def run(self):
mwdb = mwdblib.MWDB(api_key=self.__api_key)
binary = get_binary(self.job_id)
query = str(hashlib.sha256(binary).hexdigest())
if self.upload_file:
logger.info(f"mwdb_scan uploading sample: {self.md5}")
file_object = mwdb.upload_file(query, binary)
file_object.flush()
for _try in range(self.max_tries):
logger.info(
f"mwdb_scan sample: {self.md5} polling for result try #{_try + 1}"
)
time.sleep(self.poll_distance)
file_info = mwdb.query_file(file_object.data["id"])
if self.file_analysis(file_info):
break
if not self.file_analysis(file_info):
raise AnalyzerRunException("max retry attempts exceeded")
else:
try:
file_info = mwdb.query_file(query)
except Exception:
raise AnalyzerRunException(
"File not found in the MWDB. Set 'upload_file=true' "
"if you want to upload and poll results. ")
result = {"data": file_info.data, "metakeys": file_info.metakeys}
result["permalink"] = f"https://mwdb.cert.pl/file/{query}"
return result
def run(self):
mwdb = mwdblib.MWDB(api_key=self.__api_key)
result = {}
try:
file_info = mwdb.query_file(self.observable_name)
except mwdblib.exc.ObjectNotFoundError:
result["not_found"] = True
except Exception as exc:
logger.exception(exc)
self.report.errors.append(str(exc))
result["not_found"] = True
else:
result["data"]: file_info.data
result["metakeys"]: file_info.metakeys
result[
"permalink"] = f"https://mwdb.cert.pl/file/{self.observable_name}"
return result
def run(self):
result = {}
binary = self.read_file_bytes()
query = str(hashlib.sha256(binary).hexdigest())
self.mwdb = mwdblib.MWDB(api_key=self.__api_key)
if self.upload_file:
logger.info(f"mwdb_scan uploading sample: {self.md5}")
file_object = self.mwdb.upload_file(query,
binary,
private=self.private,
public=self.public)
file_object.flush()
for _try in range(self.max_tries):
logger.info(
f"mwdb_scan sample: {self.md5} polling for result try #{_try + 1}"
)
time.sleep(self.poll_distance)
file_info = self.mwdb.query_file(file_object.data["id"])
if self.file_analysis(file_info):
break
if not self.file_analysis(file_info):
raise AnalyzerRunException("max retry attempts exceeded")
else:
try:
file_info = self.mwdb.query_file(query)
except HTTPError:
result["not_found"] = True
return result
else:
result["not_found"] = False
# adding information about the children and parents
self.adjust_relations(file_info.data, "parents", True)
self.adjust_relations(file_info.data, "children", True)
result.update(
data=file_info.data,
permalink=f"https://mwdb.cert.pl/file/{query}",
)
return result
help="The path to store masscan pcap file.",
default="cnc.pcap",
type=str)
args = parser.parse_args()
secret = args.secret
masscan_path = args.masscan
masscan_rate = args.masscan_rate
masscan_pcap = args.masscan_pcap
cutoff_hours = args.cutoff
scan_interval = args.scan_interval
include_ports = args.port
out_path = args.out
mwdb = mwdblib.MWDB(api_url=args.mwdb_url,
api_key=secret,
retry_on_downtime=True,
max_downtime_retries=10,
downtime_timeout=20)
last_id = None
if args.checkpoint:
try:
with open(args.checkpoint, "r") as f:
last_id = f.read().strip()
print("Found checkpoint, resuming from {}".format(last_id))
except IOError:
print("Checkpoint file not found")
pass
cncs = []
while True: