intelmq.bots.parsers.bambenek package

Submodules

intelmq.bots.parsers.bambenek.parser module

IntelMQ parser for Bambenek DGA, Domain, and IP feeds

intelmq.bots.parsers.bambenek.parser.BOT

alias of intelmq.bots.parsers.bambenek.parser.BambenekParserBot

class intelmq.bots.parsers.bambenek.parser.BambenekParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.ParserBot

Single parser for Bambenek feeds

DGA_FEED = {'http://osint.bambenekconsulting.com/feeds/dga-feed.txt', 'https://faf.bambenekconsulting.com/feeds/dga-feed.txt', 'https://osint.bambenekconsulting.com/feeds/dga-feed.txt'}
DOMMASTERLIST = {'http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt', 'https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt', 'https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt'}
IPMASTERLIST = {'http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt', 'https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt', 'https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt'}
MALWARE_NAME_MAP = {'cl': 'cryptolocker', 'p2pgoz': 'p2p goz', 'ptgoz': 'pt goz', 'volatile': 'volatile cedar'}
parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents