def create_maec(self, url_indicator): package = Package() ms = MalwareSubject() ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = URI(type_=URI.TYPE_URL) ms.malware_instance_object_attributes.properties.value = url_indicator package.add_malware_subject(ms) return package
def create_maec(self, url_indicator): package = Package() ms = MalwareSubject() ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = URI( type_=URI.TYPE_URL) ms.malware_instance_object_attributes.properties.value = url_indicator package.add_malware_subject(ms) return package
# Create the Associated Object Dictionary for use in the Action associated_object = AssociatedObject() associated_object.properties = File() associated_object.properties.file_name = 'abcd.dll' associated_object.properties.size_in_bytes = '123456' associated_object.association_type = VocabString() associated_object.association_type.value = 'output' associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0' # Create the Action from another dictionary action = MalwareAction() action.name = VocabString() action.name.value = 'create file' action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0' action.associated_objects = AssociatedObjects() action.associated_objects.append(associated_object) # Add the Action to the Bundle bundle.add_action(action) # Create the Capability from another dictionary capability = Capability() capability.name = 'persistence' # Add the Capability to the Bundle bundle.add_capability(capability) # Add the Bundle to the Malware Subject subject.add_findings_bundle(bundle) subject.findings_bundles.bundle = [bundle] # Add the Malware Subject to the Package package.add_malware_subject(subject) # Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions package.to_xml_file('sample_maec_package.xml', {"http://example.com/":"example"}) print "Wrote to sample_maec_package.xml"
# Create the Associated Object Dictionary for use in the Action associated_object = AssociatedObject() associated_object.properties = File() associated_object.properties.file_name = 'abcd.dll' associated_object.properties.size_in_bytes = '123456' associated_object.association_type = VocabString() associated_object.association_type.value = 'output' associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0' # Create the Action from another dictionary action = MalwareAction() action.name = VocabString() action.name.value = 'create file' action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0' action.associated_objects = AssociatedObjects() action.associated_objects.append(associated_object) # Add the Action to the Bundle bundle.add_action(action) # Create the Capability from another dictionary capability = Capability() capability.name = 'persistence' # Add the Capability to the Bundle bundle.add_capability(capability) # Add the Bundle to the Malware Subject subject.add_findings_bundle(bundle) subject.findings_bundles.bundle = [bundle] # Add the Malware Subject to the Package package.add_malware_subject(subject) # Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions package.to_xml_file('sample_maec_package.xml') print "Wrote to sample_maec_package.xml"