def from_obj(object_obj): if not object_obj: return None obj = Object.from_obj(object_obj, AssociatedObject()) obj.association_type = AssociationType.from_obj( object_obj.get_Association_Type()) return obj
def from_obj(bundle_obj): if not bundle_obj: return None bundle_ = Bundle(None, None) bundle_.id = bundle_obj.get_id() bundle_.schema_version = bundle_obj.get_schema_version() bundle_.defined_subject = bundle_obj.get_defined_subject() bundle_.content_type = bundle_obj.get_content_type() bundle_.timestamp = bundle_obj.get_timestamp() bundle_.malware_instance_object_attributes = Object.from_obj( bundle_obj.get_Malware_Instance_Object_Attributes() ) if bundle_obj.get_AV_Classifications() is not None: bundle_.av_classifications = AVClassifications.from_obj(bundle_obj.get_AV_Classifications()) bundle_.process_tree = ProcessTree.from_obj(bundle_obj.get_Process_Tree()) if bundle_obj.get_Behaviors() is not None: bundle_.behaviors = BehaviorList.from_obj(bundle_obj.get_Behaviors()) if bundle_obj.get_Capabilities() is not None: bundle_.capabilities = CapabilityList.from_obj(bundle_obj.get_Capabilities()) if bundle_obj.get_Actions() is not None: bundle_.actions = ActionList.from_obj(bundle_obj.get_Actions()) if bundle_obj.get_Objects() is not None: bundle_.objects = ObjectList.from_obj(bundle_obj.get_Objects()) if bundle_obj.get_Candidate_Indicators() is not None: bundle_.candidate_indicators = CandidateIndicatorList.from_obj(bundle_obj.get_Candidate_Indicators()) bundle_.collections = Collections.from_obj(bundle_obj.get_Collections()) return bundle_
def from_obj(object_obj): if not object_obj: return None obj = Object.from_obj(object_obj, AssociatedObject()) obj.association_type = VocabString.from_obj( object_obj.Association_Type) return obj
def from_obj(observable_obj): if not observable_obj: return None from cybox.core import PatternFidelity obs = Observable() obs.id_ = observable_obj.id obs.title = observable_obj.Title obs.description = StructuredText.from_obj(observable_obj.Description) obs.object_ = Object.from_obj(observable_obj.Object) obs.event = Event.from_obj(observable_obj.Event) obs.observable_composition = ObservableComposition.from_obj( observable_obj.Observable_Composition) obs.idref = observable_obj.idref obs.sighting_count = observable_obj.sighting_count if observable_obj.Observable_Source: obs.observable_source = [ MeasureSource.from_obj(x) for x in observable_obj.Observable_Source ] obs.keywords = Keywords.from_obj(observable_obj.Keywords) obs.pattern_fidelity = PatternFidelity.from_obj( observable_obj.Pattern_Fidelity) return obs
def from_obj(observable_obj): if not observable_obj: return None obs = Observable() obs.id_ = observable_obj.get_id() obs.title = observable_obj.get_Title() obs.description = StructuredText.from_obj(observable_obj.get_Description()) obs.object_ = Object.from_obj(observable_obj.get_Object()) obs.observable_composition = ObservableComposition.from_obj(observable_obj.get_Observable_Composition()) obs.idref = observable_obj.get_idref() return obs
def from_obj(observable_obj): if not observable_obj: return None obs = Observable() obs.id_ = observable_obj.get_id() obs.title = observable_obj.get_Title() obs.description = StructuredText.from_obj(observable_obj.get_Description()) obs.object_ = Object.from_obj(observable_obj.get_Object()) obs.event = Event.from_obj(observable_obj.get_Event()) obs.observable_composition = ObservableComposition.from_obj(observable_obj.get_Observable_Composition()) obs.idref = observable_obj.get_idref() obs.sighting_count = observable_obj.get_sighting_count() if observable_obj.get_Observable_Source(): obs.observable_source = [MeasureSource.from_obj(x) for x in observable_obj.get_Observable_Source()] return obs
def from_obj(malware_subject_obj): if not malware_subject_obj: return None malware_subject_ = MalwareSubject(None) malware_subject_.id = malware_subject_obj.get_id() malware_subject_.malware_instance_object_attributes = Object.from_obj(malware_subject_obj.get_Malware_Instance_Object_Attributes()) malware_subject_.minor_variants = MinorVariants.from_obj(malware_subject_obj.get_Minor_Variants()) malware_subject_.configuration_details = MalwareConfigurationDetails.from_obj(malware_subject_obj.get_Configuration_Details()) malware_subject_.development_environment = MalwareDevelopmentEnvironment.from_obj(malware_subject_obj.get_Development_Environment()) malware_subject_.field_data = None #TODO: add support malware_subject_.analyses = Analyses.from_obj(malware_subject_obj.get_Analyses()) malware_subject_.findings_bundles = FindingsBundleList.from_obj(malware_subject_obj.get_Findings_Bundles()) malware_subject_.relationships = MalwareSubjectRelationshipList.from_obj(malware_subject_obj.get_Relationships()) if malware_subject_obj.get_Label(): malware_subject_.label = [VocabString.from_obj(x) for x in malware_subject_obj.get_Label()] if malware_subject_obj.get_Compatible_Platform(): malware_subject_.compatible_platform = [PlatformSpecification.from_obj(x) for x in malware_subject_obj.get_Compatible_Platform()] return malware_subject_
def __get_email_cybox_object(self, email_sha256, log, config=None): if not config: return None, None, None mail_path = os.path.join(config['emailpath'], email_sha256[0:2], email_sha256[2:4], email_sha256) email_path = os.path.join(mail_path, 'cybox-%s-message.xml' % (email_sha256)) email_stix_path = os.path.join(mail_path, 'stix-%s-email-message.xml' % (email_sha256)) email_stix_filename = 'stix-%s-email-message.xml' % (email_sha256) if os.path.exists(mail_path) and os.path.exists(email_path): try: observables_obj = cybox_core_binding.parse(email_path) obs = Observables.from_obj(observables_obj) email_observables = obs.observables[1:] email_object = Object.from_obj(obs.observables[0].to_obj().Object) return email_object._properties, email_observables, (email_stix_path, email_stix_filename) except StandardError as e: log.error("failed extracting cybox email observable: %s" % (e)) return None, None, None log.warning("no cybox report or email found for given hash: %s" % (email_path)) return None, None, None
def from_obj(observable_obj): if not observable_obj: return None from cybox.core import PatternFidelity obs = Observable() obs.id_ = observable_obj.id obs.title = observable_obj.Title obs.description = StructuredText.from_obj(observable_obj.Description) obs.object_ = Object.from_obj(observable_obj.Object) obs.event = Event.from_obj(observable_obj.Event) obs.observable_composition = ObservableComposition.from_obj(observable_obj.Observable_Composition) obs.idref = observable_obj.idref obs.sighting_count = observable_obj.sighting_count if observable_obj.Observable_Source: obs.observable_source = [MeasureSource.from_obj(x) for x in observable_obj.Observable_Source] obs.keywords = Keywords.from_obj(observable_obj.Keywords) obs.pattern_fidelity = PatternFidelity.from_obj(observable_obj.Pattern_Fidelity) return obs
def from_obj(object_obj): if not object_obj: return None obj = Object.from_obj(object_obj, AssociatedObject()) obj.association_type_ = VocabString.from_obj(object_obj.get_Association_Type()) return obj
def from_obj(object_obj): if not object_obj: return None obj = Object.from_obj(object_obj, AssociatedObject()) obj.association_type = AssociationType.from_obj(object_obj.Association_Type) return obj