Merge pull request #381 from cccs-kevin/update/network-script-activity

Updating script_network_activity to match malicious_document_urls mor…

modules/signatures/script_downloader.py

@@ -67,6 +67,10 @@ def on_call(self, call, process):
             if call["api"] == "InternetCrackUrlW":
                 self.mbcs += ["C0005"]  # micro-behaviour
                 buff = self.get_argument(call, "Url").lower()
+                # InternetCrackUrlW calls made by scripts that start with https? are quite interesting
+                if buff.startswith("http://") or buff.startswith("https://"):
+                    # Increasing the score to be on par with the Cuckoo signature "malicious_document_urls"
+                    self.severity = 4
                 self.ret = True
                 self.data.append({"request": buff})
                 if self.pid: