func main() {
r := report.New()
r.SetName("Malware Foo Report 2016")
r.SetDescription("This report gives us details about Malware Foo1")
r.SetPublished(time.Now())
r.AddObject(stix.NewId("malware"))
r.AddObject(stix.NewId("campaign"))
r.AddObject(stix.NewId("sighting"))
r.AddObject(stix.NewId("sighting"))
r.AddObject(stix.NewId("threat-actor"))
r.AddObject(stix.NewId("threat-actor"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
for j := 0; j <= 4; j++ {
r.AddObject(stix.NewId("indicator"))
}
var data []byte
data, _ = json.MarshalIndent(r, "", " ")
fmt.Println(string(data))
}
func main() {
r := report.New()
r.AddLabel("Attack Report")
r.SetName("Malware Foo Report 2016")
r.SetDescription("This report gives us details about Malware Foo")
r.SetPublished(time.Now())
r.AddObject(stix.NewId("malware"))
// r.AddObject(stix.NewId("campaign"))
// r.AddObject(stix.NewId("sighting"))
// r.AddObject(stix.NewId("sighting"))
// r.AddObject(stix.NewId("threat-actor"))
// r.AddObject(stix.NewId("threat-actor"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// r.AddObject(stix.NewId("relationship"))
// for j := 0; j <= 4; j++ {
// r.AddObject(stix.NewId("indicator"))
// }
// Open connection to database
filename := "/opt/go/src/github.com/freetaxii/libstix2/examples/db/freetaxii.sqlite"
db, err := sql.Open("sqlite3", filename)
if err != nil {
log.Fatalf("Unable to open file %s due to error %v", filename, err)
}
defer db.Close()
r.AddToDatabase(db)
var data []byte
data, _ = json.MarshalIndent(r, "", " ")
fmt.Println(string(data))
}
func main() {
container := make([]interface{}, 0)
// Create a report
r := report.New()
r.SetName("Malware Foo Report 2016")
r.SetDescription("This report gives us details about Malware Foo1")
r.SetPublished(time.Now())
// Create a campagin
c := campaign.New()
c.SetName("Bank Attack 2016")
c.SetObjective("Compromise SWIFT system and steal money")
r.AddObject(c.GetId())
container = append(container, c)
// Define a family of malware
m1 := malware.New()
m1.SetName("Zeus")
m1.AddLabel("trojan")
m1.AddLabel("malware-family")
r.AddObject(m1.GetId())
container = append(container, m1)
// Define a piece of malware
m2 := malware.New()
m2.SetName("SpyEye")
m2.AddLabel("trojan")
m2.AddFilename("cleansweep.exe")
m2.AddFilename("spyeye2_exe")
m2.AddFilename("build_1_.exe")
m2.AddHash("md5", "84714c100d2dfc88629531f6456b8276")
m2.AddHash("sha256", "861aa9c5ddcb5284e1ba4e5d7ebacfa297567c353446506ee4b4e39c84454b09")
m2.AddKillChainPhase("lockheed-martin-cyber-kill-chain", "command-and-control")
r.AddObject(m2.GetId())
container = append(container, m2)
// Create an indicator
i := indicator.New()
i.SetName("Malware C2 Indicator 2016")
i.SetDescription("This indicator should detect the SpyEye malware by looking for this MD5 hash")
i.SetPattern("file-object:hashes.md5 = 84714c100d2dfc88629531f6456b8276")
container = append(container, c)
r.AddObject(stix.NewId("sighting"))
r.AddObject(stix.NewId("sighting"))
r.AddObject(stix.NewId("threat-actor"))
r.AddObject(stix.NewId("threat-actor"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
r.AddObject(stix.NewId("relationship"))
for j := 0; j <= 4; j++ {
r.AddObject(stix.NewId("indicator"))
}
container = append(container, r)
var data []byte
data, _ = json.MarshalIndent(container, "", " ")
fmt.Println(string(data))
}