add: Added screenshot of the behavior of the analyzed sample

4 years ago · 9a6d484188
parent 52dadd2df3
commit 9a6d484188
1 changed files with 7 additions and 0 deletions
--- a/misp_modules/lib/joe_parser.py
+++ b/misp_modules/lib/joe_parser.py
@ -61,6 +61,7 @@ class JoeParser():

        self.parse_system_behavior()
        self.parse_network_behavior()
+        self.parse_screenshot()
        self.parse_network_interactions()
        self.parse_dropped_files()

@ -140,6 +141,12 @@ class JoeParser():
                    self.misp_event.add_object(**network_connection_object)
                    self.references[self.analysisinfo_uuid].append({'idref': network_connection_object.uuid, 'relationship': 'initiates'})

+    def parse_screenshot(self):
+        screenshotdata = self.data['behavior']['screenshotdata']['interesting']['$']
+        attribute = {'type': 'attachment', 'value': 'screenshot.jpg',
+                     'data': screenshotdata, 'disable_correlation': True}
+        self.misp_event.add_attribute(**attribute)
+
    def parse_system_behavior(self):
        system = self.data['behavior']['system']
        if system.get('processes'):