Dionaea: Malwr Module
from dionaea.core import ihandler, incident, g_dionaea | |
import logging | |
import json | |
import uuid | |
import time | |
import sqlite3 | |
logger = logging.getLogger('malwr') | |
logger.setLevel(logging.DEBUG) | |
class malwrreport: | |
def __init__(self, md5, path, timestamp): | |
self.md5 = md5 | |
self.path = path | |
self.ts = timestamp | |
class handler(ihandler): | |
def __init__(self, path): | |
logger.info("%s ready!" % (self.__class__.__name__)) | |
ihandler.__init__(self, path) | |
self.vconfig = g_dionaea.config()['modules']['python']['malwr'] | |
self.submit_url = self.vconfig['submit_url'] | |
self.api_key = self.vconfig['apikey'] | |
self.share = self.vconfig['shared'] | |
self.cookies = {} | |
dbpath = self.vconfig['dbfile'] | |
self.dbh = sqlite3.connect(dbpath) | |
self.cursor = self.dbh.cursor() | |
self.cursor.execute(""" | |
CREATE TABLE IF NOT EXISTS submit ( | |
id INTEGER PRIMARY KEY, | |
uuid TEXT NOT NULL, | |
path TEXT NOT NULL, | |
md5 TEXT NOT NULL, | |
sha256 TEXT NOT NULL, | |
submit_time TEXT NOT NULL | |
);""") | |
def handle_incident(self, icd): | |
pass | |
def handle_incident_dionaea_download_complete_unique(self, icd): | |
cookie = str(uuid.uuid4()) | |
self.cookies[cookie] = malwrreport(icd.md5hash, icd.path, str(time.strftime("%Y-%m-%d :%H:%M:%S", time.localtime()))) | |
i = incident('dionaea.upload.request') | |
i._url = self.submit_url | |
i.shared = self.share | |
i.api_key = self.api_key | |
i.set('file://file', icd.path) | |
i._callback = "dionaea.modules.python.malwr.file_submitted" | |
i._userdata = cookie | |
i.report() | |
def handle_incident_dionaea_modules_python_malwr_file_submitted(self, icd): | |
f = open(icd.path, mode='r') | |
j = json.load(f) | |
cookie = icd._userdata | |
mreport = self.cookies[cookie] | |
self.cursor.execute("""INSERT INTO submit (uuid, path, md5, sha256, submit_time) VALUES (?, ?, ?, ?, ?);""", (j['uuid'], mreport.path, mreport.md5, j['sha256'], mreport.ts)) | |
self.dbh.commit() | |
i = incident("dionaea.modules.python.malwr.uuid") | |
i.md5hash = mreport.md5 | |
i.uuid = j['uuid'] | |
i.report() | |
del self.cookies[cookie] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment