示例#1
0
    def test_add_collections(self):
        o = Bundle()

        o.add_named_action_collection("Actions")
        ma = MalwareAction()
        o.add_action(ma, "Actions")
        self.assertTrue(
            o.collections.action_collections.has_collection("Actions"))

        o.add_named_object_collection("Objects")
        obj = Object()
        o.add_object(obj, "Objects")
        self.assertTrue(
            o.collections.object_collections.has_collection("Objects"))

        o.add_named_behavior_collection("Behaviors")
        b = Behavior()
        o.add_behavior(b, "Behaviors")
        self.assertTrue(
            o.collections.behavior_collections.has_collection("Behaviors"))

        o.add_named_candidate_indicator_collection("Indicators")
        ci = CandidateIndicator()
        o.add_candidate_indicator(ci, "Indicators")
        self.assertTrue(
            o.collections.candidate_indicator_collections.has_collection(
                "Indicators"))
示例#2
0
 def generate_malware_subjects(self):
     entry_dict = self.pefile_parser.entry_dict
     malware_subject = MalwareSubject()
     entry_dict['id'] = malware_subject
     static_bundle = Bundle(None, False, '4.1', 'static analysis tool output')
     self.populate(entry_dict, static_bundle, malware_subject)
     malware_subject.add_analysis(self.generate_analysis(static_bundle))
     if self.bundle_has_content(static_bundle):
         malware_subject.add_findings_bundle(static_bundle)
     self.package.add_malware_subject(malware_subject)
示例#3
0
    def test_round_trip(self):
        o = Bundle()
        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#4
0
 def test_id_autoset(self):
     o = Bundle()
     self.assertNotEqual(o.id_, None)
示例#5
0
# Code for MAEC Dynamic Analysis Idiom
from maec.package.package import Package
from maec.package.malware_subject import MalwareSubject
from maec.package.analysis import Analysis
from maec.bundle.bundle import Bundle
from maec.bundle.malware_action import MalwareAction
from cybox.core import Object, AssociatedObject, AssociatedObjects
from cybox.objects.win_executable_file_object import WinExecutableFile
from cybox.objects.win_mutex_object import WinMutex
from cybox.common import ToolInformation, VocabString

# Set up the necessary Package, Malware Subject, Analysis Bundle Instances
p = Package()
ms = MalwareSubject()
b = Bundle()
a = Analysis()

# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.size_in_bytes = "210564"
ms.malware_instance_object_attributes.properties.add_hash(
    "B6C39FF68346DCC8B67AA060DEFE40C2")
ms.malware_instance_object_attributes.properties.add_hash(
    "D55B0FB96FAD96D203D10850469489FC03E6F2F7")

# Populate the Analysis with the metadata relating to the Analysis that was performed
a.method = "dynamic"
a.type_ = "triage"
a.set_findings_bundle(b.id_)
t = ToolInformation()
示例#6
0
    def test_round_trip(self):
        o = MalwareSubject()
        o.add_findings_bundle(Bundle())
        o2 = round_trip(o)

        self.assertEqual(o.to_dict(), o2.to_dict())