def test_etree(self): parser = mixbox.xml.get_xml_parser() tree = lxml.etree.parse(StringIO(self.XML), parser=parser) ext = OpenIOCTestMechanism() ext.ioc = tree self._test_xml(ext)
def test_etree(self): parser = utils.parser.get_xml_parser() tree = lxml.etree.parse(StringIO.StringIO(self.XML), parser=parser) ext = OpenIOCTestMechanism() ext.ioc = tree self._test_xml(ext)
def main(): ioc = etree.parse('6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc') stix_package = STIXPackage() ttp = TTP() malware_instance = MalwareInstance() malware_instance.names = ['Zeus', 'twexts', 'sdra64', 'ntos'] ttp = TTP(title="Zeus") ttp.behavior = Behavior() ttp.behavior.add_malware_instance(malware_instance) indicator = Indicator(title="Zeus", description="Finds Zeus variants, twexts, sdra64, ntos") tm = OpenIOCTestMechanism() tm.ioc = ioc tm.producer = InformationSource(identity=Identity(name="Mandiant")) time = Time() time.produced_time = "0001-01-01T00:00:00" tm.producer.time = time tm.producer.references = ["http://openioc.org/iocs/6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc"] indicator.test_mechanisms = TestMechanisms([tm]) indicator.add_indicated_ttp(TTP(idref=ttp.id_)) stix_package.add_indicator(indicator) stix_package.add_ttp(ttp) print(stix_package.to_xml(encoding=None))
def main(): ioc = etree.parse('6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc') stix_package = STIXPackage() ttp = TTP() malware_instance = MalwareInstance() malware_instance.names = ['Zeus', 'twexts', 'sdra64', 'ntos'] ttp = TTP(title="Zeus") ttp.behavior = Behavior() ttp.behavior.add_malware_instance(malware_instance) indicator = Indicator(title="Zeus", description="Finds Zeus variants, twexts, sdra64, ntos") tm = OpenIOCTestMechanism() tm.ioc = ioc tm.producer = InformationSource(identity=Identity(name="Yara")) time = Time() time.produced_time = "0001-01-01T00:00:00" tm.producer.time = time tm.producer.references = ["http://openioc.org/iocs/6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc"] indicator.test_mechanisms = [tm] indicator.add_indicated_ttp(TTP(idref=ttp.id_)) stix_package.add_indicator(indicator) stix_package.add_ttp(ttp) print stix_package.to_xml()
def test_etree_dict(self): parser = mixbox.xml.get_xml_parser() tree = lxml.etree.parse(StringIO(self.XML), parser=parser) ext = OpenIOCTestMechanism() ext.ioc = tree d = ext.to_dict() ext2 = OpenIOCTestMechanism.from_dict(d) self._test_xml(ext2)
def test_etree_dict(self): parser = utils.parser.get_xml_parser() tree = lxml.etree.parse(StringIO.StringIO(self.XML), parser=parser) ext = OpenIOCTestMechanism() ext.ioc = tree d = ext.to_dict() ext2 = OpenIOCTestMechanism.from_dict(d) self._test_xml(ext2)