def generate_analysis(self, static_bundle): analysis = Analysis() analysis.type = 'triage' analysis.method = 'static' analysis.add_tool(ToolInformation.from_dict({'id': maec.utils.idgen.create_id(prefix="tool"), 'vendor': 'Ero Carrera', 'name': 'pefile'})) findings_bundle_reference = [] if self.bundle_has_content(static_bundle): findings_bundle_reference.append(BundleReference.from_dict({'bundle_idref':static_bundle.id_})) analysis.findings_bundle_reference = findings_bundle_reference return analysis
def test_round_trip(self): o = Analysis() o.source = Source() o.source.name = "ThreatExpert" o.source.organization = "ThreatExpert" o.source.method = "triage" o.source.url = "http://www.threatexpert.com" o.start_datetime = "2014-08-06T18:30:00" o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
# Code for MAEC Dynamic Analysis Idiom from maec.package.package import Package from maec.package.malware_subject import MalwareSubject from maec.package.analysis import Analysis from maec.bundle.bundle import Bundle from maec.bundle.malware_action import MalwareAction from cybox.core import Object, AssociatedObject, AssociatedObjects from cybox.objects.win_executable_file_object import WinExecutableFile from cybox.objects.win_mutex_object import WinMutex from cybox.common import ToolInformation, VocabString # Set up the necessary Package, Malware Subject, Analysis Bundle Instances p = Package() ms = MalwareSubject() b = Bundle() a = Analysis() # Set the Malware_Instance_Object_Attributes on the Malware Subject ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = WinExecutableFile() ms.malware_instance_object_attributes.properties.size_in_bytes = "210564" ms.malware_instance_object_attributes.properties.add_hash( "B6C39FF68346DCC8B67AA060DEFE40C2") ms.malware_instance_object_attributes.properties.add_hash( "D55B0FB96FAD96D203D10850469489FC03E6F2F7") # Populate the Analysis with the metadata relating to the Analysis that was performed a.method = "dynamic" a.type_ = "triage" a.set_findings_bundle(b.id_) t = ToolInformation()
# Code for MAEC Analysis Metadata Idiom from maec.package.package import Package from maec.package.malware_subject import MalwareSubject from maec.package.analysis import Analysis from cybox.core import Object from cybox.common import ToolInformation, VocabString from cybox.objects.win_executable_file_object import WinExecutableFile # Set up the necessary Package, Malware Subject, Analysis instances p = Package() ms = MalwareSubject() a1 = Analysis() a2 = Analysis() # Set the Malware_Instance_Object_Attributes on the Malware Subject ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = WinExecutableFile() ms.malware_instance_object_attributes.properties.size_in_bytes = "210564" ms.malware_instance_object_attributes.properties.add_hash("B6C39FF68346DCC8B67AA060DEFE40C2") # Populate the PeID Analysis with its corresponding metadata a1.method = "static" a1.type_ = "triage" t1 = ToolInformation() t1.name = "PEiD" t1.version = "0.94" a1.add_tool(t1) # Populate the Anubis Analysis with its corresponding metadata a2.method = "dynamic" a2.type_ = "triage"
def test_id_autoset(self): o = Analysis() self.assertNotEqual(o.id_, None)