def _create_malware(self, name: str) -> Malware:
return create_malware(
name,
created_by=self.author,
is_family=True,
confidence=self.confidence_level,
object_markings=self.object_markings,
)
def _create_malware(self, malware_id: str, name: str) -> Malware:
return create_malware(
name,
malware_id=malware_id,
created_by=self.author,
confidence=self.confidence_level,
object_markings=self.object_markings,
)
def _create_malware(self, name: str,
kill_chain_phases: List[KillChainPhase]) -> Malware:
return create_malware(
name,
created_by=self.author,
is_family=True,
kill_chain_phases=kill_chain_phases,
confidence=self.confidence_level,
object_markings=self.object_markings,
)
def _create_malwares(self) -> List[Malware]:
aliases: List[str] = []
kill_chain_phases: List[KillChainPhase] = []
external_references: List[ExternalReference] = []
malwares = []
for malware_family in self.rule.malware_families:
malware = create_malware(
malware_family,
aliases,
self.author,
kill_chain_phases,
external_references,
self.object_marking_refs,
)
malwares.append(malware)
return malwares
def _create_malwares(
self, kill_chain_phases: List[KillChainPhase]) -> List[Malware]:
indicator_malware_families = self.indicator.malware_families
if not indicator_malware_families:
return []
name = indicator_malware_families[0]
aliases = indicator_malware_families[1:]
external_references: List[ExternalReference] = []
malware = create_malware(
name,
aliases,
self.author,
kill_chain_phases,
external_references,
self.object_marking_refs,
)
return [malware]
def _create_malwares(self) -> List[Malware]:
malwares = []
for name, stix_id in self.guessed_malwares.items():
logger.info("Creating malware '%s' (%s)", name, stix_id)
aliases: List[str] = []
kill_chain_phases: List[KillChainPhase] = []
external_references: List[ExternalReference] = []
malware = create_malware(
name,
aliases,
self.author,
kill_chain_phases,
external_references,
self.object_marking_refs,
malware_id=stix_id,
)
malwares.append(malware)
return malwares