def parse_result(self):
"""
Abstract parse_result method.
It calls when analyze is finished.
It uptade malware with indicators.
"""
if not self._result:
return
json_ole = self.json_decode(self._result)
if not json_ole:
return
for item in json_ole:
if "IOC" in item["type"]:
score = 7
if "URL" in item['description'] and validators.url(item['keyword']):
extract_malware = self.malware.add_extract_malware(
self.module_cls_name, item['keyword'], Type.get_label(Type.URL))
Input.analyse_malware(extract_malware)
elif "AutoExec" in item["type"]:
score = 7
elif "Suspicious" in item["type"]:
score = 5
elif "VBA string" in item["type"]:
score = 3
elif "Hex String" in item["type"]:
score = 1
else:
score = -1
indicator = Indicator.factory(module_cls_name=self.module_cls_name,
name="item",
content_type=Type.JSON,
content=json.dumps(item),
score=score)
self._malware.get_module_status(self.module_cls_name
).add_indicator(indicator)
评论列表
文章目录
