1
2
3
4
5
6 import logging
7 import os.path
8 import subprocess
9
10 from lib.cuckoo.common.abstracts import Report
11 from lib.cuckoo.common.exceptions import CuckooProcessingError
12
13 log = logging.getLogger(__name__)
14
16 """Moloch reporting module."""
17
18 - def run(self, results):
19 self.moloch_capture = \
20 self.options.get("moloch_capture", "/data/moloch/bin/moloch-capture")
21 self.config_path = self.options.get("conf", "/data/moloch/etc/config.ini")
22 self.instance = self.options.get("instance", "cuckoo")
23
24 if not os.path.isfile(self.pcap_path):
25 log.warning("Unable to run Moloch as no pcap is available")
26 return
27
28 if not os.path.isfile(self.moloch_capture):
29 raise CuckooProcessingError("Unable to locate Moloch binary")
30
31 if not os.path.isfile(self.config_path):
32 raise CuckooProcessingError(
33 "Unable to locate Moloch configuration"
34 )
35
36 args = [
37 self.moloch_capture,
38 "-c", self.config_path,
39 "-r", self.pcap_path,
40 "-n", self.instance,
41 "-q",
42 ]
43
44 tags = {}
45 tags[self.instance] = self.task["id"]
46
47 if self.task["category"] == "file":
48
49 f = results.get("target", {}).get("file", {})
50 for field in ("md5", "sha1", "sha256", "sha512"):
51 if field in f:
52 tags[field] = f[field]
53
54
55 for variant in results.get("virustotal", {}).get("normalized", []):
56 tags["virustotal"] = variant
57
58 for key, value in tags.items():
59 args += [
60 "-t", "%s:%s" % (key, value),
61 ]
62
63 try:
64 subprocess.check_call(args)
65 except subprocess.CalledProcessError as e:
66 raise CuckooProcessingError(
67 "Error submitting PCAP to Moloch: %s" % e)
68