mirror of https://github.com/MISP/misp-modules
add: Added screenshot of the behavior of the analyzed sample
parent
52dadd2df3
commit
9a6d484188
|
@ -61,6 +61,7 @@ class JoeParser():
|
||||||
|
|
||||||
self.parse_system_behavior()
|
self.parse_system_behavior()
|
||||||
self.parse_network_behavior()
|
self.parse_network_behavior()
|
||||||
|
self.parse_screenshot()
|
||||||
self.parse_network_interactions()
|
self.parse_network_interactions()
|
||||||
self.parse_dropped_files()
|
self.parse_dropped_files()
|
||||||
|
|
||||||
|
@ -140,6 +141,12 @@ class JoeParser():
|
||||||
self.misp_event.add_object(**network_connection_object)
|
self.misp_event.add_object(**network_connection_object)
|
||||||
self.references[self.analysisinfo_uuid].append({'idref': network_connection_object.uuid, 'relationship': 'initiates'})
|
self.references[self.analysisinfo_uuid].append({'idref': network_connection_object.uuid, 'relationship': 'initiates'})
|
||||||
|
|
||||||
|
def parse_screenshot(self):
|
||||||
|
screenshotdata = self.data['behavior']['screenshotdata']['interesting']['$']
|
||||||
|
attribute = {'type': 'attachment', 'value': 'screenshot.jpg',
|
||||||
|
'data': screenshotdata, 'disable_correlation': True}
|
||||||
|
self.misp_event.add_attribute(**attribute)
|
||||||
|
|
||||||
def parse_system_behavior(self):
|
def parse_system_behavior(self):
|
||||||
system = self.data['behavior']['system']
|
system = self.data['behavior']['system']
|
||||||
if system.get('processes'):
|
if system.get('processes'):
|
||||||
|
|
Loading…
Reference in New Issue