intelmq.bots.parsers.bambenek package¶
Submodules¶
intelmq.bots.parsers.bambenek.parser module¶
IntelMQ parser for Bambenek DGA, Domain, and IP feeds
- intelmq.bots.parsers.bambenek.parser.BOT¶
alias of
BambenekParserBot
- class intelmq.bots.parsers.bambenek.parser.BambenekParserBot(*args, **kwargs)¶
Bases:
ParserBotSingle parser for Bambenek feeds
- DGA_FEED = {'http://osint.bambenekconsulting.com/feeds/dga-feed.txt', 'https://faf.bambenekconsulting.com/feeds/dga-feed.txt', 'https://osint.bambenekconsulting.com/feeds/dga-feed.txt'}¶
- DOMMASTERLIST = {'http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt', 'https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt', 'https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt'}¶
- IPMASTERLIST = {'http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt', 'https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt', 'https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt'}¶
- MALWARE_NAME_MAP = {'cl': 'cryptolocker', 'p2pgoz': 'p2p goz', 'ptgoz': 'pt goz', 'volatile': 'volatile cedar'}¶
- parse_line(line, report)¶
A generator which can yield one or more messages contained in line.
Report has the full message, thus you can access some metadata. Override for your use.
