def test_round_trip(self):
o = ProcessTree()
root = ProcessTreeNode()
spawned_child1 = ProcessTreeNode()
spawned_child2 = ProcessTreeNode()
injected_child = ProcessTreeNode()
spawned_grandchild = ProcessTreeNode()
o.set_root_process(root)
root.add_spawned_process(spawned_child1)
root.add_spawned_process(spawned_child2)
root.add_injected_process(injected_child)
spawned_child1.add_spawned_process(spawned_grandchild)
o2 = round_trip(o, True)
self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self):
o = ProcessTree()
root = ProcessTreeNode()
spawned_child1 = ProcessTreeNode()
spawned_child2 = ProcessTreeNode()
injected_child = ProcessTreeNode()
spawned_grandchild = ProcessTreeNode()
o.set_root_process(root)
root.add_spawned_process(spawned_child1)
root.add_spawned_process(spawned_child2)
root.add_injected_process(injected_child)
spawned_child1.add_spawned_process(spawned_grandchild)
o2 = round_trip(o, True)
self.assertEqual(o.to_dict(), o2.to_dict())
act1.associated_objects.append(o1) # Create the Process Tree p_tree = ProcessTree() # Create the root process root_p = ProcessTreeNode() root_p.name = "first_process.exe" root_p.add_initiated_action(act1.id_) # Create the spawned process spawned_p = ProcessTreeNode() spawned_p.name = "malproc.exe" # Add the spawned process to the root process root_p.add_spawned_process(spawned_p) # Set the root process in the process_tree p_tree.set_root_process(root_p) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act1) b.set_process_tree(p_tree) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()
o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0" act1.associated_objects.append(o1) # Create the Process Tree p_tree = ProcessTree() # Create the root process root_p = ProcessTreeNode() root_p.name = "first_process.exe" root_p.add_initiated_action(act1.id_) # Create the spawned process spawned_p = ProcessTreeNode() spawned_p.name = "malproc.exe" # Add the spawned process to the root process root_p.add_spawned_process(spawned_p) # Set the root process in the process_tree p_tree.set_root_process(root_p) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act1) b.set_process_tree(p_tree) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml()
p_node = ProcessTreeNode()
p_node.add_initiated_action(act1.id_)
p_node.pid = 3408
p_node.name = "word.exe"
#プロセスの設定
P2 = ProcessTreeNode()
P2.pid = 3768
P2.parent_pid = 3408
P2.name = "SenPen.exe"
p_node.add_spawned_process(P2)
#ProcessTreeの設定
p_tree = ProcessTree()
p_tree.set_root_process(p_node)
#Check
#p_tree.to_xml_file('ProcessTree.xml', {"http://LIFT-S.com/":"LIFT-S"})
# パッケージへMalwareSubjectを追加
package.add_malware_subject(subject)
# バンドルへActionを追加
bundle.add_action(act1)
bundle.set_process_tree(p_tree)
# Add the Bundle to the Malware Subject
# Malware Subjectへバンドルを追加
subject.add_findings_bundle(bundle)
subject.add_analysis(analysis)
# Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions
package.to_xml_file('MalAnalyze_seminor.xml', {"http://LIFT-S.com/":"LIFT-S"})
