dridex.aliases = ["Cridex", "Drixed"] dridex.family = MalwareFamily.objects.get(name="banker") dridex.killchain = "7" dridex.tags = ['dridex'] dridex.save() zeus = Malware.get_or_create(name="Zeus") zeus.family = MalwareFamily.objects.get(name="banker") zeus.killchain = "7" zeus.tags = ['zeus'] zeus.save() ## Create initial intelligence # Indicators bartalex_callback = Regex(name="Bartalex callback", pattern="/mg.jpg$") bartalex_callback.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback.diamond = "capability" bartalex_callback.location = "network" bartalex_callback.save() bartalex_callback.action(bartalex, 'testrun', verb='indicates') bartalex_callback2 = Regex(name="Bartalex callback", pattern="/[0-9a-z]{7,8}/[0-9a-z]{7,8}.exe$") bartalex_callback2.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback2.diamond = "capability" bartalex_callback2.location = "network" bartalex_callback2.save() bartalex_callback2.action(bartalex, 'testrun', verb="indicates") bartalex_callback.action(dridex, 'testrun', verb="hosts")