def test_add_name_type(self): maec_malware_instance = MAECInstance() maec_malware_instance.add_name("Poison Ivy Variant v4392-acc") maec_malware_instance.add_type("Remote Access Trojan") maec_xml = text_type(maec_malware_instance.to_xml()) self.assertTrue("Poison Ivy Variant v4392-acc" in maec_xml) self.assertTrue("Remote Access Trojan" in maec_xml)
def test_add_name_type(self): maec_malware_instance = MAECInstance() maec_malware_instance.add_name("Poison Ivy Variant v4392-acc") maec_malware_instance.add_type("Remote Access Trojan") maec_xml = text_type(maec_malware_instance.to_xml()) self.assertTrue("Poison Ivy Variant v4392-acc" in maec_xml) self.assertTrue("Remote Access Trojan" in maec_xml)
def main(): maec_malware_instance = MAECInstance() maec_malware_instance.add_name("Poison Ivy Variant v4392-acc") maec_malware_instance.add_type("Remote Access Trojan") maec_malware_instance.maec = etree.fromstring(MAEC_XML, parser=etree.ETCompatXMLParser()) ttp = TTP(title="Poison Ivy Variant v4392-acc") ttp.behavior = Behavior() ttp.behavior.add_malware_instance(maec_malware_instance) stix_package = STIXPackage() stix_package.add_ttp(ttp) print(stix_package.to_xml(encoding=None))
def main(): maec_malware_instance = MAECInstance() maec_malware_instance.add_name("Poison Ivy Variant v4392-acc") maec_malware_instance.add_type("Remote Access Trojan") maec_malware_instance.maec = etree.fromstring( MAEC_XML, parser=etree.ETCompatXMLParser()) ttp = TTP(title="Poison Ivy Variant v4392-acc") ttp.behavior = Behavior() ttp.behavior.add_malware_instance(maec_malware_instance) stix_package = STIXPackage() stix_package.add_ttp(ttp) print stix_package.to_xml()
related_ttp = RelatedTTP(TTP(idref=ttp.id_)) # TTP - Related Threat Actor (basic; by id) ta = ThreatActor(title='Adversary Bravo') ta.observed_ttps.append(related_ttp) # TTP - Related TTP2 (Malware; by id) ttp2 = TTP(title='Poison Ivy Variant') malware_instance = MalwareInstance(title='Poison Ivy Variant d1c6') malware_instance.description = 'Attack Pattern Description' malware_instance.short_description = 'Attack Pattern Short Description' malware_instance.add_type(MalwareType('Remote Access Trojan')) maec = MAECInstance() maec.add_name('Poison Ivy Variant v4392-acc') maec.add_type(MalwareType('Exploit Kits')) ttp2.behavior = Behavior() ttp2.behavior.add_malware_instance(malware_instance) ttp2.behavior.add_malware_instance(maec) # TTP2 - Victim Targeting victim_targeting = VictimTargeting() victim_targeting.add_targeted_system(SystemType('Enterprise Systems')) victim_targeting.add_targeted_information( InformationType('Information Assets - User Credentials')) identity = CIQIdentity3_0Instance() # identity.name = 'Bob Ricca' identity_spec = STIXCIQIdentity3_0()