malware-analysis/theZoo
1
0
Fork 0
mirror of https://github.com/ytisf/theZoo.git synced 2026-02-21 11:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrading to 0.6.0

Browse Source
This commit is contained in:
Sheksa
2014-12-13 21:52:35 +02:00
parent 0a34194d69
commit 0e96c3c169
32 changed files with 388 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@@ -42,7 +42,7 @@ Since version 0.42 theZoo have been going dramatic changes. It now runs in both
The current default state of theZoo runtime is the CLI which is inspired by MSF. The following files and directories are responsible for the application's behaviour.
### /conf
The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf, the current database version, the CSV index file and more.
The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.
### /imports
Contains .py and .pyc import files used by the rest of the application
### /malwares
@@ -52,17 +52,17 @@ Since mdbv0.2 is stable for the command line arguments (where as of 0.42 we are
## Directory Structure:
Each directory is composed of 5 files:
Each directory is composed of 4 files:
- Malware files in an encrypted ZIP archive.
- SHA256 sum of the 1st file.
- MD5 sum of the 1st file.
- Password file for the archive.
- index.log file for the indexer.
## Structure of index.csv
The main index.csv is the DB which you will look in to find malwares indexed on your drive. We use the , charachter as the delimiter to our CSVs.
The structure is al follows:
## Structure of maldb.db
maldb.db is the DB which theZoo is acting upon to find malwares indexed on your drive.
The structure is as follows:
uid,location,type,name,version,author,language,date
@@ -87,13 +87,19 @@ Bugs and Reports
The repository holding all files is currently
https://github.com/ytisf/theZoo
##Change Log for v0.50:
## Change Log for v0.60:
- [x] Moved DB to SQLite3.
- [x] Searching overhaul to a freestyle fashion.
- [x] Fixed "get" command.
- [x] More & more malwares.
## Change Log for v0.50:
- [x] Better and easier UI.
- [x] Aligned printing of malwares.
- [x] Command line arguments are now working.
- [x] Added 10 more malwares (cool ones) to the DB.
##Change Log for v0.42:
## Change Log for v0.42:
- [x] Fix EULA for proper disclaimer.
- [x] More precise searching and indexing including platform and more.
- [x] Added 10 new malwares.
@@ -113,7 +119,7 @@ The repository holding all files is currently
- [X] More documentation has been added.
- [X] Removed debugging function which were dead in the code.
##Predicted Change Log for v1.0
## Predicted Change Log for v1.0
- [ ] Fix auto-complete for malware frameworks.
- [ ] Better UI features.
- [ ] Consider changing DB to XML or SQLite3.

69
conf/index.csv
View File

@@ -1,69 +0,0 @@
1,Source/Original/Dokan_Dec2008/Dokan_Dec2008,botnet,Dokan,unknown,unknown,c,00/12/2008,x86,win32,0
3,Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007,botnet,ShadowBot,3,unknown,cpp,<EFBFBD><EFBFBD><EFBFBD>-07,x86,win32,0
4,Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004,botnet,rBot,0.3.3,unknown,cpp,00/05/2004,x86,win32,0
5,Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013,botnet,ZeuS,2.0.8.9,unknown,c,<EFBFBD><EFBFBD><EFBFBD>-13,x86,win32,1
6,Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009,virus,X0R-USB-Virus,unknown,unknown,c,00/01/2009,x86,win32,0
7,Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008,botnet,LoexBot,1.3,unknown,cpp,00/09/2008,x86,win32,0
8,Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007,botnet,ZunkerBot,1.4.5,unknown,php,<EFBFBD><EFBFBD><EFBFBD>-07,x86,win32,0
9,Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,00/02/2007,x86,win32,0
10,Source/Original/vbBot_Jan2007/vbBot_Jan2007,botnet,vbBot,unknown,unknown,vb,<EFBFBD><EFBFBD><EFBFBD>-07,x86,win32,0
11,Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002,botnet,xTBot,0.0.2,unknown,cpp,<EFBFBD><EFBFBD><EFBFBD>-02,x86,win32,0
12,Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian,VBS-Worm,VBS.Win32.Vabian,botnet,unknown,vb,unknown,x86,win32,0
13,Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007,botnet,DopeBot-Crippled,0.22,unknown,cpp,00/02/2007,x86,win32,0
14,Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006,Worm,Win32.MiniPig,virus,unknown,c,00/11/2006,x86,win32,0
15,Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005,botnet,Hellbot,3,unknown,cpp,00/06/2005,x86,win32,0
16,Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008,Worm,Win32.ogwOrm,unknown,unknown,cpp,00/11/2008,x86,win32,0
17,Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004,botnet,DopeBot.B,unknown,unknown,cpp,00/12/2004,x86,win32,0
18,Source/Original/LiquidBot_May2005/LiquidBot_May2005,botnet,LiquidBot,unknown,unknown,cpp,00/05/2005,x86,win32,0
19,Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007,botnet,SpazBot,2.12,unknown,vb,00/06/2007,x86,win32,0
20,Source/Original/DBotv3.1_March2007/DBotv3.1_March2007,botnet,DBot,3.1,unknown,c,00/03/2007,x86,win32,0
21,Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006,botnet,CyberBot,2.2,unknown,cpp,00/10/2006,x86,win32,0
22,Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004,botnet,DopeBot.A,unknown,unknown,cpp,00/12/2004,x86,win32,0
23,Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004,virus,MyDoom.A,unknown,unknown,c,00/01/2004,x86,win32,0
24,Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008,botnet,ShadowBot,unknown,unknown,cpp,00/09/2008,x86,win32,0
25,Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32,1
26,Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32,1
27,Binaries/IllusionBot_May2007/IllusionBot_May2007,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32,0
28,Source/Original/NBot_July2008/NBot_July2008,botnet,nBot,0.32,Unknown,c,00/05/2008,x86,win32,0
29,Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen,trojan,Dropper,Unknown,Unknown,bin,00/01/2014,x86,win32,0
30,Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32,trojan,NSIS,Unknown,Unknown,bin,00/01/2014,x86,win32,0
31,Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD,trojan,Bechiro,BCD,Unknown,bin,00/01/2014,x86,win32,0
32,Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013,botnet,AndroRat,<EFBFBD><EFBFBD><EFBFBD>-13,Unknown,java,06/12/2013,x86,win32,0
33,Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014,ransomeware,CryptoLocker,<EFBFBD><EFBFBD><EFBFBD>-14,Unknown,bin,22/01/2014,x86,win32,1
34,Binaries/njRAT-v0.6.4/njRAT-v0.6.4,botnet,njRAT,0.6.4,Unknown,bin,00/09/2013,x86,win32,0
35,Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013,botnet,Zeus - zBot,<EFBFBD><EFBFBD><EFBFBD>-13,Unknown,bin,23/11/2013,x86,win32,1
36,Source/Original/NullBot_Dec2006/NullBot_Dec2006,botnet,NullBot,<EFBFBD><EFBFBD><EFBFBD>-06,Unknown,cpp,00/12/2006,x86,win32,0
37,Binaries/Artemis,trojan,Artemis,Unknown,Unknown,bin,00/00/0000,x86,win32,0
38,Binaries/Somoto,apt,Somoto,unknown,unknown,bin,00/00/0000,x86,win32,0
39,Binaries/Variant.Kazy,trojan,Variant.Kazy,unknown,unknown,bin,00/00/0000,x86,win32,0
40,Binaries/Win32/Brontok.W,Worm,Brontok.FE ,unknown,unknown,bin,00/00/0000,x86,win32,1
41,Binaries/Trojan.Loadmoney.1,trojan,LMclicker.1,unknown,unknown,bin,00/00/0000,x86,win32,0
42,Binaries/Win32Dircrypt.Trojan.Ransom.ABZ,ransomeware,Trojan.Ransom,unknown,unknown,bin,00/00/0000,x86,win32,0
43,Binaries/TrojanWin32.Duqu.Stuxnet,botnet,Trojan.Win32.Duqu.Aoq .,unknown,unknown,bin,00/00/0000,x86,win32,1
45,Binaries/Win32.Botnet.Stuxnet.B,apt,Stuxnet Duqu,Realtek Signed B,Unknown,bin,00/00/2007,x86,win32,1
44,Binaries/Win32.Botnet.Stuxnet.A,apt,Stuxnet Duqu,C-Media Electronics Incorporation Signature - A,Unknown,bin,00/00/2009,x86,win32,1
46,Binaries/Skywiper-A.Flame,apt,Skywiper AKA Flame,A,Unknown,bin,00/00/2012,x86,win32,1
47,Binaries/Careto_Feb2014,apt,Careto aka The Mask,A,Unknown,bin,15/02/2014,x86,win32,0
48,Binaries/ZeusGamever_Feb2014,botnet,Zeus,Gamever,Unknown,bin,19/02/2014,x86,win32,1
49,Binaries/Android.Spy.49_iBanking_Feb2014,botnet,Android Spy 29,Banking Version,Unknown,apk,19/02/2014,arm,android,0
50,Binaries/Win32.Cridex,worm,Cridex,B,Unknown,bin,00/02/2014,x86,win32,0
51,Binaries/Win32.Alina.3.4.B,apt,Alina,3.4B,Unknown,bin,15/03/2014,x86,win32,1
52,Binaries/Win32.Boaxxe.BB,botnet,Boaxxe,BB,Unknown,bin,15/03/2014,x86,win32,0
53,Binaries/Win32.Infostealer.Dexter,botnet,Dexter,Unknown,Unknown,bin,15/03/2014,x86,win32,0
54,Binaries/Win32.Caphaw.Shylock,botnet,Shylock,Unknown,Unknown,bin,15/03/2014,x86,win32,1
55,Binaries/Win32.Turla,apt,Torola\Urubus rootkit,Unknown,Russia,bin,15/03/2014,x86,win32,1
56,Binaries/Win32.Zurgop,botnet,Zurgop/Dofoil/Bredo,Unknown,Unknown,bin,23/06/2014,x86,win32,0
57,Binaries/Win32.ZeusVM,botnet,Zeus VM,VM,Unknown,bin,23/06/2014,x86,win32,0
58,Binaries/Win32.Fareit,botnet,Fareit,Unknown,Unknown,bin,23/06/2014,x86,win32,0
59,Binaries/BlackEnergy2.1,rootkit,Black Energy,2.1,Unknown,bin,23/06/2014,x64,win64,1
60,Binaries/SpyEye,botnet,SpyEye,Unknown,Unknown,bin,23/06/2014,x86,win32,0
61,Binaries/Poweliks,botnet,Poweliks,Unknown,Unknown,bin,09/08/2014,x86,win32,1
62,Binaries/ZeroLocker,ransomware,Zerolocker,A,Unknown,bin,09/08/2014,x86,win32,0
63,Sources/Original/TinyBanker_Jan2012,botnet,Tiny Banker,A,Russia,asm,00/01/2012,x86,win32,0
64,Source/Original/XtremeRAT_March2009,botnet,XtremeRat,Unknown,Unknown,c,00/03/2009,x86,win32,0
65,Binaries/Win32.Reveton,ransomeware,Reveton,Y,unknown,bin,Unknown,x86,win32,0
66,Binaries/Trojan.Bladabindi,trojan,Bladabindi,unknown,bin,00/07/2013,x86,win32,0
67,Source/Original/Win32.Remhead,rootkit,Remhead AKA n00bkit,unknown,c,unknown,x86,win32,0
68,Source/Original/ExploitKit.Blackhole.100,exploitkit,Blackhole,unknown,HodLuM & Paunch,php,00/08/10,web,win32,0
69,Source/Original/ExploitKit.Blackhole.102,exploitkit,Blackhole,unknown,HodLuM & Paunch,php,20/11/10,web,win32,0
70,Source/Original/AryanRAT_March2010,botnet,AryanRAT,0.5,unknown,cpp,07/03/2010,x86,win32,0
Can't render this file because it has a wrong number of fields in line 65.

BIN
conf/maldb.db Normal file
View File

Binary file not shown.

32
imports/db_handler.py Normal file
View File

@@ -0,0 +1,32 @@
import sqlite3 as lite
from imports import globals
import sys
class DBHandler:
def __init__(self):
try:
self.con = lite.connect(globals.vars.db_path)
self.cur = self.con.cursor()
except lite.Error as e:
print "An error occurred:", e.args[0]
sys.exit()
def get_full_details(self):
return self.cur.execute("SELECT * FROM Malwares").fetchall()
def get_partial_details(self):
return self.cur.execute("SELECT ID, TYPE, LANGUAGE, ARCHITECTURE, PLATFORM, NAME FROM Malwares").fetchall()
def get_mal_names(self):
# Sqlite3 returns a tuple even if a single value is returned
# We use x[0] for x to unpack the tuples
return [val[0] for val in self.cur.execute("SELECT NAME FROM Malwares").fetchall()]
def query(self, query, param=''):
try:
return self.cur.execute(query, param).fetchall()
except lite.Error as e:
print "An error occurred:", e.args[0]
sys.exit()

36
imports/eula_handler.py
View File

@@ -1,31 +1,32 @@
#!/usr/bin/env python
#Malware DB - the most awesome free malware database on the air
#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
# Malware DB - the most awesome free malware database on the air
# Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import sys
import os
from imports import globals
class EULA:
def __init__(self, langs = None, oneRun=True):
def __init__(self, langs=None, oneRun=True):
#self.oneRun = oneRun
self.check_eula_file()
#self.prompt_eula()
# self.prompt_eula()
def check_eula_file(self):
try:
@@ -36,13 +37,13 @@ class EULA:
def prompt_eula(self):
globals.init()
#os.system('clear')
os.system('cls' if os.name == 'nt' else 'clear')
print globals.bcolors.RED
print '_____________________________________________________________________________'
print '| ATTENTION!!! ATTENTION!!! ATTENTION!!! |'
print '| ' + globals.vars.appname + ' v' + globals.vars.version + ' |'
print '|___________________________________________________________________________|'
print '|This program contain live and dangerous malware files |'
print '|This program contains live and dangerous malware files |'
print '|This program is intended to be used only for malware analysis and research |'
print '|and by agreeing the EULA you agree to only use it for legal purposes and |'
print '|studying malware. |'
@@ -51,10 +52,11 @@ class EULA:
print '|infect you machines will live and dangerous malwares!. |'
print '|___________________________________________________________________________|'
print globals.bcolors.WHITE
eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n > ')
eula_answer = raw_input(
'Type YES in captial letters to accept this EULA.\n > ')
if eula_answer == 'YES':
new = open(globals.vars.eula_file, 'a')
new.write(eula_answer)
else:
print 'You need to accept the EULA.\nExiting the program.'
sys.exit(0)
sys.exit(0)

75
imports/globals.py
View File

@@ -1,35 +1,39 @@
#!/usr/bin/env python
#Malware DB - the most awesome free malware database on the air
#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
# Malware DB - the most awesome free malware database on the air
# Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import sys
class init:
def init(self):
# Global Variables
version = "0.5.0 Citadel"
version = "0.6.0 Moat"
appname = "theZoo"
codename = "Citadel"
codename = "Moat"
authors = "Yuval Nativ, Lahad Ludar, 5fingers"
licensev = "GPL v3.0"
fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + \
sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
usage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
usage = '\nUsage: ' + sys.argv[0] + \
' -s search_query -t trojan -p vb\n\n'
usage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
column_for_pl = 6
@@ -46,10 +50,10 @@ class init:
conf_folder = 'conf'
eula_file = conf_folder + '/eula_run.conf'
maldb_ver_file = conf_folder + '/db.ver'
main_csv_file = conf_folder + '/index.csv'
giturl = 'https://raw.github.com/ytisf/theZoo/master/'
giturl = 'https://github.com/ytisf/theZoo/blob/master'
addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
class bcolors:
PURPLE = '\033[95m'
BLUE = '\033[94m'
@@ -58,18 +62,22 @@ class bcolors:
RED = '\033[91m'
WHITE = '\033[0m'
class vars:
version = "0.5.0 Citadel"
version = "0.6.0 Moat"
appname = "Malware DB"
authors = "Yuval Nativ, Lahad Ludar, 5fingers"
licensev = "GPL v3.0"
fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + \
sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
usage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
usage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
usage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
# :todo: add filter usage
column_for_pl = 6
column_for_type = 2
column_for_location = 1
@@ -81,23 +89,32 @@ class vars:
column_for_plat = 9
column_for_vip = 10
opts = [
("type", ("virus", "worm", "ransomware", "botnet", "apt", "rootkit", "trojan", "exploitkit", "dropper")),
("architecture", ("x86", "x64", "arm", "web")),
("platform", ("win32", "win64", "android", "ios", "mac", "*nix32", "*nix64")),
("language", ("c", "cpp", "asm", "bin", "java", "apk", "vb", "php"))]
conf_folder = 'conf'
eula_file = conf_folder + '/eula_run.conf'
maldb_ver_file = conf_folder + '/db.ver'
main_csv_file = conf_folder + '/index.csv'
db_path = conf_folder + "/maldb.db"
giturl = 'https://raw.github.com/ytisf/theZoo/master/'
with file(maldb_ver_file) as f:
db_ver = f.read()
maldb_banner = " __ ___ __ ____ ____\n"
maldb_banner += " / |/ /___ _/ / ______ _________ / __ \/ __ )\n"
maldb_banner += " / /|_/ / __ `/ / | /| / / __ `/ ___/ _ \______/ / / / __ |\n"
maldb_banner += " / / / / /_/ / /| |/ |/ / /_/ / / / __/_____/ /_/ / /_/ /\n"
maldb_banner += " /_/ /_/\__,_/_/ |__/|__/\__,_/_/ \___/ /_____/_____/\n\n"
maldb_banner += " version: " + version + "\n"
maldb_banner += " db_version: " + db_ver + "\n"
maldb_banner += " built by: " + authors + "\n\n"
maldb_banner = " __ ___ __ ____ ____\n"
maldb_banner += " / |/ /___ _/ / ______ _________ / __ \/ __ )\n"
maldb_banner += " / /|_/ / __ `/ / | /| / / __ `/ ___/ _ \______/ / / / __ |\n"
maldb_banner += " / / / / /_/ / /| |/ |/ / /_/ / / / __/_____/ /_/ / /_/ /\n"
maldb_banner += " /_/ /_/\__,_/_/ |__/|__/\__,_/_/ \___/ /_____/_____/\n\n"
maldb_banner += " version: " + \
version + "\n"
maldb_banner += " db_version: " + \
db_ver + "\n"
maldb_banner += " built by: " + \
authors + "\n\n"
addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
addrs = ['list', 'search', 'get', 'exit']

87
imports/manysearches.py
View File

@@ -1,38 +1,63 @@
from imports import globals
from imports import db_handler
from sys import exit
class MuchSearch(object):
def __init__(self):
self.array = []
self.db = db_handler.DBHandler()
self.names = [x.lower() for x in self.db.get_mal_names()]
def sort(self, array, column, value):
i=0
m=[]
for each in array:
if array[i][column] == value:
m.append(each)
i += 1
return m
#:todo: make this more efficient
def sort(self, args):
self.hits = {}
self.query = None
self.param = None
self.prequery = "SELECT ID, TYPE, LANGUAGE, ARCHITECTURE, PLATFORM, NAME FROM MALWARES WHERE "
self.ar = []
args = [x.lower() for x in args]
def print_payloads(self, m):
'''
:todo: Need to get this function much smaller.
apparently i was way too sleepy to write code...
:param m: Array to print out
:return:nothing
'''
print "\nPayloads Found:"
array = m
i = 0
print "ID\tVIP\tType\t\tLang\tArch\tPlat\tName"
print '---\t---\t-----\t\t-----\t----\t-----\t----------------'
for element in array:
answer = array[i][globals.vars.column_for_uid]
answer = array[i][globals.vars.column_for_vip]
answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_pl]))
answer += array[i][globals.vars.column_for_arch] + '\t'
answer += array[i][globals.vars.column_for_plat] + '\t'
answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
print answer
i += 1
for arg in args:
for optname, values in globals.vars.opts:
for value in values:
if arg in value:
self.hits.update({optname: value})
# Malware name checking has its own iterations to avoid false matches
if not self.hits:
for arg in args:
for name in self.names:
if arg in name:
self.query = "NAME LIKE ?"
self.param = name
if len(self.hits) > 0:
self.query = self.build_query(self.hits)
self.ar = self.db.query(self.prequery + self.query)
self.print_payloads(self.ar)
elif self.param is not None:
self.ar = self.db.query(self.prequery + self.query, [self.param])
self.print_payloads(self.ar)
else:
print "Error: filter did not match any malware :("
exit()
return self.hits
# Build the dynamic query
def build_query(self, dic):
qlist = []
for key, val in dic.items():
if isinstance(val, (list, tuple)):
tmp = str(key) + ' in (' + ','.join(map(lambda x: '\'' + str(x) + '\'', val)) + ') '
else:
tmp = str(key) + '=' + '\'' + str(val) + '\''
qlist.append(' ' + tmp + ' ')
return "and".join(qlist)
def print_payloads(self, m, fields=["ID", "Type", "Language", "Architecture", "Platform", "Name"]):
print '\n' + ''.join("{0}\t".format(x) for x in fields)
print "-" * 12 * len(fields)
for col in m:
print ''.join("{0:<11}".format(x) for x in col)
print "\n"

316
imports/terminal_handler.py
View File

@@ -5,207 +5,157 @@ import re
import globals
from imports import manysearches
from imports.updatehandler import Updater
from imports import db_handler
class Controller:
def __init__(self):
self.modules = None
self.currentmodule = ''
self.commands = [("search", "searching for malwares using given parameter with 'set'."),
("list all", "lists all available modules"),
("set", "sets options for the search"),
("get", "downloads the malware"),
("report-mal", "report a malware you found"),
("update-db", "updates the databse"),
("back", "removes currently chosen malware and filters"),
("help", "displays this help..."),
("exit", "exits...")]
self.searchmeth = [("arch", "which architecture etc; x86, x64, arm7 so on..."),
("plat", "platform: win32, win64, mac, android so on..."),
("lang", "c, cpp, vbs, bin so on..."),
("vip", "1 or 0")]
def __init__(self):
self.modules = None
self.currentmodule = ''
self.db = db_handler.DBHandler()
self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."),
("list all", "Lists all available modules"),
("use", "Selects a malware by ID"),
("get", "Downloads selected malware"),
("report-mal", "Report a malware you found"),
("update-db", "Updates the databse"),
("help", "Displays this help..."),
("exit", "Exits...")]
self.modules = self.GetPayloads()
self.searchmeth = [("arch", "which architecture etc; x86, x64, arm7 so on..."),
("plat",
"platform: win32, win64, mac, android so on..."),
("lang", "c, cpp, vbs, bin so on..."),
("vip", "1 or 0")]
self.plat = ''
self.arch = ''
self.lang = ''
self.type = ''
self.vip = ''
self.modules = self.GetPayloads()
def GetPayloads(self):
m = []
csvReader = csv.reader(open(globals.vars.main_csv_file, 'rb'), delimiter=',')
for row in csvReader:
m.append(row)
return m
def GetPayloads(self):
return self.db.get_full_details()
def MainMenu(self):
# This will give you the nice prompt you like to much
if len(self.currentmodule) > 0:
g = int(self.currentmodule) - 1
just_print = self.modules[int(g)][int(globals.vars.column_for_name)]
cmd = raw_input(
globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str(
just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
else:
cmd = raw_input(
globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
def MainMenu(self):
# This will give you the nice prompt you like so much
if len(self.currentmodule) > 0:
g = int(self.currentmodule) - 1
just_print = self.modules[
int(g)][int(globals.vars.column_for_name)]
cmd = raw_input(
globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str(
just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
else:
cmd = raw_input(
globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
try:
while cmd == "":
# print 'no cmd'
self.MainMenu()
try:
while cmd == "":
#print 'no cmd'
self.MainMenu()
if cmd == 'help':
print " Available commands:\n"
for (cmd, desc) in self.commands:
print "\t%s\t%s" % ('{0: <12}'.format(cmd), desc)
print ''
self.MainMenu()
if cmd == 'help':
print " Available commands:\n"
for (cmd, desc) in self.commands:
print "\t%s\t%s" % ('{0: <12}'.format(cmd), desc)
print ''
self.MainMenu()
# Checks if normal or freestyle search
if re.match('^search', cmd):
manySearch = manysearches.MuchSearch()
num_args = len(cmd.rsplit(' '))
if num_args > 1:
args = cmd.rsplit(' ')[1:]
num_args = len(args)
if num_args > 0:
manySearch.sort(args)
else:
print "Uh oh, Invalid search query"
self.MainMenu()
if cmd == 'search':
ar = self.modules
manySearch = manysearches.MuchSearch()
if cmd == 'exit':
sys.exit(1)
# function to sort by arch
if len(self.arch) > 0:
ar = manySearch.sort(ar, globals.vars.column_for_arch, self.arch)
# function to sort by plat
if len(self.plat) > 0:
ar = manySearch.sort(ar, globals.vars.column_for_plat, self.plat)
# function to sort by lang
if len(self.lang) > 0:
ar = manySearch.sort(ar, globals.vars.column_for_pl, self.lang)
if len(self.type) > 0:
ar = manySearch.sort(ar, globals.vars.column_for_type, self.type)
if len(self.vip) > 0:
ar = manySearch.sort(ar, globals.vars.column_for_vip, self.vip)
printController = manysearches.MuchSearch()
printController.print_payloads(ar)
self.MainMenu()
if cmd == 'update-db':
updateHandler = Updater()
updateHandler.get_maldb_ver()
self.MainMenu()
if re.match('^set', cmd):
try:
cmd = re.split('\s+', cmd)
print cmd[1] + ' => ' + cmd[2]
if cmd[1] == 'arch':
self.arch = cmd[2]
if cmd[1] == 'plat':
self.plat = cmd[2]
if cmd[1] == 'lang':
self.lang = cmd[2]
if cmd[1] == 'type':
self.type = cmd[2]
except:
print 'Need to use the set method with two arguments.'
cmd = ''
self.MainMenu()
if cmd == 'report-mal':
rprt_name = raw_input("Name of malware: ")
rprt_type = raw_input("Type of malware: ")
rprt_version = raw_input("Version: ")
rprt_lang = raw_input("Language: ")
rprt_src = raw_input("Source / Binary (s/b): ")
rprt_arch = raw_input("Win32, ARM etc. ? ")
rprt_reporter = raw_input(
"Your name for a thank you note on theZoo.\n"
"Please notice that this will be public!\n\nName: ")
rprt_comments = raw_input("Comments? ")
if cmd == 'show':
if len(self.currentmodule) == 0:
print "No modules have been chosen. Use 'use' command."
if len(self.currentmodule) > 0:
print 'Currently selected Module: ' + self.currentmodule
print '\tarch => ' + str(self.arch)
print '\tplat => ' + str(self.plat)
print '\tlang => ' + str(self.lang)
print '\ttype => ' + str(self.type)
print ''
self.MainMenu()
report = ("//%s//\n" % rprt_name)
report += ("///type/%s///\n" % rprt_type)
report += ("///ver/%s///\n" % rprt_version)
report += ("///lang/%s///\n" % rprt_lang)
report += ("///src/%s///\n" % rprt_src)
report += ("///arch/%s///\n" % rprt_arch)
report += ("//reporter/%s//\n" % rprt_reporter)
report += ("//comments/%s//\n" % rprt_comments)
if cmd == 'exit':
sys.exit(1)
# Just to avoid bots spamming us...
email = "info"
email += "\x40"
email += "morirt\x2ecom"
print "-------------- Begin of theZoo Report --------------"
print report
print "-------------- Ending of theZoo Report --------------"
print "To avoid compromising your privacy we have chose this method of reporting."
print "If you have not stated your name we will not write a thanks in our README."
print "Your email will remain private in scenario and will not be published."
print ""
print "Please create an archive file with the structure described in the README file"
print "And attach it to the email. "
print("Please send this report to %s" % email)
if cmd == 'update-db':
updateHandler = Updater()
updateHandler.get_maldb_ver()
self.MainMenu()
self.MainMenu()
if cmd == 'report-mal':
rprt_name = raw_input("Name of malware: ")
rprt_type = raw_input("Type of malware: ")
rprt_version = raw_input("Version: ")
rprt_lang = raw_input("Language: ")
rprt_src = raw_input("Source / Binary (s/b): ")
rprt_arch = raw_input("Win32, ARM etc. ? ")
rprt_reporter = raw_input("Your name for a thanks note on theZoo.\nPlease notice that this will be public!\n\nName: ")
rprt_comments = raw_input("Comments? ")
if cmd == 'get':
updateHandler = Updater()
try:
updateHandler.get_malware(self.currentmodule)
self.MainMenu()
except:
print globals.bcolors.RED + '[-]' + globals.bcolors.WHITE + 'Error getting malware.'
self.MainMenu()
report = ("//%s//\n" % rprt_name)
report += ("///type/%s///\n" % rprt_type)
report += ("///ver/%s///\n" % rprt_version)
report += ("///lang/%s///\n" % rprt_lang)
report += ("///src/%s///\n" % rprt_src)
report += ("///arch/%s///\n" % rprt_arch)
report += ("//reporter/%s//\n" % rprt_reporter)
report += ("//comments/%s//\n" % rprt_comments)
# If used the 'use' command
if re.match('^use', cmd):
try:
cmd = re.split('\s+', cmd)
self.currentmodule = cmd[1]
cmd = ''
except:
print 'The use method needs an argument.'
self.MainMenu()
# Just to avoid bots spamming us...
email = "info"
email += "\x40"
email += "morirt\x2ecom"
print "-------------- Begin of theZoo Report --------------"
print report
print "-------------- Ending of theZoo Report --------------"
print "To avoid compromising your privacy we have chose this method of reporting."
print "If you have not stated your name we will not write a thanks in our README."
print "Your email will remain private in scenario and will not be published."
print ""
print "Please create an archive file with the structure as in the README file"
print "And attach it to the email. "
print("Please send this report to %s" % email)
if cmd == 'list all':
print "\nAvailable Payloads:"
array = self.modules
i = 0
print "ID\tName\tType"
print '-----------------'
for element in array:
answer = str(array[i][globals.vars.column_for_uid])
answer += '\t%s' % (
'{0: <12}'.format(array[i][globals.vars.column_for_name]))
answer += '\t%s' % (
'{0: <12}'.format(array[i][globals.vars.column_for_type]))
print answer
i = i + 1
self.MainMenu()
self.MainMenu()
if cmd == 'quit':
print ":("
sys.exit(1)
# 'get' command. Not yet fully operational
if cmd == 'get':
updateHandler = Updater()
try:
updateHandler.get_malware(self.currentmodule, self.modules)
self.MainMenu()
except:
print globals.bcolors.RED + '[-]' + globals.bcolors.WHITE + 'Error getting malware.'
self.MainMenu()
# If used the 'use' command
if re.match('^use', cmd):
try:
cmd = re.split('\s+', cmd)
self.currentmodule = cmd[1]
cmd = ''
except:
print 'The use method needs an argument.'
self.MainMenu()
# Rests all current data
if cmd == 'back':
self.arch = ''
self.plat = ''
self.lang = ''
self.type = ''
self.currentmodule = ''
self.MainMenu()
if cmd == 'list all':
print "\nAvailable Payloads:"
array = self.modules
i = 0
print "ID\tName\tType"
print '-----------------'
for element in array:
answer = array[i][globals.vars.column_for_uid]
answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
print answer
i = i + 1
self.MainMenu()
if cmd == 'quit':
print ":("
sys.exit(1)
except KeyboardInterrupt:
print ("i'll just go now...")
sys.exit()
except KeyboardInterrupt:
print ("\n\nI'll just go now...")
sys.exit()

72
imports/updatehandler.py
View File

@@ -1,23 +1,24 @@
#!/usr/bin/env python
#Malware DB - the most awesome free malware database on the air
#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
# Malware DB - the most awesome free malware database on the air
# Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import sys
import urllib2
from imports import globals
from imports import db_handler
class Updater:
@@ -30,7 +31,8 @@ class Updater:
with file(globals.vars.maldb_ver_file) as f:
return f.read()
except IOError:
print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
print(
"No malware DB version file found.\nPlease try to git clone the repository again.\n")
return 0
def update_db(self):
@@ -42,11 +44,13 @@ class Updater:
with file(globals.vars.maldb_ver_file) as f:
f = f.read()
except IOError:
print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
print(
"No malware DB version file found.\nPlease try to git clone the repository again.\n")
return 0
curr_maldb_ver = f
response = urllib2.urlopen(globals.vars.giturl + globals.vars.maldb_ver_file)
response = urllib2.urlopen(
globals.vars.giturl + globals.vars.maldb_ver_file)
new_maldb_ver = response.read()
if new_maldb_ver == curr_maldb_ver:
print globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " No need for an update.\n" + globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " You are at " + new_maldb_ver + " which is the latest version."
@@ -72,20 +76,24 @@ class Updater:
break
file_size_dl += len(buffer)
f.write(buffer)
status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8)*(len(status)+1)
status = r"%10d [%3.2f%%]" % (
file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8) * (len(status) + 1)
print status,
f.close()
def get_malware(self, id, allmal):
#get mal location
loc = allmal[id][globals.vars.column_for_location]
#concat with location
ziploc = globals.vars.giturl + '/' + loc + '.zip'
passloc = globals.vars.giturl + '/' + loc + '.pass'
#get from git
def get_malware(self, id):
# get mal location
db = db_handler.DBHandler()
loc = db.query("SELECT LOCATION FROM MALWARES WHERE ID=?", id)[0][0]
name = loc.rsplit('/')[-1]
# concat with location
ziploc = globals.vars.giturl + 'malwares/' + loc + '/' + name + '.zip'
passloc = globals.vars.giturl + 'malwares/' + loc + '/' + name + '.pass'
print ziploc + '\n' + passloc
# get from git
u = urllib2.urlopen(ziploc)
f = open(id+'zip', 'wb')
f = open(name + '.zip', 'wb')
meta = u.info()
file_size = int(meta.getheaders("Content-Length")[0])
print "Downloading: %s Bytes: %s" % (loc, file_size)
@@ -97,14 +105,15 @@ class Updater:
break
file_size_dl += len(buffer)
f.write(buffer)
status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8)*(len(status)+1)
status = r"%10d [%3.2f%%]" % (
file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8) * (len(status) + 1)
print status,
f.close()
#get pass from git
# get pass from git
u = urllib2.urlopen(passloc)
f = open(id+'pass', 'wb')
f = open(name + '.pass', 'wb')
meta = u.info()
file_size = int(meta.getheaders("Content-Length")[0])
print "Downloading: %s Bytes: %s" % (loc, file_size)
@@ -116,8 +125,9 @@ class Updater:
break
file_size_dl += len(buffer)
f.write(buffer)
status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8)*(len(status)+1)
status = r"%10d [%3.2f%%]" % (
file_size_dl, file_size_dl * 100. / file_size)
status = status + chr(8) * (len(status) + 1)
print status,
f.close()
#alert ready
# alert ready

BIN
malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.rar → malwares/Binaries/AndroRat_6Dec2013/AndroRat.zip
View File

Binary file not shown.

1
malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.md5 Normal file
View File

@@ -0,0 +1 @@
0a4c1058b765637b6c099cc73b993e9e C:\Users\Shahak\Documents\GitHub\theZoo\malwares\Binaries\AndroRat_6Dec2013\AndroRat_6Dec2013.rar

1
malwares/Binaries/Android.Spy.49_iBanking_Feb2014/Android.Spy.49_iBanking_Feb2014.md5 Normal file
View File

@@ -0,0 +1 @@
b6734f8c013ed8e011f775a1012bbfc4 Android.Spy.49_iBanking_Feb2014.zip

1
malwares/Binaries/Android.Spy.49_iBanking_Feb2014/Android.Spy.49_iBanking_Feb2014.md5sum
View File

@@ -1 +0,0 @@
b6734f8c013ed8e011f775a1012bbfc4

2
malwares/Binaries/Android.Spy.49_iBanking_Feb2014/Android.Spy.49_iBanking_Feb2014.pass
View File

@@ -1 +1 @@
infected
infected

1
malwares/Binaries/Android.Spy.49_iBanking_Feb2014/Android.Spy.49_iBanking_Feb2014.sha256 Normal file
View File

@@ -0,0 +1 @@
2c1cd1664a79187107d5861daea265ab68c2beb1671ed54da2c90035af1b5aaf Android.Spy.49_iBanking_Feb2014.zip

1
malwares/Binaries/Trojan.Regin/Trojan.Regin.md5 Normal file
View File

@@ -0,0 +1 @@
b4c4793b8a1ad09c256377c38d3eaafc regin.zip

1
malwares/Binaries/Trojan.Regin/Trojan.Regin.pass Normal file
View File

@@ -0,0 +1 @@
infected

1
malwares/Binaries/Trojan.Regin/Trojan.Regin.sha256 Normal file
View File

@@ -0,0 +1 @@
43fbb96db22586311816a5d789f1ffb4c950209996cdeb06c77b4bad117f735b regin.zip

BIN
malwares/Binaries/Trojan.Regin/Trojan.Regin.zip Normal file
View File

Binary file not shown.

1
malwares/Source/Original/ExploitKit.BleedingLife.2/ExploitKit.BleedingLife.2.md5 Normal file
View File

@@ -0,0 +1 @@
69d57ad449c855745b412c5182ac7372 ExploitKit.BleedingLife.2.zip

1
malwares/Source/Original/ExploitKit.BleedingLife.2/ExploitKit.BleedingLife.2.pass Normal file
View File

@@ -0,0 +1 @@
infected

1
malwares/Source/Original/ExploitKit.BleedingLife.2/ExploitKit.BleedingLife.2.sha256 Normal file
View File

@@ -0,0 +1 @@
81bcbdc28b2b73e9ae2b33518f114c7f39295adbaa0dc8aaab193d8a72ad1ea1 ExploitKit.BleedingLife.2.zip

BIN
malwares/Source/Original/ExploitKit.BleedingLife.2/ExploitKit.BleedingLife.2.zip Normal file
View File

Binary file not shown.

1
malwares/Source/Original/ExploitKit.CrimePack.3.1.3/Crimepack.3.1.3.md5 Normal file
View File

@@ -0,0 +1 @@
e40ba13ffda2e29c595234ab8a503ed7 Crimepack.3.1.3.zip

1
malwares/Source/Original/ExploitKit.CrimePack.3.1.3/Crimepack.3.1.3.pass Normal file
View File

@@ -0,0 +1 @@
infected

1
malwares/Source/Original/ExploitKit.CrimePack.3.1.3/Crimepack.3.1.3.sha256 Normal file
View File

@@ -0,0 +1 @@
10e04d56217857d206c6d71771d9ea22ef4f65b637e056febad8580739ca5a1d Crimepack.3.1.3.zip

BIN
malwares/Source/Original/ExploitKit.CrimePack.3.1.3/Crimepack.3.1.3.zip Normal file
View File

Binary file not shown.

1
malwares/Source/Original/ExploitKit.Phoenix.2.5/ExploitKit.Phoenix.2.5.md5 Normal file
View File

@@ -0,0 +1 @@
dab70acf97ed516dcc7068614f90ceb9 ExploitKit.Phoenix.2.5.zip

1
malwares/Source/Original/ExploitKit.Phoenix.2.5/ExploitKit.Phoenix.2.5.pass Normal file
View File

@@ -0,0 +1 @@
infected

1
malwares/Source/Original/ExploitKit.Phoenix.2.5/ExploitKit.Phoenix.2.5.sha256 Normal file
View File

@@ -0,0 +1 @@
cf5058188c7051f548ba43ef685ce2ba795ba034deb984b1970a23b5303959cf C:\Users\Shahak\Documents\GitHub\theZoo\malwares\Source\Original\ExploitKit.Phoenix.2.5\ExploitKit.Phoenix.2.5.zip

BIN
malwares/Source/Original/ExploitKit.Phoenix.2.5/ExploitKit.Phoenix.2.5.zip Normal file
View File

Binary file not shown.

95
theZoo.py
View File

@@ -1,34 +1,35 @@
#!/usr/bin/env python
#Malware DB - the most awesome free malware database on the air
#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
# Malware DB - the most awesome free malware database on the air
# Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import sys
import csv
import os
from optparse import OptionParser
from imports.updatehandler import Updater
from imports import manysearches
from imports import muchmuchstrings
from imports.eula_handler import EULA
from imports.globals import vars
from imports.terminal_handler import Controller
from imports import db_handler
__version__ = "0.5.0 Citadel"
__codename__ = "Citadel"
__version__ = "0.6.0 Moat"
__codename__ = "Moat"
__appname__ = "theZoo"
__authors__ = ["Yuval Nativ", "Shahak Shalev", "Lahad Ludar", "5Fingers"]
__licensev__ = "GPL v3.0"
@@ -42,6 +43,7 @@ def main():
updateHandler = Updater
eulaHandler = EULA()
bannerHandler = muchmuchstrings.banners()
db = db_handler.DBHandler()
terminalHandler = Controller()
def filter_array(array, colum, value):
@@ -51,22 +53,18 @@ def main():
def getArgvs():
parser = OptionParser()
parser = OptionParser()
parser.add_option("-t", "--type", dest="type_of_mal", default='', help="Type of malware to search. \ne.g. botnet,trojan,virus,etc...")
parser.add_option("-l", "--language", dest="lang_of_mal", default='', help="Language of the version of the malware which is in the databse.\e.g. vbs,vb,c,cpp,bin,etc...")
parser.add_option("-a", "--architecture", dest="arch_of_mal", default='', help="The architecture the malware is intended for.\ne.g. x86,x64,arm7,etc...")
parser.add_option("-p", "--platform", dest="plat_of_mal", default="", help="Platform the malware is inteded for.\ne.g. win32,win64,ios,android,etc...")
parser.add_option("-u", "--update", dest="update_bol", default=0, help="Updates the DB of theZoo.", action="store_true")
parser.add_option("-v", "--version" , dest="ver_bol", default=0, help="Shows version and licensing information.", action="store_true")
parser.add_option("-w", "--license", dest="license_bol", default=0, help="Prints the GPLv3 license information.", action="store_true")
parser.add_option("-f", "--filter", dest="mal_filter", default=[],
help="Filter the malwares.", action="append")
parser.add_option("-u", "--update", dest="update_bol", default=0,
help="Updates the DB of theZoo.", action="store_true")
parser.add_option("-v", "--version", dest="ver_bol", default=0,
help="Shows version and licensing information.", action="store_true")
parser.add_option("-w", "--license", dest="license_bol", default=0,
help="Prints the GPLv3 license information.", action="store_true")
(options, args) = parser.parse_args()
return options
# Here actually starts Main()
# Zeroing everything
m = []
arguments = getArgvs()
# Checking for EULA Agreement
@@ -75,7 +73,7 @@ def main():
eulaHandler.prompt_eula()
# Get arguments
# Check if update flag is on
if arguments.update_bol == 1:
a = Updater()
@@ -92,47 +90,14 @@ def main():
bannerHandler.print_license()
sys.exit(1)
if (len(arguments.type_of_mal) > 0) or (len(arguments.arch_of_mal) > 0) or (len(arguments.lang_of_mal) > 0) or (len(arguments.plat_of_mal) > 0):
# Take index.csv and convert into array m
csvreader = csv.reader(open(vars.main_csv_file, 'rb'), delimiter=',')
for row in csvreader:
m.append(row)
# Filter by type
if len(arguments.type_of_mal) > 0:
m = filter_array(m, vars.column_for_type, arguments.type_of_mal)
# Filter by programming language
if len(arguments.lang_of_mal) > 0:
m = filter_array(m, vars.column_for_plat, arguments.lang_of_mal)
# Filter by architecture
if len(arguments.arch_of_mal) > 0:
m = filter_array(m, vars.column_for_arch, arguments.arch_of_mal)
# Filter by Platform
if len(arguments.plat_of_mal) > 0:
m = filter_array(m, vars.column_for_plat, arguments.plat_of_mal)
i=0
if len(arguments.mal_filter) > 0:
manySearch = manysearches.MuchSearch()
print vars.maldb_banner
print 'ID\tName\t\tType\t\tVersion\t\tLanguage'
print '--\t----\t\t----\t\t-------\t\t--------'
for g in m:
#print 'now'
answer = m[i][vars.column_for_uid]
answer += '\t%s' % ('{0: <12}'.format(m[i][vars.column_for_name]))
answer += '\t%s' % ('{0: <12}'.format(m[i][vars.column_for_type]))
answer += '\t%s' % ('{0: <12}'.format(m[i][vars.column_for_version]))
answer += '\t%s' % ('{0: <12}'.format(m[i][vars.column_for_pl]))
print answer
i += 1
manySearch.sort(arguments.mal_filter)
sys.exit(1)
# Initiate normal run. No arguments given.
os.system('clear')
# Initiate normal run. No arguments given.
os.system('cls' if os.name == 'nt' else 'clear')
print vars.maldb_banner
while 1:
terminalHandler.MainMenu()