intelmq.bots.parsers.bambenek package


intelmq.bots.parsers.bambenek.parser module

IntelMQ parser for Bambenek DGA, Domain, and IP feeds


alias of intelmq.bots.parsers.bambenek.parser.BambenekParserBot

class intelmq.bots.parsers.bambenek.parser.BambenekParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)


Single parser for Bambenek feeds

DGA_FEED = {'', '', ''}
DOMMASTERLIST = {'', '', ''}
IPMASTERLIST = {'', '', ''}
MALWARE_NAME_MAP = {'cl': 'cryptolocker', 'p2pgoz': 'p2p goz', 'ptgoz': 'pt goz', 'volatile': 'volatile cedar'}
parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents