def test_add_collections(self): o = Bundle() o.add_named_action_collection("Actions") ma = MalwareAction() o.add_action(ma, "Actions") self.assertTrue( o.collections.action_collections.has_collection("Actions")) o.add_named_object_collection("Objects") obj = Object() o.add_object(obj, "Objects") self.assertTrue( o.collections.object_collections.has_collection("Objects")) o.add_named_behavior_collection("Behaviors") b = Behavior() o.add_behavior(b, "Behaviors") self.assertTrue( o.collections.behavior_collections.has_collection("Behaviors")) o.add_named_candidate_indicator_collection("Indicators") ci = CandidateIndicator() o.add_candidate_indicator(ci, "Indicators") self.assertTrue( o.collections.candidate_indicator_collections.has_collection( "Indicators"))
def generate_malware_subjects(self): entry_dict = self.pefile_parser.entry_dict malware_subject = MalwareSubject() entry_dict['id'] = malware_subject static_bundle = Bundle(None, False, '4.1', 'static analysis tool output') self.populate(entry_dict, static_bundle, malware_subject) malware_subject.add_analysis(self.generate_analysis(static_bundle)) if self.bundle_has_content(static_bundle): malware_subject.add_findings_bundle(static_bundle) self.package.add_malware_subject(malware_subject)
def test_round_trip(self): o = Bundle() o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_id_autoset(self): o = Bundle() self.assertNotEqual(o.id_, None)
# Code for MAEC Dynamic Analysis Idiom from maec.package.package import Package from maec.package.malware_subject import MalwareSubject from maec.package.analysis import Analysis from maec.bundle.bundle import Bundle from maec.bundle.malware_action import MalwareAction from cybox.core import Object, AssociatedObject, AssociatedObjects from cybox.objects.win_executable_file_object import WinExecutableFile from cybox.objects.win_mutex_object import WinMutex from cybox.common import ToolInformation, VocabString # Set up the necessary Package, Malware Subject, Analysis Bundle Instances p = Package() ms = MalwareSubject() b = Bundle() a = Analysis() # Set the Malware_Instance_Object_Attributes on the Malware Subject ms.malware_instance_object_attributes = Object() ms.malware_instance_object_attributes.properties = WinExecutableFile() ms.malware_instance_object_attributes.properties.size_in_bytes = "210564" ms.malware_instance_object_attributes.properties.add_hash( "B6C39FF68346DCC8B67AA060DEFE40C2") ms.malware_instance_object_attributes.properties.add_hash( "D55B0FB96FAD96D203D10850469489FC03E6F2F7") # Populate the Analysis with the metadata relating to the Analysis that was performed a.method = "dynamic" a.type_ = "triage" a.set_findings_bundle(b.id_) t = ToolInformation()
def test_round_trip(self): o = MalwareSubject() o.add_findings_bundle(Bundle()) o2 = round_trip(o) self.assertEqual(o.to_dict(), o2.to_dict())