def run(self): self.key = "mmbot" results = dict() ftype = File(self.file_path).get_type() if self.task["category"] == "file": if not HAVE_MMBOT: log.error( "MaliciousMacroBot not installed, 'pip3 install mmbot', aborting mmbot analysis." ) return results package = "" if "info" in self.results and "package" in self.results["info"]: package = self.results["info"]["package"] if (package not in ("doc", "ppt", "xls", "pub") and ("Zip archive data, at least v2.0" not in ftype or "Composite Document File V2 Document" not in ftype or "Microsoft OOXML" not in ftype)): return results opts = dict() opts['benign_path'] = self.options.get( "benign_path", os.path.join(CUCKOO_ROOT, "data", "mmbot", "benign")) opts['malicious_path'] = self.options.get( "malicious_path", os.path.join(CUCKOO_ROOT, "data", "mmbot", "malicious")) opts['model_path'] = self.options.get( "model_path", os.path.join(CUCKOO_ROOT, "data", "mmbot", "model")) try: mmb = MaliciousMacroBot(opts["benign_path"], opts["malicious_path"], opts["model_path"], retain_sample_contents=False) mmb.mmb_init_model(modelRebuild=False) predresult = mmb.mmb_predict(self.file_path) results = mmb.mmb_prediction_to_json(predresult)[0] if "malicious" in results["prediction"]: link_path = os.path.join(opts["malicious_path"], os.path.basename(self.file_path)) if not os.path.isfile(link_path): os.symlink(self.file_path, link_path) elif "benign" in results["prediction"]: link_path = os.path.join(opts["benign_path"], os.path.basename(self.file_path)) if not os.path.isfile(link_path): os.symlink(self.file_path, link_path) except Exception as xcpt: log.error("Failed to run mmbot processing: %s", xcpt) return results
def run(self, obj, config): mmb = MaliciousMacroBot() mmb.mmb_init_model() mmb.set_model_paths(benign_path=None, malicious_path=None, model_path=self.model) fc =(obj.filedata.read()) result = mmb.mmb_predict(fc, datatype='filecontents') json = mmb.mmb_prediction_to_json(result)[0] for k,v in json.iteritems(): if k == 'prediction': self._add_result("Prediction", v, {"name": k}) for k,v in json.iteritems(): if k != 'prediction': self._add_result("Features", v, {"name": k})
def run(self, obj, config): mmb = MaliciousMacroBot() mmb.mmb_init_model() mmb.set_model_paths(benign_path=None, malicious_path=None, model_path=self.model) f = tempfile.NamedTemporaryFile() f.write(obj.filedata.read()) result = mmb.mmb_predict(f.name, datatype='filepath') f.close() json = mmb.mmb_prediction_to_json(result)[0] for k, v in json.iteritems(): self._add_result("Prediction", k, {"value": v})
def test_mmb_predict_sample_on_disk(): """ Test ensures the mmb_predict function can make a prediction from a single sample on disk. """ resetTest() mmb = MaliciousMacroBot(benign_path, malicious_path, model_path, retain_sample_contents=False) result = mmb.mmb_init_model(modelRebuild=True) predresult = mmb.mmb_predict(origsample_path, datatype='filepath') predicted_label = predresult.iloc[0]['prediction'] logging.info('predicted label: {}'.format(predicted_label)) logging.info(mmb.mmb_prediction_to_json(predresult)) logging.info('predicted label: {}'.format(predicted_label)) assert (predicted_label == 'benign' or predicted_label == 'malicious')