Browse Source
add: Parsing downloaded samples as well as the referrer ones
pull/322/head
chrisr3d
3 years ago
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with
4 additions and
3 deletions
-
misp_modules/modules/expansion/virustotal_public.py
|
|
|
@ -75,9 +75,10 @@ class DomainQuery(VirusTotalParser): |
|
|
|
def parse_report(self, query_result): |
|
|
|
hash_type = 'sha256' |
|
|
|
whois = 'whois' |
|
|
|
for feature in ('undetected_referrer_samples', 'detected_referrer_samples'): |
|
|
|
for sample in query_result[feature]: |
|
|
|
self.misp_event.add_attribute(hash_type, sample[hash_type]) |
|
|
|
for feature_type in ('referrer', 'dowloaded'): |
|
|
|
for feature in ('undetected_{}_samples', 'detected_{}_samples'): |
|
|
|
for sample in query_result[feature.format(feature_type)]: |
|
|
|
self.misp_event.add_attribute(hash_type, sample[hash_type]) |
|
|
|
if query_result.get(whois): |
|
|
|
whois_object = MISPObject(whois) |
|
|
|
whois_object.add_attribute('text', type='text', value=query_result[whois]) |
|
|
|
|
