def merge_findings_bundles(findings_bundles_list):
'''Merge two or more Malware Subject Findings Bundles'''
# Merge the meta-analysis
merged_meta_analysis = None
meta_analysis_list = [
x.meta_analysis for x in findings_bundles_list if x.meta_analysis
]
if meta_analysis_list:
merged_meta_analysis = MetaAnalysis.from_dict(
merge_entities(meta_analysis_list))
# Merge the list of bundles
merged_bundles = list(
itertools.chain(*[x.bundle for x in findings_bundles_list
if x.bundle]))
# Merge the list of external bundle references
merged_bundle_external_references = list(
itertools.chain(*[
x.bundle_external_reference for x in findings_bundles_list
if x.bundle_external_reference
]))
# Construct the merged Findings Bundle List entity
merged_findings_bundle_list = FindingsBundleList()
if merged_meta_analysis:
merged_findings_bundle_list.meta_analysis = merged_meta_analysis
if merged_bundles:
merged_findings_bundle_list.bundle = merged_bundles
if merged_bundle_external_references:
merged_findings_bundle_list.bundle_external_reference = merged_bundle_external_references
return merged_findings_bundle_list
def __init__(self,id=None,namespace=None,malware_instance_object_attributes=None,relationships=None,minor_variants=None,labels=None,findings_bundles=None,
development_environment=None,configuration_details=None,compatible_platform=None,analyses=None):
super(MaecMalwareSubject, self).__init__(id=id,malware_instance_object_attributes=malware_instance_object_attributes)
if id is None and namespace is not None:
set_id_method(IDGenerator.METHOD_UUID)
set_id_namespace(namespace)
self.id_ = create_id(prefix="malware_subject")
self.relationships =MalwareSubjectRelationshipList()
if relationships is not None:
for relationship in relationships:
if isinstance(relationship,MalwareSubjectRelationship):
self.relationships.append(relationship)
self.minor_variants = MinorVariants()
if minor_variants is not None:
for minor_variant in minor_variants:
self.minor_variants.append(minor_variant)
self.label=[]
if labels is not None:
for label in labels:
self.label.append(VocabString(label))
self.findings_bundles = FindingsBundleList()
if findings_bundles is not None and isinstance(findings_bundles,FindingsBundleList):
self.findings_bundles = findings_bundles
self.development_environment = development_environment
self.configuration_details =configuration_details
self.compatible_platform =compatible_platform
self.analyses = analyses
def merge_findings_bundles(findings_bundles_list):
'''Merge two or more Malware Subject Findings Bundles'''
# Merge the meta-analysis
merged_meta_analysis = None
meta_analysis_list = [x.meta_analysis for x in findings_bundles_list if x.meta_analysis]
if meta_analysis_list:
merged_meta_analysis = MetaAnalysis.from_dict(merge_entities(meta_analysis_list))
# Merge the list of bundles
merged_bundles = list(itertools.chain(*[x.bundle for x in findings_bundles_list if x.bundle]))
# Merge the list of external bundle references
merged_bundle_external_references = list(itertools.chain(*[x.bundle_external_reference for x in findings_bundles_list if x.bundle_external_reference]))
# Construct the merged Findings Bundle List entity
merged_findings_bundle_list = FindingsBundleList()
if merged_meta_analysis:
merged_findings_bundle_list.meta_analysis = merged_meta_analysis
if merged_bundles:
merged_findings_bundle_list.bundle = merged_bundles
if merged_bundle_external_references:
merged_findings_bundle_list.bundle_external_reference = merged_bundle_external_references
return merged_findings_bundle_list
class MaecMalwareSubject(MalwareSubject):
def __init__(self,id=None,namespace=None,malware_instance_object_attributes=None,relationships=None,minor_variants=None,labels=None,findings_bundles=None,
development_environment=None,configuration_details=None,compatible_platform=None,analyses=None):
super(MaecMalwareSubject, self).__init__(id=id,malware_instance_object_attributes=malware_instance_object_attributes)
if id is None and namespace is not None:
set_id_method(IDGenerator.METHOD_UUID)
set_id_namespace(namespace)
self.id_ = create_id(prefix="malware_subject")
self.relationships =MalwareSubjectRelationshipList()
if relationships is not None:
for relationship in relationships:
if isinstance(relationship,MalwareSubjectRelationship):
self.relationships.append(relationship)
self.minor_variants = MinorVariants()
if minor_variants is not None:
for minor_variant in minor_variants:
self.minor_variants.append(minor_variant)
self.label=[]
if labels is not None:
for label in labels:
self.label.append(VocabString(label))
self.findings_bundles = FindingsBundleList()
if findings_bundles is not None and isinstance(findings_bundles,FindingsBundleList):
self.findings_bundles = findings_bundles
self.development_environment = development_environment
self.configuration_details =configuration_details
self.compatible_platform =compatible_platform
self.analyses = analyses
def addlabel(self,label=None):
self.label.append(VocabString(label))
def addmalwareinstanceobjectattributes(self,malware_instance_object_attributes=None):
self.set_malware_instance_object_attributes(malware_instance_object_attributes=malware_instance_object_attributes)
def addconfigurationdeatails(self,configuration_details):
if isinstance(configuration_details,MalwareConfigurationDetails):
self.configuration_details =configuration_details
def addminorvariant(self,minor_variant=None):
self.minor_variants.append(minor_variant)
def addcompatibleplatform(self,compatible_platform=None):
self.compatible_platform = compatible_platform
def addrelationship(self,relationship=None):
self.relationships.append(relationship)
def addbundleinfindingbundles(self,bundle=None):
self.add_findings_bundle(bundle)
def addmetaanalysisinfindingbundles(self,meta_analysis):
self.findings_bundles.meta_analysis=meta_analysis
def addexternalreferenceinfindingbundles(self,external_reference):
self.findings_bundles.add_bundle_external_reference(external_reference)
def createfindingbundlesmetaanalysis(self,object_equivalences=None,action_equivalences=None):
meta_analysis = MetaAnalysis()
meta_analysis.object_equivalences =ObjectEquivalenceList()
if object_equivalences is not None:
for object_equivalence in object_equivalences :
meta_analysis.object_equivalences.append(object_equivalence)
meta_analysis.action_equivalences = ActionEquivalenceList()
if action_equivalences is not None:
for action_equivalence in action_equivalences:
meta_analysis.action_equivalences.append(action_equivalence)
return meta_analysis
def createfindingbundlesmetaanalysisobjectequivalence(self,id=None,object_references=None):
object_equivalence = ObjectEquivalence()
object_equivalence.id_ =id
object_equivalence.object_reference=object_references
return object_equivalence
def createfindingbundlesmetaanalysisobjectequivalencereference(self,object_idref=None):
#unresolved library bug
reference = ObjectReference()
reference.object_idref =object_idref
return reference
def createfindingbundlesmetaanalysisactionequivalence(self,action_references=None):
action_equivalence = ActionEquivalence()
action_equivalence.action_reference=action_references
return action_equivalence
def createfindingbundlesmetaanalysisactionequivalencereference(self,action_id=None):
return ActionReference(action_id=action_id)
def createrelationship(self,type=None,malware_subject_reference=None):
relationship= MalwareSubjectRelationship()
relationship.type_ = VocabString(value=type)
relationship.malware_subject_reference=malware_subject_reference
return relationship
def createrelationshipreference(self,malware_subject_idref=None):
reference = MalwareSubjectReference()
reference.malware_subject_idref = malware_subject_idref
return reference
def createcompatibleplatform(self,description=None,identifiers=None):
platform = PlatformSpecification()
if description is not None:
platform.description= StructuredText(value=description)
if not identifiers is None:
for identifier in identifiers:
platform.identifiers.append(identifier)
return platform
def createcompatibleplatformidentifier(self,system=None,system_ref =None):
identifier = PlatformIdentifier()
identifier.system =system
identifier.system_ref =system_ref
return identifier
def createconfigurationdetails(self,storage=None,obfuscation=None,configuration_parameter=None):
configuration_details = MalwareConfigurationDetails()
configuration_details.storage =storage
configuration_details.obfuscation = obfuscation
configuration_details.configuration_parameter = configuration_parameter
return configuration_details
def createconfigurationdetailsstorage(self,malware_binary=None,url=None,file=None):
storage = MalwareConfigurationStorageDetails()
storage.url =url
storage.malware_binary = malware_binary
storage.file =file
return storage
def createconfigurationdetailsstoragemalwarebinary(self,section_offset=None,section_name=None,file_offset=None):
malware_binary = MalwareBinaryConfigurationStorageDetails()
malware_binary.section_offset = section_offset
malware_binary.section_name = section_name
malware_binary.file_offset = file_offset
return malware_binary
def createconfigurationdetailsobfuscation(self,is_encrypted=None,is_encoded=None,algorithm_details=None):
obfuscation = MalwareConfigurationObfuscationDetails()
obfuscation.is_encrypted=is_encrypted
obfuscation.is_encoded = is_encoded
if algorithm_details is not None:
for algorithm in algorithm_details:
if isinstance(algorithm,MalwareConfigurationObfuscationAlgorithm):
obfuscation.algorithm_details.append(algorithm)
return obfuscation
def createconfigurationdetailsobfuscationalgorithm(self,ordinal_position=None,key=None,algorithm_name=None):
algorithm = MalwareConfigurationObfuscationAlgorithm()
algorithm.ordinal_position = ordinal_position
algorithm.key = key
algorithm.algorithm_name = algorithm_name
return algorithm
def createconfigurationdetailsconfparameter(self,value=None,name=None):
configuration_parameter = MalwareConfigurationParameter()
configuration_parameter.name=VocabString(name)
configuration_parameter.value =value
return configuration_parameter
def adddevelopmentenvironment(self,development_environment=None):
self.development_environment=development_environment
def createdevelopmentenvironment(self,debugging_file=None,tools=None):
development_environment = MalwareDevelopmentEnvironment()
development_environment.tools = tools
development_environment.debugging_file=debugging_file
return development_environment
