コード例 #1
0
ファイル: bundle.go プロジェクト: freetaxii/libstix2
func (this *BundleType) NewMalware() *malware.MalwareType {
	i := malware.New()
	slicePosition := this.addMalware(i)
	return &this.Malware[slicePosition]
}
コード例 #2
0
ファイル: 02-full-report.go プロジェクト: freetaxii/libstix2
func main() {
	container := make([]interface{}, 0)

	// Create a report
	r := report.New()
	r.SetName("Malware Foo Report 2016")
	r.SetDescription("This report gives us details about Malware Foo1")
	r.SetPublished(time.Now())

	// Create a campagin
	c := campaign.New()
	c.SetName("Bank Attack 2016")
	c.SetObjective("Compromise SWIFT system and steal money")
	r.AddObject(c.GetId())
	container = append(container, c)

	// Define a family of malware
	m1 := malware.New()
	m1.SetName("Zeus")
	m1.AddLabel("trojan")
	m1.AddLabel("malware-family")
	r.AddObject(m1.GetId())
	container = append(container, m1)

	// Define a piece of malware
	m2 := malware.New()
	m2.SetName("SpyEye")
	m2.AddLabel("trojan")
	m2.AddFilename("cleansweep.exe")
	m2.AddFilename("spyeye2_exe")
	m2.AddFilename("build_1_.exe")
	m2.AddHash("md5", "84714c100d2dfc88629531f6456b8276")
	m2.AddHash("sha256", "861aa9c5ddcb5284e1ba4e5d7ebacfa297567c353446506ee4b4e39c84454b09")
	m2.AddKillChainPhase("lockheed-martin-cyber-kill-chain", "command-and-control")
	r.AddObject(m2.GetId())
	container = append(container, m2)

	// Create an indicator
	i := indicator.New()
	i.SetName("Malware C2 Indicator 2016")
	i.SetDescription("This indicator should detect the SpyEye malware by looking for this MD5 hash")
	i.SetPattern("file-object:hashes.md5 = 84714c100d2dfc88629531f6456b8276")
	container = append(container, c)

	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))

	for j := 0; j <= 4; j++ {
		r.AddObject(stix.NewId("indicator"))
	}

	container = append(container, r)
	var data []byte
	data, _ = json.MarshalIndent(container, "", "    ")

	fmt.Println(string(data))
}