def from_dict(process_dict, process_cls = None): if not process_dict: return None if process_cls == None: process_ = Process() else: process_ = process_cls ObjectProperties.from_dict(process_dict, process_) process_.is_hidden = process_dict.get('is_hidden') process_.pid = UnsignedInteger.from_dict(process_dict.get('pid')) process_.name = String.from_dict(process_dict.get('name')) process_.creation_time = DateTime.from_dict(process_dict.get('creation_time')) process_.parent_pid = UnsignedInteger.from_dict(process_dict.get('parent_pid')) process_.child_pid_list = [UnsignedInteger.from_dict(x) for x in process_dict.get('child_pid_list', [])] process_.image_info = ImageInfo.from_dict(process_dict.get('image_info')) process_.argument_list = [String.from_dict(x) for x in process_dict.get('argument_list', [])] process_.environment_variable_list = EnvironmentVariableList.from_list(process_dict.get('environment_variable_list')) process_.kernel_time = Duration.from_dict(process_dict.get('kernel_time')) process_.port_list = [Port.from_dict(x) for x in process_dict.get('port_list', [])] process_.network_connection_list = [NetworkConnection.from_dict(x) for x in process_dict.get('network_connection_list', [])] process_.start_time = DateTime.from_dict(process_dict.get('start_time')) process_.username = String.from_dict(process_dict.get('username')) process_.user_time = Duration.from_dict(process_dict.get('user_time')) process_.extracted_features = None return process_
def from_dict(x509_certificate_signature_dict): if not x509_certificate_signature_dict: return None x509_certificate_signature_ = X509CertificateSignature() x509_certificate_signature_.signature_algorithm = String.from_dict(x509_certificate_signature_dict.get('signature_algorithm')) x509_certificate_signature_.signature = String.from_dict(x509_certificate_signature_dict.get('signature')) return x509_certificate_signature_
def from_dict(environment_variable_dict): if not environment_variable_dict: return None environment_variable_ = EnvironmentVariable() environment_variable_.name = String.from_dict(environment_variable_dict.get('name')) environment_variable_.value = String.from_dict(environment_variable_dict.get('value')) return environment_variable_
def from_dict(x509_non_standard_extensions_dict): if not x509_non_standard_extensions_dict: return None x509_non_standard_extensions_ = X509NonStandardExtensions() x509_non_standard_extensions_.netscape_comment = String.from_dict(x509_non_standard_extensions_dict.get('netscape_comment')) x509_non_standard_extensions_.netscape_certificate_type = String.from_dict(x509_non_standard_extensions_dict.get('netscape_certificate_type')) x509_non_standard_extensions_.old_authority_key_identifier = String.from_dict(x509_non_standard_extensions_dict.get('old_authority_key_identifier')) x509_non_standard_extensions_.old_primary_key_attributes = String.from_dict(x509_non_standard_extensions_dict.get('old_primary_key_attributes')) return x509_non_standard_extensions_
def from_dict(global_flag_dict): if not global_flag_dict: return None global_flag_ = GlobalFlag() global_flag_.abbreviation = String.from_dict(global_flag_dict.get('abbreviation')) global_flag_.destination = String.from_dict(global_flag_dict.get('destination')) global_flag_.hexadecimal_value = HexBinary.from_dict(global_flag_dict.get('hexadecimal_value')) global_flag_.symbolic_name = String.from_dict(global_flag_dict.get('symbolic_name')) return global_flag_
def from_dict(bios_info_dict): if not bios_info_dict: return None bios_info_ = BIOSInfo() bios_info_.bios_date = Date.from_dict(bios_info_dict.get('bios_date')) bios_info_.bios_version = String.from_dict(bios_info_dict.get('bios_version')) bios_info_.bios_manufacturer = String.from_dict(bios_info_dict.get('bios_manufacturer')) bios_info_.bios_release_date = Date.from_dict(bios_info_dict.get('bios_release_date')) bios_info_.bios_serial_number = String.from_dict(bios_info_dict.get('bios_serial_number')) return bios_info_
def from_dict(registry_value_dict): if not registry_value_dict: return None registry_value_ = RegistryValue() registry_value_.name = String.from_dict(registry_value_dict.get('name')) registry_value_.data = String.from_dict(registry_value_dict.get('data')) registry_value_.datatype = String.from_dict(registry_value_dict.get('datatype')) #registry_value_.byte_runs = ByteRuns.from_dict(registry_value_dict.get('byte_runs')) return registry_value_
def from_dict(os_dict): if not os_dict: return None os_ = OS() os_.bitness = String.from_dict(os_dict.get('bitness')) os_.build_number = String.from_dict(os_dict.get('build_number')) os_.environment_variable_list = EnvironmentVariableList.from_list(os_dict.get('environment_variable_list')) os_.install_date = Date.from_dict(os_dict.get('install_date')) os_.patch_level = String.from_dict(os_dict.get('patch_level')) os_.platform = None #TODO: add support for platform specification return os_
def from_dict(image_info_dict): if not image_info_dict: return None image_info_ = ImageInfo() image_info_.file_name = String.from_dict(image_info_dict.get('file_name')) image_info_.command_line = String.from_dict(image_info_dict.get('command_line')) image_info_.current_directory = String.from_dict(image_info_dict.get('current_directory')) image_info_.path = String.from_dict(image_info_dict.get('path')) return image_info_
def from_dict(environment_variable_dict): if not environment_variable_dict: return None environment_variable_ = EnvironmentVariable() environment_variable_.name = String.from_dict( environment_variable_dict.get('name')) environment_variable_.value = String.from_dict( environment_variable_dict.get('value')) return environment_variable_
def from_dict(digital_signature_dict): if not digital_signature_dict: return None digital_signature_ = DigitalSignature() digital_signature_.signature_exists = digital_signature_dict.get('signature_exists') digital_signature_.signature_verified = digital_signature_dict.get('signature_verified') digital_signature_.certificate_issuer = String.from_dict(digital_signature_dict.get('certificate_issuer')) digital_signature_.certificate_subject = String.from_dict(digital_signature_dict.get('certificate_subject')) digital_signature_.signature_description = String.from_dict(digital_signature_dict.get('signature_description')) return digital_signature_
def from_dict(win_handle_dict): if not win_handle_dict: return None win_handle_ = WinHandle() win_handle_.id = UnsignedInteger.from_dict(win_handle_dict.get('id')) win_handle_.name = String.from_dict(win_handle_dict.get('name')) win_handle_.type = String.from_dict(win_handle_dict.get('type')) win_handle_.object_address = UnsignedLong.from_dict(win_handle_dict.get('id')) win_handle_.access_mask = UnsignedLong.from_dict(win_handle_dict.get('access_mask')) win_handle_.pointer_count = UnsignedLong.from_dict(win_handle_dict.get('id')) return win_handle_
def from_dict(packer_dict): if not packer_dict: return None packer = Packer() packer.name = String.from_dict(packer_dict.get('name')) packer.version = String.from_dict(packer_dict.get('version')) packer.entry_point = HexBinary.from_dict(packer_dict.get('entry_point')) packer.signature = String.from_dict(packer_dict.get('signature')) packer.type_ = String.from_dict(packer_dict.get('type')) return packer
def from_dict(network_interface_dict): if not network_interface_dict: return None network_interface_ = NetworkInterface() network_interface_.adapter = String.from_dict(network_interface_dict.get('adapter')) network_interface_.description = String.from_dict(network_interface_dict.get('description')) network_interface_.dhcp_lease_expires = DateTime.from_dict(network_interface_dict.get('dhcp_lease_expires')) network_interface_.dhcp_lease_obtained = DateTime.from_dict(network_interface_dict.get('dhcp_lease_obtained')) network_interface_.dhcp_server_list = DHCPServerList.from_list(network_interface_dict.get('dhcp_server_list')) network_interface_.ip_gateway_list = IPGatewayList.from_list(network_interface_dict.get('ip_gateway_list')) network_interface_.ip_list = IPInfoList.from_list(network_interface_dict.get('ip_list')) network_interface_.mac = String.from_dict(network_interface_dict.get('mac')) return network_interface_
def from_dict(x509_cert_dict): if not x509_cert_dict: return None x509_cert_ = X509Cert() x509_cert_.version = String.from_dict(x509_cert_dict.get('version')) x509_cert_.serial_number = String.from_dict(x509_cert_dict.get('serial_number')) x509_cert_.signature_algorithm = String.from_dict(x509_cert_dict.get('signature_algorithm')) x509_cert_.issuer = String.from_dict(x509_cert_dict.get('issuer')) x509_cert_.validity = Validity.from_dict(x509_cert_dict.get('validity')) x509_cert_.subject = String.from_dict(x509_cert_dict.get('subject')) x509_cert_.subject_public_key = SubjectPublicKey.from_dict(x509_cert_dict.get('subject_public_key')) x509_cert_.standard_extensions = X509V3Extensions.from_dict(x509_cert_dict.get('standard_extensions')) x509_cert_.non_standard_extensions = X509NonStandardExtensions.from_dict(x509_cert_dict.get('non_standard_extensions')) return x509_cert_
def from_dict(win_kernel_hook_dict): if not win_kernel_hook_dict: return None win_kernel_hook_ = WinKernelHook() win_kernel_hook_.digital_signature_hooking = DigitalSignature.from_dict(win_kernel_hook_dict.get('digital_signature_hooking')) win_kernel_hook_.digital_signature_hooked = DigitalSignature.from_dict(win_kernel_hook_dict.get('digital_signature_hooked')) win_kernel_hook_.hooked_address = UnsignedLong.from_dict(win_kernel_hook_dict.get('hooked_address')) win_kernel_hook_.hook_description = String.from_dict(win_kernel_hook_dict.get('hook_description')) win_kernel_hook_.hooked_function = String.from_dict(win_kernel_hook_dict.get('hooked_function')) win_kernel_hook_.hooked_module = String.from_dict(win_kernel_hook_dict.get('hooked_module')) win_kernel_hook_.type = String.from_dict(win_kernel_hook_dict.get('type')) return win_kernel_hook_
def from_dict(message_dict): message = EmailMessage() for attachment in message_dict.get('attachments', []): message.attachments.append(File.from_dict(attachment)) for link in message_dict.get('links', []): message.links.append(URI.from_dict(link)) message.header = EmailHeader.from_dict(message_dict.get('header')) message.optional_header = OptionalHeader.from_dict(message_dict.get('optional_header')) message.email_server = String.from_dict(message_dict.get('email_server')) message.raw_body = String.from_dict(message_dict.get('raw_body')) message.raw_header = String.from_dict(message_dict.get('raw_header')) return message
def from_dict(win_file_dict, file_class = None): if not win_file_dict: return None if not file_class: win_file_ = File.from_dict(win_file_dict, WinFile()) else: win_file_ = File.from_dict(win_file_dict, file_class) win_file_.filename_accessed_time = DateTime.from_dict(win_file_dict.get('filename_accessed_time')) win_file_.filename_created_time = DateTime.from_dict(win_file_dict.get('filename_created_time')) win_file_.filename_modified_time = DateTime.from_dict(win_file_dict.get('filename_modified_time')) win_file_.drive = String.from_dict(win_file_dict.get('drive')) win_file_.security_id = String.from_dict(win_file_dict.get('security_id')) win_file_.security_type = String.from_dict(win_file_dict.get('security_type')) win_file_.stream_list = StreamList.from_list(win_file_dict.get('stream_list')) return win_file_
def from_dict(contact_dict, contact=None): if not contact_dict: return None if contact is None: contact = WhoisContact() contact.contact_type = contact_dict.get('contact_type') contact.contact_id = String.from_dict(contact_dict.get('contact_id')) contact.name = String.from_dict(contact_dict.get('name')) contact.email_address = Address.from_dict(contact_dict.get('email_address'), Address.CAT_EMAIL) contact.phone_number = String.from_dict(contact_dict.get('phone_number')) contact.address = String.from_dict(contact_dict.get('address')) return contact
def from_dict(extracted_string_dict): if not extracted_string_dict: return None extracted_string_ = ExtractedString() extracted_string_.encoding = VocabString.from_dict(extracted_string_dict.get('encoding')) extracted_string_.string_value = String.from_dict(extracted_string_dict.get('string_value')) extracted_string_.byte_string_value = HexBinary.from_dict(extracted_string_dict.get('byte_string_value')) extracted_string_.hashes = HashList.from_list(extracted_string_dict.get('hashes')) extracted_string_.address = HexBinary.from_dict(extracted_string_dict.get('address')) extracted_string_.length = PositiveInteger.from_dict(extracted_string_dict.get('length')) extracted_string_.language = String.from_dict(extracted_string_dict.get('language')) extracted_string_.english_translation = String.from_dict(extracted_string_dict.get('english_translation')) return extracted_string_
def from_dict(opt_header_dict): if not opt_header_dict: return None opt_header = OptionalHeader() opt_header.boundary = String.from_dict(opt_header_dict.get('boundary')) opt_header.content_type = String.from_dict(opt_header_dict.get('content_type')) opt_header.mime_version = String.from_dict(opt_header_dict.get('mime_version')) opt_header.precedence = String.from_dict(opt_header_dict.get('precedence')) opt_header.x_mailer = String.from_dict(opt_header_dict.get('x_mailer')) opt_header.x_originating_ip = Address.from_dict(opt_header_dict.get('x_originating_ip'), Address.CAT_IPV4) opt_header.x_priority = PositiveInteger.from_dict(opt_header_dict.get('x_priority')) return opt_header
def from_dict(network_connection_dict): if not network_connection_dict: return None network_connection_ = NetworkConnection() network_connection_.tls_used = network_connection_dict.get('tls_used') network_connection_.creation_time = DateTime.from_dict(network_connection_dict.get('creation_time')) network_connection_.layer3_protocol = String.from_dict(network_connection_dict.get('layer3_protocol')) network_connection_.layer4_protocol = String.from_dict(network_connection_dict.get('layer4_protocol')) network_connection_.layer7_protocol = String.from_dict(network_connection_dict.get('layer7_protocol')) network_connection_.source_socket_address = SocketAddress.from_dict(network_connection_dict.get('source_socket_address')) network_connection_.source_tcp_state = network_connection_dict.get('source_tcp_state') network_connection_.destination_socket_address = SocketAddress.from_dict(network_connection_dict.get('destination_socket_address')) network_connection_.destination_tcp_state = network_connection_dict.get('destination_tcp_state') network_connection_.layer7_connections = Layer7Connections.from_dict(network_connection_dict.get('layer7_connections')) return network_connection_
def from_dict(subject_public_key_dict): if not subject_public_key_dict: return None subject_public_key_ = SubjectPublicKey() subject_public_key_.public_key_algorithm = String.from_dict(subject_public_key_dict.get('public_key_algorithm')) subject_public_key_.rsa_public_key = RSAPublicKey.from_dict(subject_public_key_dict.get('rsa_public_key')) return subject_public_key_
def from_dict(capability_property_dict): if not capability_property_obj: return None capability_property_ = CapabilityProperty() capability_property_.name = VocabString.from_dict(capability_property_dict["name"]) capability_property_.value = String.from_dict(capability_property_dict["value"]) return capability_property_
def from_dict(header_dict): header = EmailHeader() header.to = EmailRecipients.from_dict(header_dict.get('to')) header.cc = EmailRecipients.from_dict(header_dict.get('cc')) header.bcc = EmailRecipients.from_dict(header_dict.get('bcc')) header.from_ = Address.from_dict(header_dict.get('from'), Address.CAT_EMAIL) header.subject = String.from_dict(header_dict.get('subject')) header.in_reply_to = String.from_dict(header_dict.get('in_reply_to')) header.date = DateTime.from_dict(header_dict.get('date')) header.message_id = String.from_dict(header_dict.get('message_id')) header.sender = Address.from_dict(header_dict.get('sender'), Address.CAT_EMAIL) header.reply_to = Address.from_dict(header_dict.get('reply_to'), Address.CAT_EMAIL) header.errors_to = String.from_dict(header_dict.get('errors_to')) return header
def from_dict(rsa_public_key_dict): if not rsa_public_key_dict: return None rsa_public_key_ = RSAPublicKey() rsa_public_key_.modulus = String.from_dict(rsa_public_key_dict.get('modulus')) rsa_public_key_.exponent = Integer.from_dict(rsa_public_key_dict.get('exponent')) return rsa_public_key_
def from_dict(capability_property_dict): if not capability_property_dict: return None capability_property_ = CapabilityProperty() capability_property_.name = VocabString.from_dict(capability_property_dict['name']) capability_property_.value = String.from_dict(capability_property_dict['value']) return capability_property_
def from_dict(registrar_dict): if not registrar_dict: return None registrar = WhoisRegistrar() registrar.registrar_id = String.from_dict(registrar_dict.get('registrar_id')) registrar.registrar_guid = String.from_dict(registrar_dict.get('registrar_guid')) registrar.name = String.from_dict(registrar_dict.get('name')) registrar.address = String.from_dict(registrar_dict.get('address')) registrar.email_address = Address.from_dict(registrar_dict.get('email_address'), Address.CAT_EMAIL) registrar.phone_number = String.from_dict(registrar_dict.get('phone_number')) registrar.whois_server = URI.from_dict(registrar_dict.get('whois_server')) registrar.referral_url = URI.from_dict(registrar_dict.get('referral_url')) registrar.contacts = WhoisContacts.from_list(registrar_dict.get('contacts')) return registrar
def from_dict(file_dict, file_class=None): if not file_dict: return None if not file_class: file_ = File() else: file_ = file_class ObjectProperties.from_dict(file_dict, file_) file_.is_packed = file_dict.get('is_packed') file_.file_name = String.from_dict(file_dict.get('file_name')) file_.file_path = FilePath.from_dict(file_dict.get('file_path')) file_.device_path = String.from_dict(file_dict.get('device_path')) file_.full_path = String.from_dict(file_dict.get('full_path')) file_.file_extension = String.from_dict(file_dict.get('file_extension')) file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes')) file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number')) file_.file_format = String.from_dict(file_dict.get('file_format')) file_.hashes = HashList.from_list(file_dict.get('hashes')) file_.extracted_features = ExtractedFeatures.from_dict(file_dict.get('extracted_features')) file_.modified_time = String.from_dict(file_dict.get('modified_time')) file_.accessed_time = String.from_dict(file_dict.get('accessed_time')) file_.created_time = DateTime.from_dict(file_dict.get('created_time')) return file_
def from_dict(dns_record_dict): if not dns_record_dict: return None dns_record_ = DNSRecord() dns_record_.description = StructuredText.from_dict(dns_record_dict.get('description')) dns_record_.domain_name = URI.from_dict(dns_record_dict.get('domain_name')) dns_record_.ip_address = Address.from_dict(dns_record_dict.get('ip_address')) dns_record_.address_class = String.from_dict(dns_record_dict.get('address_class')) dns_record_.entry_type = String.from_dict(dns_record_dict.get('entry_type')) dns_record_.record_name = String.from_dict(dns_record_dict.get('record_name')) dns_record_.record_type = String.from_dict(dns_record_dict.get('record_type')) dns_record_.ttl = Integer.from_dict(dns_record_dict.get('record_type')) dns_record_.flags = HexBinary.from_dict(dns_record_dict.get('flags')) dns_record_.data_length = Integer.from_dict(dns_record_dict.get('data_length')) dns_record_.record_data = dns_record_dict.get('record_data') return dns_record_
def from_dict(driver_dict): if not driver_dict: return None driver_ = WinDriver() driver_.driver_init = UnsignedLong.from_dict(driver_dict.get('driver_init')) driver_.driver_name = String.from_dict(driver_dict.get('driver_name')) driver_.driver_object_address = HexBinary.from_dict(driver_dict.get('driver_object_address')) driver_.driver_start_io = HexBinary.from_dict(driver_dict.get('driver_start_io')) return driver_
def from_dict(extracted_string_dict): if not extracted_string_dict: return None extracted_string_ = ExtractedString() extracted_string_.encoding = VocabString.from_dict( extracted_string_dict.get('encoding')) extracted_string_.string_value = String.from_dict( extracted_string_dict.get('string_value')) extracted_string_.byte_string_value = HexBinary.from_dict( extracted_string_dict.get('byte_string_value')) extracted_string_.hashes = HashList.from_list( extracted_string_dict.get('hashes')) extracted_string_.address = HexBinary.from_dict( extracted_string_dict.get('address')) extracted_string_.length = PositiveInteger.from_dict( extracted_string_dict.get('length')) extracted_string_.language = String.from_dict( extracted_string_dict.get('language')) extracted_string_.english_translation = String.from_dict( extracted_string_dict.get('english_translation')) return extracted_string_