Пример #1
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    target = target_info(report(task))['file']
    response += CuckooHash(target['sha1'].decode('ascii'),
                           taskid=task)

    return response
Пример #2
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    secs = static_results(report(task))['pe_sections']
    for d in secs:
        response += Phrase(d['name'].decode('ascii'))

    return response
Пример #3
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    reg = behavior(report(task))['summary']['keys']
    for d in reg:
        response += Phrase(d.decode('ascii'))

    return response
def dotransform(request, response, config):

    if "taskid" in request.fields:
        task = request.fields["taskid"]
    else:
        task = request.value

    files = behavior(report(task))["summary"]["files"]
    for d in files:
        response += CuckooOpenFile(d.decode("ascii"), taskid=task)

    return response
Пример #5
0
def dotransform(request, response, config):

    if "taskid" in request.fields:
        task = request.fields["taskid"]
    else:
        task = request.value

    netw = network(report(task))
    for d in netw["http"]:
        response += Website(d["uri"].decode("ascii"), taskid=task)

    return response
Пример #6
0
def dotransform(request, response, config):
    fname = request.value
    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    dropped = dropped_files(report(task))
    for d in dropped:
        if d['name'] == fname:
            response += CuckooHash(d['md5'].decode('ascii'))

    return response
Пример #7
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    netw = network(report(task))
    for d in netw['domains']:
            response += IPv4Address(
                d['ip'].decode('ascii'),
                taskid=task)

    return response
Пример #8
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    mutexes = behavior(report(task))['summary']['mutexes']
    for d in mutexes:
        response += CuckooMutex(
                d.decode('ascii'),
                taskid=task)

    return response
Пример #9
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    processes = behavior(report(task))['processes']
    for d in processes:
        response += CuckooProcess(
                d['process_name'].decode('ascii'),
                taskid=task)

    return response
Пример #10
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    target = target_info(report(task))

    response += CuckooMalwareFilename(
                target['file']['name'].decode('ascii'),
                taskid=task)

    return response
Пример #11
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    secs = static_results(report(task))['peid_signatures']
    if secs is None:
        pass
    else:
        for i in secs:
            response += Phrase(i)

    return response
Пример #12
0
def dotransform(request, response, config):

    if "taskid" in request.fields:
        task = request.fields["taskid"]
    else:
        task = request.value

    netw = network(report(task))
    dns_lst = []
    for d in netw["dns"]:
        if d["request"] not in dns_lst:
            response += NSRecord(d["request"].decode("ascii"), taskid=task)
            dns_lst.append(d["request"])

    return response
Пример #13
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    dropped = dropped_files(report(task))
    for d in dropped:
            response += CuckooDropped(
                d['name'].decode('ascii'),
                taskid=task,
                ftype=d['type'])

    return response
Пример #14
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    csigz = cuckoo_sigs(report(task))
    for d in csigz:
        response += CuckooSig(
                d['description'].decode('ascii'),
                taskid = task,
        )

    return response
Пример #15
0
def dotransform(request, response, config):

    if "taskid" in request.fields:
        task = request.fields["taskid"]
    else:
        task = request.value

    vt = vt_results(report(task))
    if vt["response_code"] == 1:
        for k, v in vt["scans"].iteritems():
            if None != v["result"]:
                value = k + " - " + v["result"]
                response += CuckooVT(value.decode("ascii"), taskid=task, vtlink=vt["permalink"])
    else:
        pass

    return response
Пример #16
0
def dotransform(request, response, config):

    if 'taskid' in request.fields:
        task = request.fields['taskid']
    else:
        task = request.value

    ysigz = yara_sigs(report(task))
    for d in ysigz:
        for k, v in d.iteritems():
            if 'meta' in k:
                response += CuckooYara(
                    v['description'].decode('ascii'),
                    taskid=task,
                )

    return response