o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0" act.associated_objects.append(o1) # Create the behavior bhv = Behavior() bhv.action_composition = BehavioralActions() bhv.action_composition.action_reference = [BehavioralActionReference()] bhv.action_composition.action_reference[0].action_id = act.id_ # Create the capability cap = Capability() cap.name = "spying" obj = CapabilityObjective() obj.name = VocabString() obj.name.value = "capture keyboard input" obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0" obj.behavior_reference = [BehaviorReference()] obj.behavior_reference[0].behavior_idref = bhv.id_ cap.add_tactical_objective(obj) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act) b.add_behavior(bhv) b.add_capability(cap) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml(namespace_dict={"example.com": "example"})
ms2_ms4_rel.malware_subject_reference[0].malware_subject_idref = ms4.id_ ms2.relationships.append(ms2_ms4_rel) # Add the ms3 -> ms2 "downloaded by" relationship ms3.relationships = MalwareSubjectRelationshipList() ms3_ms2_rel = MalwareSubjectRelationship() ms3_ms2_rel.type_ = VocabString() ms3_ms2_rel.type_.value = "downloaded by" ms3_ms2_rel.type_.xsi_type = "maecVocabs:MalwareSubjectRelationshipTypeVocab-1.0" ms3_ms2_rel.malware_subject_reference = [MalwareSubjectReference()] ms3_ms2_rel.malware_subject_reference[0].malware_subject_idref = ms2.id_ ms3.relationships.append(ms3_ms2_rel) # Add the ms4 -> ms2 "downloaded by" relationship ms4.relationships = MalwareSubjectRelationshipList() ms4_ms2_rel = MalwareSubjectRelationship() ms4_ms2_rel.type_ = VocabString() ms4_ms2_rel.type_.value = "downloaded by" ms4_ms2_rel.type_.xsi_type = "maecVocabs:MalwareSubjectRelationshipTypeVocab-1.0" ms4_ms2_rel.malware_subject_reference = [MalwareSubjectReference()] ms4_ms2_rel.malware_subject_reference[0].malware_subject_idref = ms2.id_ ms4.relationships.append(ms4_ms2_rel) # Build up the full Package/Malware Subject hierarchy p.add_malware_subject(ms1) p.add_malware_subject(ms2) p.add_malware_subject(ms3) p.add_malware_subject(ms4) # Output the built up Package to XML print p.to_xml()
act.associated_objects.append(o1) # Create the behavior bhv = Behavior() bhv.action_composition = BehavioralActions() bhv.action_composition.action_reference = [BehavioralActionReference()] bhv.action_composition.action_reference[0].action_id = act.id_ # Create the capability cap = Capability() cap.name = "spying" obj = CapabilityObjective() obj.name = VocabString() obj.name.value = "capture keyboard input" obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0" obj.behavior_reference = [BehaviorReference()] obj.behavior_reference[0].behavior_idref = bhv.id_ cap.add_tactical_objective(obj) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act) b.add_behavior(bhv) b.add_capability(cap) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml(namespace_dict={"example.com" : "example"})