def merge_findings_bundles(findings_bundles_list): '''Merge two or more Malware Subject Findings Bundles''' # Merge the meta-analysis merged_meta_analysis = None meta_analysis_list = [ x.meta_analysis for x in findings_bundles_list if x.meta_analysis ] if meta_analysis_list: merged_meta_analysis = MetaAnalysis.from_dict( merge_entities(meta_analysis_list)) # Merge the list of bundles merged_bundles = list( itertools.chain(*[x.bundle for x in findings_bundles_list if x.bundle])) # Merge the list of external bundle references merged_bundle_external_references = list( itertools.chain(*[ x.bundle_external_reference for x in findings_bundles_list if x.bundle_external_reference ])) # Construct the merged Findings Bundle List entity merged_findings_bundle_list = FindingsBundleList() if merged_meta_analysis: merged_findings_bundle_list.meta_analysis = merged_meta_analysis if merged_bundles: merged_findings_bundle_list.bundle = merged_bundles if merged_bundle_external_references: merged_findings_bundle_list.bundle_external_reference = merged_bundle_external_references return merged_findings_bundle_list
def __init__(self,id=None,namespace=None,malware_instance_object_attributes=None,relationships=None,minor_variants=None,labels=None,findings_bundles=None, development_environment=None,configuration_details=None,compatible_platform=None,analyses=None): super(MaecMalwareSubject, self).__init__(id=id,malware_instance_object_attributes=malware_instance_object_attributes) if id is None and namespace is not None: set_id_method(IDGenerator.METHOD_UUID) set_id_namespace(namespace) self.id_ = create_id(prefix="malware_subject") self.relationships =MalwareSubjectRelationshipList() if relationships is not None: for relationship in relationships: if isinstance(relationship,MalwareSubjectRelationship): self.relationships.append(relationship) self.minor_variants = MinorVariants() if minor_variants is not None: for minor_variant in minor_variants: self.minor_variants.append(minor_variant) self.label=[] if labels is not None: for label in labels: self.label.append(VocabString(label)) self.findings_bundles = FindingsBundleList() if findings_bundles is not None and isinstance(findings_bundles,FindingsBundleList): self.findings_bundles = findings_bundles self.development_environment = development_environment self.configuration_details =configuration_details self.compatible_platform =compatible_platform self.analyses = analyses
def merge_findings_bundles(findings_bundles_list): '''Merge two or more Malware Subject Findings Bundles''' # Merge the meta-analysis merged_meta_analysis = None meta_analysis_list = [x.meta_analysis for x in findings_bundles_list if x.meta_analysis] if meta_analysis_list: merged_meta_analysis = MetaAnalysis.from_dict(merge_entities(meta_analysis_list)) # Merge the list of bundles merged_bundles = list(itertools.chain(*[x.bundle for x in findings_bundles_list if x.bundle])) # Merge the list of external bundle references merged_bundle_external_references = list(itertools.chain(*[x.bundle_external_reference for x in findings_bundles_list if x.bundle_external_reference])) # Construct the merged Findings Bundle List entity merged_findings_bundle_list = FindingsBundleList() if merged_meta_analysis: merged_findings_bundle_list.meta_analysis = merged_meta_analysis if merged_bundles: merged_findings_bundle_list.bundle = merged_bundles if merged_bundle_external_references: merged_findings_bundle_list.bundle_external_reference = merged_bundle_external_references return merged_findings_bundle_list
class MaecMalwareSubject(MalwareSubject): def __init__(self,id=None,namespace=None,malware_instance_object_attributes=None,relationships=None,minor_variants=None,labels=None,findings_bundles=None, development_environment=None,configuration_details=None,compatible_platform=None,analyses=None): super(MaecMalwareSubject, self).__init__(id=id,malware_instance_object_attributes=malware_instance_object_attributes) if id is None and namespace is not None: set_id_method(IDGenerator.METHOD_UUID) set_id_namespace(namespace) self.id_ = create_id(prefix="malware_subject") self.relationships =MalwareSubjectRelationshipList() if relationships is not None: for relationship in relationships: if isinstance(relationship,MalwareSubjectRelationship): self.relationships.append(relationship) self.minor_variants = MinorVariants() if minor_variants is not None: for minor_variant in minor_variants: self.minor_variants.append(minor_variant) self.label=[] if labels is not None: for label in labels: self.label.append(VocabString(label)) self.findings_bundles = FindingsBundleList() if findings_bundles is not None and isinstance(findings_bundles,FindingsBundleList): self.findings_bundles = findings_bundles self.development_environment = development_environment self.configuration_details =configuration_details self.compatible_platform =compatible_platform self.analyses = analyses def addlabel(self,label=None): self.label.append(VocabString(label)) def addmalwareinstanceobjectattributes(self,malware_instance_object_attributes=None): self.set_malware_instance_object_attributes(malware_instance_object_attributes=malware_instance_object_attributes) def addconfigurationdeatails(self,configuration_details): if isinstance(configuration_details,MalwareConfigurationDetails): self.configuration_details =configuration_details def addminorvariant(self,minor_variant=None): self.minor_variants.append(minor_variant) def addcompatibleplatform(self,compatible_platform=None): self.compatible_platform = compatible_platform def addrelationship(self,relationship=None): self.relationships.append(relationship) def addbundleinfindingbundles(self,bundle=None): self.add_findings_bundle(bundle) def addmetaanalysisinfindingbundles(self,meta_analysis): self.findings_bundles.meta_analysis=meta_analysis def addexternalreferenceinfindingbundles(self,external_reference): self.findings_bundles.add_bundle_external_reference(external_reference) def createfindingbundlesmetaanalysis(self,object_equivalences=None,action_equivalences=None): meta_analysis = MetaAnalysis() meta_analysis.object_equivalences =ObjectEquivalenceList() if object_equivalences is not None: for object_equivalence in object_equivalences : meta_analysis.object_equivalences.append(object_equivalence) meta_analysis.action_equivalences = ActionEquivalenceList() if action_equivalences is not None: for action_equivalence in action_equivalences: meta_analysis.action_equivalences.append(action_equivalence) return meta_analysis def createfindingbundlesmetaanalysisobjectequivalence(self,id=None,object_references=None): object_equivalence = ObjectEquivalence() object_equivalence.id_ =id object_equivalence.object_reference=object_references return object_equivalence def createfindingbundlesmetaanalysisobjectequivalencereference(self,object_idref=None): #unresolved library bug reference = ObjectReference() reference.object_idref =object_idref return reference def createfindingbundlesmetaanalysisactionequivalence(self,action_references=None): action_equivalence = ActionEquivalence() action_equivalence.action_reference=action_references return action_equivalence def createfindingbundlesmetaanalysisactionequivalencereference(self,action_id=None): return ActionReference(action_id=action_id) def createrelationship(self,type=None,malware_subject_reference=None): relationship= MalwareSubjectRelationship() relationship.type_ = VocabString(value=type) relationship.malware_subject_reference=malware_subject_reference return relationship def createrelationshipreference(self,malware_subject_idref=None): reference = MalwareSubjectReference() reference.malware_subject_idref = malware_subject_idref return reference def createcompatibleplatform(self,description=None,identifiers=None): platform = PlatformSpecification() if description is not None: platform.description= StructuredText(value=description) if not identifiers is None: for identifier in identifiers: platform.identifiers.append(identifier) return platform def createcompatibleplatformidentifier(self,system=None,system_ref =None): identifier = PlatformIdentifier() identifier.system =system identifier.system_ref =system_ref return identifier def createconfigurationdetails(self,storage=None,obfuscation=None,configuration_parameter=None): configuration_details = MalwareConfigurationDetails() configuration_details.storage =storage configuration_details.obfuscation = obfuscation configuration_details.configuration_parameter = configuration_parameter return configuration_details def createconfigurationdetailsstorage(self,malware_binary=None,url=None,file=None): storage = MalwareConfigurationStorageDetails() storage.url =url storage.malware_binary = malware_binary storage.file =file return storage def createconfigurationdetailsstoragemalwarebinary(self,section_offset=None,section_name=None,file_offset=None): malware_binary = MalwareBinaryConfigurationStorageDetails() malware_binary.section_offset = section_offset malware_binary.section_name = section_name malware_binary.file_offset = file_offset return malware_binary def createconfigurationdetailsobfuscation(self,is_encrypted=None,is_encoded=None,algorithm_details=None): obfuscation = MalwareConfigurationObfuscationDetails() obfuscation.is_encrypted=is_encrypted obfuscation.is_encoded = is_encoded if algorithm_details is not None: for algorithm in algorithm_details: if isinstance(algorithm,MalwareConfigurationObfuscationAlgorithm): obfuscation.algorithm_details.append(algorithm) return obfuscation def createconfigurationdetailsobfuscationalgorithm(self,ordinal_position=None,key=None,algorithm_name=None): algorithm = MalwareConfigurationObfuscationAlgorithm() algorithm.ordinal_position = ordinal_position algorithm.key = key algorithm.algorithm_name = algorithm_name return algorithm def createconfigurationdetailsconfparameter(self,value=None,name=None): configuration_parameter = MalwareConfigurationParameter() configuration_parameter.name=VocabString(name) configuration_parameter.value =value return configuration_parameter def adddevelopmentenvironment(self,development_environment=None): self.development_environment=development_environment def createdevelopmentenvironment(self,debugging_file=None,tools=None): development_environment = MalwareDevelopmentEnvironment() development_environment.tools = tools development_environment.debugging_file=debugging_file return development_environment