def convert_campaign(c20):
c1x = Campaign(id_=convert_id20(c20["id"]),
timestamp=text_type(c20["modified"]))
if "name" in c20:
c1x.title = c20["name"]
if "description" in c20:
c1x.add_description(c20["description"])
if "labels" in c20:
for l in c20["labels"]:
add_missing_property_to_description(c1x, "label", l)
names = Names()
if "aliases" in c20:
for a in c20["aliases"]:
names.name.append(VocabString(a))
if names:
c1x.names = names
if "first_seen" in c20:
add_missing_property_to_description(c1x, "first_seen",
text_type(c20["first_seen"]))
if "last_seen" in c20:
add_missing_property_to_description(c1x, "last_seen",
text_type(c20["last_seen"]))
if "objective" in c20:
c1x.intended_effects = [Statement(description=c20["objective"])]
if "object_marking_refs" in c20:
for m_id in c20["object_marking_refs"]:
ms = create_marking_specification(m_id)
if ms:
CONTAINER.add_marking(c1x, ms, descendants=True)
if "granular_markings" in c20:
error(
"Granular Markings present in '%s' are not supported by stix2slider",
604, c20["id"])
record_id_object_mapping(c20["id"], c1x)
return c1x
def buildCampaign(input_dict):
campaign = Campaign()
campaign.title = input_dict['title']
campaign.description = input_dict['description']
if input_dict['intendedEffect']:
campaign.add_intended_effect(input_dict['intendedEffect'])
if input_dict['names']:
campaign.names = Names(input_dict['names'])
if input_dict['status']:
campaign.status = input_dict['status']
if input_dict['confidence']:
campaign.confidence = Confidence(input_dict['confidence'])
if input_dict['informationSource']:
campaign.information_source = InformationSource(input_dict['informationSource'])
return campaign
def add_campaign_item(campaign_id_item, pkg):
campaign = Campaign()
campaign.names = Names()
campaign.names.append(VocabString(campaign_id_item))
pkg.add_campaign(campaign)
from stix.ttp import TTP
from stix.common.related import RelatedTTP, RelatedIncident, RelatedIndicator, RelatedCampaign
from stix.indicator import Indicator, RelatedCampaignRef
from cybox.objects.address_object import Address
from faker import Faker
from stix.common import CampaignRef
# Basics
campaign = Campaign(title='Compromise Machines')
campaign.description = 'Vestibulum id ligula porta felis euismod semper. Cras mattis consectetur purus sit amet fermentum.'
campaign.short_description = 'Mattis Ipsum Ultricies Quam Malesuada'
# Attributes
names = Names()
names.name = ['Operation Sparky', 'Operation Dingo']
campaign.names = names
activity = Activity()
activity.description = 'Foo'
campaign.add_activity(activity)
campaign.add_intended_effect(IntendedEffect('Extortion'))
campaign.status = CampaignStatus('Ongoing')
campaign.confidence = HighMediumLow('Medium')
# Related TTP (basic; by id)
ttp = TTP(title="Malware Variant XYZ")
related_ttp = RelatedTTP(TTP(idref=ttp.id_))
campaign.related_ttps.append(related_ttp)
# Related Incident (basic; by id)
incident = Incident(title='We got hacked')
t = Time()
