def run(self): self.key = "tia" if self.task["category"] != "file": return None dictTIA = {'BitDefender': None, 'TrendMicro': None, 'Symantec': None, 'F-Secure': None, 'ESET-NOD32': None, 'DrWeb': None, 'Avira': None, 'AntiVir': None, 'Microsoft': None, 'Sophos': None, 'Panda': None, 'BitDefender': None, 'McAfee': None, 'ClamAV': None} key = self.options.get("key", None) if not key: raise CuckooProcessingError("TIA API key not configured, skip") response_data = "" queryStringPart = "" #print self.results["virustotal"]["results"] if "results" in self.results["virustotal"]: for entry in self.results["virustotal"]["results"]: if entry["sig"] != None: if entry["vendor"] in dictTIA: queryStringPart = combineTIAresults(queryStringPart, entry["vendor"], entry["sig"]) #print r.content if "ClamAV=" not in queryStringPart and self.results["target"]["file"].has_key("clamav") and self.results["target"]["file"]["clamav"]: queryStringPart = combineTIAresults(queryStringPart,"ClamAV",self.results["target"]["file"]["clamav"]) if queryStringPart != "": response_data = tia_request(queryStringPart, key) json_object = [] try: json_object = json.loads(response_data) except ValueError, e: raise CuckooProcessingError("TIA error processing combined JSON: " + response_data)
def run(self): """Run Google play unofficial python api the get the google play information @return: list of google play features """ self.key = "googleplay" googleplay = {} if ("file" not in self.task["category"]): return if ("apk" in choose_package( File(self.task["target"]).get_type(), File(self.task["target"]).get_name())): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) android_id = self.options.get("android_id", None) google_login = self.options.get("google_login", None) google_password = self.options.get("google_password", None) #auth_token = self.options.get("auth_token", None) if not (android_id or google_login or google_password): raise CuckooProcessingError( "Google Play Credentials not configured, skip") try: a = apk.APK(self.file_path) if a.is_valid_APK(): package = a.get_package() # Connect api = GooglePlayAPI(android_id) api.login(google_login, google_password, None) # Get the version code and the offer type from the app details app_data = api.details(package) app_detail = app_data.docV2.details.appDetails if (app_detail.installationSize == 0): return googleplay googleplay["title"] = app_detail.title googleplay["app_category"] = app_detail.appCategory._values googleplay["version_code"] = app_detail.versionCode googleplay["app_type"] = app_detail.appType googleplay["content_rating"] = app_detail.contentRating googleplay["developer_email"] = app_detail.developerEmail googleplay["developer_name"] = app_detail.developerName googleplay[ "developer_website"] = app_detail.developerWebsite googleplay[ "installation_size"] = app_detail.installationSize googleplay["num_downloads"] = app_detail.numDownloads googleplay["upload_date"] = app_detail.uploadDate googleplay["permissions"] = app_detail.permission._values except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return googleplay
def run(self): """Runs VirusTotal processing @return: full VirusTotal report. """ self.key = "virustotal" if not key: raise CuckooProcessingError( "VirusTotal API key not configured, skip") if processing_conf.virustotal.get("on_demand", False): log.debug("VT on_demand enabled, returning") return dict() target = False if self.task["category"] == "file" and do_file_lookup: target = self.file_path elif self.task["category"] == "url" and do_url_lookup: target = self.task["target"] else: # Not supported type, exit. return dict() vt_response = vt_lookup(self.task["category"], target) if "error" in vt_response: raise CuckooProcessingError(vt_response["msg"]) return vt_response
def run(self): """Runs VirusTotal processing @return: full VirusTotal report. """ self.key = "virustotal" apikey = self.options.get("key") timeout = int(self.options.get("timeout", 60)) self.scan = int(self.options.get("scan", 0)) if not apikey: raise CuckooProcessingError("VirusTotal API key not " "configured, skipping VirusTotal " "processing module.") self.vt = VirusTotalAPI(apikey, timeout) # Scan the original sample or URL. if self.task["category"] == "file": results = self.scan_file(self.file_path) elif self.task["category"] == "url": results = self.scan_url(self.task["target"]) else: raise CuckooProcessingError("Unsupported task category: %s" % self.task["category"]) # Scan any dropped files that have an interesting filetype. for row in self.results.get("dropped", []): if not self.should_scan_file(row["type"]): continue row["virustotal"] = self.scan_file(row["path"], summary=True) return results
def process_pcap_binary(self): """Process a PCAP file with Suricata by running Suricata. Using the socket mode is preferred as the plain binary mode requires Suricata to load all its rules for every PCAP file and thus takes a couple of performance heavy seconds to set itself up. """ if not os.path.isfile(self.suricata): raise CuckooProcessingError("Unable to locate Suricata binary") if not os.path.isfile(self.config_path): raise CuckooProcessingError( "Unable to locate Suricata configuration") args = [ self.suricata, "-c", self.config_path, "-k", "none", "-l", self.suricata_path, "-r", self.pcap_path, ] try: subprocess.check_call(args) except subprocess.CalledProcessError as e: raise CuckooProcessingError( "Suricata returned an error processing this pcap: %s" % e)
def run(self): """Run debug analysis. @return: debug information dict. """ self.key = "debug" debug = {"log": [], "cuckoo": [], "errors": []} if os.path.exists(self.log_path): try: f = codecs.open(self.log_path, "rb", "utf-8") debug["log"] = f.readlines() except ValueError as e: raise CuckooProcessingError("Error decoding %s: %s" % (self.log_path, e)) except (IOError, OSError) as e: raise CuckooProcessingError("Error opening %s: %s" % (self.log_path, e)) if os.path.exists(self.cuckoolog_path): debug["cuckoo"] = Logfile(self.cuckoolog_path) for error in Database().view_errors(int(self.task["id"])): debug["errors"].append(error.message) if os.path.exists(self.mitmerr_path): mitmerr = open(self.mitmerr_path, "rb").read() if mitmerr: debug["errors"].append(mitmerr) return debug
def run(self): """Run extract of printable strings. @return: list of printable strings. """ self.key = "strings" strings = [] if self.task["category"] in ("file", "static"): if not os.path.exists(self.file_path): raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path) try: data = open(self.file_path, "rb").read() except (IOError, OSError) as e: raise CuckooProcessingError("Error opening file %s" % e) nulltermonly = self.options.get("nullterminated_only", True) minchars = self.options.get("minchars", 5) endlimit = b"" if not HAVE_RE2: endlimit = b"8192" if nulltermonly: apat = b"([\x20-\x7e]{" + str(minchars).encode("utf-8") + b"," + endlimit + b"})\x00" upat = b"((?:[\x20-\x7e][\x00]){" + str(minchars).encode("utf-8") + b"," + endlimit + b"})\x00\x00" else: apat = b"[\x20-\x7e]{" + str(minchars).encode("utf-8") + b"," + endlimit + b"}" upat = b"(?:[\x20-\x7e][\x00]){" + str(minchars).encode("utf-8") + b"," + endlimit + b"}" strings = [bytes2str(string) for string in re.findall(apat, data)] for ws in re.findall(upat, data): strings.append(str(ws.decode("utf-16le"))) return strings
def run(self): """Run extract of printable strings. @return: list of printable strings. """ self.key = "strings" strings = [] if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) try: data = open(self.file_path, "rb").read() except (IOError, OSError) as e: raise CuckooProcessingError("Error opening file %s" % e) nulltermonly = self.options.get("nullterminated_only", True) minchars = self.options.get("minchars", 5) if nulltermonly: apat = "([\x20-\x7e]{" + str(minchars) + ",})\x00" upat = "((?:[\x20-\x7e][\x00]){" + str( minchars) + ",})\x00\x00" else: apat = "[\x20-\x7e]{" + str(minchars) + ",}" upat = "(?:[\x20-\x7e][\x00]){" + str(minchars) + ",}" strings = re.findall(apat, data) for ws in re.findall(upat, data): strings.append(str(ws.decode("utf-16le"))) return strings
def run(self): """Run androguard to extract static android information @return: list of static features """ self.key = "apkinfo" apkinfo = {} if "file" not in self.task["category"] or not HAVE_ANDROGUARD: return f = File(self.task["target"]) if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type(): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) try: a = APK(self.file_path) if a.is_valid_APK(): manifest = {} apkinfo["files"] = self._apk_files(a) manifest["package"] = a.get_package() # manifest["permissions"]=a.get_details_permissions_new() manifest["main_activity"] = a.get_main_activity() manifest["activities"] = a.get_activities() manifest["services"] = a.get_services() manifest["receivers"] = a.get_receivers() # manifest["receivers_actions"]=a.get__extended_receivers() manifest["providers"] = a.get_providers() manifest["libraries"] = a.get_libraries() apkinfo["manifest"] = manifest # apkinfo["certificate"] = a.get_certificate() static_calls = {} if self.check_size(apkinfo["files"]): vm = DalvikVMFormat(a.get_dex()) vmx = uVMAnalysis(vm) static_calls["all_methods"] = self.get_methods(vmx) static_calls[ "is_native_code"] = analysis.is_native_code(vmx) static_calls["is_dynamic_code"] = analysis.is_dyn_code( vmx) static_calls[ "is_reflection_code"] = analysis.is_reflection_code( vmx) # static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx) # static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx) # static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx) # static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx) # static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx) else: log.warning("Dex size bigger than: %s", self.options.decompilation_threshold) apkinfo["static_method_calls"] = static_calls except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return apkinfo
def run(self): """Runs VirusTotal processing @return: full VirusTotal report. """ self.key = "virustotal" virustotal = [] key = self.options.get("key", None) timeout = self.options.get("timeout", 60) if not key: raise CuckooProcessingError("VirusTotal API key not " "configured, skip") if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError( "File {0} not found, skipping it".format(self.file_path)) resource = File(self.file_path).get_md5() url = VIRUSTOTAL_FILE_URL elif self.task["category"] == "url": resource = self.task["target"] url = VIRUSTOTAL_URL_URL else: # Not supported type, exit. return virustotal data = urllib.urlencode({"resource": resource, "apikey": key}) try: request = urllib2.Request(url, data) response = urllib2.urlopen(request, timeout=int(timeout)) response_data = response.read() except urllib2.URLError as e: raise CuckooProcessingError("Unable to establish connection " "to VirusTotal: {0}".format(e)) except urllib2.HTTPError as e: raise CuckooProcessingError("Unable to perform HTTP request to " "VirusTotal " "(http code={0})".format(e.code)) try: virustotal = json.loads(response_data) except ValueError as e: raise CuckooProcessingError("Unable to convert response to " "JSON: {0}".format(e)) if "scans" in virustotal: items = virustotal["scans"].items() virustotal["scans"] = dict((engine.replace(".", "_"), signature) for engine, signature in items) return virustotal
def run(self, results): self.moloch_capture = \ self.options.get("moloch_capture", "/data/moloch/bin/moloch-capture") self.config_path = self.options.get("conf", "/data/moloch/etc/config.ini") self.instance = self.options.get("instance", "cuckoo") if not os.path.isfile(self.pcap_path): log.warning("Unable to run Moloch as no pcap is available") return if not os.path.isfile(self.moloch_capture): raise CuckooProcessingError("Unable to locate Moloch binary") if not os.path.isfile(self.config_path): raise CuckooProcessingError( "Unable to locate Moloch configuration") args = [ self.moloch_capture, "-c", self.config_path, "-r", self.pcap_path, "-n", self.instance, "-q", ] tags = {} tags[self.instance] = self.task["id"] if self.task["category"] == "file": # Tag file hashes. f = results.get("target", {}).get("file", {}) for field in ("md5", "sha1", "sha256", "sha512"): if field in f: tags[field] = f[field] # Tag normalized VirusTotal results. for variant in results.get("virustotal", {}).get("normalized", []): tags["virustotal"] = variant for key, value in tags.items(): args += [ "-t", "%s:%s" % (key, value), ] try: subprocess.check_call(args) except subprocess.CalledProcessError as e: raise CuckooProcessingError("Error submitting PCAP to Moloch: %s" % e)
def had_timeout(self): """ Test if the analysis had a timeout """ if os.path.exists(self.log_path): try: analysis_log = codecs.open(self.log_path, "rb", "utf-8").read() except ValueError as e: raise CuckooProcessingError("Error decoding %s: %s" % (self.log_path, e)) except (IOError, OSError) as e: raise CuckooProcessingError("Error opening %s: %s" % (self.log_path, e)) else: if "INFO: Analysis timeout hit, terminating analysis" in analysis_log: return True return False
def run(self): self.key = "reversinglabs" if not processing_conf.reversinglabs.key: raise CuckooProcessingError( "ReversingLabs API key not configured, skipping") if self.task["category"] not in ("file", "static"): return {} target = self.task["target"] log.debug(f"Looking up: {target}") reversing_labs_response = reversing_labs_lookup(target) if "error" in reversing_labs_response: raise CuckooProcessingError(reversing_labs_response["msg"]) return reversing_labs_response
def had_timeout(self): """Test if the analysis had a timeout""" if os.path.exists(self.log_path): try: with codecs.open(self.log_path, "rb", "utf-8") as f: analysis_log = f.read() if "INFO: Analysis timeout hit, terminating analysis" in analysis_log: return True except ValueError as e: raise CuckooProcessingError( f"Error decoding {self.log_path}: {e}") from e except (IOError, OSError) as e: raise CuckooProcessingError( f"Error opening {self.log_path}: {e}") from e return False
def run(self): """Run extract of printable strings. @return: list of printable strings. """ self.key = "droidmon" if ("file" not in self.task["category"]): return self.droidmon #if not("apk" in choose_package(File(self.task["target"]).get_type(),File(self.task["target"]).get_name())): # return api_calls_map results = {} log_path = self.logs_path + "/droidmon.log" if not os.path.exists(log_path): return results try: with open(log_path) as log_file: for line in log_file: try: api_call = json.loads(line) self.droidmon["raw"].append(self.keyCleaner(api_call)) call = api_call["class"] + "_" + api_call["method"] call = call.replace(".", "_") call = call.replace("$", "_") try: func = getattr(self, call) func(api_call) except Exception as e: self.droidmon["error"].append(e.message + " " + line) except Exception as e: log.error( CuckooProcessingError( "error parsing json line: %s" % line + " error" + e.message)) except Exception as e: raise CuckooProcessingError("Error opening file %s" % e) for key in self.droidmon.keys(): if len(self.droidmon[key]) > 0: if type(self.droidmon[key]) is list: results[key] = self.droidmon[key] else: results[key] = list(self.droidmon[key]) return results
def run(self): """Run analysis. @return: the number of engines that detected as a malware. """ self.key = "teamcymru" response = 'NO_DATA' if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError("File {0} not found, skip".format(self.file_path)) md5_hash = File(self.file_path).get_md5() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect(("hash.cymru.com", 43)) sock.send(md5_hash + "\r\n") while True: d = sock.recv(4096) response += d if d == '': break sock.close() response = response.split(" ")[2].split("\n")[0] if response != "NO_DATA": return "%s%%" % response else: return response
def run(self): self.key = "sysmon" # Determine oldest sysmon log and remove the rest lastlog = os.listdir("%s/sysmon/" % self.analysis_path) lastlog.sort() lastlog = lastlog[-1] # Leave only the most recent file for f in os.listdir("%s/sysmon/" % self.analysis_path): if f != lastlog: try: os.remove("%s/sysmon/%s" % (self.analysis_path, f)) except: log.error("Failed to remove sysmon file log %s" % f) os.rename("%s/sysmon/%s" % (self.analysis_path, lastlog), "%s/sysmon/sysmon.xml" % self.analysis_path) data = None try: xml = open("%s/sysmon/sysmon.xml" % self.analysis_path).read() xml = xml.decode("latin1").encode("utf8") data = xmltodict.parse(xml)["Events"]["Event"] except Exception as e: raise CuckooProcessingError("Failed parsing sysmon.xml: %s" % e.message) return self.remove_noise(data)
def run(self): self.key = "sysmon" # Determine oldest sysmon log and remove the rest lastlog = os.listdir("%s/sysmon/" % self.analysis_path) lastlog.sort() lastlog = lastlog[-1] # Leave only the most recent file for f in os.listdir("%s/sysmon/" % self.analysis_path): if f != lastlog: try: os.remove("%s/sysmon/%s" % (self.analysis_path, f)) except: log.error("Failed to remove sysmon file log %s" % f) os.rename("%s/sysmon/%s" % (self.analysis_path, lastlog), "%s/sysmon/sysmon.xml" % self.analysis_path) data = None try: tree = ET.parse("%s/sysmon/sysmon.xml" % self.analysis_path) root = tree.getroot() data = parseXmlToJson(root.attrib) except Exception as e: raise CuckooProcessingError( "Failed parsing sysmon.xml with ET: %s" % e.message) if root is False: return data = self.remove_noise(data) log.debug(data) return data
def do_strings(self): if self.voptions.basic.dostrings: try: data = open(self.memfile, "rb").read() except (IOError, OSError, MemoryError) as e: raise CuckooProcessingError(f"Error opening file {e}") nulltermonly = self.voptions.basic.get( "strings_nullterminated_only", True) minchars = str(self.voptions.basic.get("strings_minchars", 5)).encode() if nulltermonly: apat = b"([\x20-\x7e]{" + minchars + b",})\x00" upat = b"((?:[\x20-\x7e][\x00]){" + minchars + b",})\x00\x00" else: apat = b"[\x20-\x7e]{" + minchars + b",}" upat = b"(?:[\x20-\x7e][\x00]){" + minchars + b",}" strings = re.findall(apat, data) for ws in re.findall(upat, data): strings.append(ws.decode("utf-16le").encode()) f = open(f"{self.memfile}.strings", "wb") f.write(b"\n".join(strings)) f.close() return f"{self.memfile}.strings" return None
def run(self): """Run extract of trid output. @return: list of trid output. """ self.key = "trid" strings = [] if self.task["category"] in ("file", "static"): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: {}".format(self.file_path)) trid_binary = os.path.join(CUCKOO_ROOT, self.options.get("identifier", "trid/trid")) definitions = os.path.join( CUCKOO_ROOT, self.options.get("definitions", "trid/triddefs.trd")) try: output = subprocess.check_output( [trid_binary, "-d:%s" % definitions, self.file_path], stderr=subprocess.STDOUT, universal_newlines=True) strings = output.split("\n") # trim data strings = strings[6:-1] except subprocess.CalledProcessError: log.warning( "You need to configure your server to make TrID work properly") log.warning( "sudo rm -f /usr/lib/locale/locale-archive && sudo locale-gen --no-archive" ) return strings
def run(self): """Run extract of trid output. @return: list of trid output. """ self.key = "trid" strings = [] if self.task["category"] in ("file", "static"): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: {}".format(self.file_path)) trid_binary = os.path.join( CUCKOO_ROOT, self.options.get("identifier", "trid/trid")) definitions = os.path.join( CUCKOO_ROOT, self.options.get("definitions", "trid/triddefs.trd")) output = subprocess.check_output( [trid_binary, "-d:%s" % definitions, self.file_path], stderr=subprocess.STDOUT) strings = output.split('\n') # trim data strings = strings[6:-1] return strings
def run(self): """Run extract of trid output. @return: list of trid output. """ self.key = "trid" strings = [] if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) trid_binary = self.options.get("identifier", "/home/cuckoo/trid/trid") definitions = self.options.get("definitions", "/home/cuckoo/trid/triddefs.trd") output = subprocess.check_output( [trid_binary, "-d:%s" % definitions, self.file_path], stderr=subprocess.STDOUT) strings = output.split('\n') # trim data strings = strings[6:-1] return strings
def extract_strings(path, nulltermonly, minchars): strings = [] try: data = open(path, "rb").read() except (IOError, OSError) as e: raise CuckooProcessingError(f"Error opening file {e}") endlimit = b"" if not HAVE_RE2: endlimit = b"8192" if nulltermonly: apat = b"([\x20-\x7e]{" + str( minchars).encode() + b"," + endlimit + b"})\x00" upat = b"((?:[\x20-\x7e][\x00]){" + str( minchars).encode() + b"," + endlimit + b"})\x00\x00" else: apat = b"[\x20-\x7e]{" + str( minchars).encode() + b"," + endlimit + b"}" upat = b"(?:[\x20-\x7e][\x00]){" + str( minchars).encode() + b"," + endlimit + b"}" strings = [bytes2str(string) for string in re.findall(apat, data)] for ws in re.findall(upat, data): strings.append(str(ws.decode("utf-16le"))) return strings
def do_strings(self): strings_path = None if self.voptions.basic.dostrings: try: data = open(self.memfile, "rb").read() except (IOError, OSError) as e: raise CuckooProcessingError("Error opening file %s" % e) nulltermonly = self.voptions.basic.get( "strings_nullterminated_only", True) minchars = self.voptions.basic.get("strings_minchars", 5) if nulltermonly: apat = "([\x20-\x7e]{" + str(minchars) + ",})\x00" upat = "((?:[\x20-\x7e][\x00]){" + str( minchars) + ",})\x00\x00" else: apat = "[\x20-\x7e]{" + str(minchars) + ",}" upat = "(?:[\x20-\x7e][\x00]){" + str(minchars) + ",}" strings = re.findall(apat, data) for ws in re.findall(upat, data): strings.append(str(ws.decode("utf-16le"))) data = None f = open(self.memfile + ".strings", "w") f.write("\n".join(strings)) f.close()
def get_package(self): """ Get the actually used package name """ package = self.task["package"] if not package and os.path.exists(self.log_path): try: analysis_log = codecs.open(self.log_path, "rb", "utf-8").read() except ValueError as e: raise CuckooProcessingError("Error decoding %s: %s" % (self.log_path, e)) except (IOError, OSError) as e: raise CuckooProcessingError("Error opening %s: %s" % (self.log_path, e)) else: try: idx = analysis_log.index('INFO: Automatically selected analysis package "') package = analysis_log[idx + 47 :].split('"', 1)[0] except: pass return package
def combineTIAresults(responsedata, tmpString): if is_json(tmpString): if responsedata == "": responsedata = "[" + tmpString else: responsedata = responsedata + "," + tmpString else: CuckooProcessingError("TIA error processing JSON: " + tmpString) return responsedata
def process_pcap_socket(self): """Process a PCAP file with Suricata in socket mode.""" if not HAVE_SURICATASC: raise CuckooProcessingError( "Suricata has been configured to run in socket mode but " "suricatasc has not been installed, please re-install " "Suricata or SuricataSC") if not os.path.exists(self.socket): raise CuckooProcessingError( "Suricata has been configured to run in socket mode " "but the socket is unavailable") suri = suricatasc.SuricataSC(self.socket) try: suri.connect() except suricatasc.SuricataException as e: raise CuckooProcessingError("Error connecting to Suricata in " "socket mode: %s" % e) # Submit the PCAP file. ret = suri.send_command("pcap-file", { "filename": self.pcap_path, "output-dir": self.suricata_path, }) if not ret or ret["return"] != "OK": raise CuckooProcessingError( "Error submitting PCAP file to Suricata in socket mode, " "return value: %s" % ret) # TODO Should we add a timeout here? If we do so we should also add # timeout logic to the binary mode. while True: ret = suri.send_command("pcap-current") # When the pcap file has been processed the "current pcap" file # will be none. if ret and ret["message"] == "None": break time.sleep(1)
def tia_request(vendorQueryString, apikey): #performs HTTP GET against TIA API and returns results url = "https://threatintelligenceaggregator.org/api/v1/MultipleRequests/?" + vendorQueryString data = {"ApiKey": apikey} timeout = 60 try: r = requests.get(url, params=data, verify=True, timeout=timeout) #set verify=False to bypass certificate verification except requests.exceptions.RequestException as e: raise CuckooProcessingError("Unable to complete connection to TIA: {0}".format(e)) return r.content
def run(self): """Run extract of printable strings. @return: list of printable strings. """ self.key = "strings" strings = [] if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path) try: data = open(self.file_path, "r").read() except (IOError, OSError) as e: raise CuckooProcessingError("Error opening file %s" % e) strings = re.findall("[\x1f-\x7e]{6,}", data) strings += [str(ws.decode("utf-16le")) for ws in re.findall("(?:[\x1f-\x7e][\x00]){6,}", data)] return strings
def run(self): """Run debug analysis. @return: debug information dict. """ self.key = "debug" debug = {"log": "", "errors": []} if os.path.exists(self.log_path): try: debug["log"] = codecs.open(self.log_path, "rb", "utf-8").read() except ValueError as e: raise CuckooProcessingError(f"Error decoding {self.log_path}: {e}") except (IOError, OSError) as e: raise CuckooProcessingError(f"Error opening {self.log_path}: {e}") for error in Database().view_errors(int(self.task["id"])): debug["errors"].append(error.message) return debug