<?php /* * Copyright (c) 2014-present, Facebook, Inc. * All rights reserved. * * This source code is licensed under the BSD-style license found in the * LICENSE file in the root directory of this source tree. An additional grant * of patent rights can be found in the PATENTS file in the same directory. * */ if (!defined('__ROOT__')) { define('__ROOT__', realpath(dirname(__FILE__) . '/../')); } require_once __ROOT__ . '/ThreatExchangeConfig.php'; ThreatExchangeConfig::init(); final class MalwareSearch extends BaseSearch { public function getEndpoint() { return '/malware_analyses'; } public function getResultsAsCSV($results) { $csv = "# ThreatExchange Results - queried at " . time() . "\n" . "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n"; foreach ($results as $result) { $row = array($result['id'], $result['malicious'], $result['added_on'], isset($result['crx']) ? $result['crx'] : '', isset($result['md5']) ? $result['md5'] : '', isset($result['sha1']) ? $result['sha1'] : '', isset($result['sha256']) ? $result['sha256'] : '', isset($result['xpi']) ? $result['xpi'] : '', isset($result['imphash']) ? $result['imphash'] : '', isset($result['pe_rich_hash']) ? $result['pe_rich_hash'] : '', isset($result['ssdeep']) ? $result['ssdeep'] : '', $result['victim_count']); $csv .= implode(',', $row) . "\n"; } return $csv; }