def upload(self, filePath, fileName, tags):
rawFile = open(filePath, 'rb')
log.debug(VIPER_URL_ADD % (self.host, self.port) + " file=" + fileName)
try:
form = MultiPartForm()
form.add_file('file', fileName, fileHandle=rawFile)
form.add_field('tags', tags)
request = urllib2.Request(VIPER_URL_ADD % (self.host, self.port))
body = str(form)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(body))
request.add_data(body)
response_data = urllib2.urlopen(request, timeout=60).read()
reponsejson = json.loads(response_data)
log.info("Submitted to Viper, message: %s", reponsejson["message"])
except urllib2.URLError as e:
raise Exception(
"Unable to establish connection to Viper REST API server: %s" %
e)
except urllib2.HTTPError as e:
raise Exception(
"Unable to perform HTTP request to Viper REST API server (http code=%s)"
% e)
except ValueError as e:
raise Exception("Unable to convert response to JSON: %s" % e)
if reponsejson["message"] != 'added':
raise Exception("Failed to store file in Viper: %s" %
reponsejson["message"])
def _upload(self, objfile):
upload = self.options.get("upload", None)
if not upload or not objfile.is_permittedType():
#No Upload, skip
return None
log.info("Upload file: %s" % objfile.get_fileMd5())
file_extension = '.' + objfile.file_extension()
fileName = objfile.get_fileMd5() + file_extension
rawFile = open(objfile.temp_file, 'rb')
try:
form = MultiPartForm()
form.add_file('file', fileName, fileHandle=rawFile)
form.add_field('apikey', self.apikey)
request = urllib2.Request(MALWARE_LU_URL_UPLOAD)
request.add_header('User-agent', 'Ragpicker')
body = str(form)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(body))
request.add_data(body)
response_data = urllib2.urlopen(request).read()
reponsejson = json.loads(response_data)
except urllib2.URLError as e:
raise Exception("Unable to establish connection to malware.lu: %s" % e)
except urllib2.HTTPError as e:
raise Exception("Unable to perform HTTP request to malware.lu (http code=%s)" % e)
except ValueError as e:
raise Exception("Unable to convert response to JSON: %s" % e)
return reponsejson
def upload(self, filePath, fileName, tags):
rawFile = open(filePath, 'rb')
log.debug(VXCAGE_URL_ADD % (self.host, self.port) + " file=" + fileName)
try:
form = MultiPartForm()
form.add_file('file', fileName, fileHandle=rawFile)
form.add_field('tags', tags)
request = urllib2.Request(VXCAGE_URL_ADD % (self.host, self.port))
body = str(form)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(body))
request.add_data(body)
response_data = urllib2.urlopen(request, timeout=60).read()
reponsejson = json.loads(response_data)
log.info("Submitted to vxcage, message: %s", reponsejson["message"])
except urllib2.URLError as e:
raise Exception("Unable to establish connection to VxCage REST API server: %s" % e)
except urllib2.HTTPError as e:
raise Exception("Unable to perform HTTP request to VxCage REST API server (http code=%s)" % e)
except ValueError as e:
raise Exception("Unable to convert response to JSON: %s" % e)
if reponsejson["message"] != 'added':
raise Exception("Failed to store file in VxCage: %s" % reponsejson["message"])
def run(self, objfile):
self.key = "CuckooSandbox"
self.score = -1
self.host = self.options.get("host")
self.port = self.options.get("port")
reponsejson = {}
if not self.host or not self.port:
raise Exception("Cuckoo REST API server not configurated")
if objfile.is_permittedType():
file_extension = '.' + objfile.file_extension()
fileName = objfile.get_fileMd5() + file_extension
rawFile = open(objfile.temp_file, 'rb')
log.debug(CUCKOO_TASK_CREATE_URL % (self.host, self.port) + " file=" + fileName)
try:
form = MultiPartForm()
form.add_file('file', fileName, fileHandle=rawFile)
request = urllib2.Request(CUCKOO_TASK_CREATE_URL % (self.host, self.port))
request.add_header('User-agent', 'Ragpicker')
body = str(form)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(body))
request.add_data(body)
data = urllib2.urlopen(request).read()
reponsejson = json.loads(data)
log.info("Submitted to cuckoo, task ID %s", reponsejson["task_id"])
except urllib2.URLError as e:
raise Exception("Unable to establish connection to Cuckoo REST API server: %s" % e)
except urllib2.HTTPError as e:
raise Exception("Unable to perform HTTP request to Cuckoo REST API server (http code=%s)" % e)
except ValueError as e:
raise Exception("Unable to convert response to JSON: %s" % e)
return reponsejson
def run(self, objfile):
self.key = "CuckooSandbox"
self.score = -1
self.host = self.options.get("host")
self.port = self.options.get("port")
reponsejson = {}
if not self.host or not self.port:
raise Exception("Cuckoo REST API server not configurated")
file_extension = '.' + objfile.file.file_extension()
fileName = objfile.file.get_fileMd5() + file_extension
rawFile = open(objfile.file.temp_file, 'rb')
log.debug(CUCKOO_TASK_CREATE_URL % (self.host, self.port) + " file=" + fileName)
try:
form = MultiPartForm()
form.add_file('file', fileName, fileHandle=rawFile)
request = urllib2.Request(CUCKOO_TASK_CREATE_URL % (self.host, self.port))
request.add_header('User-agent', 'Ragpicker')
body = str(form)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(body))
request.add_data(body)
data = urllib2.urlopen(request, timeout=60).read()
reponsejson = json.loads(data)
log.info("Submitted to cuckoo, task ID %s", reponsejson["task_id"])
except urllib2.URLError as e:
raise Exception("Unable to establish connection to Cuckoo REST API server: %s" % e)
except urllib2.HTTPError as e:
raise Exception("Unable to perform HTTP request to Cuckoo REST API server (http code=%s)" % e)
except ValueError as e:
raise Exception("Unable to convert response to JSON: %s" % e)
return reponsejson
def run(self, objfile):
self.key = "BlueCoatMAA"
self.score = -1
host = self.options.get("host")
port = self.options.get("port")
timeout = self.options.get("timeout", 120)
apikey = self.options.get("apikey")
owner = self.options.get("user")
https = self.options.get("https")
database = Database()
returnValue = {}
if not host or not port or not apikey or not owner:
raise Exception("BlueCoatMAA is not configured correctly")
try:
fileName = objfile.file.get_fileSha256()
file_data = objfile.file.file_data
message = MultiPartForm()
message.add_file_data('unused',
filename=fileName,
file_data=file_data,
mimetype='application/octet-stream')
message.add_field('owner', owner)
headers = {'Content-type': message.get_content_type()}
h = httplib2.Http()
protocol = "http"
if https:
protocol = "https"
h = httplib2.Http(".cache",
disable_ssl_certificate_validation=True)
response, content = h.request(
'%s://%s:%s/rapi/samples/basic?token=%s' %
(protocol, host, port, apikey),
"PUT",
body=message.toBlueCoatString(),
headers=headers)
if not "'status': '200'" in str(response):
log.error(str(content))
raise Exception(str(content))
data = json.loads(content)
sample_id = data['results'][0]['samples_sample_id']
log.info("%s upload as new sample_id %d" % (fileName, sample_id))
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
parameters = {}
parameters["sample_id"] = sample_id
parameters["env"] = 'ivm'
parameters["log_task"] = 1
parameters["tp_IVM.TIMEOUT"] = timeout
response, content = h.request('%s://%s:%s/rapi/tasks?token=%s' %
(protocol, host, port, apikey),
'PUT',
body=urllib.urlencode(parameters),
headers=headers)
if not "'status': '200'" in str(response):
log.error(str(content))
raise Exception(str(content))
data = json.loads(content)
task_id = data['results'][0]['tasks_task_id']
log.info("new task_id %d" % task_id)
returnValue = {"sample_id": sample_id, "task_id": task_id}
#Insert Task-State-Report
database.insertSandboxTaskStatus(
sandboxName=MAA_SANDBOX_NAME,
sha256=objfile.file.get_fileSha256(),
taskID=task_id,
sampleID=sample_id,
taskState=MAA_TASK_STATE_START)
except Exception as e:
raise Exception("Failed to send the file to the BlueCoatMAA: %s" %
e)
return returnValue
def run(self, objfile):
self.key = "BlueCoatMAA"
self.score = -1
host = self.options.get("host")
port = self.options.get("port")
timeout = self.options.get("timeout", 120)
apikey = self.options.get("apikey")
owner = self.options.get("user")
https = self.options.get("https")
database = Database()
returnValue = {}
if not host or not port or not apikey or not owner:
raise Exception("BlueCoatMAA is not configured correctly")
try:
fileName = objfile.file.get_fileSha256()
file_data = objfile.file.file_data
message = MultiPartForm()
message.add_file_data('unused', filename=fileName, file_data=file_data, mimetype='application/octet-stream')
message.add_field('owner', owner)
headers = {'Content-type': message.get_content_type()}
h = httplib2.Http()
protocol = "http"
if https:
protocol = "https"
h = httplib2.Http(".cache", disable_ssl_certificate_validation=True)
response, content = h.request('%s://%s:%s/rapi/samples/basic?token=%s' % (protocol, host, port, apikey), "PUT",
body=message.toBlueCoatString(), headers=headers)
if not "'status': '200'" in str(response) :
log.error(str(content))
raise Exception(str(content))
data = json.loads(content)
sample_id = data['results'][0]['samples_sample_id']
log.info("%s upload as new sample_id %d" % (fileName, sample_id))
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
parameters = {}
parameters["sample_id"] = sample_id
parameters["env"] = 'ivm'
parameters["log_task"] = 1
parameters["tp_IVM.TIMEOUT"] = timeout
response, content = h.request('%s://%s:%s/rapi/tasks?token=%s' % (protocol, host, port, apikey), 'PUT',
body=urllib.urlencode(parameters), headers=headers)
if not "'status': '200'" in str(response) :
log.error(str(content))
raise Exception(str(content))
data = json.loads(content)
task_id = data['results'][0]['tasks_task_id']
log.info("new task_id %d" % task_id)
returnValue = {"sample_id":sample_id, "task_id":task_id}
#Insert Task-State-Report
database.insertSandboxTaskStatus(sandboxName=MAA_SANDBOX_NAME, sha256=objfile.file.get_fileSha256(),
taskID=task_id, sampleID=sample_id, taskState=MAA_TASK_STATE_START)
except Exception as e:
raise Exception("Failed to send the file to the BlueCoatMAA: %s" % e)
return returnValue
