def test_ttp(self):
t = TTP()
t.title = UNICODE_STR
t.description = UNICODE_STR
t.short_description = UNICODE_STR
t2 = round_trip(t)
self._test_equal(t, t2)
def test_ttp(self):
t = TTP()
t.title = UNICODE_STR
t.description = UNICODE_STR
t.short_description = UNICODE_STR
t2 = round_trip(t)
self._test_equal(t, t2)
def genObject_TTP(data):
from stix.utils import create_id as StixID
from stix.ttp import TTP
from stix.common.vocabs import IntendedEffect
objTTP = TTP()
objTTP.idref = None
objTTP.title = "Email Emmbedded URL"
objTTP.description = "Target Users via Email by adding a malicious URL"
objTTP.short_description = "Target Users via Email by adding a malicious URL"
objTTP.behavior = genData_Behavior(data)
objTTP.related_ttps = None
### _ALLOWED_VALUES = ('Advantage', 'Advantage - Economic', 'Advantage - Military', 'Advantage - Political', 'Theft', 'Theft - Intellectual Property', 'Theft - Credential Theft', 'Theft - Identity Theft', 'Theft - Theft of Proprietary Information', 'Account Takeover', 'Brand Damage', 'Competitive Advantage', 'Degradation of Service', 'Denial and Deception', 'Destruction', 'Disruption', 'Embarrassment', 'Exposure', 'Extortion', 'Fraud', 'Harassment', 'ICS Control', 'Traffic Diversion', 'Unauthorized Access')
objTTP.intended_effects = data['source']['stix.ttp.TTP.intended_effects']
# objTTP.resources = None
# objTTP.victim_targeting = None
# objTTP.information_source = None
# objTTP.exploit_targets = None
# objTTP.handling = None
return (objTTP)
from stix.exploit_target import ExploitTarget
from stix.extensions.identity.ciq_identity_3_0 import (
Address, CIQIdentity3_0Instance, ElectronicAddressIdentifier,
OrganisationInfo, PartyName, STIXCIQIdentity3_0)
from stix.extensions.malware.maec_4_1_malware import MAECInstance
from stix.threat_actor import ThreatActor
from stix.ttp import TTP, Behavior
from stix.ttp.behavior import AttackPattern, Exploit, MalwareInstance
from stix.ttp.infrastructure import Infrastructure
from stix.ttp.resource import Personas, Resource, Tools
from stix.ttp.victim_targeting import VictimTargeting
# TTP (Phishing)
ttp = TTP(title='Phishing')
ttp.description = 'Integer posuere erat a ante venenatis dapibus posuere velit aliquet.'
ttp.short_description = 'Etiam Vestibulum Elit Ligula'
ttp.add_intended_effect(IntendedEffect('Account Takeover'))
# TTP - Attack Pattern
attack_pattern = AttackPattern()
attack_pattern.capec_id = 'CAPEC-98'
attack_pattern.description = 'Phishing'
attack_pattern.short_description = 'Phishing'
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)
# TTP - Kill Chain Phase
phase = KillChainPhase(
name='Infect Machine',
phase_id='example:TTP-7a0fb8e4-a778-4c79-9c7e-8747675da5f1')