Python Bundle.add_action示例

    def test_add_collections(self):
        o = Bundle()

        o.add_named_action_collection("Actions")
        ma = MalwareAction()
        o.add_action(ma, "Actions")
        self.assertTrue(
            o.collections.action_collections.has_collection("Actions"))

        o.add_named_object_collection("Objects")
        obj = Object()
        o.add_object(obj, "Objects")
        self.assertTrue(
            o.collections.object_collections.has_collection("Objects"))

        o.add_named_behavior_collection("Behaviors")
        b = Behavior()
        o.add_behavior(b, "Behaviors")
        self.assertTrue(
            o.collections.behavior_collections.has_collection("Behaviors"))

        o.add_named_candidate_indicator_collection("Indicators")
        ci = CandidateIndicator()
        o.add_candidate_indicator(ci, "Indicators")
        self.assertTrue(
            o.collections.candidate_indicator_collections.has_collection(
                "Indicators"))

示例#2

显示文件

文件： bundle_test.py 项目： MAECProject/python-maec

    def test_add_collections(self):
        o = Bundle()

        o.add_named_action_collection("Actions")
        ma = MalwareAction()
        o.add_action(ma, "Actions")
        self.assertTrue(o.collections.action_collections.has_collection("Actions"))

        o.add_named_object_collection("Objects")
        obj = Object()
        o.add_object(obj, "Objects")
        self.assertTrue(o.collections.object_collections.has_collection("Objects"))

        o.add_named_behavior_collection("Behaviors")
        b = Behavior()
        o.add_behavior(b, "Behaviors")
        self.assertTrue(o.collections.behavior_collections.has_collection("Behaviors"))

        o.add_named_candidate_indicator_collection("Indicators")
        ci = CandidateIndicator()
        o.add_candidate_indicator(ci, "Indicators")
        self.assertTrue(o.collections.candidate_indicator_collections.has_collection("Indicators"))

示例#3

显示文件

文件： APIexample.py 项目： geliefan/Python_mycode

from maec.bundle.malware_action import MalwareAction
from maec.utils import IDGenerator, set_id_method
from cybox.core import Object, AssociatedObjects, AssociatedObject, AssociationType
from cybox.objects.file_object import File

# Instantiate the MAEC/CybOX Entities
set_id_method(IDGenerator.METHOD_INT)
b = Bundle()
a = MalwareAction()
ao = AssociatedObject()

# Build the Associated Object for use in the Action
ao.properties = File()
ao.properties.file_name = "badware.exe"
ao.properties.size_in_bytes = "123456"
ao.association_type = AssociationType()
ao.association_type.value = 'output'
ao.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0'

# Build the Action and add the Associated Object to it
a.name = 'create file'
a.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0'
a.associated_objects = AssociatedObjects()
a.associated_objects.append(ao)

# Add the Action to the Bundle
b.add_action(a)

# Output the Bundle to stdout
print b.to_xml(include_namespaces = False)

示例#4

显示文件

文件： maec_dynamic_analysis.py 项目： getvirushelp/MAECProject.github.io

o1.properties = WinExecutableFile()
o1.properties.file_name = "Zcxaxz.exe"
o1.properties.size_in_bytes = "332288"
o1.association_type = VocabString()
o1.association_type.value = "output"
o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0"
act1.associated_objects.append(o1)

# Create the second, create mutex action
act2 = MalwareAction()
act2.name = "create mutex"
act2.name.xsi_type = "SynchronizationActionNameVocab-1.0"
act2.associated_objects = AssociatedObjects()
o2 = AssociatedObject()
o2.properties = WinMutex()
o2.properties.name = "redem-Mutex"
o2.association_type = VocabString()
o2.association_type.value = "output"
o2.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0"
act2.associated_objects.append(o2)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act1)
b.add_action(act2)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml()

示例#5

显示文件

文件： example1.py 项目： akreffett/python-maec

from maec.package.analysis import Analysis
from maec.package.malware_subject import MalwareSubject
from maec.package.package import Package
from maec.id_generator import Generator
from maec.utils import MAECNamespaceParser
from cybox.core.object import Object 
from cybox.core.associated_object import AssociatedObject

#Instantiate the ID generator class (for automatic ID generation) with our example namespace
generator = Generator('example1')
#Instantiate the Bundle, Package, MalwareSubject, and Analysis classes
bundle = Bundle(id=generator.generate_bundle_id(), defined_subject=False)
package = Package(id=generator.generate_package_id())
subject = MalwareSubject(id=generator.generate_malware_subject_id())
analysis = Analysis(id=generator.generate_analysis_id())
#Create the Subject Object Dictionary for use in the Malware Instance Object Attributes
subject_object_dict = {'id' : generator.generate_object_id(), 'properties' : {'xsi:type' : 'FileObjectType', 'name' : 'foobar.exe', 'size_in_bytes' : '35532'}}
#Set the Malware Instance Object Attributes with an Object constructed from the dictionary
subject.set_malware_instance_object_attributes(Object.from_dict(subject_object_dict))
#Create the Associated Object Dictionary for use in the Action
associated_object_dict = {'id' : generator.generate_object_id(), 'properties' : {'xsi:type' : 'FileObjectType', 'file_name' : 'abcd.dll', 'size_in_bytes' : '12346'}, 'association_type' : {'value' : 'output', 'xsi:type' : 'maecVocabs:ActionObjectAssociationTypeVocab-1.0'}}
#Create the Action from another dictionary
action = MalwareAction.from_dict({'id' : generator.generate_malware_action_id(), 'name' : {'value' : 'create file', 'xsi:type' : 'maecVocabs:FileActionNameVocab-1.0'}, 'associated_objects' : [associated_object_dict]})
#Add the Action to the buundle
bundle.add_action(action)
#Add the Bundle to the Malware Subject
subject.add_findings_bundle(bundle)
#Add the Malware Subject to the Package
package.add_malware_subject(subject)
#Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions
package.to_xml_file('example1.xml')

示例#6

显示文件

文件： maec_process_tree.py 项目： MAECProject/MAECProject.github.io

act1.associated_objects.append(o1)

# Create the Process Tree
p_tree = ProcessTree()

# Create the root process
root_p = ProcessTreeNode()
root_p.name = "first_process.exe"
root_p.add_initiated_action(act1.id_)

# Create the spawned process
spawned_p = ProcessTreeNode()
spawned_p.name = "malproc.exe"

# Add the spawned process to the root process
root_p.add_spawned_process(spawned_p)

# Set the root process in the process_tree
p_tree.set_root_process(root_p)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act1)
b.set_process_tree(p_tree)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml()

示例#7

显示文件

文件： seminor.py 项目： geliefan/Python_mycode

p_node.pid = 3408
p_node.name = "word.exe"

#プロセスの設定
P2 = ProcessTreeNode()
P2.pid = 3768
P2.parent_pid = 3408
P2.name = "SenPen.exe"

p_node.add_spawned_process(P2)

#ProcessTreeの設定
p_tree = ProcessTree()
p_tree.set_root_process(p_node)
#Check
#p_tree.to_xml_file('ProcessTree.xml', {"http://LIFT-S.com/":"LIFT-S"})

# パッケージへMalwareSubjectを追加
package.add_malware_subject(subject)
# バンドルへActionを追加
bundle.add_action(act1)
bundle.set_process_tree(p_tree)
# Add the Bundle to the Malware Subject
# Malware Subjectへバンドルを追加
subject.add_findings_bundle(bundle)
subject.add_analysis(analysis)

# Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions
package.to_xml_file('MalAnalyze_seminor.xml', {"http://LIFT-S.com/":"LIFT-S"})
print "Wrote to sample_maec_package.xml"

示例#8

显示文件

文件： maec_in_depth_analysis.py 项目： getvirushelp/MAECProject.github.io

o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0"
act.associated_objects.append(o1)

# Create the behavior
bhv = Behavior()
bhv.action_composition = BehavioralActions()
bhv.action_composition.action_reference = [BehavioralActionReference()]
bhv.action_composition.action_reference[0].action_id = act.id_

# Create the capability
cap = Capability()
cap.name = "spying"
obj = CapabilityObjective()
obj.name = VocabString()
obj.name.value = "capture keyboard input"
obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0"
obj.behavior_reference = [BehaviorReference()]
obj.behavior_reference[0].behavior_idref = bhv.id_
cap.add_tactical_objective(obj)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act)
b.add_behavior(bhv)
b.add_capability(cap)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml(namespace_dict={"example.com": "example"})

示例#9

显示文件

文件： maec_in_depth_analysis.py 项目： MAECProject/MAECProject.github.io

act.associated_objects.append(o1)

# Create the behavior
bhv = Behavior()
bhv.action_composition = BehavioralActions()
bhv.action_composition.action_reference = [BehavioralActionReference()]
bhv.action_composition.action_reference[0].action_id = act.id_

# Create the capability
cap = Capability()
cap.name = "spying"
obj = CapabilityObjective()
obj.name = VocabString()
obj.name.value = "capture keyboard input"
obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0"
obj.behavior_reference = [BehaviorReference()]
obj.behavior_reference[0].behavior_idref = bhv.id_
cap.add_tactical_objective(obj)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act)
b.add_behavior(bhv)
b.add_capability(cap)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml(namespace_dict={"example.com" : "example"})