func main() { i := indicator.New() i.SetName("Malware C2 Indicator 2016") // Set modified time to be one hour from now //modifiedTime := time.Now().Add(time.Hour) //i.SetModified(modifiedTime) // err := i.SetVersion(2) // if err != nil { // log.Fatal(err) // } validFrom := time.Now() i.SetValidFrom(validFrom) i.SetPrecisionYear("valid_from") i.AddKillChainPhase("lockheed-martin-cyber-kill-chain", "delivery") var data []byte data, _ = json.MarshalIndent(i, "", " ") fmt.Println(string(data)) }
func (this *BundleType) NewIndicator() *indicator.IndicatorType { i := indicator.New() slicePosition := this.addIndicator(i) return &this.Indicators[slicePosition] }
func main() { container := make([]interface{}, 0) // Create a report r := report.New() r.SetName("Malware Foo Report 2016") r.SetDescription("This report gives us details about Malware Foo1") r.SetPublished(time.Now()) // Create a campagin c := campaign.New() c.SetName("Bank Attack 2016") c.SetObjective("Compromise SWIFT system and steal money") r.AddObject(c.GetId()) container = append(container, c) // Define a family of malware m1 := malware.New() m1.SetName("Zeus") m1.AddLabel("trojan") m1.AddLabel("malware-family") r.AddObject(m1.GetId()) container = append(container, m1) // Define a piece of malware m2 := malware.New() m2.SetName("SpyEye") m2.AddLabel("trojan") m2.AddFilename("cleansweep.exe") m2.AddFilename("spyeye2_exe") m2.AddFilename("build_1_.exe") m2.AddHash("md5", "84714c100d2dfc88629531f6456b8276") m2.AddHash("sha256", "861aa9c5ddcb5284e1ba4e5d7ebacfa297567c353446506ee4b4e39c84454b09") m2.AddKillChainPhase("lockheed-martin-cyber-kill-chain", "command-and-control") r.AddObject(m2.GetId()) container = append(container, m2) // Create an indicator i := indicator.New() i.SetName("Malware C2 Indicator 2016") i.SetDescription("This indicator should detect the SpyEye malware by looking for this MD5 hash") i.SetPattern("file-object:hashes.md5 = 84714c100d2dfc88629531f6456b8276") container = append(container, c) r.AddObject(stix.NewId("sighting")) r.AddObject(stix.NewId("sighting")) r.AddObject(stix.NewId("threat-actor")) r.AddObject(stix.NewId("threat-actor")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) r.AddObject(stix.NewId("relationship")) for j := 0; j <= 4; j++ { r.AddObject(stix.NewId("indicator")) } container = append(container, r) var data []byte data, _ = json.MarshalIndent(container, "", " ") fmt.Println(string(data)) }