def add_intended_effect(self, value): if not value: return elif isinstance(value, Statement): self.intended_effects.append(value) else: intended_effect = IntendedEffect(value) self.intended_effects.append(Statement(value=intended_effect))
Address, CIQIdentity3_0Instance, ElectronicAddressIdentifier, OrganisationInfo, PartyName, STIXCIQIdentity3_0) from stix.extensions.malware.maec_4_1_malware import MAECInstance from stix.threat_actor import ThreatActor from stix.ttp import TTP, Behavior from stix.ttp.behavior import AttackPattern, Exploit, MalwareInstance from stix.ttp.infrastructure import Infrastructure from stix.ttp.resource import Personas, Resource, Tools from stix.ttp.victim_targeting import VictimTargeting # TTP (Phishing) ttp = TTP(title='Phishing') ttp.description = 'Integer posuere erat a ante venenatis dapibus posuere velit aliquet.' ttp.short_description = 'Etiam Vestibulum Elit Ligula' ttp.add_intended_effect(IntendedEffect('Account Takeover')) # TTP - Attack Pattern attack_pattern = AttackPattern() attack_pattern.capec_id = 'CAPEC-98' attack_pattern.description = 'Phishing' attack_pattern.short_description = 'Phishing' ttp.behavior = Behavior() ttp.behavior.add_attack_pattern(attack_pattern) # TTP - Kill Chain Phase phase = KillChainPhase( name='Infect Machine', phase_id='example:TTP-7a0fb8e4-a778-4c79-9c7e-8747675da5f1') kc_phases = KillChainPhasesReference() kc_phases.append(KillChainPhaseReference(name=phase.name))
from faker import Faker from stix.common import CampaignRef # Basics campaign = Campaign(title='Compromise Machines') campaign.description = 'Vestibulum id ligula porta felis euismod semper. Cras mattis consectetur purus sit amet fermentum.' campaign.short_description = 'Mattis Ipsum Ultricies Quam Malesuada' # Attributes names = Names() names.name = ['Operation Sparky', 'Operation Dingo'] campaign.names = names activity = Activity() activity.description = 'Foo' campaign.add_activity(activity) campaign.add_intended_effect(IntendedEffect('Extortion')) campaign.status = CampaignStatus('Ongoing') campaign.confidence = HighMediumLow('Medium') # Related TTP (basic; by id) ttp = TTP(title="Malware Variant XYZ") related_ttp = RelatedTTP(TTP(idref=ttp.id_)) campaign.related_ttps.append(related_ttp) # Related Incident (basic; by id) incident = Incident(title='We got hacked') t = Time() t.incident_opened = '2018-09-11' incident.time = t related_incident = RelatedIncident(Incident(idref=incident.id_)) campaign.related_incidents.append(related_incident)
def _fix_value(self, value): return IntendedEffect(value)
def _fix_value(self, value): return Statement(value=IntendedEffect(value))