diff --git a/conf/maldb.db b/conf/maldb.db index 6bdb826..8f4fcea 100644 Binary files a/conf/maldb.db and b/conf/maldb.db differ diff --git a/imports/colors.py b/imports/colors.py new file mode 100644 index 0000000..bc7b1d5 --- /dev/null +++ b/imports/colors.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +import os + +BOLD = '' +NORM = '' +PURPLE = '' +BLUE = '' +GREEN = '' +YELLOW = '' +RED = '' +WHITE = '' +MAGENTA = '' +UNDERLINE = '' + +if os.name is not 'nt': + PURPLE = '\033[95m' + BLUE = '\033[94m' + GREEN = '\033[92m' + YELLOW = '\033[93m' + RED = '\033[91m' + WHITE = '\033[0m' + MAGENTA = '\033[35m' + BOLD = '\033[01m' + UNDERLINE = '\033[04m' + + +def bold(str): + return BOLD + str + WHITE + +def underline(str): + return UNDERLINE + str + WHITE + +def purple(str): + return PURPLE + str + WHITE + +def blue(str): + return BLUE + str + WHITE + +def green(str): + return GREEN + str + WHITE + +def red(str): + return RED + str + WHITE + +def yellow(str): + return YELLOW + str + WHITE + +def white(str): + return WHITE + str + WHITE \ No newline at end of file diff --git a/imports/db_handler.py b/imports/db_handler.py index e128dd9..a6522a4 100644 --- a/imports/db_handler.py +++ b/imports/db_handler.py @@ -27,7 +27,10 @@ class DBHandler: def get_mal_tags(self): return [val[0] for val in self.cur.execute("SELECT DISTINCT TAGS From Malwares WHERE TAGS IS NOT NULL").fetchall()] - + + def get_mal_info(self, mid): + return self.cur.execute("SELECT TYPE, NAME, VERSION, AUTHOR, LANGUAGE, DATE, ARCHITECTURE, PLATFORM, TAGS From Malwares WHERE ID =" + str(mid)).fetchall() + def query(self, query, param=''): if globals.vars.DEBUG_LEVEL is 2: print locals() diff --git a/imports/eula_handler.py b/imports/eula_handler.py index 2893842..4319dcd 100644 --- a/imports/eula_handler.py +++ b/imports/eula_handler.py @@ -19,7 +19,7 @@ import sys import os from imports import globals - +from imports.colors import * class EULA: @@ -38,20 +38,19 @@ class EULA: def prompt_eula(self): globals.init() os.system('cls' if os.name == 'nt' else 'clear') - print globals.bcolors.RED - print '_____________________________________________________________________________' - print '| ATTENTION!!! ATTENTION!!! ATTENTION!!! |' - print '| ' + globals.vars.appname + ' v' + globals.vars.version + ' |' - print '|___________________________________________________________________________|' - print '|This program contains live and dangerous malware files |' - print '|This program is intended to be used only for malware analysis and research |' - print '|and by agreeing the EULA you agree to only use it for legal purposes and |' - print '|studying malware. |' - print '|You understand that these file are dangerous and should only be run on VMs |' - print '|you can control and know how to handle. Running them on a live system will |' - print '|infect you machines will live and dangerous malwares!. |' - print '|___________________________________________________________________________|' - print globals.bcolors.WHITE + notice = '_____________________________________________________________________________\n' + notice += '| ATTENTION!!! ATTENTION!!! ATTENTION!!! |\n' + notice += '| ' + globals.vars.appname + ' v' + globals.vars.version + ' |\n' + notice += '|___________________________________________________________________________|\n' + notice += '|This program contains live and dangerous malware files |\n' + notice += '|This program is intended to be used only for malware analysis and research |\n' + notice += '|and by agreeing the EULA you agree to only use it for legal purposes and |\n' + notice += '|studying malware. |\n' + notice += '|You understand that these file are dangerous and should only be run on VMs |\n' + notice += '|you can control and know how to handle. Running them on a live system will |\n' + notice += '|infect you machines will live and dangerous malwares!. |\n' + notice += '|___________________________________________________________________________|\n' + print red(notice) eula_answer = raw_input( 'Type YES in captial letters to accept this EULA.\n > ') if eula_answer == 'YES': diff --git a/imports/globals.py b/imports/globals.py index 6127f49..65b38e7 100644 --- a/imports/globals.py +++ b/imports/globals.py @@ -60,21 +60,6 @@ class Completer: return None ################################################################ -class bcolors: - PURPLE = '' - BLUE = '' - GREEN = '' - YELLOW = '' - RED = '' - WHITE = '' - if os.name is not 'nt': - PURPLE = '\033[95m' - BLUE = '\033[94m' - GREEN = '\033[92m' - YELLOW = '\033[93m' - RED = '\033[91m' - WHITE = '\033[0m' - class vars: version = "0.6.0 'Moat'" diff --git a/imports/manysearches.py b/imports/manysearches.py index 1b00140..81c9d28 100644 --- a/imports/manysearches.py +++ b/imports/manysearches.py @@ -1,7 +1,7 @@ from imports import globals from imports import db_handler from imports.prettytable import PrettyTable - +from imports.colors import * class MuchSearch(object): @@ -45,7 +45,7 @@ class MuchSearch(object): self.ar = self.db.query(self.prequery + self.query, [self.param]) self.print_payloads(self.ar) else: - print globals.bcolors.RED + "[!] " + globals.bcolors.WHITE + "Filter did not match any malware :(\n" + print red("[!]") + " Filter did not match any malware :(\n" return self.hits @@ -60,13 +60,11 @@ class MuchSearch(object): qlist.append(' ' + tmp + ' ') return "and".join(qlist) - def print_payloads(self, m, fields=["ID", "Type", "Language", "Architecture", "Platform", "Name"]): + def print_payloads(self, m, fields=["#", "Type", "Language", "Architecture", "Platform", "Name"]): table = PrettyTable(fields) - table.align["ID"] = "l" - table.align["Name"] = "l" + table.align = "l" for malware in m: table.add_row(malware) print table - print "\n" - print globals.bcolors.GREEN + "[+]" + globals.bcolors.WHITE + " Total records found: %s" % len(m) + print bold(green("[+]")) + " Total records found: %s" % len(m) + "\n" diff --git a/imports/terminal_handler.py b/imports/terminal_handler.py index 6cb335c..4d9a122 100644 --- a/imports/terminal_handler.py +++ b/imports/terminal_handler.py @@ -10,6 +10,7 @@ import globals from imports import manysearches from imports.update_handler import Updater from imports import db_handler +from imports.colors import * class Controller: @@ -21,6 +22,7 @@ class Controller: self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."), ("list all", "Lists all available modules"), ("use", "Selects a malware by ID"), + ("info", "Retreives information about malware"), ("get", "Downloads selected malware"), ("report-mal", "Report a malware you found"), ("update-db", "Updates the databse"), @@ -53,14 +55,12 @@ class Controller: g = self.currentmodule - 1 just_print = self.modules[g][int(globals.vars.column_for_name)] cmd = raw_input( - globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str( - just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip() + bold(green('mdb ')) + bold(blue(just_print)) + green('#> ')).strip() else: cmd = raw_input( - globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip() + bold(green('mdb ')) + green('#> ')).strip() except KeyboardInterrupt: - print globals.bcolors.BLUE + "\n\n[*]" + globals.bcolors.WHITE \ - + " Hope you enjoyed your visit at" + globals.bcolors.RED + " theZoo!" + globals.bcolors.WHITE + print bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!" exit() self.actOnCommand(cmd) @@ -85,7 +85,7 @@ class Controller: args = cmd.rsplit(' ')[1:] manySearch.sort(args) except: - print globals.bcolors.RED + '[!]' + globals.bcolors.WHITE + 'Uh oh, Invalid query.' + print red('[!]') + 'Uh oh, Invalid query.' return if cmd == 'exit': @@ -140,7 +140,7 @@ class Controller: try: update_handler.get_malware(self.currentmodule) except: - print globals.bcolors.RED + '[-] ' + globals.bcolors.WHITE + 'Error getting malware.' + print red('[-] ') + 'Error getting malware.' return # If used the 'use' command if re.match('^use', cmd): @@ -170,6 +170,15 @@ class Controller: i = i + 1 return + if cmd == 'info': + if self.currentmodule is None: + print red("[!] ") + "First select a malware using the \'use\' command" + return + m = self.db.get_mal_info(self.currentmodule) + manySearch = manysearches.MuchSearch() + manySearch.print_payloads(m, ["%", "Name", "Ver.", "Author", "Lang", "Date", "Arch.", "Plat.", "Tags"]) + return + if cmd == 'quit': print ":(" sys.exit(1) diff --git a/imports/update_handler.py b/imports/update_handler.py index d1102af..5ecffde 100644 --- a/imports/update_handler.py +++ b/imports/update_handler.py @@ -21,7 +21,7 @@ from os import remove, rename import urllib2 from imports import globals from imports import db_handler - +from imports.colors import * class Updater: @@ -51,11 +51,11 @@ class Updater: globals.vars.giturl_dl + globals.vars.maldb_ver_file) new_maldb_ver = response.read() if new_maldb_ver == curr_db_version: - print globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " theZoo is up to date :)\n" + globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " You are at " + new_maldb_ver + " which is the latest version." + print green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version." return - print globals.bcolors.RED + '[+]' + globals.bcolors.WHITE + " A newer version is available: " + new_maldb_ver + "!" - print globals.bcolors.RED + '[+]' + globals.bcolors.WHITE + " Updating..." + print red('[+]') + " A newer version is available: " + new_maldb_ver + "!" + print red('[+]') + " Updating..." # Get the new DB and update it @@ -84,7 +84,8 @@ class Updater: self.download_from_repo(loc, '.pass') self.download_from_repo(loc, '.md5') self.download_from_repo(loc, '.sha256') - + print bold(green("[+]")) + " Successfully downloaded a new friend.\n" + def download_from_repo(self, filepath, suffix=''): if globals.vars.DEBUG_LEVEL is 1: print locals() diff --git a/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.md5 b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.md5 new file mode 100644 index 0000000..f786a18 --- /dev/null +++ b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.md5 @@ -0,0 +1 @@ +8710ea46c2db18965a3f13c5fb7c5be8 Ransomware.Cryptowall.zip diff --git a/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.pass b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.pass new file mode 100644 index 0000000..cba4e8b --- /dev/null +++ b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.pass @@ -0,0 +1 @@ +infected diff --git a/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.sha256 b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.sha256 new file mode 100644 index 0000000..7d3e2fa --- /dev/null +++ b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.sha256 @@ -0,0 +1 @@ +60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e Ransomware.Cryptowall.zip diff --git a/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.zip b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.zip new file mode 100644 index 0000000..180fde2 Binary files /dev/null and b/malwares/Binaries/Ransomware.Cryptowall/Ransomware.Cryptowall.zip differ diff --git a/malwares/Binaries/Rustock/Rustock.md5 b/malwares/Binaries/Rustock/Rustock.md5 new file mode 100644 index 0000000..4df71bb --- /dev/null +++ b/malwares/Binaries/Rustock/Rustock.md5 @@ -0,0 +1 @@ +ca397168c14dd681ea47a5bd57ac4af4 Rustock.zip diff --git a/malwares/Binaries/Rustock/Rustock.pass b/malwares/Binaries/Rustock/Rustock.pass new file mode 100644 index 0000000..cba4e8b --- /dev/null +++ b/malwares/Binaries/Rustock/Rustock.pass @@ -0,0 +1 @@ +infected diff --git a/malwares/Binaries/Rustock/Rustock.sha256 b/malwares/Binaries/Rustock/Rustock.sha256 new file mode 100644 index 0000000..0cef7ab --- /dev/null +++ b/malwares/Binaries/Rustock/Rustock.sha256 @@ -0,0 +1 @@ +3c1b450bfde8cfb8d8f6d77fef7d24ec485c3d85151a8b4e6bf8f0f3981ea57d Rustock.zip diff --git a/malwares/Binaries/Rustock/Rustock.zip b/malwares/Binaries/Rustock/Rustock.zip new file mode 100644 index 0000000..457826b Binary files /dev/null and b/malwares/Binaries/Rustock/Rustock.zip differ diff --git a/malwares/Source/Original/Alina/Alina.md5 b/malwares/Source/Original/Alina/Alina.md5 new file mode 100644 index 0000000..1049307 --- /dev/null +++ b/malwares/Source/Original/Alina/Alina.md5 @@ -0,0 +1 @@ +9a70586af61caef844a0a9969b2d5c36 Alina.zip diff --git a/malwares/Source/Original/Alina/Alina.pass b/malwares/Source/Original/Alina/Alina.pass new file mode 100644 index 0000000..cba4e8b --- /dev/null +++ b/malwares/Source/Original/Alina/Alina.pass @@ -0,0 +1 @@ +infected diff --git a/malwares/Source/Original/Alina/Alina.sha256 b/malwares/Source/Original/Alina/Alina.sha256 new file mode 100644 index 0000000..5171622 --- /dev/null +++ b/malwares/Source/Original/Alina/Alina.sha256 @@ -0,0 +1 @@ +bc9c0d26872140b2ecb156ab065e02a85cf483e407be9aeeb66f701a7f9b3eb3 Alina.zip diff --git a/malwares/Source/Original/Alina/Alina.zip b/malwares/Source/Original/Alina/Alina.zip new file mode 100644 index 0000000..753c3b3 Binary files /dev/null and b/malwares/Source/Original/Alina/Alina.zip differ