Ejemplo n.º 1
0
 def add_intended_effect(self, value):
     if not value:
         return
     elif isinstance(value, Statement):
         self.intended_effects.append(value)
     else:
         intended_effect = IntendedEffect(value)
         self.intended_effects.append(Statement(value=intended_effect))
Ejemplo n.º 2
0
    Address, CIQIdentity3_0Instance, ElectronicAddressIdentifier,
    OrganisationInfo, PartyName, STIXCIQIdentity3_0)
from stix.extensions.malware.maec_4_1_malware import MAECInstance
from stix.threat_actor import ThreatActor
from stix.ttp import TTP, Behavior
from stix.ttp.behavior import AttackPattern, Exploit, MalwareInstance
from stix.ttp.infrastructure import Infrastructure
from stix.ttp.resource import Personas, Resource, Tools
from stix.ttp.victim_targeting import VictimTargeting

# TTP (Phishing)
ttp = TTP(title='Phishing')
ttp.description = 'Integer posuere erat a ante venenatis dapibus posuere velit aliquet.'
ttp.short_description = 'Etiam Vestibulum Elit Ligula'

ttp.add_intended_effect(IntendedEffect('Account Takeover'))

# TTP - Attack Pattern
attack_pattern = AttackPattern()
attack_pattern.capec_id = 'CAPEC-98'
attack_pattern.description = 'Phishing'
attack_pattern.short_description = 'Phishing'
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)

# TTP - Kill Chain Phase
phase = KillChainPhase(
    name='Infect Machine',
    phase_id='example:TTP-7a0fb8e4-a778-4c79-9c7e-8747675da5f1')
kc_phases = KillChainPhasesReference()
kc_phases.append(KillChainPhaseReference(name=phase.name))
Ejemplo n.º 3
0
from faker import Faker
from stix.common import CampaignRef

# Basics
campaign = Campaign(title='Compromise Machines')
campaign.description = 'Vestibulum id ligula porta felis euismod semper. Cras mattis consectetur purus sit amet fermentum.'
campaign.short_description = 'Mattis Ipsum Ultricies Quam Malesuada'

# Attributes
names = Names()
names.name = ['Operation Sparky', 'Operation Dingo']
campaign.names = names
activity = Activity()
activity.description = 'Foo'
campaign.add_activity(activity)
campaign.add_intended_effect(IntendedEffect('Extortion'))
campaign.status = CampaignStatus('Ongoing')
campaign.confidence = HighMediumLow('Medium')

# Related TTP (basic; by id)
ttp = TTP(title="Malware Variant XYZ")
related_ttp = RelatedTTP(TTP(idref=ttp.id_))
campaign.related_ttps.append(related_ttp)

# Related Incident (basic; by id)
incident = Incident(title='We got hacked')
t = Time()
t.incident_opened = '2018-09-11'
incident.time = t
related_incident = RelatedIncident(Incident(idref=incident.id_))
campaign.related_incidents.append(related_incident)
Ejemplo n.º 4
0
 def _fix_value(self, value):
     return IntendedEffect(value)
Ejemplo n.º 5
0
 def _fix_value(self, value):
     return Statement(value=IntendedEffect(value))