def test_add_collections(self):
o = Bundle()
o.add_named_action_collection("Actions")
ma = MalwareAction()
o.add_action(ma, "Actions")
self.assertTrue(
o.collections.action_collections.has_collection("Actions"))
o.add_named_object_collection("Objects")
obj = Object()
o.add_object(obj, "Objects")
self.assertTrue(
o.collections.object_collections.has_collection("Objects"))
o.add_named_behavior_collection("Behaviors")
b = Behavior()
o.add_behavior(b, "Behaviors")
self.assertTrue(
o.collections.behavior_collections.has_collection("Behaviors"))
o.add_named_candidate_indicator_collection("Indicators")
ci = CandidateIndicator()
o.add_candidate_indicator(ci, "Indicators")
self.assertTrue(
o.collections.candidate_indicator_collections.has_collection(
"Indicators"))
def test_add_collections(self):
o = Bundle()
o.add_named_action_collection("Actions")
ma = MalwareAction()
o.add_action(ma, "Actions")
self.assertTrue(o.collections.action_collections.has_collection("Actions"))
o.add_named_object_collection("Objects")
obj = Object()
o.add_object(obj, "Objects")
self.assertTrue(o.collections.object_collections.has_collection("Objects"))
o.add_named_behavior_collection("Behaviors")
b = Behavior()
o.add_behavior(b, "Behaviors")
self.assertTrue(o.collections.behavior_collections.has_collection("Behaviors"))
o.add_named_candidate_indicator_collection("Indicators")
ci = CandidateIndicator()
o.add_candidate_indicator(ci, "Indicators")
self.assertTrue(o.collections.candidate_indicator_collections.has_collection("Indicators"))
a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06" o.properties.headers.optional_header.minor_linker_version = "00" o.properties.headers.optional_header.address_of_entry_point = "036418" o.properties.headers.optional_header.subsystem = "Windows_GUI" # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_object(o) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()
a.summary = "A basic static triage of the subject binary using PEiD." a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06" o.properties.headers.optional_header.minor_linker_version = "00" o.properties.headers.optional_header.address_of_entry_point = "036418" o.properties.headers.optional_header.subsystem = "Windows_GUI" # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_object(o) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()
