def malcodebinaries_tasks():
mb = MalcodeBinaries("MalcodeBinaries")
mb.analytics = Analytics()
run = mb.update()
if run is None:
raise malcodebinaries_tasks.retry(countdown=60)
return run
def mdltracker_tasks():
mdl = MDLTracker("MDLTracker")
mdl.analytics = Analytics()
run = mdl.update()
if run is None:
raise mdliplist_tasks.retry(countdown=60)
return run
def mdlhosts_tasks():
mdl = MDLHosts("MDLHosts")
mdl.analytics = Analytics()
run = mdl.update()
if run is None:
raise mdlhosts_tasks.retry(countdown=60)
return run
def spyeyedropzones_tasks():
se = SpyEyeDropzones("SpyEyeDropzones")
se.analytics = Analytics()
run = se.update()
if run is None:
raise spyeyedropzones_tasks.retry(countdown=60)
return run
def suspiciousdomains_tasks():
sd = SuspiciousDomains("SuspiciousDomains")
sd.analytics = Analytics()
run = sd.update()
if run is None:
raise suspiciousdomains_tasks.retry(countdown=60)
return run
def torexitnodes_tasks():
ten = TorExitNodes("TorExitNodes")
ten.analytics = Analytics()
run = ten.update()
if run is None:
raise torexitnodes_tasks.retry(countdown=60)
return run
def palevotracker_tasks():
pt = PalevoTracker("PalevoTracker")
pt.analytics = Analytics()
run = pt.update()
if run is None:
raise palevotracker_tasks.retry(countdown=60)
return run
def siriurzvx_tasks():
su = SiriUrzVX("SiriUrzVX")
su.analytics = Analytics()
run = su.update()
if run is None:
raise siriurzvx_tasks.retry(countdown=60)
return run
def malwarepatrolvx_tasks():
mp = MalwarePatrolVX("MalwarePatrolVX")
mp.analytics = Analytics()
run = mp.update()
if run is None:
raise malwarepatrolvx_tasks.retry(countdown=60)
return run
def openblip_tasks():
oblip = OpenblIP("OpenblIP")
oblip.analytics = Analytics()
run = oblip.update()
if run is None:
raise openblip_tasks.retry(countdown=60)
return run
def dshield_as3215_tasks():
ds_as = DShield3215("DShield3215")
ds_as.analytics = Analytics()
run = ds_as.update()
if run is None:
raise dshield_as3215_tasks.retry(countdown=60)
return run
def spyeyecnc_tasks():
se = SpyEyeCnc("SpyEyeCnc")
se.analytics = Analytics()
run = se.update()
if run is None:
raise spyeyecnc_tasks.retry(countdown=60)
return run
def alienvault_tasks():
aip = AlienvaultIP("AlienvaultIP")
aip.analytics = Analytics()
run = aip.update()
if run is None:
raise alienvault_tasks.retry(countdown=60)
return run
def zeustrackerconfigs_tasks():
ztb = ZeusTrackerConfigs("ZeusTrackerConfigs")
ztb.analytics = Analytics()
run = ztb.update()
if run is None:
raise zeustrackerconfigs_tasks.retry(countdown=60)
return run
def zeustrackergameoverdomains_tasks():
ztb = ZeusGameOverDomains("ZeusGameOverDomains")
ztb.analytics = Analytics()
run = ztb.update()
if run is None:
raise zeustrackergameoverdomains_tasks.retry(countdown=60)
return run
#parser.add_argument("--no-feeds", help="Disable automatic feeding", action="store_true", default=app.config['NO_FEED'])
args = parser.parse_args()
os.system('clear')
Malcom.config['LISTEN_INTERFACE'] = args.interface
Malcom.config['LISTEN_PORT'] = args.port
Malcom.config['MAX_THREADS'] = args.max_threads
Malcom.config['PUBLIC'] = args.public
sys.stderr.write("===== Malcom %s - Malware Communications Analyzer =====\n\n" % Malcom.config['VERSION'])
sys.stderr.write("Detected interfaces:\n")
for iface in Malcom.config['IFACES']:
sys.stderr.write("%s:\t%s\n" % (iface, Malcom.config['IFACES'][iface]))
Malcom.analytics_engine = Analytics()
if args.tls_proxy_port:
Malcom.config['TLS_PROXY_PORT'] = args.tls_proxy_port
sys.stderr.write("Starting TLS proxy on port %s\n" % args.tls_proxy_port)
Malcom.tls_proxy = MalcomTLSProxy(args.tls_proxy_port)
Malcom.tls_proxy.start()
else:
Malcom.tls_proxy = None
sys.stderr.write("Importing feeds...\n")
Malcom.feed_engine = FeedEngine(Malcom.analytics_engine)
Malcom.feed_engine.load_feeds()
sys.stderr.write("Importing packet captures...\n")
# launch process
if setup['FEEDS_SCHEDULER']:
setup.feed_engine.scheduler = True
("Starting feed scheduler...\n")
else:
setup.feed_engine.scheduler = False
sys.stderr.write("[!] Feed scheduler must be started manually.\n")
setup.feed_engine.period = 1
setup.feed_engine.start()
# run analytics
if setup['ANALYTICS']:
sys.stderr.write("[+] Starting analytics engine...\n")
from Malcom.analytics.analytics import Analytics
setup.analytics_engine = Analytics(setup['MAX_WORKERS'], setup)
setup.analytics_engine.start()
if setup['WEB']:
from Malcom.web.webserver import MalcomWeb
setup.web = MalcomWeb(setup['AUTH'], setup['LISTEN_PORT'], setup['LISTEN_INTERFACE'], setup)
if setup['WEB']:
setup.web.start_server()
else:
try:
while True:
raw_input()
except KeyboardInterrupt, e:
pass