MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Added screenshot of the behavior of the analyzed sample

pull/322/head
chrisr3d 2019-06-21 10:53:12 +02:00
parent 52dadd2df3
commit 9a6d484188
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
misp_modules/lib/joe_parser.py
View File

@ -61,6 +61,7 @@ class JoeParser():
self.parse_system_behavior()
self.parse_network_behavior()
self.parse_screenshot()
self.parse_network_interactions()
self.parse_dropped_files()
@ -140,6 +141,12 @@ class JoeParser():
self.misp_event.add_object(**network_connection_object)
self.references[self.analysisinfo_uuid].append({'idref': network_connection_object.uuid, 'relationship': 'initiates'})
def parse_screenshot(self):
screenshotdata = self.data['behavior']['screenshotdata']['interesting']['$']
attribute = {'type': 'attachment', 'value': 'screenshot.jpg',
'data': screenshotdata, 'disable_correlation': True}
self.misp_event.add_attribute(**attribute)
def parse_system_behavior(self):
system = self.data['behavior']['system']
if system.get('processes'):