def malware_samples(indicator, record_source):
record_type = RecordType.MR
if record_source is RecordSource.VTO:
scraper = VirusTotalScraper()
malware = scraper.get_malware(indicator)
elif record_source is RecordSource.TEX:
scraper = ThreatExpertScraper()
malware = scraper.run(indicator)
else:
malware = []
for entry in malware:
try:
date = entry['date']
info = OrderedDict({"md5": entry['md5'],
"sha1": entry['sha1'],
"sha256": entry['sha256'],
"indicator": entry['C2'],
"link": entry['link']})
save_record(record_type, record_source, info, date=date)
except Exception:
logger.exception("Error saving %s (%s) record from %s",
record_type.name,
record_type.title,
record_source.title)
def passive_hosts(indicator, record_source):
record_type = RecordType.HR
if record_source is RecordSource.IID:
scraper = InternetIdentityScraper()
passive = scraper.run(indicator) # returns table of data rows {ip, domain, date, ip_location}
elif record_source is RecordSource.PTO:
api_key = settings.PASSIVE_TOTAL_API
collector = PassiveTotal(api_key, api_version="v1")
passive = collector.retrieve_data(indicator, "passive")
elif record_source is RecordSource.VTO:
scraper = VirusTotalScraper()
passive = scraper.get_passive(indicator) # returns table of data rows {ip, domain, date, ip_location}
else:
passive = {}
for entry in passive:
try:
date = entry['date']
info = OrderedDict({"geo_location": entry['ip_location'],
"ip": entry['ip'],
"domain": entry['domain']})
save_record(record_type, record_source, info, date=date)
except Exception:
logger.exception("Error saving %s (%s) record from %s",
record_type.name,
record_type.title,
record_source.title)
