def test_round_trip(self): o = Analysis() o.source = Source() o.source.name = "ThreatExpert" o.source.organization = "ThreatExpert" o.source.method = "triage" o.source.url = "http://www.threatexpert.com" o.start_datetime = "2014-08-06T18:30:00" o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): o = Analysis() o.source = Source() o.source.name = "ThreatExpert" o.source.organization = "ThreatExpert" o.source.method = "triage" o.source.url = "http://www.threatexpert.com" o.start_datetime = "2014-08-06T18:30:00" o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
b = Bundle() a = Analysis() # Set the Malware_Instance_Object_Attributes on the Malware Subject ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = WinExecutableFile() ms.malware_instance_object_attributes.properties.file_name = "dg003_improve_8080_V132.exe" ms.malware_instance_object_attributes.properties.size_in_bytes = "196608" ms.malware_instance_object_attributes.properties.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F") # Populate the Analysis with the metadata relating to the Analysis that was performed a.method = "static" a.type_ = "triage" a.summary = "A basic static triage of the subject binary using PEiD." a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06"
a = Analysis() # Set the Malware_Instance_Object_Attributes on the Malware Subject ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = WinExecutableFile() ms.malware_instance_object_attributes.properties.file_name = "dg003_improve_8080_V132.exe" ms.malware_instance_object_attributes.properties.size_in_bytes = "196608" ms.malware_instance_object_attributes.properties.add_hash( "4EC0027BEF4D7E1786A04D021FA8A67F") # Populate the Analysis with the metadata relating to the Analysis that was performed a.method = "static" a.type_ = "triage" a.summary = "A basic static triage of the subject binary using PEiD." a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06"