#!/bin/bash cd /var/www/pub/botnet/ponmocup/ponmocup-finder/ echo "date started: `date`" if [[ $# -lt 1 ]]; then mv ponmocup-finder-log-latest.txt ponmocup-finder-log-`date +%Y-%m-%d`.txt mv ponmocup-infected-domains-latest.txt ponmocup-infected-domains-`date +%Y-%m-%d`.txt mv *_wget_log.txt _wget-logs-backup else echo "not moving latest files!" fi ./ponmocup-finder.sh ponmocup-suspicious-domains-latest.txt | tee ponmocup-finder-log-latest.txt cat ponmocup-finder-log-latest.txt | egrep "(^date | INFECTED)" > ponmocup-infected-domains-latest.txt cp /var/www/pub/malware-feeds/ponmocup-infected-domains-CIF-header.txt /var/www/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt echo "# last updated: `date`" >> /var/www/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt echo "#" >> /var/www/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt cat ponmocup-infected-domains-latest.txt | egrep "( INFECTED)" | awk '{ print $14" "$12" "$9" "$3 }' | sed -e 's/failed:/0.0.0.0/g' | sed -e 's/, / /g' | sort >> /var/www/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt cat ponmocup-finder-log-latest.txt | egrep "(^date | INFECTED)" | egrep "(^date |\.ch |\.li )" > ponmocup-infected-domains-latest_CH-LI.txt cat ponmocup-finder-log-latest.txt | egrep "(^date | INFECTED)" | egrep "(^date |\.de )" > ponmocup-infected-domains-latest_DE.txt egrep "(INFECTED| started)" ponmocup-infected-domains-{201?-??-??,latest}.txt | sed -e 's/ponmocup-infected-domains-//g' | sed -e 's/\.txt:/ /g' > ponmocup-infected-domains-history.txt cat ponmocup-infected-domains-history.txt | egrep "INFECTED" | awk '{ print $4 }' | sort | uniq > ponmocup-infected-domains-history-uniq.txt cat ponmocup-infected-domains-history.txt | egrep "INFECTED" | awk '{ print $4 }' | sort | uniq -c | sort -nr > ponmocup-infected-domains-history-uniq-c.txt cat ponmocup-infected-domains-history-uniq.txt | while read domain; do grep $domain ponmocup-infected-domains-history.txt > history_${domain} ; first=`cat history_${domain} | head -1 | cut -d" " -f1`; last=`cat history_${domain} | tail -1 | cut -d" " -f1`; echo "$domain - infected first seen: $first - last seen: $last" | sed -e "s/ latest/ `date +%Y-%m-%d`/g" ; rm history_${domain} ; done > ponmocup-infected-domains-history-uniq-infected-days.txt #cat ponmocup-infected-domains-history-uniq.txt | while read domain; do echo -ne "$domain - "; grep $domain ponmocup-infected-domains-history.txt | cut -d" " -f1 | xargs ; done > ponmocup-infected-domains-history-uniq-infected-days.txt cat ponmocup-infected-domains-history-uniq-infected-days.txt | egrep "(\.ch )" > ponmocup-infected-domains-history-uniq-infected-days_CH.txt cat ponmocup-infected-domains-history-uniq-infected-days.txt | egrep "(\.de )" > ponmocup-infected-domains-history-uniq-infected-days_DE.txt echo "date finished: `date`"