def add_type(self, type_):
if not type_:
return
elif isinstance(type_, VocabString):
self._types.append(type_)
else:
self._types.append(AttackerInfrastructureType(value=type_))
def _fix_value(self, value):
return AttackerInfrastructureType(value)
phase = KillChainPhase(
name='Infect Machine',
phase_id='example:TTP-7a0fb8e4-a778-4c79-9c7e-8747675da5f1')
kc_phases = KillChainPhasesReference()
kc_phases.append(KillChainPhaseReference(name=phase.name))
ttp.kill_chain_phases = kc_phases
# TTP - Resource (Tool, Infrastructure, Personas)
resource = Resource()
tool = ToolInformation(title='malware.exe')
tool.type_ = AttackerToolType('Malware')
tool.description = 'Tool Description'
tool.short_description = 'Tool Short Description'
infrastructure = Infrastructure(title='Leveraged Domains')
infrastructure.types = AttackerInfrastructureType('Domain Registration')
infrastructure.description = 'Infrastructure Description'
infrastructure.short_description = 'Infrastructure Short Description'
domain = DomainName()
domain.value = 'totally-not-malware.biz'
observable = Observable(domain)
infrastructure.observable_characterization = Observables(
Observable(idref=observable.id_))
personas = Personas()
personas.append(Identity(name='Stephen Golub'))
resource = Resource(tools=Tools(tool),
infrastructure=infrastructure,
personas=personas)
ttp.resources = resource