In [143]:
import common
import pandas as pd
from bs4 import BeautifulSoup
import re
import requests
import os, pathlib, enum
import json
from pathlib import Path
from sqlalchemy import text
from sqlalchemy.exc import IntegrityError
import psycopg2
import matplotlib.pyplot as plt
from IPython.display import Markdown
import numpy as np
import math

database = common.Database()
pcaps = pd.read_sql("SELECT * FROM pcap", database.engine)
malwares = pd.read_sql("""
SELECT
	MW.*,
	SUM(PCAP.R) AS R,
	SUM(PCAP.U) AS U
FROM
	MALWARE AS MW
	JOIN PCAP ON MW.ID = PCAP.MALWARE_ID
                       GROUP BY MW.ID
order by u
""", database.engine).set_index("id")

In [144]:
bdn = pd.read_sql("""
SELECT
    PCAP.MALWARE_ID,
    DN.DN,
    WL.RANK_BDN,
    COUNT(*) AS APP,
    SUM(CASE WHEN M.RCODE = 3 THEN 1 ELSE 0 END) AS NX,
    COUNT(DISTINCT M.PCAP_ID) AS PCAPS,
    DN_NN1.value as epsilon
FROM
    (SELECT * FROM MESSAGE WHERE IS_R is TRUE) AS M
    JOIN PCAP ON M.PCAP_ID = PCAP.ID
    JOIN DN ON M.DN_ID = DN.ID
    JOIN WHITELIST_DN WL ON WL.DN_ID = DN.ID
    JOIN (SELECT * FROM DN_NN WHERE NN_ID=1) AS DN_NN1 ON DN.id=DN_NN1.DN_ID
    WHERE
    PCAP.INFECTED is true AND PCAP.DATASET='CTU-13'
GROUP BY
    PCAP.MALWARE_ID,
    DN.DN,
    WL.RANK_BDN,
    DN_NN1.VALUE;
""", database.engine.connect())
bdn.head()

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon
0,177,adedtppnnfmztussktlnbknkn.org,,7,7,1,1.0
1,177,aefaeamofemugdieddphebijb.org,,4,4,1,1.0
2,177,aehyfivoxckrcmnvhinxoeqpzrcwgdu.biz,,7,7,1,1.0
3,177,aemfyldumrlithbaayzhib.com,,7,7,1,0.999999
4,177,aemzlxlnduaigyqpjfqdiqopnyp.info,,7,7,1,1.0


In [178]:

def dbexecute_setdga(mwdga):
    mwdga_iddga = []
    for mwid in mwdga:
        mwdga_iddga.append([mwid, mwdga[mwid]])
        pass

    dfmw = pd.DataFrame(mwdga_iddga, columns=["id", "dga"])

    for _, row in dfmw.iterrows():
        with database.engine.connect() as conn:
            try:
                conn.execute(
                    text("""
                    UPDATE MALWARE SET DGA=:dga WHERE id=:id;
                    """),
                    [{"id": int(row["id"]), "dga": int(row["dga"]) }]
                )
                conn.commit()
            except IntegrityError as e:
                try:
                    raise e.orig
                except psycopg2.errors.UniqueViolation as e:
                    pass
                except:
                    print(e)

def dbtest(mwdga):
    display(Markdown("# Test with db"))

    pcaps = pd.read_sql("SELECT * FROM pcap", database.engine)
    malwares = pd.read_sql("SELECT * FROM malware", database.engine).set_index("id")

    pcaps = pcaps[(pcaps.dataset == "CTU-13") & (pcaps.infected)]

    alls = []
    for _, row in pcaps.iterrows():
        mwid = row["malware_id"]
        alls.append(malwares.loc[mwid, "dga"] == mwdga[mwid])

    display(Markdown("Success" if all(alls) else "Failed"))
    pass

mwdga = {}


In [164]:
mwlist = pcaps[(pcaps["dataset"] == "CTU-13")][["id", "malware_id"]].groupby("malware_id").agg({"id": lambda x: x.to_list()}).sort_values(by="malware_id")
mwdga = {}


bo = []

for mwid in mwlist.index:
    df = bdn.copy()
    df["nx/app"] = df["nx"] / df["app"]

    eplb = "eps > 0.5"
    nxlb = "nx > 0.5"
    lbs = [eplb, nxlb]
    dfs = {
        eplb: df[(df.malware_id == mwid) & (df["epsilon"] > 0.5)],
        nxlb: df[(df.malware_id == mwid) & (df["nx/app"] > 0.5)]
    }
    ret = {}
    ret[("mw", "id")] = mwid # type: ignore
    # ret[("mw", "dga")] = int(malwares.loc[mwid,"dga"]) # type: ignore
    ret[("mw", "responses")] = int(malwares.loc[mwid,"r"]) # type: ignore
    ret[("mw", "uniques")] = int(malwares.loc[mwid,"u"]) # type: ignore
    for how in lbs:
        ret[(how, "count")] = dfs[how].shape[0]
        ret[(how, "app")] = dfs[how].app.sum()
        ret[(how, "nx")] = dfs[how].nx.sum()
        ret[(how, "∃nx")] = (dfs[how].nx > 0).sum()
    bo.append(ret)

df = pd.DataFrame.from_records(bo)
df.columns = pd.MultiIndex.from_tuples(df.columns)

for how in [eplb]:
    df[how, "nx/app"] = ((df[how, "nx"] / df[how, "app"]).round(1) * 10).fillna(-1).astype(int)
    df[how, "∃nx/count"] = ((df[how, "∃nx"] / df[how, "count"]).round(1) * 10).fillna(-1).astype(int)
    df[how, "%"] = ((df[how, "count"] / df["mw", "uniques"]).round(2) * 100).fillna(-1).astype(int)
df[("mw", "dga")] = int(malwares.loc[mwid,"dga"]) # type: ignore

df_overall = df.copy()

df_overall

Unnamed: 0_level_0,mw,mw,mw,eps > 0.5,eps > 0.5,eps > 0.5,eps > 0.5,nx > 0.5,nx > 0.5,nx > 0.5,nx > 0.5,eps > 0.5,eps > 0.5,eps > 0.5,mw
Unnamed: 0_level_1,id,responses,uniques,count,app,nx,∃nx,count,app,nx,∃nx,nx/app,∃nx/count,%,dga
0,1,320297,31786,0,0,0,0,0,0,0,0,-1,-1,0,2
1,177,8124,2027,2002,8010,7581,1976,1888,7734,7475,1888,9,10,99,2
2,178,609424,1002,989,603236,603224,989,1002,609424,609411,1002,10,10,99,2
3,179,4672,2707,2570,3947,2587,2512,2581,2664,2662,2581,7,10,95,2
4,180,30806,5746,4015,11215,6160,3982,5497,8756,8507,5497,5,10,70,2
5,181,4642965,1240,4,30054,10457,4,100,777207,462079,100,3,10,0,2
6,182,36220,6388,78,798,6,5,164,187,182,164,0,1,1,2
7,183,27478,100,3,2015,892,3,49,8035,5513,49,4,10,3,2
8,184,45355,625,19,160,3,1,28,23551,15199,28,0,1,3,2
9,185,4342,1237,14,36,0,0,3,4,4,3,0,0,1,2


In [155]:
mwlist = pcaps[(pcaps["dataset"] == "CTU-13")][["id", "malware_id"]].groupby("malware_id").agg({"id": lambda x: x.to_list()}).sort_values(by="malware_id")
mwdga = {}


def genmask(mwid, appgt10=None, nx_gt0=None, rankbdn_null=None, nx_app_gt=None, nx_app_lt=None, th=None):
    df = bdn.copy()
    df["nx/app"] = df["nx"] / df["app"]
    tmp = []
    mask = pd.Series(np.ones(df.shape[0], dtype=bool))
    if appgt10 is not None:
        tmp.append("app > 10" if appgt10 else "app <= 10")
        mask &= df.app > 10 if appgt10 else df.app <= 10
    if nx_gt0 is not None:
        tmp.append("nx > 0" if nx_gt0 else "nx == 0")
        mask &= df.nx > 0 if nx_gt0 else df.nx == 0
    if rankbdn_null is not None:
        tmp.append("rankbdn null" if rankbdn_null else " rankbdn not null")
        mask &= df.rank_bdn.isna() if rankbdn_null else (~df.rank_bdn.isna())
    if nx_app_gt is not None:
        tmp.append(f"nx/app > {nx_app_gt}")
        mask &= df["nx/app"] > nx_app_gt
    if nx_app_lt is not None:
        tmp.append(f"nx/app < {nx_app_lt}")
        mask &= df["nx/app"] < nx_app_lt
    if th is not None:
        tmp.append(f"epsilon > {th}")
        mask &= df["epsilon"] > th
    df = df[(df.malware_id == mwid) & mask]
    
    header = [f"- queries: {int(malwares.loc[mwid,"r"])}", f"- uniques: {int(malwares.loc[mwid,"u"])}"]# type: ignore
    display(Markdown(f"## Malware#{mwid} info:\n\n" + "\n".join(header)))
    display(Markdown("Domains with:\n\n" + "\n".join([ '- ' + t for t in tmp ])))
    display(Markdown("are:\n\n" + "\n".join([
        f"- count: {df.shape[0]}",
        f"- app: {df.app.sum()}",
        f"- nx: {df.nx.sum()}",
        f"- ∃nx: {(df.nx > 0).sum()}"
    ])))
    if df.shape[0]:
        display(df.sort_values(by="app", ascending=False))
        pass
    else:
        display(Markdown("> No data"))
    display(Markdown("***"))
    return df.sort_values(by="app", ascending=False)

In [179]:
mwdga = {}
for _, row in df_overall.iterrows():
    if row["mw", "id"] == 1: continue
    if row["eps > 0.5", "%"] >= 40:
        genmask(row["mw", "id"]).head()
        genmask(row["mw", "id"], th=0.5).head()
        genmask(row["mw", "id"], nx_gt0=True).head()
        genmask(row["mw", "id"], nx_gt0=False).head()
        display(Markdown("***"))
        display(Markdown("***"))
    mwdga[int(row["mw","id"])] = 1 if row["eps > 0.5", "%"] < 40 else 2
    

## Malware#177 info:

- queries: 8124
- uniques: 2027

Domains with:



are:

- count: 2026
- app: 8124
- nx: 7602
- ∃nx: 1981

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
257,177,dns.msftncsi.com,453160.0,29,3,1,2.874122e-07,0.103448
1765,177,www.bing.com,156.0,17,1,1,3.527413e-07,0.058824
1766,177,www.google.com,3.0,14,8,1,3.055666e-07,0.571429
1767,177,www.google.cz,3963.0,14,8,1,2.709334e-04,0.571429
1939,177,ytnjqgmnhrxeathuwkvgvcts.org,,8,4,1,9.999999e-01,0.500000
...,...,...,...,...,...,...,...,...
615,177,hyamdyozzlukfvwhadlzrojxwd.biz,,1,1,1,1.000000e+00,1.000000
1124,177,orlvequgmjhylautgskqcpvwvogy.com,,1,1,1,1.000000e+00,1.000000
52,177,auymbfuginhvbahtxsdi.biz,,1,1,1,9.999991e-01,1.000000
1133,177,oueqeywcbmvgqcbyxwvwdhydedyuc.ru,,1,1,1,1.000000e+00,1.000000


***

## Malware#177 info:

- queries: 8124
- uniques: 2027

Domains with:

- epsilon > 0.5

are:

- count: 2002
- app: 8010
- nx: 7581
- ∃nx: 1976

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
1939,177,ytnjqgmnhrxeathuwkvgvcts.org,,8,4,1,1.000000,0.5
0,177,adedtppnnfmztussktlnbknkn.org,,7,7,1,1.000000,1.0
888,177,lryhvkcsotlvhktjffuaioft.com,,7,7,1,0.999999,1.0
895,177,lthnvbepjvworeawsvoozeagq.com,,7,7,1,1.000000,1.0
903,177,lvdojscdynzmrxzxtzzvkpneu.biz,,7,7,1,0.999999,1.0
...,...,...,...,...,...,...,...,...
1959,177,zdhzsktzhustdxbidyemtga.biz,,1,0,1,1.000000,0.0
1460,177,svbaormntxcmofzwpfkrpuwtg.com,,1,1,1,1.000000,1.0
485,177,gyaiyhtodaljdmugpfnfmfgabirsztdy.biz,,1,1,1,1.000000,1.0
90,177,biolzcmemlvtgizxvbuumnba.com,,1,1,1,0.999999,1.0


***

## Malware#177 info:

- queries: 8124
- uniques: 2027

Domains with:

- nx > 0

are:

- count: 1981
- app: 8043
- nx: 7602
- ∃nx: 1981

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
257,177,dns.msftncsi.com,453160.0,29,3,1,2.874122e-07,0.103448
1765,177,www.bing.com,156.0,17,1,1,3.527413e-07,0.058824
1766,177,www.google.com,3.0,14,8,1,3.055666e-07,0.571429
1767,177,www.google.cz,3963.0,14,8,1,2.709334e-04,0.571429
1939,177,ytnjqgmnhrxeathuwkvgvcts.org,,8,4,1,9.999999e-01,0.500000
...,...,...,...,...,...,...,...,...
265,177,dqdihjtgjrhwpfgqpzhqtobumz.net,,1,1,1,1.000000e+00,1.000000
741,177,jzxukqggurstvoyllcyuojae.ru,,1,1,1,9.999989e-01,1.000000
501,177,haknbknizbbinqsgyuwlvdqoay.info,,1,1,1,1.000000e+00,1.000000
728,177,jvtclrgeibepbyxqlkzeyuo.com,,1,1,1,9.999976e-01,1.000000


***

## Malware#177 info:

- queries: 8124
- uniques: 2027

Domains with:

- nx == 0

are:

- count: 45
- app: 81
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
1001,177,mta7.am0.yahoodns.net,,4,0,1,4.660696e-09,0.0
578,177,hotmail.com,3910.0,3,0,1,5.878788e-08,0.0
1715,177,web.de,8448.0,3,0,1,4.791703e-06,0.0
1009,177,mx2.hotmail.com,3910.0,3,0,1,5.496674e-08,0.0
1008,177,mx1.hotmail.com,3910.0,3,0,1,4.716464e-08,0.0
1000,177,mta6.am0.yahoodns.net,,3,0,1,2.228851e-09,0.0
29,177,aol.com,1820.0,3,0,1,6.206943e-05,0.0
1880,177,yahoo.com,228.0,3,0,1,0.0004719932,0.0
1770,177,www.mbkveyukzxzxlbbmmzcmonxkabu.com,,2,0,1,0.9999998,0.0
641,177,ifpherclbgicmtzhgmgeobxshijf.org,,2,0,1,1.0,0.0


***

***

***

## Malware#178 info:

- queries: 609424
- uniques: 1002

Domains with:



are:

- count: 1002
- app: 609424
- nx: 609411
- ∃nx: 1002

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
2034,178,bbtybrmepmru.xyz,,1046,1046,1,9.999635e-01,1.0
2791,178,rkpiqcmmmbue.xyz,,1031,1031,1,9.999929e-01,1.0
2563,178,jxihgmogkkgs.xyz,,1029,1029,1,9.999999e-01,1.0
2047,178,bcxuxooveffi.xyz,,1029,1029,1,9.996320e-01,1.0
2091,178,brbqlwsepmtm.xyz,,1029,1029,1,9.999976e-01,1.0
...,...,...,...,...,...,...,...,...
2874,178,stqbynwckcsx.xyz,,339,339,1,9.999998e-01,1.0
2906,178,uipojtchwbur.xyz,,338,338,1,9.999449e-01,1.0
2794,178,rlkkethqqvbt.xyz,,338,338,1,9.999999e-01,1.0
2086,178,bqumjrfosrqp.xyz,,315,315,1,9.999982e-01,1.0


***

## Malware#178 info:

- queries: 609424
- uniques: 1002

Domains with:

- epsilon > 0.5

are:

- count: 989
- app: 603236
- nx: 603224
- ∃nx: 989

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
2034,178,bbtybrmepmru.xyz,,1046,1046,1,0.999963,1.0
2791,178,rkpiqcmmmbue.xyz,,1031,1031,1,0.999993,1.0
2091,178,brbqlwsepmtm.xyz,,1029,1029,1,0.999998,1.0
2047,178,bcxuxooveffi.xyz,,1029,1029,1,0.999632,1.0
2563,178,jxihgmogkkgs.xyz,,1029,1029,1,1.000000,1.0
...,...,...,...,...,...,...,...,...
2337,178,ghpeyebtuurv.xyz,,340,340,1,0.999990,1.0
2874,178,stqbynwckcsx.xyz,,339,339,1,1.000000,1.0
2794,178,rlkkethqqvbt.xyz,,338,338,1,1.000000,1.0
2906,178,uipojtchwbur.xyz,,338,338,1,0.999945,1.0


***

## Malware#178 info:

- queries: 609424
- uniques: 1002

Domains with:

- nx > 0

are:

- count: 1002
- app: 609424
- nx: 609411
- ∃nx: 1002

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
2034,178,bbtybrmepmru.xyz,,1046,1046,1,9.999635e-01,1.0
2791,178,rkpiqcmmmbue.xyz,,1031,1031,1,9.999929e-01,1.0
2563,178,jxihgmogkkgs.xyz,,1029,1029,1,9.999999e-01,1.0
2047,178,bcxuxooveffi.xyz,,1029,1029,1,9.996320e-01,1.0
2091,178,brbqlwsepmtm.xyz,,1029,1029,1,9.999976e-01,1.0
...,...,...,...,...,...,...,...,...
2874,178,stqbynwckcsx.xyz,,339,339,1,9.999998e-01,1.0
2906,178,uipojtchwbur.xyz,,338,338,1,9.999449e-01,1.0
2794,178,rlkkethqqvbt.xyz,,338,338,1,9.999999e-01,1.0
2086,178,bqumjrfosrqp.xyz,,315,315,1,9.999982e-01,1.0


***

## Malware#178 info:

- queries: 609424
- uniques: 1002

Domains with:

- nx == 0

are:

- count: 0
- app: 0
- nx: 0
- ∃nx: 0

> No data

***

***

***

## Malware#179 info:

- queries: 4672
- uniques: 2707

Domains with:



are:

- count: 2666
- app: 4672
- nx: 2685
- ∃nx: 2599

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
3192,179,bllewbrb.bit,,690,0,1,9.998491e-01,0.000000
5597,179,ygwnfft.sh,,569,0,1,9.999802e-01,0.000000
3439,179,dns.msftncsi.com,453160.0,537,2,1,2.874122e-07,0.003724
3029,179,1.pool.ntp.org,21832.0,23,3,1,9.767055e-07,0.130435
3028,179,0.pool.ntp.org,21832.0,23,3,1,6.107052e-07,0.130435
...,...,...,...,...,...,...,...,...
3934,179,ibtgombiaknfyqnnov.su,,1,1,1,9.999993e-01,1.000000
3935,179,icanhazip.com,795016.0,1,0,1,1.899325e-08,0.000000
3936,179,icdvvugfns.eu,,1,1,1,9.958807e-01,1.000000
3937,179,icfvnisevkrskwdj.pw,,1,1,1,9.999953e-01,1.000000


***

## Malware#179 info:

- queries: 4672
- uniques: 2707

Domains with:

- epsilon > 0.5

are:

- count: 2570
- app: 3947
- nx: 2587
- ∃nx: 2512

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
3192,179,bllewbrb.bit,,690,0,1,0.999849,0.0
5597,179,ygwnfft.sh,,569,0,1,0.999980,0.0
4911,179,rlbdexogfcup.com,,16,0,1,0.999994,0.0
4669,179,oxqmjsmrdrlartl.eu,,6,0,1,1.000000,0.0
3356,179,cvut.cz,71345.0,4,0,1,0.925174,0.0
...,...,...,...,...,...,...,...,...
3937,179,icfvnisevkrskwdj.pw,,1,1,1,0.999995,1.0
3938,179,icgdhalsxvrfhdiae.org,,1,1,1,0.999997,1.0
3939,179,ichlmgvxpsw.ki,,1,1,1,1.000000,1.0
3940,179,icinmqjkjt.org,,1,1,1,0.999997,1.0


***

## Malware#179 info:

- queries: 4672
- uniques: 2707

Domains with:

- nx > 0

are:

- count: 2599
- app: 3278
- nx: 2685
- ∃nx: 2599

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
3439,179,dns.msftncsi.com,453160.0,537,2,1,2.874122e-07,0.003724
3028,179,0.pool.ntp.org,21832.0,23,3,1,6.107052e-07,0.130435
3029,179,1.pool.ntp.org,21832.0,23,3,1,9.767055e-07,0.130435
3030,179,2.pool.ntp.org,21832.0,5,3,1,1.588218e-06,0.600000
4395,179,microsoft.com,38.0,3,3,1,1.486222e-07,1.000000
...,...,...,...,...,...,...,...,...
3934,179,ibtgombiaknfyqnnov.su,,1,1,1,9.999993e-01,1.000000
3936,179,icdvvugfns.eu,,1,1,1,9.958807e-01,1.000000
3937,179,icfvnisevkrskwdj.pw,,1,1,1,9.999953e-01,1.000000
3938,179,icgdhalsxvrfhdiae.org,,1,1,1,9.999971e-01,1.000000


***

## Malware#179 info:

- queries: 4672
- uniques: 2707

Domains with:

- nx == 0

are:

- count: 67
- app: 1394
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
3192,179,bllewbrb.bit,,690,0,1,9.998491e-01,0.0
5597,179,ygwnfft.sh,,569,0,1,9.999802e-01,0.0
3597,179,facebook.com,2.0,22,0,1,1.679791e-07,0.0
4911,179,rlbdexogfcup.com,,16,0,1,9.999945e-01,0.0
4669,179,oxqmjsmrdrlartl.eu,,6,0,1,9.999999e-01,0.0
...,...,...,...,...,...,...,...,...
4135,179,jwumimcytkhdhavie.bit,,1,0,1,9.999831e-01,0.0
4253,179,l2.io,2733897.0,1,0,1,2.628257e-05,0.0
4339,179,lsixnumqrmnayxabmlgdm.bit,,1,0,1,9.999999e-01,0.0
4435,179,mrhvrbgmvgk.bit,,1,0,1,9.999992e-01,0.0


***

***

***

## Malware#180 info:

- queries: 30806
- uniques: 5746

Domains with:



are:

- count: 5588
- app: 30806
- nx: 11586
- ∃nx: 5540

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
10148,180,smis.cc,,3779,564,1,8.583527e-06,0.149246
9606,180,pcg.su,,2996,512,1,2.199016e-04,0.170895
7579,180,ccl.su,,2146,904,1,7.308183e-03,0.421249
7788,180,dns.msftncsi.com,453160.0,1274,108,1,2.874122e-07,0.084772
8979,180,leq.su,,891,306,1,4.211407e-03,0.343434
...,...,...,...,...,...,...,...,...
7613,180,ckiw3gg6w8.smis.cc,,1,1,1,9.999983e-01,1.000000
7612,180,cjxuuomcek.smis.cc,,1,1,1,9.999999e-01,1.000000
7611,180,cjth2jfqx.ccl.su,,1,1,1,9.999703e-01,1.000000
7610,180,cjhiu.ccl.su,,1,1,1,9.999715e-01,1.000000


***

## Malware#180 info:

- queries: 30806
- uniques: 5746

Domains with:

- epsilon > 0.5

are:

- count: 4015
- app: 11215
- nx: 6160
- ∃nx: 3982

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
7921,180,ehk.su,,527,205,1,0.895030,0.388994
9701,180,pxbv2w0wlhxa.smis.cc,,331,0,1,0.999999,0.000000
7318,180,a3ynj0a9uq85ct4.pcg.su,,329,0,1,0.999850,0.000000
10115,180,sgaw8lg.smis.cc,,291,1,1,0.999827,0.003436
7358,180,aqu.su,,272,0,1,0.572785,0.000000
...,...,...,...,...,...,...,...,...
7745,180,ddql1f.pcg.su,,1,1,1,0.999628,1.000000
7746,180,dee4sbbj76aoeof.ccl.su,,1,1,1,0.999984,1.000000
7747,180,dee4sbbj76aoeof.smis.cc,,1,1,1,1.000000,1.000000
7748,180,dehl8enp2kafz.smis.cc,,1,1,1,0.999978,1.000000


***

## Malware#180 info:

- queries: 30806
- uniques: 5746

Domains with:

- nx > 0

are:

- count: 5540
- app: 26995
- nx: 11586
- ∃nx: 5540

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
10148,180,smis.cc,,3779,564,1,8.583527e-06,0.149246
9606,180,pcg.su,,2996,512,1,2.199016e-04,0.170895
7579,180,ccl.su,,2146,904,1,7.308183e-03,0.421249
7788,180,dns.msftncsi.com,453160.0,1274,108,1,2.874122e-07,0.084772
8979,180,leq.su,,891,306,1,4.211407e-03,0.343434
...,...,...,...,...,...,...,...,...
7604,180,ch96k58hb0bca7ah.ccl.su,,1,1,1,1.067188e-01,1.000000
7603,180,ch8dvibru7cf.pcg.su,,1,1,1,9.999892e-01,1.000000
7602,180,ch6rv08sfickrnl.ccl.su,,1,1,1,9.545106e-01,1.000000
7601,180,ch2e3v06x1ps8p.smis.cc,,1,1,1,1.000000e+00,1.000000


***

## Malware#180 info:

- queries: 30806
- uniques: 5746

Domains with:

- nx == 0

are:

- count: 48
- app: 3811
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
10817,180,www.download.windowsupdate.com,109464.0,890,0,1,8.534278e-11,0.0
9130,180,many.su,,427,0,1,0.0006059273,0.0
9701,180,pxbv2w0wlhxa.smis.cc,,331,0,1,0.9999993,0.0
7318,180,a3ynj0a9uq85ct4.pcg.su,,329,0,1,0.9998497,0.0
7358,180,aqu.su,,272,0,1,0.5727845,0.0
6378,180,4c5a230b5iwb8vxvq.smis.cc,,265,0,1,0.9999989,0.0
9464,180,oh1iuonak.smis.cc,,220,0,1,0.9999748,0.0
6244,180,3k3kwrnj.aqu.su,,195,0,1,2.074573e-08,0.0
9205,180,mqdjqxtr7692e.pcg.su,,176,0,1,0.9999959,0.0
6324,180,41z0esvzltx.aqu.su,,163,0,1,2.745076e-07,0.0


***

***

***

## Malware#190 info:

- queries: 210201
- uniques: 1002

Domains with:



are:

- count: 1002
- app: 210201
- nx: 206418
- ∃nx: 1001

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
73780,190,wwdcdfjjrvyf.pw,,220,211,1,9.999999e-01,0.959091
73071,190,foovcdkgpemn.pw,,218,217,1,9.999996e-01,0.995413
72978,190,dehgpbyyvyle.pw,,217,211,1,1.000000e+00,0.972350
73919,190,yyffsscwgolo.pw,,217,215,1,9.999999e-01,0.990783
73542,190,uyhgqunqkxnx.pw,,217,207,1,9.999980e-01,0.953917
...,...,...,...,...,...,...,...,...
73801,190,wwtdskrvdmgj.pw,,203,196,1,9.999995e-01,0.965517
73813,190,xckfrvrqtrrw.pw,,203,196,1,9.999928e-01,0.965517
73634,190,vtupbihejyub.pw,,187,182,1,9.999999e-01,0.973262
73933,190,yyvxbbyjccru.pw,,131,129,1,9.999507e-01,0.984733


***

## Malware#190 info:

- queries: 210201
- uniques: 1002

Domains with:

- epsilon > 0.5

are:

- count: 993
- app: 208523
- nx: 204765
- ∃nx: 993

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
73780,190,wwdcdfjjrvyf.pw,,220,211,1,1.000000,0.959091
73071,190,foovcdkgpemn.pw,,218,217,1,1.000000,0.995413
73542,190,uyhgqunqkxnx.pw,,217,207,1,0.999998,0.953917
73919,190,yyffsscwgolo.pw,,217,215,1,1.000000,0.990783
72978,190,dehgpbyyvyle.pw,,217,211,1,1.000000,0.972350
...,...,...,...,...,...,...,...,...
73801,190,wwtdskrvdmgj.pw,,203,196,1,0.999999,0.965517
73512,190,uqktwifgbjqi.pw,,203,197,1,1.000000,0.970443
73813,190,xckfrvrqtrrw.pw,,203,196,1,0.999993,0.965517
73634,190,vtupbihejyub.pw,,187,182,1,1.000000,0.973262


***

## Malware#190 info:

- queries: 210201
- uniques: 1002

Domains with:

- nx > 0

are:

- count: 1001
- app: 210198
- nx: 206418
- ∃nx: 1001

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
73780,190,wwdcdfjjrvyf.pw,,220,211,1,1.000000,0.959091
73071,190,foovcdkgpemn.pw,,218,217,1,1.000000,0.995413
73542,190,uyhgqunqkxnx.pw,,217,207,1,0.999998,0.953917
73700,190,vvogycdlffgh.pw,,217,210,1,1.000000,0.967742
72978,190,dehgpbyyvyle.pw,,217,211,1,1.000000,0.972350
...,...,...,...,...,...,...,...,...
73512,190,uqktwifgbjqi.pw,,203,197,1,1.000000,0.970443
73801,190,wwtdskrvdmgj.pw,,203,196,1,0.999999,0.965517
73813,190,xckfrvrqtrrw.pw,,203,196,1,0.999993,0.965517
73634,190,vtupbihejyub.pw,,187,182,1,1.000000,0.973262


***

## Malware#190 info:

- queries: 210201
- uniques: 1002

Domains with:

- nx == 0

are:

- count: 1
- app: 3
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
72986,190,dns.msftncsi.com,453160.0,3,0,1,2.874122e-07,0.0


***

***

***

## Malware#193 info:

- queries: 242718
- uniques: 6305

Domains with:



are:

- count: 6297
- app: 242718
- nx: 235012
- ∃nx: 2793

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
85028,193,www.google.cz,3963.0,261,255,2,2.709334e-04,0.977011
85027,193,www.google.com,3.0,257,253,2,3.055666e-07,0.984436
84089,193,tbmnxgzxydxkdmypfybaxkskzxz.com,,153,152,1,9.999999e-01,0.993464
84116,193,tcugmvfamzjfdyemhaprwnzqdnz.com,,153,153,1,1.000000e+00,1.000000
79631,193,aqxksgswizbaqamzhnzaugaay.com,,153,153,1,9.999996e-01,1.000000
...,...,...,...,...,...,...,...,...
81481,193,iflxgguqcemroeiszlqxmzpmvtg.org,,1,0,1,1.000000e+00,0.000000
81480,193,ifllnyxvpbizpvctcvwivtsydxchq.com,,1,0,1,1.000000e+00,0.000000
81475,193,ifhelrxprzdkvzhpbfyxodxkjb.ru,,1,1,1,1.000000e+00,1.000000
83821,193,rsdonkjjvhdcypobhyehxk.biz,,1,1,1,1.000000e+00,1.000000


***

## Malware#193 info:

- queries: 242718
- uniques: 6305

Domains with:

- epsilon > 0.5

are:

- count: 6294
- app: 242190
- nx: 234498
- ∃nx: 2790

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
79631,193,aqxksgswizbaqamzhnzaugaay.com,,153,153,1,1.0,1.000000
79824,193,bqjvpflmrdzldhjndwfepfpmj.com,,153,153,1,1.0,1.000000
84089,193,tbmnxgzxydxkdmypfybaxkskzxz.com,,153,152,1,1.0,0.993464
84116,193,tcugmvfamzjfdyemhaprwnzqdnz.com,,153,153,1,1.0,1.000000
84232,193,tlbtwoznztbmxojgitvgyxptc.info,,153,153,1,1.0,1.000000
...,...,...,...,...,...,...,...,...
81480,193,ifllnyxvpbizpvctcvwivtsydxchq.com,,1,0,1,1.0,0.000000
83816,193,rpwkrcxwzljnhtqkpzmfphcy.biz,,1,0,1,1.0,0.000000
81475,193,ifhelrxprzdkvzhpbfyxodxkjb.ru,,1,1,1,1.0,1.000000
81473,193,iffafinzukbfihmkzdcmfsc.com,,1,1,1,1.0,1.000000


***

## Malware#193 info:

- queries: 242718
- uniques: 6305

Domains with:

- nx > 0

are:

- count: 2793
- app: 237261
- nx: 235012
- ∃nx: 2793

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
85028,193,www.google.cz,3963.0,261,255,2,2.709334e-04,0.977011
85027,193,www.google.com,3.0,257,253,2,3.055666e-07,0.984436
84089,193,tbmnxgzxydxkdmypfybaxkskzxz.com,,153,152,1,9.999999e-01,0.993464
79631,193,aqxksgswizbaqamzhnzaugaay.com,,153,153,1,9.999996e-01,1.000000
79824,193,bqjvpflmrdzldhjndwfepfpmj.com,,153,153,1,9.999999e-01,1.000000
...,...,...,...,...,...,...,...,...
83076,193,pbkvxkkbtjyobxmzyemivmzx.ru,,1,1,1,9.999999e-01,1.000000
81473,193,iffafinzukbfihmkzdcmfsc.com,,1,1,1,1.000000e+00,1.000000
80369,193,dsgptwgpxcgqdhtsgqyhcyw.ru,,1,1,1,9.999999e-01,1.000000
80372,193,dskluowoucivofqwhaqknjlzw.ru,,1,1,1,1.000000e+00,1.000000


***

## Malware#193 info:

- queries: 242718
- uniques: 6305

Domains with:

- nx == 0

are:

- count: 3504
- app: 5457
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
82564,193,mrrkyxfadeprijvsyhxwyhrkkzprskjf.com,,7,0,1,1.000000,0.0
84411,193,uaitpvheydenvnjfmutopjn.net,,7,0,1,1.000000,0.0
80477,193,dyukgyofrpbshlhyztobih.com,,6,0,1,0.999977,0.0
82110,193,lfdibnjtlwghfmgupxgsgmpdm.com,,6,0,1,1.000000,0.0
80524,193,ehmrgojwtvwlrhtwofongulv.com,,6,0,1,0.999998,0.0
...,...,...,...,...,...,...,...,...
80785,193,fqnjbqtwvlhqhmlhknpovtbu.info,,1,0,1,1.000000,0.0
83039,193,ozplramhmtpftnugivdlzlj.ru,,1,0,1,1.000000,0.0
83043,193,ozqkpjlfupcyditonlpnvstzttk.biz,,1,0,1,1.000000,0.0
83045,193,ozruklnzlftgtcibpguqokrzt.net,,1,0,1,1.000000,0.0


***

***

***

## Malware#195 info:

- queries: 3762106
- uniques: 5226

Domains with:



are:

- count: 3963
- app: 3762106
- nx: 2178108
- ∃nx: 3960

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
91046,195,pupyjuv.com,,5982,704,2,0.999996,0.117686
91271,195,qegyrol.com,,5718,1030,2,0.999999,0.180133
92227,195,vowydic.com,,5707,1066,2,0.999998,0.186788
89537,195,galyvas.com,,5706,1015,3,0.999991,0.177883
91262,195,qegykiq.com,,5672,919,2,0.999998,0.162024
...,...,...,...,...,...,...,...,...
89874,195,hyifswvktgtkrgmbeuofagth.ru,,1,1,1,1.000000,1.000000
88984,195,cjflnurkgieidigevlytusuof.info,,1,1,1,0.999999,1.000000
88981,195,civxbyjfuwnrbqhqhihuyplf.net,,1,1,1,1.000000,1.000000
91573,195,rtsptwilfrwkfjlrrkhlnp.org,,1,1,1,0.999999,1.000000


***

## Malware#195 info:

- queries: 3762106
- uniques: 5226

Domains with:

- epsilon > 0.5

are:

- count: 3948
- app: 3750883
- nx: 2171171
- ∃nx: 3946

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
91046,195,pupyjuv.com,,5982,704,2,0.999996,0.117686
91271,195,qegyrol.com,,5718,1030,2,0.999999,0.180133
92227,195,vowydic.com,,5707,1066,2,0.999998,0.186788
89537,195,galyvas.com,,5706,1015,3,0.999991,0.177883
91262,195,qegykiq.com,,5672,919,2,0.999998,0.162024
...,...,...,...,...,...,...,...,...
89345,195,fegegvcwojrtccqwsovsgpknzh.com,,1,1,1,1.000000,1.000000
89339,195,fasolofmjfkvztkweqkofkfpf.ru,,1,1,1,0.999999,1.000000
89335,195,fakjxlxhijgilzbeizeqrstdi.org,,1,1,1,0.999988,1.000000
89327,195,fabqjbemcuhciljppfljrxbint.com,,1,1,1,1.000000,1.000000


***

## Malware#195 info:

- queries: 3762106
- uniques: 5226

Domains with:

- nx > 0

are:

- count: 3960
- app: 3762096
- nx: 2178108
- ∃nx: 3960

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
91046,195,pupyjuv.com,,5982,704,2,0.999996,0.117686
91271,195,qegyrol.com,,5718,1030,2,0.999999,0.180133
92227,195,vowydic.com,,5707,1066,2,0.999998,0.186788
89537,195,galyvas.com,,5706,1015,3,0.999991,0.177883
91262,195,qegykiq.com,,5672,919,2,0.999998,0.162024
...,...,...,...,...,...,...,...,...
92534,195,yamgqvsbyeionupkjfaeuobuop.com,,1,1,1,0.999840,1.000000
91736,195,tgprukfesgytfmsxwlmuszdce.info,,1,1,1,0.999999,1.000000
91752,195,tkdpberoyppbskrotsfqivzxh.org,,1,1,1,0.999987,1.000000
91759,195,tkroakfibqbmftdmfxgq.com,,1,1,1,0.999996,1.000000


***

## Malware#195 info:

- queries: 3762106
- uniques: 5226

Domains with:

- nx == 0

are:

- count: 3
- app: 10
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
91629,195,shuffleset.com,,5,0,1,0.008725,0.0
92360,195,www.msftncsi.com,453160.0,3,0,2,0.521588,0.0
92610,195,ytlcmhiozkngmdpvlnslrirdi.ru,,2,0,1,0.999998,0.0


***

***

***

## Malware#523 info:

- queries: 385906
- uniques: 6148

Domains with:



are:

- count: 4119
- app: 385906
- nx: 379463
- ∃nx: 3603

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
97349,523,www.google.com,3.0,676,668,2,3.055666e-07,0.988166
97350,523,www.google.cz,3963.0,675,671,2,2.709334e-04,0.994074
97034,523,uprgitcidqeceynvcapvmzp.com,,424,422,2,1.000000e+00,0.995283
95282,523,kjtscwcontceqtshpvaylrkzojtkf.net,,421,419,2,1.000000e+00,0.995249
93795,523,ampjtwemugeaftuchimjwklxsfu.info,,421,420,2,1.000000e+00,0.997625
...,...,...,...,...,...,...,...,...
95148,523,jbxmzllryddyucxqmzdmjvhxg.net,,1,1,1,1.000000e+00,1.000000
95149,523,jbylcilaipzpzskqoqhqpngutt.com,,1,1,1,9.999781e-01,1.000000
96599,523,sdttmfsceukbiblnjryvgk.biz,,1,1,1,9.999999e-01,1.000000
96598,523,sdmzvohfbuqslmvknoflypai.info,,1,1,1,9.999996e-01,1.000000


***

## Malware#523 info:

- queries: 385906
- uniques: 6148

Domains with:

- epsilon > 0.5

are:

- count: 3592
- app: 380529
- nx: 378054
- ∃nx: 3571

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
97034,523,uprgitcidqeceynvcapvmzp.com,,424,422,2,1.000000,0.995283
93795,523,ampjtwemugeaftuchimjwklxsfu.info,,421,420,2,1.000000,0.997625
95282,523,kjtscwcontceqtshpvaylrkzojtkf.net,,421,419,2,1.000000,0.995249
96555,523,rwrwdmplztwgdqjfsycqvkvc.ru,,420,419,2,1.000000,0.997619
97469,523,xohmlmvpbfidacqaivsqglzukmvwc.biz,,420,416,2,1.000000,0.990476
...,...,...,...,...,...,...,...,...
96491,523,rmbqclnovzpmfeuucamnlbrgbqtwoz.com,,1,1,1,1.000000,1.000000
94354,523,dxodxbituotczxgeqgofddisw.biz,,1,1,1,1.000000,1.000000
96489,523,rlpfyinpjlofpbpqbeaudetvo.org,,1,1,1,0.999992,1.000000
95079,523,irmzzwoxgtshudaaupvcawgnjeamv.com,,1,1,1,1.000000,1.000000


***

## Malware#523 info:

- queries: 385906
- uniques: 6148

Domains with:

- nx > 0

are:

- count: 3603
- app: 382555
- nx: 379463
- ∃nx: 3603

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
97349,523,www.google.com,3.0,676,668,2,3.055666e-07,0.988166
97350,523,www.google.cz,3963.0,675,671,2,2.709334e-04,0.994074
97034,523,uprgitcidqeceynvcapvmzp.com,,424,422,2,1.000000e+00,0.995283
93795,523,ampjtwemugeaftuchimjwklxsfu.info,,421,420,2,1.000000e+00,0.997625
95282,523,kjtscwcontceqtshpvaylrkzojtkf.net,,421,419,2,1.000000e+00,0.995249
...,...,...,...,...,...,...,...,...
95646,523,mrnbdijcuovibzjrtabeovotgem.com,,1,1,1,9.999999e-01,1.000000
95647,523,mrnmremojdqlvwxcaitdidawkzx.info,,1,1,1,1.000000e+00,1.000000
94291,523,dqaidfavoqwpntylucizbitjzlqc.com,,1,1,1,9.999999e-01,1.000000
94292,523,dqbysgedivcrwsifizwsvcbenjfazt.com,,1,1,1,9.999999e-01,1.000000


***

## Malware#523 info:

- queries: 385906
- uniques: 6148

Domains with:

- nx == 0

are:

- count: 516
- app: 3351
- nx: 0
- ∃nx: 0

Unnamed: 0,malware_id,dn,rank_bdn,app,nx,pcaps,epsilon,nx/app
97347,523,www.aol.com,1820.0,71,0,1,1.761887e-06,0.0
94757,523,gravityboard.com,5129121.0,38,0,1,3.702423e-07,0.0
95654,523,muscanet.com,5738635.0,37,0,1,7.375691e-08,0.0
97078,523,valornet.com,5720992.0,35,0,1,3.087165e-06,0.0
94850,523,hicstofkndmprlbaayhphvg.info,,33,0,1,9.999999e-01,0.0
...,...,...,...,...,...,...,...,...
95861,523,ns2.ventraip.net.au,,1,0,1,7.778983e-08,0.0
95863,523,ns2184.dns.dyn.com,10307.0,1,0,1,7.034780e-08,0.0
95865,523,ns3.eis.net.au,5588533.0,1,0,1,1.274335e-06,0.0
95868,523,ns3.joosterhosting.com,,1,0,1,2.918430e-07,0.0


***

***

***

In [185]:
dbexecute_setdga(mwdga=mwdga)

dbtest(mwdga=mwdga)

pd.read_sql("""
SELECT MW.*
FROM
	MALWARE AS MW
	JOIN PCAP ON MW.ID = PCAP.MALWARE_ID
    WHERE DATASET='CTU-13' AND PCAP.infected is true
order by mw.id
""", database.engine).set_index("id")

# Test with db

Success

Unnamed: 0_level_0,name,sha256,dga,info,mwclass,mwtype,md5
id,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1
177,,,2,,,,13fbc418d5a37bdc2c10da11a6ef46ae
178,tinba,8006cbd1c70b2ed096af9c72d6fef2c3e9cb0a41685408...,2,,,,14010ce6f03e0a978693424d60e34ba9
179,necurse,b3ca90d4b289d31bbdefbff7d9b42bfeb0f44f97e4738c...,2,,,,1db5333a57f56c4b80bc213ed7675793
180,caphaw,9966bc568225c509c3e3b3ff9f548ba59f39908200e3e8...,2,,,,24dcfdb1f46e4018500db101234f6cd7
181,worm.netsky,c8fffb2e737514c551b2d7bcaf8baa459564b059cab1a3...,1,,,,3018e99857f31a59e0777396ae634a8f
181,worm.netsky,c8fffb2e737514c551b2d7bcaf8baa459564b059cab1a3...,1,,,,3018e99857f31a59e0777396ae634a8f
182,,,1,,,,35cf982449765a4f163bcf822e663f03
183,,,1,,,,43ecaeb983683f57af842c8993e242e6
184,bunitu,002e9d6217b17923b69710792fd85765c41a0fc5406ce6...,1,,,,5aeb4b21066217ea08f77ba9390f31b5
185,virustotal,bab391b77129150445521fddc073997ca6c7cb3db35eb1...,1,,,,6323b0f509920c6482d3c5737bb68c60
