def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value target = target_info(report(task))['file'] response += CuckooHash(target['sha1'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value netw = network(report(task)) for d in netw['http']: response += Website(d['uri'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if "taskid" in request.fields: task = request.fields["taskid"] else: task = request.value files = behavior(report(task))["summary"]["files"] for d in files: response += CuckooOpenFile(d.decode("ascii"), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value reg = behavior(report(task))['summary']['keys'] for d in reg: response += Phrase(d.decode('ascii')) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value netw = network(report(task)) for d in netw['domains']: response += IPv4Address(d['ip'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value secs = static_results(report(task))['pe_sections'] for d in secs: response += Phrase(d['name'].decode('ascii')) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value files = behavior(report(task))['summary']['files'] for d in files: response += CuckooOpenFile(d.decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if "taskid" in request.fields: task = request.fields["taskid"] else: task = request.value netw = network(report(task)) for d in netw["http"]: response += Website(d["uri"].decode("ascii"), taskid=task) return response
def dotransform(request, response, config): fname = request.value if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value dropped = dropped_files(report(task)) for d in dropped: if d['name'] == fname: response += CuckooHash(d['md5'].decode('ascii')) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value target = target_info(report(task)) response += CuckooMalwareFilename(target['file']['name'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value processes = behavior(report(task))['processes'] for d in processes: response += CuckooProcess( d['process_name'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value dropped = dropped_files(report(task)) for d in dropped: response += CuckooDropped(d['name'].decode('ascii'), taskid=task, ftype=d['type']) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value target = target_info(report(task)) response += CuckooMalwareFilename( target['file']['name'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value netw = network(report(task)) for d in netw['domains']: response += IPv4Address( d['ip'].decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value mutexes = behavior(report(task))['summary']['mutexes'] for d in mutexes: response += CuckooMutex( d.decode('ascii'), taskid=task) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value dropped = dropped_files(report(task)) for d in dropped: response += CuckooDropped( d['name'].decode('ascii'), taskid=task, ftype=d['type']) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value csigz = cuckoo_sigs(report(task)) for d in csigz: response += CuckooSig( d['description'].decode('ascii'), taskid=task, ) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value secs = static_results(report(task))['peid_signatures'] if secs is None: pass else: for i in secs: response += Phrase(i) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value netw = network(report(task)) dns_lst = [] for d in netw['dns']: if d['request'] not in dns_lst: response += NSRecord(d['request'].decode('ascii'), taskid=task) dns_lst.append(d['request']) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value csigz = cuckoo_sigs(report(task)) for d in csigz: response += CuckooSig( d['description'].decode('ascii'), taskid = task, ) return response
def dotransform(request, response, config): if "taskid" in request.fields: task = request.fields["taskid"] else: task = request.value netw = network(report(task)) dns_lst = [] for d in netw["dns"]: if d["request"] not in dns_lst: response += NSRecord(d["request"].decode("ascii"), taskid=task) dns_lst.append(d["request"]) return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value ysigz = yara_sigs(report(task)) for d in ysigz: for k, v in d.iteritems(): if 'meta' in k: response += CuckooYara( v['description'].decode('ascii'), taskid=task, ) return response
def dotransform(request, response, config): if "taskid" in request.fields: task = request.fields["taskid"] else: task = request.value vt = vt_results(report(task)) if vt["response_code"] == 1: for k, v in vt["scans"].iteritems(): if None != v["result"]: value = k + " - " + v["result"] response += CuckooVT(value.decode("ascii"), taskid=task, vtlink=vt["permalink"]) else: pass return response
def dotransform(request, response, config): if 'taskid' in request.fields: task = request.fields['taskid'] else: task = request.value vt = vt_results(report(task)) if vt['response_code'] == 1: for k, v in vt['scans'].iteritems(): if None != v['result']: value = k + ' - ' + v['result'] response += CuckooVT(value.decode('ascii'), taskid=task, vtlink=vt['permalink']) else: pass return response