Keep malicious sample along with the reports

Malicious samples are saved to the 'malware_reports' directory along with the reports. This can be useful for further analysis through security analysts.
author: Sebastian Deiss <sebastian.deiss@atos.net> 2018-06-21 12:33:59 +0200
committer: Sebastian Deiss <sebastian.deiss@atos.net> 2018-06-21 12:33:59 +0200
commit: 356567d964721343aa0be47b6868c0b4a442ffd3 (patch)
tree: 5199886314e049da80a3712a5ae182f3530266e4
parent: 4db6800ed7a87a581838311b2e43ab7877e28c01 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/peekaboo/ruleset/engine.py b/peekaboo/ruleset/engine.py
index d187f86..f5be989 100644
--- a/peekaboo/ruleset/engine.py
+++ b/peekaboo/ruleset/engine.py
@@ -158,6 +158,16 @@ def dump_processing_info(sample):
     except Exception as e:
         logger.exception(e)
 
+    # store malicious sample along with the reports
+    if sample.get_result() == Result.bad:
+        try:
+            copyfile(
+                sample.get_file_path(),
+                os.path.join(dump_dir, sample.get_filename())
+            )
+        except Exception as e:
+            logger.exception(e)
+
     if sample.has_attr('cuckoo_json_report_file'):
         # Cuckoo report
         try:
author	Sebastian Deiss <sebastian.deiss@atos.net>	2018-06-21 12:33:59 +0200
committer	Sebastian Deiss <sebastian.deiss@atos.net>	2018-06-21 12:33:59 +0200
commit	356567d964721343aa0be47b6868c0b4a442ffd3 (patch)
tree	5199886314e049da80a3712a5ae182f3530266e4
parent	4db6800ed7a87a581838311b2e43ab7877e28c01 (diff)