash":
data = self.get_param('data', None, 'Data is missing')
else:
self.error("Data type has to be a File or Hash")
return
else:
self.error("Service doesn't exists")
return
self.report(self.check_response(data))