通过谷歌搜索恶意软件家族详细信息【python脚本】

原创

bonelee 2023-06-11 11:00:58 ©著作权

文章标签 安全分析 Win32 MSIL microsoft 文章分类 Python 后端开发

©著作权归作者所有：来自51CTO博客作者bonelee的原创作品，请联系作者获取转载授权，否则将追究法律责任

通过谷歌搜索恶意软件家族详细信息的python脚本

在仅仅给家族名字的情况下，我希望知道恶意软件的种类信息。例如：

Dorkbot 家族，搜索谷歌：
Dorkbot (malware) - Wikipedia(https://en.wikipedia.org/wiki/Dorkbot_(malware))
Worm:W32/Dorkbot.A Description | F-Secure Labs(https://www.f-secure.com/v-descs/worm_w32_dorkbot_a.shtml)
DorkBot: An Investigation - Check Point Research(https://research.checkpoint.com/2018/dorkbot-an-investigation/)
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces ...(https://threatpost.com/threatlist-6-year-old-dorkbot-banking-malware-resurfaces-as-big-threat/133898/)
Dorkbot | CISA - US-CERT(https://us-cert.cisa.gov/ncas/alerts/TA15-337A)

可以知道是蠕虫，还主要针对banking类。

下面是代码：

import requests
from bs4 import BeautifulSoup


def goole_search(query, topk=5):
    query = query.replace(' ', '+')

    # URL = f"https://google.com/search?q={query}"
    url = f"https://www.google.com.hk/search?q={query}"
    # desktop user-agent
    USER_AGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0"

    headers = {"user-agent": USER_AGENT}
    resp = requests.get(url, headers=headers)

    results = []
    if resp.status_code == 200:
        soup = BeautifulSoup(resp.content, "html.parser")
        for g in soup.find_all('div', class_='g'):
            anchors = g.find_all('a')
            if anchors:
                try:
                    link = anchors[0]['href']
                    title = g.find('h3').text
                    item = {
                        "title": title,
                        "link": link
                    }
                    results.append(item)

                    if len(results) == topk:
                        break

                except Exception as e:
                    continue

    return results[:topk]


if __name__ == "__main__":
    mal_str = "Tofsee,Noancooe,Bladabindi,Gbot"
    arr = mal_str.split(",")
    for i, mal_class in enumerate(arr):
        print(i, mal_class)
        mal_info = goole_search(mal_class + " malware")
        readable_inf = "\n".join(["{}({})".format(inf["title"], inf["link"]) for inf in mal_info])
        print(readable_inf)
        print("*"*88)

结果：

0 Tofsee
Backdoor:W32/Tofsee Description | F-Secure Labs(https://www.f-secure.com/v-descs/backdoor_w32_tofsee.shtml)
Tofsee (Malware Family) - Malpedia(https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee)
Backdoor.Tofsee | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-tofsee/)
Threat description search results - Microsoft Security Intelligence(https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=Trojan:Win32/Tofsee.GB!MTB)
Alibaba Cloud Researchers Uncover Tofsee Malware Using ...(https://blogs.infoblox.com/security/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns/)
****************************************************************************************
1 Noancooe
Backdoor.MSIL.NOANCOOE.AOOI - Threat Encyclopedia(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.noancooe.aooi/)
Backdoor:Win32/Noancooe.A threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Noancooe.A&ThreatID=2147742686)
Backdoor:MSIL/Noancooe.A - How To Fix Guide(https://howtofix.guide/backdoormsil-noancooe-a/)
Backdoor:MSIL/Noancooe.A - Virus Removal Guide(https://malwarefixes.com/threats/backdoormsil-noancooe-a/)
Backdoor:MSIL/Noancooe!MSR - Virus Removal Guide(https://applefixes.com/threat-encyclopedia/backdoormsil-noancooemsr/)
****************************************************************************************
2 Bladabindi
Backdoor.Bladabindi | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-bladabindi/)
BLADABINDI Backdoor - Malware removal ... - PCrisk(https://www.pcrisk.com/removal-guides/18907-bladabindi-backdoor)
Backdoor:Win32/Bladabindi!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Bladabindi!rfn&ThreatID=2147766996)
nJRAT Report: Bladabindi - Cynet(https://www.cynet.com/attack-techniques-hands-on/njrat-report-bladabindi/)
Backdoor.MSIL.BLADABINDI.IND - Энциклопедия угроз(https://www.trendmicro.com/vinfo/ru/threat-encyclopedia/malware/backdoor.msil.bladabindi.ind)
****************************************************************************************
3 Gbot
GBOT - Threat Encyclopedia - Trend Micro(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/gbot)
Riskware/Gbot - Threat Encyclopedia | FortiGuard(https://www.fortiguard.com/encyclopedia/virus/8151189)
Backdoor:Win32/Gbot!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Gbot!rfn&ThreatID=2147744002)
BackDoor.Gbot.2667 — How to quickly look up a virus in the ...(https://vms.drweb.com/virus/?i=5811072)
Cisco 4Q10 Global Threat Report(https://www.cisco.com/c/dam/en_us/about/security/intelligence/reports/Cisco_Global_Threat_Report_4Q10.pdf)