def test_round_trip(self):
o = Analysis()
o.source = Source()
o.source.name = "ThreatExpert"
o.source.organization = "ThreatExpert"
o.source.method = "triage"
o.source.url = "http://www.threatexpert.com"
o.start_datetime = "2014-08-06T18:30:00"
o2 = round_trip(o, True)
self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self):
o = Analysis()
o.source = Source()
o.source.name = "ThreatExpert"
o.source.organization = "ThreatExpert"
o.source.method = "triage"
o.source.url = "http://www.threatexpert.com"
o.start_datetime = "2014-08-06T18:30:00"
o2 = round_trip(o, True)
self.assertEqual(o.to_dict(), o2.to_dict())
b = Bundle()
a = Analysis()
# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.file_name = "dg003_improve_8080_V132.exe"
ms.malware_instance_object_attributes.properties.size_in_bytes = "196608"
ms.malware_instance_object_attributes.properties.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F")
# Populate the Analysis with the metadata relating to the Analysis that was performed
a.method = "static"
a.type_ = "triage"
a.summary = "A basic static triage of the subject binary using PEiD."
a.set_findings_bundle(b.id_)
a.source = Source()
a.source.name = "Frankie Li"
a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814"
t = ToolInformation()
t.name = "PEiD"
t.version = "0.94"
a.add_tool(t)
# Set the requisite attributes on the Bundle and populate it with the Static Analysis findings
b.defined_subject = False
b.content_type = "static analysis tool output"
o = Object()
o.properties = WinExecutableFile()
o.properties.headers = PEHeaders()
o.properties.headers.optional_header = PEOptionalHeader()
o.properties.headers.optional_header.major_linker_version = "06"
a = Analysis()
# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.file_name = "dg003_improve_8080_V132.exe"
ms.malware_instance_object_attributes.properties.size_in_bytes = "196608"
ms.malware_instance_object_attributes.properties.add_hash(
"4EC0027BEF4D7E1786A04D021FA8A67F")
# Populate the Analysis with the metadata relating to the Analysis that was performed
a.method = "static"
a.type_ = "triage"
a.summary = "A basic static triage of the subject binary using PEiD."
a.set_findings_bundle(b.id_)
a.source = Source()
a.source.name = "Frankie Li"
a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814"
t = ToolInformation()
t.name = "PEiD"
t.version = "0.94"
a.add_tool(t)
# Set the requisite attributes on the Bundle and populate it with the Static Analysis findings
b.defined_subject = False
b.content_type = "static analysis tool output"
o = Object()
o.properties = WinExecutableFile()
o.properties.headers = PEHeaders()
o.properties.headers.optional_header = PEOptionalHeader()
o.properties.headers.optional_header.major_linker_version = "06"
