malwr.py

## malwr.py
from dionaea.core import ihandler, incident, g_dionaea
import logging
import json
import uuid
import time
import sqlite3

logger 	= logging.getLogger('malwr')
logger.setLevel(logging.DEBUG)

class malwrreport:
	def __init__(self, md5, path, timestamp):
		self.md5 = md5
		self.path = path
		self.ts = timestamp

class handler(ihandler):
	def __init__(self, path):
		logger.info("%s ready!" % (self.__class__.__name__))
		ihandler.__init__(self, path)
		self.vconfig = g_dionaea.config()['modules']['python']['malwr']
		self.submit_url = self.vconfig['submit_url']
		self.api_key = self.vconfig['apikey']
		self.share = self.vconfig['shared']
		self.cookies = {}
		dbpath = self.vconfig['dbfile']
		self.dbh = sqlite3.connect(dbpath)
		self.cursor = self.dbh.cursor()
		self.cursor.execute("""
			CREATE TABLE IF NOT EXISTS submit (
				id INTEGER PRIMARY KEY,
				uuid TEXT NOT NULL,
				path TEXT NOT NULL,
				md5 TEXT NOT NULL,
				sha256 TEXT NOT NULL,
				submit_time TEXT NOT NULL
			);""")

	def handle_incident(self, icd):
		pass

	def handle_incident_dionaea_download_complete_unique(self, icd):
		cookie = str(uuid.uuid4())
		self.cookies[cookie] = malwrreport(icd.md5hash, icd.path, str(time.strftime("%Y-%m-%d :%H:%M:%S", time.localtime())))

		i = incident('dionaea.upload.request')
		i._url = self.submit_url
		i.shared = self.share
		i.api_key = self.api_key
		i.set('file://file', icd.path)
		i._callback = "dionaea.modules.python.malwr.file_submitted"
		i._userdata = cookie
		i.report()

	def handle_incident_dionaea_modules_python_malwr_file_submitted(self, icd):
		f = open(icd.path, mode='r')
		j = json.load(f)
		cookie = icd._userdata
		mreport = self.cookies[cookie]
		self.cursor.execute("""INSERT INTO submit (uuid, path, md5, sha256, submit_time) VALUES (?, ?, ?, ?, ?);""", (j['uuid'], mreport.path, mreport.md5, j['sha256'], mreport.ts))
		self.dbh.commit()

		i = incident("dionaea.modules.python.malwr.uuid")
		i.md5hash = mreport.md5
		i.uuid = j['uuid']
		i.report()

		del self.cookies[cookie]