-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathget_files.sh
53 lines (51 loc) · 1.29 KB
/
get_files.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/env bash
#
# Script for downloading the samples
# Process the malicious OLE file by download, unarchiving, extension
# filtering, renaming and extension replacement
for year in 2020 2021;
do
for month in $(seq -f "%02g" 1 12);
do
url="https://mb-api.abuse.ch/downloads/$year-$month-15.zip";
wget "$url";
done;
done
unzip -P infected "*.zip"
mkdir keeped
for ext in doc docx docm xls xlsx xlsm ppt pptx pptm;
do
mv ./*.$ext keeped;
done
find . -type f -maxdepth 1 -exec rm {} \;
mv keeped/* .
for i in *;
do
sum=$(sha256sum "$i");
mv -- "$i" "${sum%% *}.${i##*.}";
done
rename.ul -o .xlsx .ole ./*.xlsx
for ext in doc docx docm xls xlsx xlsm ppt pptx pptm;
do
rename.ul -o .$ext .ole ./*.$ext;
done
find . -type f -exec basename {} .ole \; > hashes.txt
# Process the benign and malicious PE files by downloading, unarchiving,
# moving and renaming
wget https://ndownloader.figshare.com/files/12149696
unrar x Dataset.rar
mkdir benign
mkdir malware
find Dataset/Benign -type f -exec cp {} benign \;
find Dataset/Virus -type f -exec cp {} malware \;
rm -rf Dataset
for i in benign/*;
do
sum=$(sha256sum "$i");
mv -- "$i" "${sum%% *}.${i##*.}";
done
for i in malware/*;
do
sum=$(sha256sum "$i");
mv -- "$i" "${sum%% *}.${i##*.}";
done