1
2
3
4
5
6 import json
7 import hashlib
8
9 try:
10 import requests
11 HAVE_REQUESTS = True
12 except ImportError:
13 HAVE_REQUESTS = False
14
15 from lib.cuckoo.common.abstracts import Report
16 from lib.cuckoo.common.exceptions import CuckooReportError
17 from lib.cuckoo.common.exceptions import CuckooOperationalError
18
20 """Notifies about finished analysis via Mattermost webhook."""
21
22 - def run(self, results):
23 if not HAVE_REQUESTS:
24 raise CuckooOperationalError(
25 "The Mattermost processing module requires the requests "
26 "library (install with `pip install requests`)"
27 )
28
29 sigs, urls = [], []
30 for sig in results.get("signatures", {}):
31 sigs.append(sig.get("name"))
32 if sig.get("name") == "network_http":
33 for http in sig.get("marks"):
34 urls.append(http.get("ioc"))
35
36 post = "Finished analyze ::: [{0}]({1}{0}) ::: ".format(
37 results.get("info").get("id"),
38 self.options.get("myurl")
39 )
40
41 filename = results.get("target").get("file").get("name")
42 if self.options.get("hash-filename"):
43 filename = hashlib.sha256(filename).hexdigest()
44
45 post += "File : {0} ::: Score : **{1}** ::: ".format(
46 filename, results.get("info").get("score")
47 )
48
49 if self.options.get("show-virustotal"):
50 post += "**VT : {0} / {1}**\n".format(
51 results.get("virustotal").get("positives"),
52 results.get("virustotal").get("total"),
53 )
54
55 if self.options.get("show-signatures"):
56 post += "**Signatures** ::: {0} \n".format(" : ".join(sigs))
57
58 if self.options.get("show-urls"):
59 post += "**URLS**\n`{0}`".format(
60 "\n".join(urls).replace(".", "[.]")
61 )
62
63 data = {
64 "username": self.options.get("username"),
65 "text": post,
66 }
67
68 headers = {"Content-Type": "application/json"}
69
70 try:
71 requests.post(
72 self.options.get("url"),
73 headers=headers,
74 data=json.dumps(data)
75 )
76 except Exception as e:
77 raise CuckooReportError(
78 "Failed posting message to Mattermost: %s" % e
79 )
80