| 1 |
use HoneyClient::DB::File; |
|---|
| 2 |
use HoneyClient::DB::Note; |
|---|
| 3 |
use HoneyClient::DB::Fingerprint; |
|---|
| 4 |
use HoneyClient::DB::Regkey; |
|---|
| 5 |
|
|---|
| 6 |
my $note = { |
|---|
| 7 |
note => "Bad Things happened!", |
|---|
| 8 |
category => "behavior", |
|---|
| 9 |
analyst => "Jiminy Cricket", |
|---|
| 10 |
}; |
|---|
| 11 |
my $note2 = { |
|---|
| 12 |
note => "Wierdness", |
|---|
| 13 |
category => "stuff", |
|---|
| 14 |
analyst => "Rocky Balboa", |
|---|
| 15 |
}; |
|---|
| 16 |
my $content = { |
|---|
| 17 |
md5 => '82da9a561687f841a61e752e401471d2', |
|---|
| 18 |
sha1 => '7552ad083713e6d6b79539b64d598d4dcadfba35', |
|---|
| 19 |
size => 114688, |
|---|
| 20 |
type => 'MS-DOS executable (EXE), OS/2 or MS Windows', |
|---|
| 21 |
notes => [$note, $note2], |
|---|
| 22 |
}; |
|---|
| 23 |
my $file = { |
|---|
| 24 |
name => 'c:\windows\system32\\calc.exe', |
|---|
| 25 |
status => $HoneyClient::DB::STATUS_ADDED, |
|---|
| 26 |
content => $content, |
|---|
| 27 |
|
|---|
| 28 |
}; |
|---|
| 29 |
my $entry1 = { |
|---|
| 30 |
name => 'foo', |
|---|
| 31 |
new_value => 'fighters', |
|---|
| 32 |
old_value => 'bar', |
|---|
| 33 |
}; |
|---|
| 34 |
my $entry2 = { |
|---|
| 35 |
name => 'Super', |
|---|
| 36 |
new_value => 'Chunk', |
|---|
| 37 |
old_value => 'man' |
|---|
| 38 |
}; |
|---|
| 39 |
my $entry3 = { |
|---|
| 40 |
name => 'foo3', |
|---|
| 41 |
new_value => 'fighters3', |
|---|
| 42 |
old_value => 'bar3', |
|---|
| 43 |
}; |
|---|
| 44 |
my $entry4 = { |
|---|
| 45 |
name => 'Super4', |
|---|
| 46 |
new_value => 'Chunk4', |
|---|
| 47 |
old_value => 'man4' |
|---|
| 48 |
}; |
|---|
| 49 |
my $rk = { |
|---|
| 50 |
key_name => 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run', |
|---|
| 51 |
entries => [$entry1,$entry2], |
|---|
| 52 |
status => $HoneyClient::DB::STATUS_MODIFIED, |
|---|
| 53 |
}; |
|---|
| 54 |
my $rk2 = { |
|---|
| 55 |
key_name => 'HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce', |
|---|
| 56 |
entries => [$entry3,$entry4], |
|---|
| 57 |
status => $HoneyClient::DB::STATUS_MODIFIED, |
|---|
| 58 |
}; |
|---|
| 59 |
|
|---|
| 60 |
my $fingerprint = HoneyClient::DB::Fingerprint->new({ |
|---|
| 61 |
filesystem => [$file], |
|---|
| 62 |
registry => [$rk, $rk2], |
|---|
| 63 |
vmid => 'abcTestVmIDString42a9fd5f1', |
|---|
| 64 |
lasturl => 'http://naughty.evilbadsite.com', |
|---|
| 65 |
}); |
|---|
| 66 |
|
|---|
| 67 |
|
|---|
| 68 |
|
|---|
| 69 |
$fingerprint->insert(); |
|---|
| 70 |
|
|---|
| 71 |
my $dbh = $HoneyClient::DB::dbhandle; |
|---|
| 72 |
|
|---|
| 73 |
use Data::Dumper; |
|---|
| 74 |
|
|---|
| 75 |
print Dumper(HoneyClient::DB::File->select({ |
|---|
| 76 |
path => 'c:\windows\system32', |
|---|
| 77 |
name => 'calc.exe', |
|---|
| 78 |
content => 1, |
|---|
| 79 |
},HoneyClient::DB::File->get_fields()) |
|---|
| 80 |
)."\n"; |
|---|
