Beispiel #1
0
 def createUriObject(self, req):
     """Creates URI object
     @param req: HTTP request as described in cuckoo dict
     @return: created URI object
     """
     uri = maec.uriObject(id=req["uri"],
                          uriString=req["uri"],
                          protocol="http",
                          hostname=req["host"],
                          port=req["port"],
                          path=req["path"],
                          ipProtocol="tcp")
     # Add details
     prop = maec.objectProperty()
     prop.add_property(
         maec.property(type_="httpMethod", valueOf_=req["method"]))
     if req["method"] == "POST":
         prop.add_property(
             maec.property(type_="postData",
                           valueOf_="<![CDATA[%s]]>" % req["body"]))
     if "user-agent" in req:
         prop.add_property(
             maec.property(type_="userAgent", valueOf_=req["user-agent"]))
     prop.set_references(
         maec.reference(valueOf_="uri[@id='%s']" % req["uri"]))
     self.properties.add_objectProperty(prop)
     return uri
Beispiel #2
0
 def createUriObject(self, req):
     """Creates URI object
     @param req: HTTP request as described in cuckoo dict
     @return: created URI object
     """
     uri = maec.uriObject(id=req['uri'],
                          uriString=req['uri'],
                          protocol='http',
                          hostname=req['host'],
                          port=req['port'],
                          path=req['path'],
                          ipProtocol='tcp')
     # Add details
     prop = maec.objectProperty()
     prop.add_property(
         maec.property(type_='httpMethod', valueOf_=req['method']))
     if req['method'] == 'POST':
         prop.add_property(
             maec.property(type_='postData',
                           valueOf_="<![CDATA[%s]]>" % req['body']))
     if 'user-agent' in req:
         prop.add_property(
             maec.property(type_='userAgent', valueOf_=req['user-agent']))
     prop.set_references(
         maec.reference(valueOf_="uri[@id='%s']" % req['uri']))
     self.properties.add_objectProperty(prop)
     return uri
Beispiel #3
0
 def createFileObject(self, f):
     """Creates a file object.
     @param f: file hash representation from cuckoo dict results.
     @return: file object.
     """
     file = maec.fileObject(
                            id = f["md5"], 
                            fileType = [f["type"]], 
                            size = f["size"], 
                            crc32 = f["crc32"],
                            md5 = f["md5"], 
                            sha1 = f["sha1"], 
                            sha512 = f["sha512"]
                            )
     file.add_extraHash(maec.extraHashType("ssdeep", f["ssdeep"]))
     # Add related filename
     prop = maec.objectProperty()
     prop.add_property(maec.property(
                                     type_= "filename",
                                     valueOf_ = f["name"]
                                     )
                       )
     prop.set_references(
                         maec.reference(
                                        valueOf_ = "file[@id='%s']" % f["md5"]
                                        )
                         ) 
     self.properties.add_objectProperty(prop)
     return file
Beispiel #4
0
 def createUriObject(self, req):
     """Creates URI object
     @param req: HTTP request as described in cuckoo dict
     @return: created URI object
     """
     uri = maec.uriObject(
                          id = req["uri"],
                          uriString = req["uri"],
                          protocol = "http",
                          hostname = req["host"],
                          port = req["port"],
                          path = req["path"],
                          ipProtocol = "tcp"
                          )
     # Add details
     prop = maec.objectProperty()
     prop.add_property(maec.property(
                                     type_= "httpMethod",
                                     valueOf_ = req["method"]
                                     )
                       )
     if req["method"] == "POST":
         prop.add_property(maec.property(
                                     type_= "postData",
                                     valueOf_ = "<![CDATA[%s]]>" % req["body"]
                                     )
                       )
     if "user-agent" in req:
         prop.add_property(maec.property(
                                     type_= "userAgent",
                                     valueOf_ = req["user-agent"]
                                     )
                       )
     prop.set_references(
                         maec.reference(
                                        valueOf_ = "uri[@id='%s']" % req["uri"]
                                        )
                         )
     self.properties.add_objectProperty(prop)
     return uri
Beispiel #5
0
 def createUriObject(self, req):
     """Creates URI object
     @param req: HTTP request as described in cuckoo dict
     @return: created URI object
     """
     uri = maec.uriObject(
                          id = req['uri'],
                          uriString = req['uri'],
                          protocol = 'http',
                          hostname = req['host'],
                          port = req['port'],
                          path = req['path'],
                          ipProtocol = 'tcp'
                          )
     # Add details
     prop = maec.objectProperty()
     prop.add_property(maec.property(
                                     type_= 'httpMethod',
                                     valueOf_ = req['method']
                                     )
                       )
     if req['method'] == 'POST':
         prop.add_property(maec.property(
                                     type_= 'postData',
                                     valueOf_ = "<![CDATA[%s]]>" % req['body']
                                     )
                       )
     if 'user-agent' in req:
         prop.add_property(maec.property(
                                     type_= 'userAgent',
                                     valueOf_ = req['user-agent']
                                     )
                       )
     prop.set_references(
                         maec.reference(
                                        valueOf_ = "uri[@id='%s']" % req['uri']
                                        )
                         )
     self.properties.add_objectProperty(prop)
     return uri
Beispiel #6
0
 def createFileObject(self, f):
     """Creates a file object.
     @param f: file hash representation from cuckoo dict results.
     @return: file object.
     """
     file = maec.fileObject(id=f["md5"],
                            fileType=[f["type"]],
                            size=f["size"],
                            crc32=f["crc32"],
                            md5=f["md5"],
                            sha1=f["sha1"],
                            sha512=f["sha512"])
     file.add_extraHash(maec.extraHashType("ssdeep", f["ssdeep"]))
     # Add related filename
     prop = maec.objectProperty()
     prop.add_property(maec.property(type_="filename", valueOf_=f["name"]))
     prop.set_references(
         maec.reference(valueOf_="file[@id='%s']" % f["md5"]))
     self.properties.add_objectProperty(prop)
     return file