def run(self):
self.key = "mmbot"
results = dict()
ftype = File(self.file_path).get_type()
if self.task["category"] == "file":
if not HAVE_MMBOT:
log.error(
"MaliciousMacroBot not installed, 'pip3 install mmbot', aborting mmbot analysis."
)
return results
package = ""
if "info" in self.results and "package" in self.results["info"]:
package = self.results["info"]["package"]
if (package not in ("doc", "ppt", "xls", "pub")
and ("Zip archive data, at least v2.0" not in ftype
or "Composite Document File V2 Document" not in ftype
or "Microsoft OOXML" not in ftype)):
return results
opts = dict()
opts['benign_path'] = self.options.get(
"benign_path",
os.path.join(CUCKOO_ROOT, "data", "mmbot", "benign"))
opts['malicious_path'] = self.options.get(
"malicious_path",
os.path.join(CUCKOO_ROOT, "data", "mmbot", "malicious"))
opts['model_path'] = self.options.get(
"model_path",
os.path.join(CUCKOO_ROOT, "data", "mmbot", "model"))
try:
mmb = MaliciousMacroBot(opts["benign_path"],
opts["malicious_path"],
opts["model_path"],
retain_sample_contents=False)
mmb.mmb_init_model(modelRebuild=False)
predresult = mmb.mmb_predict(self.file_path)
results = mmb.mmb_prediction_to_json(predresult)[0]
if "malicious" in results["prediction"]:
link_path = os.path.join(opts["malicious_path"],
os.path.basename(self.file_path))
if not os.path.isfile(link_path):
os.symlink(self.file_path, link_path)
elif "benign" in results["prediction"]:
link_path = os.path.join(opts["benign_path"],
os.path.basename(self.file_path))
if not os.path.isfile(link_path):
os.symlink(self.file_path, link_path)
except Exception as xcpt:
log.error("Failed to run mmbot processing: %s", xcpt)
return results
def run(self, obj, config):
mmb = MaliciousMacroBot()
mmb.mmb_init_model()
mmb.set_model_paths(benign_path=None, malicious_path=None, model_path=self.model)
fc =(obj.filedata.read())
result = mmb.mmb_predict(fc, datatype='filecontents')
json = mmb.mmb_prediction_to_json(result)[0]
for k,v in json.iteritems():
if k == 'prediction':
self._add_result("Prediction", v, {"name": k})
for k,v in json.iteritems():
if k != 'prediction':
self._add_result("Features", v, {"name": k})
def run(self, obj, config):
mmb = MaliciousMacroBot()
mmb.mmb_init_model()
mmb.set_model_paths(benign_path=None,
malicious_path=None,
model_path=self.model)
f = tempfile.NamedTemporaryFile()
f.write(obj.filedata.read())
result = mmb.mmb_predict(f.name, datatype='filepath')
f.close()
json = mmb.mmb_prediction_to_json(result)[0]
for k, v in json.iteritems():
self._add_result("Prediction", k, {"value": v})
def test_mmb_predict_sample_on_disk():
"""
Test ensures the mmb_predict function can make a prediction from a single sample on disk.
"""
resetTest()
mmb = MaliciousMacroBot(benign_path,
malicious_path,
model_path,
retain_sample_contents=False)
result = mmb.mmb_init_model(modelRebuild=True)
predresult = mmb.mmb_predict(origsample_path, datatype='filepath')
predicted_label = predresult.iloc[0]['prediction']
logging.info('predicted label: {}'.format(predicted_label))
logging.info(mmb.mmb_prediction_to_json(predresult))
logging.info('predicted label: {}'.format(predicted_label))
assert (predicted_label == 'benign' or predicted_label == 'malicious')
