Example #1
0
 def test_add_name_type(self):
     maec_malware_instance = MAECInstance()
     maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
     maec_malware_instance.add_type("Remote Access Trojan")
     maec_xml = text_type(maec_malware_instance.to_xml())
     self.assertTrue("Poison Ivy Variant v4392-acc" in maec_xml)
     self.assertTrue("Remote Access Trojan" in maec_xml)
Example #2
0
 def test_add_name_type(self):
     maec_malware_instance = MAECInstance()
     maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
     maec_malware_instance.add_type("Remote Access Trojan")
     maec_xml = text_type(maec_malware_instance.to_xml())
     self.assertTrue("Poison Ivy Variant v4392-acc" in maec_xml)
     self.assertTrue("Remote Access Trojan" in maec_xml)
Example #3
0
def main():
    maec_malware_instance = MAECInstance()
    maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
    maec_malware_instance.add_type("Remote Access Trojan")
    maec_malware_instance.maec = etree.fromstring(MAEC_XML, parser=etree.ETCompatXMLParser())

    ttp = TTP(title="Poison Ivy Variant v4392-acc")
    ttp.behavior = Behavior()
    ttp.behavior.add_malware_instance(maec_malware_instance)

    stix_package = STIXPackage()
    stix_package.add_ttp(ttp)

    print(stix_package.to_xml(encoding=None))
Example #4
0
def main():
    maec_malware_instance = MAECInstance()
    maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
    maec_malware_instance.add_type("Remote Access Trojan")
    maec_malware_instance.maec = etree.fromstring(
        MAEC_XML, parser=etree.ETCompatXMLParser())

    ttp = TTP(title="Poison Ivy Variant v4392-acc")
    ttp.behavior = Behavior()
    ttp.behavior.add_malware_instance(maec_malware_instance)

    stix_package = STIXPackage()
    stix_package.add_ttp(ttp)

    print stix_package.to_xml()
Example #5
0
related_ttp = RelatedTTP(TTP(idref=ttp.id_))

# TTP - Related Threat Actor (basic; by id)
ta = ThreatActor(title='Adversary Bravo')
ta.observed_ttps.append(related_ttp)

# TTP - Related TTP2 (Malware; by id)
ttp2 = TTP(title='Poison Ivy Variant')
malware_instance = MalwareInstance(title='Poison Ivy Variant d1c6')
malware_instance.description = 'Attack Pattern Description'
malware_instance.short_description = 'Attack Pattern Short Description'
malware_instance.add_type(MalwareType('Remote Access Trojan'))

maec = MAECInstance()
maec.add_name('Poison Ivy Variant v4392-acc')
maec.add_type(MalwareType('Exploit Kits'))

ttp2.behavior = Behavior()
ttp2.behavior.add_malware_instance(malware_instance)
ttp2.behavior.add_malware_instance(maec)

# TTP2 - Victim Targeting
victim_targeting = VictimTargeting()
victim_targeting.add_targeted_system(SystemType('Enterprise Systems'))
victim_targeting.add_targeted_information(
    InformationType('Information Assets - User Credentials'))

identity = CIQIdentity3_0Instance()
# identity.name = 'Bob Ricca'

identity_spec = STIXCIQIdentity3_0()