def get_exploit_target_from_json(ttp_json):
json_cve = ttp_json['value']
json_title = ttp_json['title']
# title は "%CVE番号% (index)" とする
title = '%s (%s)' % (json_cve, json_title)
# CVE 情報を circl から取得する
cve_info = Cve.get_cve_info(json_cve)
# 各種 CVE 情報のリンクを作成
mitre_url = 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=' + str(
json_cve)
circl_url = 'http://cve.circl.lu/cve/' + str(json_cve)
# Expoit_Target, Vulnerability の Short Description は link
common_short_description = '%s (<a href="%s" target="_blank">MITRE</a>, <a href="%s" target="_blank">circl.lu</a>)<br/>' % (
json_cve, mitre_url, circl_url)
# base_score
try:
vul_cvss_score = CVSSVector()
vul_cvss_score.base_score = cve_info['cvss']
except BaseException:
vul_cvss_score = None
# Expoit_Target, Vulnerability の Description 作成
common_decritpion = common_short_description
# base_score があったら追加する
if vul_cvss_score is not None:
common_decritpion += ('Base Score: %s<br/>' %
(vul_cvss_score.base_score))
# vulnerability の description は circl から取得した description
try:
common_decritpion += ('%s<br/>' % (cve_info['summary']))
except BaseException:
# 取得失敗時は circl のページの url
common_decritpion += ('%s<br/>' % (circl_url))
# ExploitTarget
et = ExploitTarget()
et.title = title
et.description = common_decritpion
et.short_description = common_short_description
# Vulnerability
vulnerablity = Vulnerability()
vulnerablity.title = title
vulnerablity.description = common_decritpion
vulnerablity.short_description = common_short_description
vulnerablity.cve_id = json_cve
if vul_cvss_score is not None:
vulnerablity.cvss_score = vul_cvss_score
et.add_vulnerability(vulnerablity)
return et
def convert_vulnerability(v20):
v1x = Vulnerability()
if "name" in v20:
v1x.title = v20["name"]
if "description" in v20:
v1x.add_description(v20["description"])
if "labels" in v20:
add_missing_list_property_to_description(v1x, "labels", v20["labels"])
v1x.cve_id = extract_external_id("cve", v20["external_references"])
et = ExploitTarget(id_=convert_id20(v20["id"]),
timestamp=text_type(v20["modified"]))
et.add_vulnerability(v1x)
if "kill_chain_phases" in v20:
process_kill_chain_phases(v20["kill_chain_phases"], et)
if "object_marking_refs" in v20:
for m_id in v20["object_marking_refs"]:
ms = create_marking_specification(m_id)
if ms:
CONTAINER.add_marking(et, ms, descendants=True)
if "granular_markings" in v20:
error(
"Granular Markings present in '%s' are not supported by stix2slider",
604, v20["id"])
record_id_object_mapping(v20["id"], et)
return et
def get_exploit_target_from_cve(cve):
title = cve
# description は mitreのページヘのリンク
description = 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=' + str(
cve)
# ExploitTarget
et = ExploitTarget()
et.title = title
et.description = description
et.short_description = description
# Vulnerability
vulnerablity = Vulnerability()
vulnerablity.title = title
vulnerablity.description = description
vulnerablity.short_description = description
vulnerablity.cve_id = cve
et.add_vulnerability(vulnerablity)
return et
def get_exploit_target_from_json(ttp_json):
json_cve = ttp_json['value']
json_title = ttp_json['title']
# title は "%CVE番号% (index)" とする
title = '%s (%s)' % (json_cve, json_title)
# # CVE 情報を circl から取得する
cve_info = CommonExtractor.get_cve_info(json_cve)
# Expoit_Target, Vulnerability の Short Description は link
common_short_description = CommonExtractor.get_ttp_common_short_description(
ttp_json)
# # base_score
vul_cvss_score = CommonExtractor.get_vul_cvss_score(cve_info)
# Expoit_Target, Vulnerability の Description 作成
common_decritpion = CommonExtractor.get_ttp_common_description(
ttp_json)
# ExploitTarget
et = ExploitTarget()
et.title = title
et.description = common_decritpion
et.short_description = common_short_description
# Vulnerability
vulnerablity = Vulnerability()
vulnerablity.title = title
vulnerablity.description = common_decritpion
vulnerablity.short_description = common_short_description
vulnerablity.cve_id = json_cve
if vul_cvss_score is not None:
vulnerablity.cvss_score = vul_cvss_score
et.add_vulnerability(vulnerablity)
return et
from stix.exploit_target import ExploitTarget from stix.exploit_target.vulnerability import Vulnerability, AffectedSoftware # Build a Product Object that characterizes our affected software software = Product() software.product = "Foobar" software.version = "3.0" software.edition = "GOTY" # Wrap the Product Object in an Observable instance observable = Observable(software) # Attach the Product observable to the affected_sofware list of # RelatedObservable instances. This wraps our Observable in a # RelatedObservable layer. vuln = Vulnerability() vuln.affected_software = AffectedSoftware() vuln.affected_software.append(observable) # Create the Exploit Target et = ExploitTarget() # Attach our Vulnerability to the Exploit Target et.vulnerabilities.append(vuln) # Build a STIX Package package = STIXPackage() # Attach the Exploit Target instance to the Package package.exploit_targets.append(et)
from stix.exploit_target.vulnerability import Vulnerability, AffectedSoftware # Build a Product Object that characterizes our affected software software = Product() software.product = "Foobar" software.version = "3.0" software.edition = "GOTY" # Wrap the Product Object in an Observable instance observable = Observable(software) # Attach the Product observable to the affected_sofware list of # RelatedObservable instances. This wraps our Observable in a # RelatedObservable layer. vuln = Vulnerability() vuln.affected_software = AffectedSoftware() vuln.affected_software.append(observable) # Create the Exploit Target et = ExploitTarget() # Attach our Vulnerability to the Exploit Target et.vulnerabilities.append(vuln) # Build a STIX Package package = STIXPackage() # Attach the Exploit Target instance to the Package package.exploit_targets.append(et)
)
et1.short_description = 'Apache httpd 2.2.0 to 2.4.29 is vulnerable'
# Exploit Target 1 - Weakness
weakness = Weakness(cwe_id='CWE-287', description='Improper Authentication')
et1.add_weakness(weakness)
# Exploit Target 1 - Configuration
config = Configuration(
cce_id='CCE-27686-5',
description='The Apache web server be run with the appropriate privileges.',
short_description='Configuration Short Description')
et1.add_configuration(config)
# Exploit Target 1 - Vulnerability
vuln = Vulnerability()
vuln.cve_id = 'CVE-2018-1312'
cvss = CVSSVector()
cvss.base_score = '6.8'
cvss.base_vector = 'AV:N/AC:M/Au:N/C:P/I:P/A:P'
vuln.cvss_score = cvss
vuln.add_reference('https://nvd.nist.gov/vuln/detail/CVE-2018-1312')
et1.add_vulnerability(vuln)
# Exploit Target 1 - Potential COA
coa = CourseOfAction(title='Patch Apache httpd')
et1.potential_coas.append(CourseOfAction(idref=coa.id_))
# Exploit Target 2 - Related to Exploit Target 1
et2 = ExploitTarget(title='Apache HTTP Vulnerability - CVE-2018-1333')
et1.related_exploit_targets.append(ExploitTarget(idref=et2.id_))
from stix.exploit_target import ExploitTarget from stix.exploit_target.vulnerability import Vulnerability # Build a Product Object that characterizes our affected software software = Product() software.product = "Foobar" software.version = "3.0" software.edition = "GOTY" # Wrap the Product Object in an Observable instance observable = Observable(software) # Attach the Product observable to the affected_sofware list of # RelatedObservable instances. This wraps our Observable in a # RelatedObservable layer. vuln = Vulnerability() vuln.affected_software.append(observable) # Create the Exploit Target et = ExploitTarget() # Attach our Vulnerability to the Exploit Target et.vulnerabilities.append(vuln) # Build a STIX Package package = STIXPackage() # Attach the Exploit Target instance to the Package package.exploit_targets.append(et) # Print!