def generate_analysis(self, static_bundle):
analysis = Analysis()
analysis.type = 'triage'
analysis.method = 'static'
analysis.add_tool(ToolInformation.from_dict({'id': maec.utils.idgen.create_id(prefix="tool"),
'vendor': 'Ero Carrera',
'name': 'pefile'}))
findings_bundle_reference = []
if self.bundle_has_content(static_bundle):
findings_bundle_reference.append(BundleReference.from_dict({'bundle_idref':static_bundle.id_}))
analysis.findings_bundle_reference = findings_bundle_reference
return analysis
def test_round_trip(self):
o = Analysis()
o.source = Source()
o.source.name = "ThreatExpert"
o.source.organization = "ThreatExpert"
o.source.method = "triage"
o.source.url = "http://www.threatexpert.com"
o.start_datetime = "2014-08-06T18:30:00"
o2 = round_trip(o, True)
self.assertEqual(o.to_dict(), o2.to_dict())
# Code for MAEC Dynamic Analysis Idiom
from maec.package.package import Package
from maec.package.malware_subject import MalwareSubject
from maec.package.analysis import Analysis
from maec.bundle.bundle import Bundle
from maec.bundle.malware_action import MalwareAction
from cybox.core import Object, AssociatedObject, AssociatedObjects
from cybox.objects.win_executable_file_object import WinExecutableFile
from cybox.objects.win_mutex_object import WinMutex
from cybox.common import ToolInformation, VocabString
# Set up the necessary Package, Malware Subject, Analysis Bundle Instances
p = Package()
ms = MalwareSubject()
b = Bundle()
a = Analysis()
# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.size_in_bytes = "210564"
ms.malware_instance_object_attributes.properties.add_hash(
"B6C39FF68346DCC8B67AA060DEFE40C2")
ms.malware_instance_object_attributes.properties.add_hash(
"D55B0FB96FAD96D203D10850469489FC03E6F2F7")
# Populate the Analysis with the metadata relating to the Analysis that was performed
a.method = "dynamic"
a.type_ = "triage"
a.set_findings_bundle(b.id_)
t = ToolInformation()
# Code for MAEC Analysis Metadata Idiom
from maec.package.package import Package
from maec.package.malware_subject import MalwareSubject
from maec.package.analysis import Analysis
from cybox.core import Object
from cybox.common import ToolInformation, VocabString
from cybox.objects.win_executable_file_object import WinExecutableFile
# Set up the necessary Package, Malware Subject, Analysis instances
p = Package()
ms = MalwareSubject()
a1 = Analysis()
a2 = Analysis()
# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.size_in_bytes = "210564"
ms.malware_instance_object_attributes.properties.add_hash("B6C39FF68346DCC8B67AA060DEFE40C2")
# Populate the PeID Analysis with its corresponding metadata
a1.method = "static"
a1.type_ = "triage"
t1 = ToolInformation()
t1.name = "PEiD"
t1.version = "0.94"
a1.add_tool(t1)
# Populate the Anubis Analysis with its corresponding metadata
a2.method = "dynamic"
a2.type_ = "triage"
def test_id_autoset(self):
o = Analysis()
self.assertNotEqual(o.id_, None)
