def create_maec(self, url_indicator):
package = Package()
ms = MalwareSubject()
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = URI(type_=URI.TYPE_URL)
ms.malware_instance_object_attributes.properties.value = url_indicator
package.add_malware_subject(ms)
return package
def create_maec(self, url_indicator):
package = Package()
ms = MalwareSubject()
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = URI(
type_=URI.TYPE_URL)
ms.malware_instance_object_attributes.properties.value = url_indicator
package.add_malware_subject(ms)
return package
# Create the Associated Object Dictionary for use in the Action
associated_object = AssociatedObject()
associated_object.properties = File()
associated_object.properties.file_name = 'abcd.dll'
associated_object.properties.size_in_bytes = '123456'
associated_object.association_type = VocabString()
associated_object.association_type.value = 'output'
associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0'
# Create the Action from another dictionary
action = MalwareAction()
action.name = VocabString()
action.name.value = 'create file'
action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0'
action.associated_objects = AssociatedObjects()
action.associated_objects.append(associated_object)
# Add the Action to the Bundle
bundle.add_action(action)
# Create the Capability from another dictionary
capability = Capability()
capability.name = 'persistence'
# Add the Capability to the Bundle
bundle.add_capability(capability)
# Add the Bundle to the Malware Subject
subject.add_findings_bundle(bundle)
subject.findings_bundles.bundle = [bundle]
# Add the Malware Subject to the Package
package.add_malware_subject(subject)
# Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions
package.to_xml_file('sample_maec_package.xml', {"http://example.com/":"example"})
print "Wrote to sample_maec_package.xml"
# Create the Associated Object Dictionary for use in the Action
associated_object = AssociatedObject()
associated_object.properties = File()
associated_object.properties.file_name = 'abcd.dll'
associated_object.properties.size_in_bytes = '123456'
associated_object.association_type = VocabString()
associated_object.association_type.value = 'output'
associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0'
# Create the Action from another dictionary
action = MalwareAction()
action.name = VocabString()
action.name.value = 'create file'
action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0'
action.associated_objects = AssociatedObjects()
action.associated_objects.append(associated_object)
# Add the Action to the Bundle
bundle.add_action(action)
# Create the Capability from another dictionary
capability = Capability()
capability.name = 'persistence'
# Add the Capability to the Bundle
bundle.add_capability(capability)
# Add the Bundle to the Malware Subject
subject.add_findings_bundle(bundle)
subject.findings_bundles.bundle = [bundle]
# Add the Malware Subject to the Package
package.add_malware_subject(subject)
# Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions
package.to_xml_file('sample_maec_package.xml')
print "Wrote to sample_maec_package.xml"
