def from_obj(mal_conf_param_obj): if not mal_conf_param_obj: return None mal_conf_param_ = MalwareConfigurationParameter() mal_conf_param_.name = VocabString.from_obj(mal_conf_param_obj.get_Name()) if mal_conf_param_obj.get_Value(): mal_conf_param_.value = mal_conf_param_obj.get_Value() return mal_conf_param_
def from_obj(malware_subject_relationship_obj): if not malware_subject_relationship_obj: return None malware_subject_relationship_ = MalwareSubjectRelationship() malware_subject_relationship_.type = VocabString.from_obj(malware_subject_relationship_obj.get_Type()) malware_subject_relationship_.malware_subject_references = [MalwareSubjectReference.from_obj(x) for x in malware_subject_relationship_obj.get_Malware_Subject_Reference()] return malware_subject_relationship_
def from_obj(capability_property_obj): if not capability_property_obj: return None capability_property_ = CapabilityProperty() capability_property_.name = VocabString.from_obj(capability_property_obj.get_Name()) capability_property_.value = String.from_obj(capability_property_obj.get_Value()) return capability_property_
def from_obj(action_argument_obj): if not action_argument_obj: return None action_argument_ = ActionArgument() action_argument_.argument_name = VocabString.from_obj(action_argument_obj.get_Argument_Name()) action_argument_.argument_value = action_argument_obj.get_Argument_Value() return action_argument_
def from_obj(action_relationship_obj): if not action_relationship_obj: return None action_relationship_ = ActionRelationship() action_relationship_.type = VocabString.from_obj(action_relationship_obj.Type) action_relationship_.action_references = [ActionReference.from_obj(x) for x in action_relationship_obj.Action_Reference] return action_relationship_
def from_obj(action_relationship_obj): if not action_relationship_obj: return None action_relationship_ = ActionRelationship() action_relationship_.type = VocabString.from_obj(action_relationship_obj.get_Type()) action_relationship_.action_references = [ActionReference.from_obj(x) for x in action_relationship_obj.get_Action_Reference()] return action_relationship_
def from_obj(mal_binary_obfusc_alg_obj): if not mal_binary_obfusc_alg_obj: return None mal_binary_obfusc_alg_ = MalwareConfigurationObfuscationAlgorithm() mal_binary_obfusc_alg_.ordinal_position = mal_binary_obfusc_alg_obj.get_ordinal_position() mal_binary_obfusc_alg_.key = mal_binary_obfusc_alg_obj.get_Key() mal_binary_obfusc_alg_.algorithm_name = VocabString.from_obj(mal_binary_obfusc_alg_obj.get_Algorithm_name()) return mal_binary_obfusc_alg_
def from_obj(malware_entity_obj): if not malware_entity_obj: return None malware_entity_ = MalwareEntity() malware_entity_.type = VocabString.from_obj(malware_entity_obj.get_Type()) malware_entity_.name = malware_entity_obj.get_Name() malware_entity_.description = malware_entity_obj.get_Description() return malware_entity_
def from_obj(measure_source_obj): if not measure_source_obj: return None measure_source_ = MeasureSource() measure_source_.class_ = measure_source_obj.get_class() measure_source_.source_type = measure_source_obj.get_source_type() measure_source_.name = measure_source_obj.get_name() measure_source_.information_source_type = VocabString.from_obj(measure_source_obj.get_Information_Source_Type()) measure_source_.tool_type = VocabString.from_obj(measure_source_obj.get_Tool_Type()) measure_source_.description = StructuredText.from_obj(measure_source_obj.get_Description()) measure_source_.contributors = Personnel.from_obj(measure_source_obj.get_Contributors()) measure_source_.time = Time.from_obj(measure_source_obj.get_Time()) measure_source_.tools = ToolInformationList.from_obj(measure_source_obj.get_Tools()) measure_source_.platform = None #TODO: add support measure_source_.system = ObjectProperties.from_obj(measure_source_obj.get_System()) measure_source_.instance = ObjectProperties.from_obj(measure_source_obj.get_Instance()) return measure_source_
def from_obj(capability_rel_obj): if not capability_rel_obj: return None capability_rel_ = CapabilityRelationship() capability_rel_.relationship_type = VocabString.from_obj(capability_rel_obj.get_Relationship_Type()) if capability_rel_obj.get_Capability_Reference(): capability_rel_.capability_reference = [CapabilityReference.from_obj(x) for x in capability_rel_obj.get_Capability_Reference()] return capability_rel_
def from_obj(grouping_relationship_obj): if not grouping_relationship_obj: return None grouping_relationship_ = GroupingRelationship() grouping_relationship_.type = VocabString.from_obj(grouping_relationship_obj.get_Type()) grouping_relationship_.malware_family_name = grouping_relationship_obj.get_Malware_Family_Name() grouping_relationship_.malware_toolkit_name = grouping_relationship_obj.get_Malware_Toolkit_Name() grouping_relationship_.clustering_metadata = ClusteringMetadata.from_obj(grouping_relationship_obj.get_Clustering_Metadata()) return grouping_relationship_
def from_obj(relobj_obj): if not relobj_obj: return None relobj = RelatedObject() Object.from_obj(relobj_obj, relobj) relobj.relationship = VocabString.from_obj(relobj_obj.Relationship) if relobj.idref: relobj._inline = True return relobj
def from_obj(capability_objective_obj): if not capability_objective_obj: return None capability_objective_ = CapabilityObjective() if capability_objective_obj.get_id(): capability_objective_.id_ = capability_objective_obj.get_id() capability_objective_.name = VocabString.from_obj(capability_objective_obj.get_Name()) capability_objective_.description = capability_objective_obj.get_Description() if capability_objective_obj.get_Property(): capability_objective_.property = [CapabilityProperty.from_obj(x) for x in capability_objective_obj.get_Property()] if capability_objective_obj.get_Behavior_Reference(): capability_objective_.behavior_reference = [BehaviorReference.from_obj(x) for x in capability_objective_obj.get_Behavior_Reference()] if capability_objective_obj.get_Relationship(): capability_objective_.relationship = [CapabilityObjectiveRelationship.from_obj(x) for x in capability_objective_obj.get_Relationship()] return capability_objective_
def from_obj(action_obj, action_cls = None): if not action_obj: return None if action_cls == None: action_cls = Action() action_ = action_cls action_.id = action_obj.get_id() action_.idref = action_obj.get_idref() action_.ordinal_position = action_obj.get_ordinal_position() action_.action_status = action_obj.get_action_status() action_.context = action_obj.get_context() action_.timestamp = action_obj.get_timestamp() action_.type = VocabString.from_obj(action_obj.get_Type()) action_.name = VocabString.from_obj(action_obj.get_Name()) action_.description = StructuredText.from_obj(action_obj.get_Description()) if action_obj.get_Action_Arguments() is not None: action_.action_arguments = ActionArguments.from_obj(action_obj.get_Action_Arguments()) action_.discovery_method = MeasureSource.from_obj(action_obj.get_Discovery_Method()) if action_obj.get_Associated_Objects() is not None : action_.associated_objects = AssociatedObjects.from_obj(action_obj.get_Associated_Objects()) if action_obj.get_Relationships() is not None : action_.relationships = ActionRelationships.from_obj(action_obj.get_Relationships()) #action_.frequency = Frequency.from_dict(action_dict.get('frequency')) #TODO: add support if action_obj.get_Action_Aliases() is not None : action_.action_aliases = action_obj.get_Action_Aliases().get_Action_Alias() return action_
def from_obj(candidate_indicator_obj): if not candidate_indicator_obj: return None candidate_indicator_ = CandidateIndicator() candidate_indicator_.id = candidate_indicator_obj.get_id() candidate_indicator_.creation_datetime = candidate_indicator_obj.get_creation_datetime() candidate_indicator_.version = candidate_indicator_obj.get_version() candidate_indicator_.importance = VocabString.from_obj(candidate_indicator_obj.get_Importance()) candidate_indicator_.numeric_importance = candidate_indicator_obj.get_Numeric_Importance() candidate_indicator_.author = candidate_indicator_obj.get_Author() candidate_indicator_.description = candidate_indicator_obj.get_Description() candidate_indicator_.malware_entity = MalwareEntity.from_obj(candidate_indicator_obj.get_Malware_Entity()) candidate_indicator_.composition = CandidateIndicatorComposition.from_obj(candidate_indicator_obj.get_Composition()) return candidate_indicator_
def from_obj(extracted_string_obj): if not extracted_string_obj: return None extracted_string_ = ExtractedString() extracted_string_.encoding = VocabString.from_obj(extracted_string_obj.get_Encoding()) extracted_string_.string_value = String.from_obj(extracted_string_obj.get_String_Value()) extracted_string_.byte_string_value = HexBinary.from_obj(extracted_string_obj.get_Byte_String_Value()) extracted_string_.hashes = HashList.from_obj(extracted_string_obj.get_Hashes()) extracted_string_.address = HexBinary.from_obj(extracted_string_obj.get_Address()) extracted_string_.length = PositiveInteger.from_obj(extracted_string_obj.get_Length()) extracted_string_.language = String.from_obj(extracted_string_obj.get_Language()) extracted_string_.english_translation = String.from_obj(extracted_string_obj.get_English_Translation()) return extracted_string_
def from_obj(malware_subject_obj): if not malware_subject_obj: return None malware_subject_ = MalwareSubject(None) malware_subject_.id = malware_subject_obj.get_id() malware_subject_.malware_instance_object_attributes = Object.from_obj(malware_subject_obj.get_Malware_Instance_Object_Attributes()) malware_subject_.minor_variants = MinorVariants.from_obj(malware_subject_obj.get_Minor_Variants()) malware_subject_.configuration_details = MalwareConfigurationDetails.from_obj(malware_subject_obj.get_Configuration_Details()) malware_subject_.development_environment = MalwareDevelopmentEnvironment.from_obj(malware_subject_obj.get_Development_Environment()) malware_subject_.field_data = None #TODO: add support malware_subject_.analyses = Analyses.from_obj(malware_subject_obj.get_Analyses()) malware_subject_.findings_bundles = FindingsBundleList.from_obj(malware_subject_obj.get_Findings_Bundles()) malware_subject_.relationships = MalwareSubjectRelationshipList.from_obj(malware_subject_obj.get_Relationships()) if malware_subject_obj.get_Label(): malware_subject_.label = [VocabString.from_obj(x) for x in malware_subject_obj.get_Label()] if malware_subject_obj.get_Compatible_Platform(): malware_subject_.compatible_platform = [PlatformSpecification.from_obj(x) for x in malware_subject_obj.get_Compatible_Platform()] return malware_subject_
def from_obj(toolinfo_obj, toolinfo=None): if not toolinfo_obj: return None if not toolinfo: toolinfo = ToolInformation() toolinfo.id_ = toolinfo_obj.id toolinfo.idref = toolinfo_obj.idref toolinfo.name = toolinfo_obj.Name toolinfo.type_ = [VocabString.from_obj(x) for x in toolinfo_obj.Type] toolinfo.description = StructuredText.from_obj(toolinfo_obj.Description) toolinfo.vendor = toolinfo_obj.Vendor toolinfo.version = toolinfo_obj.Version toolinfo.service_pack = toolinfo_obj.Service_Pack toolinfo.tool_hashes = HashList.from_obj(toolinfo_obj.Tool_Hashes) return toolinfo
def from_obj(toolinfo_obj, toolinfo=None): if not toolinfo_obj: return None if not toolinfo: toolinfo = ToolInformation() toolinfo.id_ = toolinfo_obj.id toolinfo.idref = toolinfo_obj.idref toolinfo.name = toolinfo_obj.Name toolinfo.type_ = [VocabString.from_obj(x) for x in toolinfo_obj.Type] toolinfo.description = StructuredText.from_obj( toolinfo_obj.Description) toolinfo.vendor = toolinfo_obj.Vendor toolinfo.version = toolinfo_obj.Version toolinfo.service_pack = toolinfo_obj.Service_Pack toolinfo.tool_hashes = HashList.from_obj(toolinfo_obj.Tool_Hashes) return toolinfo
def from_obj(extracted_string_obj): if not extracted_string_obj: return None extracted_string_ = ExtractedString() extracted_string_.encoding = VocabString.from_obj( extracted_string_obj.get_Encoding()) extracted_string_.string_value = String.from_obj( extracted_string_obj.get_String_Value()) extracted_string_.byte_string_value = HexBinary.from_obj( extracted_string_obj.get_Byte_String_Value()) extracted_string_.hashes = HashList.from_obj( extracted_string_obj.get_Hashes()) extracted_string_.address = HexBinary.from_obj( extracted_string_obj.get_Address()) extracted_string_.length = PositiveInteger.from_obj( extracted_string_obj.get_Length()) extracted_string_.language = String.from_obj( extracted_string_obj.get_Language()) extracted_string_.english_translation = String.from_obj( extracted_string_obj.get_English_Translation()) return extracted_string_
def from_obj(object_obj): if not object_obj: return None obj = Object.from_obj(object_obj, AssociatedObject()) obj.association_type_ = VocabString.from_obj(object_obj.get_Association_Type()) return obj