def test_add_collections(self): o = Bundle() o.add_named_action_collection("Actions") ma = MalwareAction() o.add_action(ma, "Actions") self.assertTrue( o.collections.action_collections.has_collection("Actions")) o.add_named_object_collection("Objects") obj = Object() o.add_object(obj, "Objects") self.assertTrue( o.collections.object_collections.has_collection("Objects")) o.add_named_behavior_collection("Behaviors") b = Behavior() o.add_behavior(b, "Behaviors") self.assertTrue( o.collections.behavior_collections.has_collection("Behaviors")) o.add_named_candidate_indicator_collection("Indicators") ci = CandidateIndicator() o.add_candidate_indicator(ci, "Indicators") self.assertTrue( o.collections.candidate_indicator_collections.has_collection( "Indicators"))
def test_add_collections(self): o = Bundle() o.add_named_action_collection("Actions") ma = MalwareAction() o.add_action(ma, "Actions") self.assertTrue(o.collections.action_collections.has_collection("Actions")) o.add_named_object_collection("Objects") obj = Object() o.add_object(obj, "Objects") self.assertTrue(o.collections.object_collections.has_collection("Objects")) o.add_named_behavior_collection("Behaviors") b = Behavior() o.add_behavior(b, "Behaviors") self.assertTrue(o.collections.behavior_collections.has_collection("Behaviors")) o.add_named_candidate_indicator_collection("Indicators") ci = CandidateIndicator() o.add_candidate_indicator(ci, "Indicators") self.assertTrue(o.collections.candidate_indicator_collections.has_collection("Indicators"))
a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06" o.properties.headers.optional_header.minor_linker_version = "00" o.properties.headers.optional_header.address_of_entry_point = "036418" o.properties.headers.optional_header.subsystem = "Windows_GUI" # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_object(o) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()
a.summary = "A basic static triage of the subject binary using PEiD." a.set_findings_bundle(b.id_) a.source = Source() a.source.name = "Frankie Li" a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814" t = ToolInformation() t.name = "PEiD" t.version = "0.94" a.add_tool(t) # Set the requisite attributes on the Bundle and populate it with the Static Analysis findings b.defined_subject = False b.content_type = "static analysis tool output" o = Object() o.properties = WinExecutableFile() o.properties.headers = PEHeaders() o.properties.headers.optional_header = PEOptionalHeader() o.properties.headers.optional_header.major_linker_version = "06" o.properties.headers.optional_header.minor_linker_version = "00" o.properties.headers.optional_header.address_of_entry_point = "036418" o.properties.headers.optional_header.subsystem = "Windows_GUI" # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_object(o) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()