def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Indicator, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.producer = None
self.observables = None
self.indicator_types = IndicatorTypes()
self.confidence = None
self.indicated_ttps = _IndicatedTTPs()
self.test_mechanisms = TestMechanisms()
self.alternative_id = None
self.suggested_coas = SuggestedCOAs()
self.sightings = Sightings()
self.composite_indicator_expression = None
self.handling = None
self.kill_chain_phases = KillChainPhasesReference()
self.valid_time_positions = _ValidTimePositions()
self.related_indicators = None
self.related_campaigns = RelatedCampaignRefs()
self.observable_composition_operator = "OR"
self.likely_impact = None
self.negate = None
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("coa")
self.idref = idref
self.version = self._version
self.title = title
self.stage = None
self.type_ = None
self.description = description
self.short_description = short_description
self.objective = None
self.parameter_observables = None
# self.structured_coa = None
self.impact = None
self.cost = None
self.efficacy = None
self.information_source = None
self.handling = None
self.related_coas = RelatedCOAs()
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("Campaign")
self.idref = idref
self.version = self._version
self.title = title
self.description = description
self.short_description = short_description
self.names = None
self.intended_effects = None
self.status = None
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.attribution = Attribution()
self.associated_campaigns = AssociatedCampaigns()
self.confidence = None
self.activity = []
self.information_source = None
self.handling = None
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Campaign, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.names = None
self.intended_effects = _IntendedEffects()
self.status = None
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.attribution = _AttributionList()
self.associated_campaigns = AssociatedCampaigns()
self.confidence = None
self.activity = _Activities()
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Indicator, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.observable = None
self.indicator_types = IndicatorTypes()
self.test_mechanisms = TestMechanisms()
self.alternative_id = None
self.suggested_coas = SuggestedCOAs()
self.sightings = Sightings()
self.composite_indicator_expression = None
self.kill_chain_phases = KillChainPhasesReference()
self.related_indicators = RelatedIndicators()
self.related_campaigns = RelatedCampaignRefs()
self.observable_composition_operator = "OR"
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("threatactor")
self.idref = idref
self.version = None
self.title = title
self.description = description
self.short_description = short_description
self.identity = None
self.types = None
self.motivations = None
self.sophistications = None
self.intended_effects = None
self.planning_and_operational_supports = None
self.handling = None
self.confidence = None
self.information_source = None
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def test_add_stix_package(self):
from stix.core import STIXPackage
l = RelatedPackageRefs()
l.append(STIXPackage())
self.assertEqual(1, len(l))
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(ThreatActor, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.identity = None
self.types = None
self.motivations = None
self.sophistications = None
self.intended_effects = None
self.planning_and_operational_supports = None
self.confidence = None
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
def test_add_stix_package(self):
from stix.core import STIXPackage
l = RelatedPackageRefs()
l.append(STIXPackage())
self.assertEqual(1, len(l))
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("et")
self.idref = idref
self.version = self._version
self.title = title
self.description = description
self.short_description = short_description
self.information_source = None
self.handling = None
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weaknesses = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.negate = get('negate')
return_obj.alternative_id = get('alternative_id')
return_obj.indicated_ttps = _IndicatedTTPs.from_dict(get('indicated_ttps'))
return_obj.test_mechanisms = TestMechanisms.from_list(get('test_mechanisms'))
return_obj.suggested_coas = SuggestedCOAs.from_dict(get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(get('composite_indicator_expression'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(get('likely_impact'))
return_obj.indicator_types = IndicatorTypes.from_list(get('indicator_types'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.valid_time_positions = _ValidTimePositions.from_dict(get('valid_time_positions'))
return_obj.observable = Observable.from_dict(get('observable'))
return_obj.producer = InformationSource.from_dict(get('producer'))
return_obj.related_campaigns = RelatedCampaignRefs.from_dict(get('related_campaigns'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.identity = Identity.from_obj(obj.Identity)
return_obj.types = [Statement.from_obj(x) for x in obj.Type]
return_obj.motivations = [Statement.from_obj(x) for x in obj.Motivation]
return_obj.sophistications = [Statement.from_obj(x) for x in obj.Sophistication]
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect]
return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.Planning_And_Operational_Support]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs)
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.associated_actors = AssociatedActors.from_obj(obj.Associated_Actors)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Campaign, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.names = Names.from_obj(obj.Names)
return_obj.intended_effects = \
_IntendedEffects.from_obj(obj.Intended_Effect)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.attribution = _AttributionList.from_obj(obj.Attribution)
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.activity = _Activities.from_obj(obj.Activity)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Campaign, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get # PEP 8 line lengths
return_obj.names = Names.from_dict(get('names'))
return_obj.intended_effects = \
_IntendedEffects.from_dict(get('intended_effects'))
return_obj.status = VocabString.from_dict(get('status'))
return_obj.related_ttps = \
RelatedTTPs.from_dict(get('related_ttps'))
return_obj.related_incidents = \
RelatedIncidents.from_dict(get('related_incidents'))
return_obj.related_indicators = \
RelatedIndicators.from_dict(get('related_indicators'))
return_obj.attribution = _AttributionList.from_list(get('attribution'))
return_obj.associated_campaigns = \
AssociatedCampaigns.from_dict(get('associated_campaigns'))
return_obj.confidence = \
Confidence.from_dict(get('confidence'))
return_obj.activity = _Activities.from_dict(get('activity'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.stage = VocabString.from_obj(obj.get_Stage())
return_obj.type_ = VocabString.from_obj(obj.get_Type())
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.objective = Objective.from_obj(obj.get_Objective())
return_obj.parameter_observables = \
Observables.from_obj(obj.get_Parameter_Observables())
return_obj.impact = Statement.from_obj(obj.get_Impact())
return_obj.cost = Statement.from_obj(obj.get_Cost())
return_obj.efficacy = Statement.from_obj(obj.get_Efficacy())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.get_Related_COAs())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp() # not yet implemented
if isinstance(obj, cls._binding_class): # TTPType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.potential_coas = PotentialCOAs.from_obj(obj.get_Potential_COAs())
return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.get_Related_Exploit_Targets())
return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.get_Vulnerability()]
return_obj.weaknesses = [Weakness.from_obj(x) for x in obj.get_Weakness()]
return_obj.configuration = [Configuration.from_obj(x) for x in obj.get_Configuration()]
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.negate = obj.negate
return_obj.producer = InformationSource.from_obj(obj.Producer)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.sightings = Sightings.from_obj(obj.Sightings)
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_obj(obj.Composite_Indicator_Expression)
return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.Kill_Chain_Phases)
return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.likely_impact = Statement.from_obj(obj.Likely_Impact)
return_obj.indicator_types = IndicatorTypes.from_obj(obj.Type)
return_obj.test_mechanisms = TestMechanisms.from_obj(obj.Test_Mechanisms)
return_obj.suggested_coas = SuggestedCOAs.from_obj(obj.Suggested_COAs)
return_obj.alternative_id = obj.Alternative_ID
return_obj.indicated_ttps = _IndicatedTTPs.from_obj(obj.Indicated_TTP)
return_obj.valid_time_positions = _ValidTimePositions.from_obj(obj.Valid_Time_Position)
return_obj.observable = Observable.from_obj(obj.Observable)
return_obj.related_campaigns = RelatedCampaignRefs.from_obj(obj.Related_Campaigns)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(Indicator, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.producer = None
self.observables = None
self.indicator_types = IndicatorTypes()
self.confidence = None
self.indicated_ttps = _IndicatedTTPs()
self.test_mechanisms = TestMechanisms()
self.alternative_id = None
self.suggested_coas = SuggestedCOAs()
self.sightings = Sightings()
self.composite_indicator_expression = None
self.kill_chain_phases = KillChainPhasesReference()
self.valid_time_positions = _ValidTimePositions()
self.related_indicators = None
self.related_campaigns = RelatedCampaignRefs()
self.observable_composition_operator = "OR"
self.likely_impact = None
self.negate = None
self.related_packages = RelatedPackageRefs()
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version')
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.identity = Identity.from_dict(dict_repr.get('identity'))
return_obj.types = [Statement.from_dict(x) for x in dict_repr.get('types', [])]
return_obj.motivations = [Statement.from_dict(x) for x in dict_repr.get('motivations', [])]
return_obj.sophistications = [Statement.from_dict(x) for x in dict_repr.get('sophistications', [])]
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.planning_and_operational_supports = [Statement.from_dict(x)
for x in dict_repr.get('planning_and_operational_supports', [])]
return_obj.observed_ttps = ObservedTTPs.from_dict(dict_repr.get('observed_ttps'))
return_obj.associated_campaigns = AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns'))
return_obj.associated_actors = AssociatedActors.from_dict(dict_repr.get('associated_actors'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.confidence = Confidence.from_dict(dict_repr.get('confidence'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.related_packages = RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
self.id_ = id_ or stix.utils.create_id("threatactor")
self.idref = idref
self.version = None
self.title = title
self.description = description
self.short_description = short_description
self.identity = None
self.types = None
self.motivations = None
self.sophistications = None
self.intended_effects = None
self.planning_and_operational_supports = None
self.handling = None
self.confidence = None
self.information_source = None
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp() # not yet implemented
if isinstance(obj, cls._binding_class): # TTPType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.potential_coas = PotentialCOAs.from_obj(obj.get_Potential_COAs())
return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.get_Related_Exploit_Targets())
return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.get_Vulnerability()]
return_obj.weakness = [Weakness.from_obj(x) for x in obj.get_Weakness()]
return_obj.configuration = [Configuration.from_obj(x) for x in obj.get_Configuration()]
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.get_version() if obj.get_version() else cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.identity = Identity.from_obj(obj.get_Identity())
return_obj.types = [Statement.from_obj(x) for x in obj.get_Type()]
return_obj.motivations = [Statement.from_obj(x) for x in obj.get_Motivation()]
return_obj.sophistications = [Statement.from_obj(x) for x in obj.get_Sophistication()]
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.get_Planning_And_Operational_Support()]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.get_Observed_TTPs())
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns())
return_obj.associated_actors = AssociatedActors.from_obj(obj.get_Associated_Actors())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj,
cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.stage = VocabString.from_obj(obj.get_Stage())
return_obj.type_ = VocabString.from_obj(obj.get_Type())
return_obj.description = StructuredText.from_obj(
obj.get_Description())
return_obj.short_description = StructuredText.from_obj(
obj.get_Short_Description())
return_obj.objective = Objective.from_obj(obj.get_Objective())
return_obj.parameter_observables = \
Observables.from_obj(obj.get_Parameter_Observables())
return_obj.impact = Statement.from_obj(obj.get_Impact())
return_obj.cost = Statement.from_obj(obj.get_Cost())
return_obj.efficacy = Statement.from_obj(obj.get_Efficacy())
return_obj.information_source = InformationSource.from_obj(
obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.get_Related_COAs())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(ThreatActor, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.identity = Identity.from_obj(obj.Identity)
return_obj.types = _Types.from_obj(obj.Type)
return_obj.motivations = _Motivations.from_obj(obj.Motivation)
return_obj.sophistications = _Sophistications.from_obj(
obj.Sophistication)
return_obj.intended_effects = _IntendedEffects.from_obj(
obj.Intended_Effect)
return_obj.planning_and_operational_supports = \
_PlanningAndOperationalSupports.from_obj(obj.Planning_And_Operational_Support)
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs)
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(
obj.Associated_Campaigns)
return_obj.associated_actors = AssociatedActors.from_obj(
obj.Associated_Actors)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.stage = VocabString.from_dict(dict_repr.get('stage'))
return_obj.type_ = VocabString.from_dict(dict_repr.get('type'))
return_obj.description = StructuredText.from_dict(
dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(
dict_repr.get('short_description'))
return_obj.objective = Objective.from_dict(dict_repr.get('objective'))
return_obj.parameter_observables = \
Observables.from_dict(dict_repr.get('parameter_observables'))
return_obj.impact = Statement.from_dict(dict_repr.get('impact'))
return_obj.cost = Statement.from_dict(dict_repr.get('cost'))
return_obj.efficacy = Statement.from_dict(dict_repr.get('efficacy'))
return_obj.information_source = InformationSource.from_dict(
dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_coas = \
RelatedCOAs.from_dict(dict_repr.get('related_coas'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(ThreatActor, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.identity = Identity.from_dict(get('identity'))
return_obj.types = _Types.from_dict(get('types'))
return_obj.motivations = _Motivations.from_dict(get('motivations'))
return_obj.sophistications = _Sophistications.from_dict(
get('sophistications'))
return_obj.intended_effects = _IntendedEffects.from_dict(
get('intended_effects'))
return_obj.planning_and_operational_supports = \
_PlanningAndOperationalSupports.from_dict(get('planning_and_operational_supports'))
return_obj.observed_ttps = ObservedTTPs.from_dict(get('observed_ttps'))
return_obj.associated_campaigns = AssociatedCampaigns.from_dict(
get('associated_campaigns'))
return_obj.associated_actors = AssociatedActors.from_dict(
get('associated_actors'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.related_packages = RelatedPackageRefs.from_dict(
get('related_packages'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(ThreatActor, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.identity = Identity.from_dict(get('identity'))
return_obj.types = _Types.from_dict(get('types'))
return_obj.motivations = _Motivations.from_dict(get('motivations'))
return_obj.sophistications = _Sophistications.from_dict(get('sophistications'))
return_obj.intended_effects = _IntendedEffects.from_dict(get('intended_effects'))
return_obj.planning_and_operational_supports = \
_PlanningAndOperationalSupports.from_dict(get('planning_and_operational_supports'))
return_obj.observed_ttps = ObservedTTPs.from_dict(get('observed_ttps'))
return_obj.associated_campaigns = AssociatedCampaigns.from_dict(get('associated_campaigns'))
return_obj.associated_actors = AssociatedActors.from_dict(get('associated_actors'))
return_obj.handling = Marking.from_dict(get('handling'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.stage = VocabString.from_obj(obj.Stage)
return_obj.type_ = VocabString.from_obj(obj.Type)
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.objective = Objective.from_obj(obj.Objective)
return_obj.parameter_observables = \
Observables.from_obj(obj.Parameter_Observables)
return_obj.impact = Statement.from_obj(obj.Impact)
return_obj.cost = Statement.from_obj(obj.Cost)
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.Related_COAs)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version')
return_obj.title = dict_repr.get('title')
return_obj.stage = VocabString.from_dict(dict_repr.get('stage'))
return_obj.type_ = VocabString.from_dict(dict_repr.get('type'))
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.objective = Objective.from_dict(dict_repr.get('objective'))
return_obj.parameter_observables = \
Observables.from_dict(dict_repr.get('parameter_observables'))
return_obj.impact = Statement.from_dict(dict_repr.get('impact'))
return_obj.cost = Statement.from_dict(dict_repr.get('cost'))
return_obj.efficacy = Statement.from_dict(dict_repr.get('efficacy'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_coas = \
RelatedCOAs.from_dict(dict_repr.get('related_coas'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
super(Incident, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.categories = IncidentCategories()
self.affected_assets = AffectedAssets()
self.leveraged_ttps = LeveragedTTPs()
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.stage = VocabString.from_obj(obj.Stage)
return_obj.type_ = VocabString.from_obj(obj.Type)
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.objective = Objective.from_obj(obj.Objective)
return_obj.parameter_observables = \
Observables.from_obj(obj.Parameter_Observables)
return_obj.impact = Statement.from_obj(obj.Impact)
return_obj.cost = Statement.from_obj(obj.Cost)
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.Related_COAs)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
self.id_ = id_ or stix.utils.create_id("Campaign")
self.idref = idref
self.version = None # self._version
self.title = title
self.description = description
self.short_description = short_description
self.names = None
self.intended_effects = None
self.status = None
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.attribution = AttributionList()
self.associated_campaigns = AssociatedCampaigns()
self.confidence = None
self.activity = []
self.information_source = None
self.handling = None
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Campaign, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get # PEP 8 line lengths
return_obj.names = Names.from_dict(get('names'))
return_obj.intended_effects = \
_IntendedEffects.from_dict(get('intended_effects'))
return_obj.status = VocabString.from_dict(get('status'))
return_obj.related_ttps = \
RelatedTTPs.from_dict(get('related_ttps'))
return_obj.related_incidents = \
RelatedIncidents.from_dict(get('related_incidents'))
return_obj.related_indicators = \
RelatedIndicators.from_dict(get('related_indicators'))
return_obj.attribution = _AttributionList.from_list(get('attribution'))
return_obj.associated_campaigns = \
AssociatedCampaigns.from_dict(get('associated_campaigns'))
return_obj.confidence = \
Confidence.from_dict(get('confidence'))
return_obj.activity = _Activities.from_dict(get('activity'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
super(Incident, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.status = None
self.time = None
self.victims = None
self.attributed_threat_actors = AttributedThreatActors()
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.affected_assets = None
self.categories = None
self.intended_effects = None
self.leveraged_ttps = LeveragedTTPs()
self.discovery_methods = None
self.reporter = None
self.responders = None
self.coordinators = None
self.external_ids = None
self.impact_assessment = None
self.security_compromise = None
self.confidence = None
self.coa_taken = None
self.coa_requested = None
self.history = History()
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Campaign, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.names = Names.from_obj(obj.Names)
return_obj.intended_effects = \
_IntendedEffects.from_obj(obj.Intended_Effect)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.attribution = _AttributionList.from_obj(obj.Attribution)
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.activity = _Activities.from_obj(obj.Activity)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Incident, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.time = Time.from_obj(obj.Time)
return_obj.victims = _Victims.from_obj(obj.Victim)
return_obj.categories = IncidentCategories.from_obj(obj.Categories)
return_obj.intended_effects = _IntendedEffects.from_obj(obj.Intended_Effect)
return_obj.affected_assets = AffectedAssets.from_obj(obj.Affected_Assets)
return_obj.discovery_methods = DiscoveryMethods.from_obj(obj.Discovery_Method)
return_obj.coa_taken = _COAsTaken.from_obj(obj.COA_Taken)
return_obj.coa_requested = _COAsRequested.from_obj(obj.COA_Requested)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.Attributed_Threat_Actors)
return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.related_observables = RelatedObservables.from_obj(obj.Related_Observables)
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.Leveraged_TTPs)
return_obj.related_incidents = RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.history = History.from_obj(obj.History)
return_obj.responders = _InformationSources.from_obj(obj.Responder)
return_obj.coordinators = _InformationSources.from_obj(obj.Coordinator)
return_obj.external_ids = _ExternalIDs.from_obj(obj.External_ID)
return_obj.reporter = InformationSource.from_obj(obj.Reporter)
return_obj.impact_assessment = ImpactAssessment.from_obj(obj.Impact_Assessment)
return_obj.security_compromise = VocabString.from_obj(obj.Security_Compromise)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Incident, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.time = Time.from_dict(get('time'))
return_obj.victims = _Victims.from_dict(get('victims'))
return_obj.categories = IncidentCategories.from_dict(get('categories'))
return_obj.attributed_threat_actors = AttributedThreatActors.from_dict(get('attributed_threat_actors'))
return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators'))
return_obj.related_observables = RelatedObservables.from_dict(get('related_observables'))
return_obj.related_incidents = RelatedIncidents.from_dict(get('related_incidents'))
return_obj.intended_effects = _IntendedEffects.from_list(get('intended_effects'))
return_obj.leveraged_ttps = LeveragedTTPs.from_dict(get('leveraged_ttps'))
return_obj.affected_assets = AffectedAssets.from_dict(get('affected_assets'))
return_obj.discovery_methods = DiscoveryMethods.from_dict(get('discovery_methods'))
return_obj.reporter = InformationSource.from_dict(get('reporter'))
return_obj.responders = _InformationSources.from_dict(get('responders'))
return_obj.coordinators = _InformationSources.from_dict(get('coordinators'))
return_obj.external_ids = _ExternalIDs.from_dict(get('external_ids'))
return_obj.impact_assessment = ImpactAssessment.from_dict(get('impact_assessment'))
return_obj.security_compromise = VocabString.from_dict(get('security_compromise'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.coa_taken = _COAsTaken.from_dict(get('coa_taken'))
return_obj.coa_requested = _COAsRequested.from_dict(get('coa_requested'))
return_obj.status = VocabString.from_dict(get('status'))
return_obj.history = History.from_dict(get('history'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp # not yet implemented
if isinstance(obj, cls._binding_class): # TTPType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.potential_coas = PotentialCOAs.from_obj(obj.Potential_COAs)
return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.Related_Exploit_Targets)
return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.Vulnerability]
return_obj.weaknesses = [Weakness.from_obj(x) for x in obj.Weakness]
return_obj.configuration = [Configuration.from_obj(x) for x in obj.Configuration]
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def test_add_bad_type(self):
from stix.indicator import Indicator
l = RelatedPackageRefs()
self.assertRaises(
TypeError,
l.append,
Indicator()
)
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(TTP, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.related_packages = RelatedPackageRefs()
self.exploit_targets = ExploitTargets()
self.related_ttps = RelatedTTPs()
self.kill_chain_phases = KillChainPhasesReference()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(ExploitTarget,
self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weaknesses = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Incident, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.status = None
self.time = None
self.victims = None
self.attributed_threat_actors = AttributedThreatActors()
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.affected_assets = None
self.categories = None
self.intended_effects = None
self.leveraged_ttps = LeveragedTTPs()
self.discovery_methods = None
self.reporter = None
self.responders = None
self.coordinators = None
self.external_ids = None
self.impact_assessment = None
self.security_compromise = None
self.confidence = None
self.coa_taken = None
self.coa_requested = None
self.history = History()
self._contacts = None
self._url = None
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Incident, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.time = Time.from_dict(get('time'))
return_obj.victims = _Victims.from_dict(get('victims'))
return_obj.categories = IncidentCategories.from_dict(get('categories'))
return_obj.attributed_threat_actors = AttributedThreatActors.from_dict(
get('attributed_threat_actors'))
return_obj.related_indicators = RelatedIndicators.from_dict(
get('related_indicators'))
return_obj.related_observables = RelatedObservables.from_dict(
get('related_observables'))
return_obj.related_incidents = RelatedIncidents.from_dict(
get('related_incidents'))
return_obj.intended_effects = _IntendedEffects.from_list(
get('intended_effects'))
return_obj.leveraged_ttps = LeveragedTTPs.from_dict(
get('leveraged_ttps'))
return_obj.affected_assets = AffectedAssets.from_dict(
get('affected_assets'))
return_obj.discovery_methods = DiscoveryMethods.from_dict(
get('discovery_methods'))
return_obj.reporter = InformationSource.from_dict(get('reporter'))
return_obj.responders = _InformationSources.from_dict(
get('responders'))
return_obj.coordinators = _InformationSources.from_dict(
get('coordinators'))
return_obj.external_ids = _ExternalIDs.from_dict(get('external_ids'))
return_obj.impact_assessment = ImpactAssessment.from_dict(
get('impact_assessment'))
return_obj.security_compromise = VocabString.from_dict(
get('security_compromise'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.coa_taken = _COAsTaken.from_dict(get('coa_taken'))
return_obj.coa_requested = _COAsRequested.from_dict(
get('coa_requested'))
return_obj.status = VocabString.from_dict(get('status'))
return_obj.history = History.from_dict(get('history'))
return_obj.related_packages = RelatedPackageRefs.from_dict(
get('related_packages'))
return_obj.contacts = _InformationSources.from_dict(get('contacts'))
return_obj.url = get('url')
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(CourseOfAction, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_coas = RelatedCOAs()
self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Incident, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.time = Time.from_obj(obj.Time)
return_obj.victims = _Victims.from_obj(obj.Victim)
return_obj.categories = IncidentCategories.from_obj(obj.Categories)
return_obj.intended_effects = _IntendedEffects.from_obj(
obj.Intended_Effect)
return_obj.affected_assets = AffectedAssets.from_obj(
obj.Affected_Assets)
return_obj.discovery_methods = DiscoveryMethods.from_obj(
obj.Discovery_Method)
return_obj.coa_taken = _COAsTaken.from_obj(obj.COA_Taken)
return_obj.coa_requested = _COAsRequested.from_obj(
obj.COA_Requested)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(
obj.Attributed_Threat_Actors)
return_obj.related_indicators = RelatedIndicators.from_obj(
obj.Related_Indicators)
return_obj.related_observables = RelatedObservables.from_obj(
obj.Related_Observables)
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(
obj.Leveraged_TTPs)
return_obj.related_incidents = RelatedIncidents.from_obj(
obj.Related_Incidents)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.history = History.from_obj(obj.History)
return_obj.responders = _InformationSources.from_obj(obj.Responder)
return_obj.coordinators = _InformationSources.from_obj(
obj.Coordinator)
return_obj.external_ids = _ExternalIDs.from_obj(obj.External_ID)
return_obj.reporter = InformationSource.from_obj(obj.Reporter)
return_obj.impact_assessment = ImpactAssessment.from_obj(
obj.Impact_Assessment)
return_obj.security_compromise = VocabString.from_obj(
obj.Security_Compromise)
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.Related_Packages)
return_obj.contacts = _InformationSources.from_obj(obj.Contact)
return_obj.url = obj.URL
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version')
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(
dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(
dict_repr.get('short_description'))
return_obj.identity = Identity.from_dict(dict_repr.get('identity'))
return_obj.types = [
Statement.from_dict(x) for x in dict_repr.get('types', [])
]
return_obj.motivations = [
Statement.from_dict(x) for x in dict_repr.get('motivations', [])
]
return_obj.sophistications = [
Statement.from_dict(x)
for x in dict_repr.get('sophistications', [])
]
return_obj.intended_effects = [
Statement.from_dict(x)
for x in dict_repr.get('intended_effects', [])
]
return_obj.planning_and_operational_supports = [
Statement.from_dict(x)
for x in dict_repr.get('planning_and_operational_supports', [])
]
return_obj.observed_ttps = ObservedTTPs.from_dict(
dict_repr.get('observed_ttps'))
return_obj.associated_campaigns = AssociatedCampaigns.from_dict(
dict_repr.get('associated_campaigns'))
return_obj.associated_actors = AssociatedActors.from_dict(
dict_repr.get('associated_actors'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.confidence = Confidence.from_dict(
dict_repr.get('confidence'))
return_obj.information_source = InformationSource.from_dict(
dict_repr.get('information_source'))
return_obj.related_packages = RelatedPackageRefs.from_dict(
dict_repr.get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
self.id_ = id_ or stix.utils.create_id("et")
self.idref = idref
self.timestamp = timestamp or datetime.now()
self.version = self._version
self.title = title
self.description = description
self.short_description = short_description
self.information_source = None
self.handling = None
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weakness = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
super(Incident, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.categories = IncidentCategories()
self.affected_assets = AffectedAssets()
self.leveraged_ttps = LeveragedTTPs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(ThreatActor, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(Campaign, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.get_version() if obj.get_version(
) else cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(
obj.get_Description())
return_obj.short_description = StructuredText.from_obj(
obj.get_Short_Description())
return_obj.identity = Identity.from_obj(obj.get_Identity())
return_obj.types = [Statement.from_obj(x) for x in obj.get_Type()]
return_obj.motivations = [
Statement.from_obj(x) for x in obj.get_Motivation()
]
return_obj.sophistications = [
Statement.from_obj(x) for x in obj.get_Sophistication()
]
return_obj.intended_effects = [
Statement.from_obj(x) for x in obj.get_Intended_Effect()
]
return_obj.planning_and_operational_supports = [
Statement.from_obj(x)
for x in obj.get_Planning_And_Operational_Support()
]
return_obj.observed_ttps = ObservedTTPs.from_obj(
obj.get_Observed_TTPs())
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(
obj.get_Associated_Campaigns())
return_obj.associated_actors = AssociatedActors.from_obj(
obj.get_Associated_Actors())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.information_source = InformationSource.from_obj(
obj.get_Information_Source())
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(ExploitTarget, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.potential_coas = PotentialCOAs.from_obj(obj.Potential_COAs)
return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.Related_Exploit_Targets)
return_obj.vulnerabilities = _Vulnerabilities.from_obj(obj.Vulnerability)
return_obj.weaknesses = _Weaknesses.from_obj(obj.Weakness)
return_obj.configuration = _Configurations.from_obj(obj.Configuration)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(ExploitTarget, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.potential_coas = PotentialCOAs.from_dict(get('potential_coas'))
return_obj.related_exploit_targets = RelatedExploitTargets.from_dict(get('related_exploit_targets'))
return_obj.vulnerabilities = _Vulnerabilities.from_dict(get('vulnerabilities'))
return_obj.weaknesses = _Weaknesses.from_dict(get('weaknesses'))
return_obj.configuration = _Configurations.from_dict(get('configuration'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(ExploitTarget, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weaknesses = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(
obj.Short_Description)
return_obj.identity = Identity.from_obj(obj.Identity)
return_obj.types = [Statement.from_obj(x) for x in obj.Type]
return_obj.motivations = [
Statement.from_obj(x) for x in obj.Motivation
]
return_obj.sophistications = [
Statement.from_obj(x) for x in obj.Sophistication
]
return_obj.intended_effects = [
Statement.from_obj(x) for x in obj.Intended_Effect
]
return_obj.planning_and_operational_supports = [
Statement.from_obj(x)
for x in obj.Planning_And_Operational_Support
]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs)
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(
obj.Associated_Campaigns)
return_obj.associated_actors = AssociatedActors.from_obj(
obj.Associated_Actors)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.information_source = InformationSource.from_obj(
obj.Information_Source)
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = \
StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = \
StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.names = Names.from_dict(dict_repr.get('names'))
return_obj.intended_effect = \
[Statement.from_dict(x) for x in dict_repr.get('intended_effect', [])]
return_obj.status = VocabString.from_dict(dict_repr.get('status'))
return_obj.related_ttps = \
RelatedTTPs.from_dict(dict_repr.get('related_ttps'))
return_obj.related_incidents = \
RelatedIncidents.from_dict(dict_repr.get('related_incidents'))
return_obj.related_indicators = \
RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.attribution = \
[Attribution.from_dict(x) for x in
dict_repr.get('attribution', [])]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns'))
return_obj.confidence = \
Confidence.from_dict(dict_repr.get('confidence'))
return_obj.activity = \
[Activity.from_dict(x) for x in dict_repr.get('activity', [])]
return_obj.information_source = \
InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
self.id_ = id_ or stix.utils.create_id("coa")
self.idref = idref
self.timestamp = timestamp or datetime.now()
self.version = self._version
self.title = title
self.stage = None
self.type_ = None
self.description = description
self.short_description = short_description
self.objective = None
self.parameter_observables = None
# self.structured_coa = None
self.impact = None
self.cost = None
self.efficacy = None
self.information_source = None
self.handling = None
self.related_coas = RelatedCOAs()
self.related_packages = RelatedPackageRefs()
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(TTP, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.behavior = Behavior.from_dict(get('behavior'))
return_obj.related_ttps = RelatedTTPs.from_dict(get('related_ttps'))
return_obj.exploit_targets = ExploitTargets.from_dict(get('exploit_targets'))
return_obj.intended_effects = _IntendedEffects.from_dict(get('intended_effects'))
return_obj.resources = Resource.from_dict(get('resources'))
return_obj.victim_targeting = VictimTargeting.from_dict(get('victim_targeting'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(TTP, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.behavior = Behavior.from_obj(obj.Behavior)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.exploit_targets = ExploitTargets.from_obj(obj.Exploit_Targets)
return_obj.resources = Resource.from_obj(obj.Resources)
return_obj.victim_targeting = VictimTargeting.from_obj(obj.Victim_Targeting)
return_obj.intended_effects = _IntendedEffects.from_obj(obj.Intended_Effect)
return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.Kill_Chain_Phases)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = \
StructuredText.from_obj(obj.get_Short_Description())
return_obj.names = Names.from_obj(obj.get_Names())
return_obj.intended_effect = \
[Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return_obj.status = VocabString.from_obj(obj.get_Status())
return_obj.related_ttps = RelatedTTPs.from_obj(obj.get_Related_TTPs())
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.get_Related_Incidents())
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.attribution = \
[Attribution.from_obj(x) for x in obj.get_Attribution()]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.activity = \
[Activity.from_obj(x) for x in obj.get_Activity()]
return_obj.information_source = \
InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
