def convert_campaign(c20): c1x = Campaign(id_=convert_id20(c20["id"]), timestamp=text_type(c20["modified"])) if "name" in c20: c1x.title = c20["name"] if "description" in c20: c1x.add_description(c20["description"]) if "labels" in c20: for l in c20["labels"]: add_missing_property_to_description(c1x, "label", l) names = Names() if "aliases" in c20: for a in c20["aliases"]: names.name.append(VocabString(a)) if names: c1x.names = names if "first_seen" in c20: add_missing_property_to_description(c1x, "first_seen", text_type(c20["first_seen"])) if "last_seen" in c20: add_missing_property_to_description(c1x, "last_seen", text_type(c20["last_seen"])) if "objective" in c20: c1x.intended_effects = [Statement(description=c20["objective"])] if "object_marking_refs" in c20: for m_id in c20["object_marking_refs"]: ms = create_marking_specification(m_id) if ms: CONTAINER.add_marking(c1x, ms, descendants=True) if "granular_markings" in c20: error( "Granular Markings present in '%s' are not supported by stix2slider", 604, c20["id"]) record_id_object_mapping(c20["id"], c1x) return c1x
def buildCampaign(input_dict): campaign = Campaign() campaign.title = input_dict['title'] campaign.description = input_dict['description'] if input_dict['intendedEffect']: campaign.add_intended_effect(input_dict['intendedEffect']) if input_dict['names']: campaign.names = Names(input_dict['names']) if input_dict['status']: campaign.status = input_dict['status'] if input_dict['confidence']: campaign.confidence = Confidence(input_dict['confidence']) if input_dict['informationSource']: campaign.information_source = InformationSource(input_dict['informationSource']) return campaign
def add_campaign_item(campaign_id_item, pkg): campaign = Campaign() campaign.names = Names() campaign.names.append(VocabString(campaign_id_item)) pkg.add_campaign(campaign)
from stix.ttp import TTP from stix.common.related import RelatedTTP, RelatedIncident, RelatedIndicator, RelatedCampaign from stix.indicator import Indicator, RelatedCampaignRef from cybox.objects.address_object import Address from faker import Faker from stix.common import CampaignRef # Basics campaign = Campaign(title='Compromise Machines') campaign.description = 'Vestibulum id ligula porta felis euismod semper. Cras mattis consectetur purus sit amet fermentum.' campaign.short_description = 'Mattis Ipsum Ultricies Quam Malesuada' # Attributes names = Names() names.name = ['Operation Sparky', 'Operation Dingo'] campaign.names = names activity = Activity() activity.description = 'Foo' campaign.add_activity(activity) campaign.add_intended_effect(IntendedEffect('Extortion')) campaign.status = CampaignStatus('Ongoing') campaign.confidence = HighMediumLow('Medium') # Related TTP (basic; by id) ttp = TTP(title="Malware Variant XYZ") related_ttp = RelatedTTP(TTP(idref=ttp.id_)) campaign.related_ttps.append(related_ttp) # Related Incident (basic; by id) incident = Incident(title='We got hacked') t = Time()