# coding: utf-8 URI_LENGTH = 64 class GzipVariantConfiguration(object): """ ICEDID's Gzip-variant configuration parser """ def __init__(self, data: bytes) -> None: """ :param data: Configuration data to parse """ self.botnet_id = int.from_bytes(data[0:4], "little") self.auth_var = int.from_bytes(data[4:8], "little") self.uri = str(data[8 : 8 + URI_LENGTH], "utf-8").strip("\x00") self.domains = self.__parse_domains(data[8 + URI_LENGTH :]) def __parse_domains(self, data: bytes) -> list[str]: domains = list() offset = 0 while True: size = data[offset] if not size: break offset += 1 size -= 1 domains.append(str(data[offset : offset + size], "utf-8").strip("\x00")) offset += size return domains def __repr__(self) -> str: output = "campaign_id: {}\n".format(self.botnet_id) output += "auth_var: {}\n".format(self.auth_var) output += "uri: {}\n".format(self.uri) output += "domains:\n" for domain in self.domains: output += "\t{}\n".format(domain) return output class ForkedVariantLoaderConfiguration(object): """ ICEDID's configuration parser for the loader """ def __init__(self, data: bytes) -> None: """ :param data: Configuration data to parse """ self.campaign_id = int.from_bytes(data[0:4], "little") self.domain = str(data[4:].strip(b"\x00"), "utf-8") def __repr__(self) -> str: output = "campaign_id: {}\n".format(self.campaign_id) output += "domain: {}".format(self.domain) return output