def createUriObject(self, req):
"""
Creates URI object
@param req: HTTP request as described in cuckoo dict
@return: created URI object
"""
uri = maec.uriObject(
id=req["uri"],
uriString=req["uri"],
protocol="http",
hostname=req["host"],
port=req["port"],
path=req["path"],
ipProtocol="tcp",
)
# Add details
prop = maec.objectProperty()
prop.add_property(maec.property(type_="httpMethod", valueOf_=req["method"]))
if req["method"] == "POST":
prop.add_property(maec.property(type_="postData", valueOf_="<![CDATA[%s]]>" % req["body"]))
if req.has_key("user-agent"):
prop.add_property(maec.property(type_="userAgent", valueOf_=req["user-agent"]))
prop.set_references(maec.reference(valueOf_="uri[@id='%s']" % req["uri"]))
self.properties.add_objectProperty(prop)
return uri
def createFileObject(self, f):
"""
Creates a file object.
@param f: file hash representation from cuckoo dict results
@return: file object
"""
file = maec.fileObject(
id = f['md5'],
fileType = [f['type']],
size = f['size'],
crc32 = f['crc32'],
md5 = f['md5'],
sha1 = f['sha1'],
sha512 = f['sha512']
)
file.add_extraHash(maec.extraHashType('ssdeep', f['ssdeep']))
# Add related filename
prop = maec.objectProperty()
prop.add_property(maec.property(
type_= 'filename',
valueOf_ = f['name']
)
)
prop.set_references(
maec.reference(
valueOf_ = "file[@id='%s']" % f['md5']
)
)
self.properties.add_objectProperty(prop)
return file
def createUriObject(self, req):
"""
Creates URI object
@param req: HTTP request as described in cuckoo dict
@return: created URI object
"""
uri = maec.uriObject(
id = req['uri'],
uriString = req['uri'],
protocol = 'http',
hostname = req['host'],
port = req['port'],
path = req['path'],
ipProtocol = 'tcp'
)
# Add details
prop = maec.objectProperty()
prop.add_property(maec.property(
type_= 'httpMethod',
valueOf_ = req['method']
)
)
if req['method'] == 'POST':
prop.add_property(maec.property(
type_= 'postData',
valueOf_ = "<![CDATA[%s]]>" % req['body']
)
)
if req.has_key('user-agent'):
prop.add_property(maec.property(
type_= 'userAgent',
valueOf_ = req['user-agent']
)
)
prop.set_references(
maec.reference(
valueOf_ = "uri[@id='%s']" % req['uri']
)
)
self.properties.add_objectProperty(prop)
return uri
def createFileObject(self, f):
"""
Creates a file object.
@param f: file hash representation from cuckoo dict results
@return: file object
"""
file = maec.fileObject(
id=f["md5"],
fileType=[f["type"]],
size=f["size"],
crc32=f["crc32"],
md5=f["md5"],
sha1=f["sha1"],
sha512=f["sha512"],
)
file.add_extraHash(maec.extraHashType("ssdeep", f["ssdeep"]))
# Add related filename
prop = maec.objectProperty()
prop.add_property(maec.property(type_="filename", valueOf_=f["name"]))
prop.set_references(maec.reference(valueOf_="file[@id='%s']" % f["md5"]))
self.properties.add_objectProperty(prop)
return file
