def virustotal_passive(self, indicator, indicator_type): current_time = datetime.datetime.utcnow() scraper = VirusTotalScraper() scraper.run(indicator) passive = scraper.parse_passive() source = "VirusTotal" if passive: # Delete old entries before inserting new ones - not ideal solution but will work for now HostRecord.objects.filter(query_keyword=indicator, resolution_source=source).delete() if indicator_type == "ip": ip_location = geolocate_ip(indicator) HostRecord.objects.bulk_create([ HostRecord(domain_name=record[1], ip_address=indicator, ip_location=ip_location, resolution_date=record[0], resolution_source=source, query_keyword=indicator, query_date=current_time) for record in passive ]) elif indicator_type == "domain": HostRecord.objects.bulk_create([ HostRecord(domain_name=indicator, ip_address=record[1], ip_location=geolocate_ip(record[1]), resolution_date=record[0], resolution_source=source, query_keyword=indicator, query_date=current_time) for record in passive ])
def malware_samples(self, indicator, source): if source == "VTO": scraper = VirusTotalScraper() malware = scraper.get_malware(indicator) # elif source == "TEX": scraper = ThreatExpertScraper() malware = scraper.run(indicator) else: malware = [] for entry in malware: try: record_entry = IndicatorRecord(record_type="MR", info_source=source, info_date=entry['date'], info=OrderedDict({"md5": entry['md5'], "sha1": entry['sha1'], "sha256": entry['sha256'], "indicator": entry['C2'], "link": entry['link']})) record_entry.save() except Exception as e: print(e)
def malware_samples(indicator, record_source): record_type = RecordType.MR if record_source is RecordSource.VTO: scraper = VirusTotalScraper() malware = scraper.get_malware(indicator) elif record_source is RecordSource.TEX: scraper = ThreatExpertScraper() malware = scraper.run(indicator) else: malware = [] for entry in malware: try: date = entry['date'] info = OrderedDict({"md5": entry['md5'], "sha1": entry['sha1'], "sha256": entry['sha256'], "indicator": entry['C2'], "link": entry['link']}) save_record(record_type, record_source, info, date=date) except Exception: logger.exception("Error saving %s (%s) record from %s", record_type.name, record_type.title, record_source.title)
def virustotal_malware(self, indicator): current_time = datetime.datetime.utcnow() base_url = "https://www.virustotal.com/en/file/" scraper = VirusTotalScraper() scraper.run(indicator) malware = scraper.parse_malware() source = "VirusTotal" if malware: # Delete old entries before inserting new ones - not ideal solution but will work for now MalwareRecord.objects.filter(query_keyword=indicator, report_source=source).delete() MalwareRecord.objects.bulk_create([ MalwareRecord(submission_date=record[0], SHA256_value=record[1], report_link=base_url + str(record[1] + "/analysis"), report_source=source, query_keyword=indicator, query_date=current_time) for record in malware ])