In [1]:
import os
import sys
import json

In [2]:
REPORT_DIR = '1_compiled_reports'
JSON_DIR = '2_compiled_json'

In [3]:
subfolders = [f.name for f in os.scandir(REPORT_DIR) if f.is_dir()]

if not os.path.exists(JSON_DIR):
    os.makedirs(JSON_DIR)

In [4]:
for subfolder in subfolders:
    print(f"Process {subfolder}")
    
    output_json_path = f'{JSON_DIR}/{subfolder}.json'
    if os.path.exists(output_json_path):
        print(f"Skipping {subfolder}, JSON file already exists.")
        continue

    json_report = {}
    json_report['static'] = {}
    json_report['behaviours'] = {}

    pre_path = os.path.join(REPORT_DIR, subfolder, 'pre.json')
    with open(pre_path, 'r') as file:
        pre_json_data = json.load(file)
    
    # Name Imports
    json_report['filename'] = pre_json_data['target']['filename']
    print(f"Filename imported: {json_report['filename']}")

    # PE Imports
    json_report['static']['pe_imports'] = []
    for entry in pre_json_data['static']['pe']['pe_imports']:
        import_entry = {}
        import_entry['dll'] = entry['dll']
        import_entry['imports'] = []
        for import_ in entry['imports']:
            import_entry['imports'].append(import_['name'])

        json_report['static']['pe_imports'].append(import_entry)
    print(f"PE Imports imported: {len(json_report['static']['pe_imports'])}")

    report_path = os.path.join(REPORT_DIR, subfolder, 'report.json')

    with open(report_path, 'r') as file:
        report_json_data = json.load(file)

    # Process Imports
    json_report['behaviours']['processes'] = []
    for entry in report_json_data['processes']['process_list']:
        process_entry = {}
        process_entry['name'] = entry['name']
        process_entry['pid'] = entry['pid']
        process_entry['ppid'] = entry['ppid']
        process_entry['commandline'] = entry['commandline']
        process_entry['injected'] = entry['injected']

        json_report['behaviours']['processes'].append(process_entry) 
    print(f"Processes imported: {len(json_report['behaviours']['processes'])}")

    # Host-resolved Imports
    json_report['behaviours']['host_resolved'] = report_json_data['network']['host']
    print(f"Host-resolved imported: {len(json_report['behaviours']['host_resolved'])}")

    file_path = os.path.join(REPORT_DIR, subfolder, 'file.json')

    with open(file_path, 'r') as file:
        file_json_data = [json.loads(line) for line in file]

    # Files Imports
    json_report['behaviours']['files'] = []
    for entry in file_json_data:
        file_entry = {}
        file_entry['srcpath'] = entry['srcpath']
        file_entry['dstpath'] = entry['dstpath']
        file_entry['action'] = entry['action']
        file_entry['effect'] = entry['effect']

        json_report['behaviours']['files'].append(file_entry)
    print(f"Files imported: {len(json_report['behaviours']['files'])}")

    registry_json_path = os.path.join(REPORT_DIR, subfolder, 'registry.json')

    with open(registry_json_path, 'r') as file:
        registry_json_data = [json.loads(line) for line in file]

    # Registry Imports
    json_report['behaviours']['registry'] = []
    for entry in registry_json_data:
        registry_entry = {}
        registry_entry['path'] = entry['path']
        registry_entry['valuetype'] = entry['valuetype']
        registry_entry['action'] = entry['action']
        registry_entry['effect'] = entry['effect']

        json_report['behaviours']['registry'].append(registry_entry)
    print(f"Registry imported: {len(json_report['behaviours']['registry'])}")


    with open(output_json_path, 'w') as json_file:
        json.dump(json_report, json_file, indent=2)
    print(f"JSON file created: {output_json_path}")
    print(f"Processed {subfolder}\n")

Process 54CJYF
Filename imported: VirusShare_c756776f74f907364aa10a50988826c0.exe
PE Imports imported: 1
Processes imported: 28
Host-resolved imported: 4
Files imported: 1263
Registry imported: 15574
JSON file created: 2_compiled_json/54CJYF.json
Processed 54CJYF

Process HUHE75
Filename imported: VirusShare_397acacbd516ca6cfd34110c984ff724.exe
PE Imports imported: 8
Processes imported: 5
Host-resolved imported: 4
Files imported: 353
Registry imported: 11976
JSON file created: 2_compiled_json/HUHE75.json
Processed HUHE75

Process YAZ4O5
Filename imported: VirusShare_13c638852df02d8ffddec6e227b7bc90.exe
PE Imports imported: 5
Processes imported: 6
Host-resolved imported: 4
Files imported: 289
Registry imported: 8471
JSON file created: 2_compiled_json/YAZ4O5.json
Processed YAZ4O5

Process 2VI031
Filename imported: VirusShare_f602e3cf28e1baa15d9d724ca1532330.exe
PE Imports imported: 7
Processes imported: 5
Host-resolved imported: 4
Files imported: 269
Registry imported: 7047
JSON file cre

# Test

In [29]:
json_report = {}
json_report['static'] = {}
json_report['behaviours'] = {}

In [30]:
first_subfolder = subfolders[0]
pre_json_path = os.path.join(REPORT_DIR, first_subfolder, 'pre.json')

with open(pre_json_path, 'r') as file:
    pre_json_data = json.load(file)

# Name Imports
json_report['filename'] = pre_json_data['target']['filename']

# PE Imports
json_report['static']['pe_imports'] = []
for entry in pre_json_data['static']['pe']['pe_imports']:
    import_entry = {}
    import_entry['dll'] = entry['dll']
    import_entry['imports'] = []
    for import_ in entry['imports']:
        import_entry['imports'].append(import_['name'])

    json_report['static']['pe_imports'].append(import_entry)

In [31]:
report_path = os.path.join(REPORT_DIR, first_subfolder, 'report.json')

with open(report_path, 'r') as file:
    report_json_data = json.load(file)

# Process Imports
json_report['behaviours']['processes'] = []
for entry in report_json_data['processes']['process_list']:
    process_entry = {}
    process_entry['name'] = entry['name']
    process_entry['pid'] = entry['pid']
    process_entry['ppid'] = entry['ppid']
    process_entry['commandline'] = entry['commandline']
    process_entry['injected'] = entry['injected']

    json_report['behaviours']['processes'].append(process_entry)

In [34]:
# Host-resolved Imports
json_report['behaviours']['host_resolved'] = report_json_data['network']['host']

In [None]:
file_path = os.path.join(REPORT_DIR, first_subfolder, 'file.json')

with open(file_path, 'r') as file:
    file_json_data = [json.loads(line) for line in file]

# Files Imports
json_report['behaviours']['files'] = []
for entry in file_json_data:
    file_entry = {}
    file_entry['srcpath'] = entry['srcpath']
    file_entry['dstpath'] = entry['dstpath']
    file_entry['action'] = entry['action']
    file_entry['effect'] = entry['effect']

    json_report['behaviours']['files'].append(file_entry)

In [36]:
registry_json_path = os.path.join(REPORT_DIR, first_subfolder, 'registry.json')

with open(registry_json_path, 'r') as file:
    registry_json_data = [json.loads(line) for line in file]

# Registry Imports
json_report['behaviours']['registry'] = []
for entry in registry_json_data:
    registry_entry = {}
    registry_entry['path'] = entry['path']
    registry_entry['valuetype'] = entry['valuetype']
    registry_entry['action'] = entry['action']
    registry_entry['effect'] = entry['effect']

    json_report['behaviours']['registry'].append(registry_entry)

In [None]:
print(json.dumps(json_report, indent=2))

In [38]:
output_json_path = 'output.json'

with open(output_json_path, 'w') as json_file:
    json.dump(json_report, json_file, indent=2)

In [42]:
file_path = os.path.join(REPORT_DIR, '0D9WTR', 'file.json')

with open(file_path, 'r') as file:
    file_json_data = [json.loads(line) for line in file]

# Files Imports
json_report['behaviours']['files'] = []
for entry in file_json_data:
    file_entry = {}
    file_entry['srcpath'] = entry['srcpath']
    file_entry['dstpath'] = entry['dstpath']
    file_entry['action'] = entry['action']
    file_entry['effect'] = entry['effect']

    json_report['behaviours']['files'].append(file_entry)