本文整理汇总了Python中stix.ttp.TTP类的典型用法代码示例。如果您正苦于以下问题:Python TTP类的具体用法?Python TTP怎么用?Python TTP使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了TTP类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
def main():
from stix.campaign import Campaign
from stix.common.related import RelatedTTP
from stix.core import STIXPackage
from stix.ttp import TTP
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting.add_targeted_information("Information Assets - Customer PII")
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
ttp_ref = TTP()
ttp_ref.idref = ttp.id_
related_ttp = RelatedTTP(ttp_ref)
related_ttp.relationship = "Targets"
c = Campaign()
c.title = "Operation Alpha"
c.related_ttps.append(related_ttp)
pkg = STIXPackage()
pkg.add_campaign(c)
pkg.add_ttp(ttp)
print pkg.to_xml()示例2: resolveAttributes
def resolveAttributes(incident, ttps, attributes):
for attribute in attributes:
if attribute["type"] in not_implemented_attributes:
addJournalEntry(
incident,
"!Not implemented attribute category/type combination caught! attribute["
+ attribute["category"]
+ "]["
+ attribute["type"]
+ "]: "
+ attribute["value"],
)
elif attribute["type"] in non_indicator_attributes:
# types that will definitely not become indicators
handleNonIndicatorAttribute(incident, ttps, attribute)
else:
# types that may become indicators
handleIndicatorAttribute(incident, ttps, attribute)
if incident.related_indicators and not ttps:
ttp = TTP(timestamp=incident.timestamp)
ttp.id_ = incident.id_.replace("incident", "ttp")
ttp.title = "Unknown"
ttps.append(ttp)
for rindicator in incident.related_indicators:
for ttp in ttps:
ittp = TTP(idref=ttp.id_, timestamp=ttp.timestamp)
rindicator.item.add_indicated_ttp(ittp)
return [incident, ttps]示例3: main
def main():
ioc = etree.parse('6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc')
stix_package = STIXPackage()
ttp = TTP()
malware_instance = MalwareInstance()
malware_instance.names = ['Zeus', 'twexts', 'sdra64', 'ntos']
ttp = TTP(title="Zeus")
ttp.behavior = Behavior()
ttp.behavior.add_malware_instance(malware_instance)
indicator = Indicator(title="Zeus", description="Finds Zeus variants, twexts, sdra64, ntos")
tm = OpenIOCTestMechanism()
tm.ioc = ioc
tm.producer = InformationSource(identity=Identity(name="Mandiant"))
time = Time()
time.produced_time = "0001-01-01T00:00:00"
tm.producer.time = time
tm.producer.references = ["http://openioc.org/iocs/6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc"]
indicator.test_mechanisms = TestMechanisms([tm])
indicator.add_indicated_ttp(TTP(idref=ttp.id_))
stix_package.add_indicator(indicator)
stix_package.add_ttp(ttp)
print(stix_package.to_xml(encoding=None))示例4: test_ttp
def test_ttp(self):
t = TTP()
t.title = UNICODE_STR
t.description = UNICODE_STR
t.short_description = UNICODE_STR
t2 = round_trip(t)
self._test_equal(t, t2)示例5: main
def main():
stix_package = STIXPackage()
addr1 = Observable(Address(address_value="198.51.100.2", category=Address.CAT_IPV4))
addr2 = Observable(Address(address_value="198.51.100.17", category=Address.CAT_IPV4))
addr3 = Observable(Address(address_value="203.0.113.19", category=Address.CAT_IPV4))
stix_package.add_observable(addr1)
stix_package.add_observable(addr2)
stix_package.add_observable(addr3)
obs_addr1 = Observable()
obs_addr2 = Observable()
obs_addr3 = Observable()
obs_addr1.id_ = None
obs_addr2.id_ = None
obs_addr3.id_ = None
obs_addr1.idref = addr1.id_
obs_addr2.idref = addr2.id_
obs_addr3.idref = addr3.id_
infrastructure = Infrastructure()
infrastructure.observable_characterization = Observables([obs_addr1, obs_addr2, obs_addr3])
resource = Resource()
resource.infrastructure = infrastructure
ttp = TTP(title="Malware C2 Channel")
ttp.resources = resource
stix_package.add_ttp(ttp)
print stix_package.to_xml()示例6: main
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.incident import Incident
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
attrib = Attribution()
attrib.append(actor)
c = Campaign()
c.attribution = []
c.attribution.append(attrib)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
c.related_incidents.append(Incident(idref="example:incident-229ab6ba-0eb2-415b-bdf2-079e6b42f51e"))
c.related_incidents.append(Incident(idref="example:incident-517cf274-038d-4ed4-a3ec-3ac18ad9db8a"))
c.related_incidents.append(Incident(idref="example:incident-7d8cf96f-91cb-42d0-a1e0-bfa38ea08621"))
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()示例7: main
def main():
stix_package = STIXPackage()
ttp_phishing = TTP(title="Phishing")
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-98"
attack_pattern.description = ("Phishing")
ttp_phishing.behavior = Behavior()
ttp_phishing.behavior.add_attack_pattern(attack_pattern)
ttp_pivy = TTP(title="Poison Ivy Variant d1c6")
malware_instance = MalwareInstance()
malware_instance.add_name("Poison Ivy Variant d1c6")
malware_instance.add_type("Remote Access Trojan")
ttp_pivy.behavior = Behavior()
ttp_pivy.behavior.add_malware_instance(malware_instance)
ta_bravo = ThreatActor(title="Adversary Bravo")
ta_bravo.identity = Identity(name="Adversary Bravo")
related_ttp_phishing = RelatedTTP(TTP(idref=ttp_phishing.id_), relationship="Leverages Attack Pattern")
ta_bravo.observed_ttps.append(related_ttp_phishing)
related_ttp_pivy = RelatedTTP(TTP(idref=ttp_pivy.id_), relationship="Leverages Malware")
ta_bravo.observed_ttps.append(related_ttp_pivy)
stix_package.add_ttp(ttp_phishing)
stix_package.add_ttp(ttp_pivy)
stix_package.add_threat_actor(ta_bravo)
print(stix_package.to_xml(encoding=None))开发者ID:STIXProject,项目名称:stixproject.github.io,代码行数:33,代码来源:threat-actor-leveraging-attack-patterns-and-malware_producer.py
示例8: main
def main():
# get args
parser = argparse.ArgumentParser(
description="Parse an input JSON file and output STIX XML ",
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("infile",help="input file")
parser.add_argument("--outfile","-o", help="output file")
args = parser.parse_args()
# We assume the input file is a flat JSON file
# format 'bot_name':[list,of,ips]
content = json.load(open(args.infile))
# Set up STIX document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = "C2 Server IP Addresses"
stix_header.add_package_intent (PackageIntent.TERM_INDICATORS_WATCHLIST)
stix_package.stix_header = stix_header
# Create Indicator and TTP for each item in JSON document
for item in content:
# Create TTP for C2 server
ttp = TTP()
ttp.title = item
stix_package.add_ttp(ttp)
# Create Indicator for C2 IP addresses
indicator = Indicator()
indicator.title = "IP addresses for known C2 channel"
indicator.description = "Bot connecting to control server"
# Add IPs for C2 node
addr = Address(address_value=content[item], category=Address.CAT_IPV4)
addr.address_value.condition= "Equals"
indicator.add_object(addr)
# Relate Indicator and TTP
indicator.add_indicated_ttp(TTP(idref=ttp.id_))
# Add Indicator to STIX PAckage
stix_package.add_indicator(indicator)
# Output to given file
# The context manager is just to make the output look nicer by ignoring
# warnings from to_xml()
with warnings.catch_warnings():
warnings.simplefilter("ignore")
stix_out = stix_package.to_xml()
if args.outfile:
fd = open(args.outfile,'w')
fd.write(stix_out)
else:
print stix_out示例9: cvebuild
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from stix.utils import idgen
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
idgen.set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
# Add the vulnerability object to the package object
expt.add_vulnerability(vulnbuild(data))
# Do some TTP stuff with CAPEC objects
try:
for i in data['capec']:
ttp = TTP()
ttp.title = "CAPEC-" + str(i['id'])
ttp.description = i['summary']
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
pkg.add_ttp(ttp)
except KeyError:
pass
# Do some weakness stuff
if data['cwe'] != 'Unknown':
weak = Weakness()
weak.cwe_id = data['cwe']
expt.add_weakness(weak)
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
title = pkg.id_.split(':', 1)[-1]
with open(title + ".xml", "w") as text_file:
text_file.write(xml)
return xml示例10: _buildttp
def _buildttp(i, expt):
"""Do some TTP stuff."""
ttp = TTP()
ttp.title = str(i['name'])
# The summary key is a list. In 1.2 this is represented
# properly using description ordinality.
ttp.description = i['summary']
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-" + str(i['id'])
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
return ttp示例11: main
def main():
maec_malware_instance = MAECInstance()
maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
maec_malware_instance.add_type("Remote Access Trojan")
maec_malware_instance.maec = etree.fromstring(MAEC_XML, parser=etree.ETCompatXMLParser())
ttp = TTP(title="Poison Ivy Variant v4392-acc")
ttp.behavior = Behavior()
ttp.behavior.add_malware_instance(maec_malware_instance)
stix_package = STIXPackage()
stix_package.add_ttp(ttp)
print(stix_package.to_xml(encoding=None))开发者ID:STIXProject,项目名称:stixproject.github.io,代码行数:14,代码来源:malware-characterization-using-maec_producer.py
示例12: main
def main():
ciq_identity = CIQIdentity3_0Instance()
identity_spec = STIXCIQIdentity3_0()
identity_spec.organisation_info = OrganisationInfo(industry_type="Electricity, Industrial Control Systems")
ciq_identity.specification = identity_spec
ttp = TTP(title="Victim Targeting: Electricity Sector and Industrial Control System Sector")
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.identity = ciq_identity
stix_package = STIXPackage()
stix_package.add_ttp(ttp)
print(stix_package.to_xml(encoding=None))示例13: _buildttp
def _buildttp(data):
ttp = TTP()
ttp.title = data['name']
ttp.description = data['description']
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-" + str(data['id'])
attack_pattern.title = data['name']
attack_pattern.description = data['description']
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)
ttp.information_source = InformationSource()
ttp.information_source.identity = Identity()
ttp.information_source.identity.name = "The MITRE Corporation"
ttp.information_source.references = data['references']
return ttp示例14: from_dict
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.ttps = [TTP.from_dict(x) for x in dict_repr.get('ttps', [])]
return return_obj示例15: from_dict
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.ttps = [TTP.from_dict(x) for x in dict_repr.get('ttps', [])]
return_obj.kill_chains = KillChains.from_dict(dict_repr.get('kill_chains'))
return return_obj