~alienagain/Stix_stuff

d21c0e453afa9b83703069d587eef5d830830089 — terceranexus6 1 year, 8 months ago 080872e
added a way to check existing malware UUIDs so the relationships make sense
3 files changed, 38 insertions(+), 15 deletions(-)

A from_csv/create_id.py
M from_csv/hashes.py
A from_csv/malware_IDs.csv
A from_csv/create_id.py => from_csv/create_id.py +21 -0
@@ 0,0 1,21 @@
import random
import string
import sys

def create_id(itype):
    # lenghts for generating random strings for the id
    l1 = 8
    l2 = 4
    l3 = 12

    chars = string.ascii_letters + string.digits
    random_string_1 = ''.join(random.choice(chars) for i in range(l1))
    random_string_2 = ''.join(random.choice(chars) for i in range(l2))
    random_string_3 = ''.join(random.choice(chars) for i in range(l2))
    random_string_4 = ''.join(random.choice(chars) for i in range(l2))
    random_string_5 = ''.join(random.choice(chars) for i in range(l3))

    print(itype+"--"+random_string_1+"-"+random_string_2+"-"+random_string_3+"-"+random_string_4+"-"+random_string_5)

# read argument from command to check the type
create_id(str(sys.argv[1]))

M from_csv/hashes.py => from_csv/hashes.py +16 -15
@@ 5,11 5,9 @@ import sys
import string
import random

#by default, the time for creation and modification is the time of the execution
now = datetime.datetime.now()
mytime=now.strftime('%Y-%m-%dT%H:%M:%S.%fZ')

#funtion to create unique IDs based on random strings starting with the given type (indicator, malware, etc)
def create_id(itype):
    # lenghts for generating random strings for the id
    l1 = 8


@@ 25,13 23,13 @@ def create_id(itype):

    print(itype+"--"+random_string_1+"-"+random_string_2+"-"+random_string_3+"-"+random_string_4+"-"+random_string_5)


#it takes the csv from argument
filename = str(sys.argv[1])
count=0

with open(filename, 'r') as csvfile:
with open(filename, 'r') as csvfile, open('malware_IDs.csv','r') as malware_ids:
    datareader = csv.reader(csvfile)
    datareader2 = csv.reader(malware_ids)

    for row in datareader:
        count=count+1
        


@@ 60,10 58,7 @@ with open(filename, 'r') as csvfile:
        mfam = row[7]


        # INDICATOR PROCESSING
        
        myid = create_id("indicator")

        indicator = Indicator(
            id=myid,
            created=mytime,


@@ 76,9 71,20 @@ with open(filename, 'r') as csvfile:
            valid_from=mytime
        )       

        # MALWARE PROCESSING
        #myid2 = create_id("malware")

        # condition to assure that if the 
        # malware already has an ID registered, don use
        skedaddle = False

        myid2 = create_id("malware")
        while not (skedaddle):
            for row2 in datareader2:
                if str(row2[0]) == str(mname):
                    myid2 = row2[1]
                    skedaddle = True
                else:
                    myid2 = create_id("malware")
            skedaddle = True

        malware = Malware(
            id=myid2,


@@ 89,15 95,10 @@ with open(filename, 'r') as csvfile:
            is_family=mfam
        )

        # The relationship among them is created based on the ids

        relationship = Relationship(indicator, 'indicates', malware)
        bundle = Bundle(objects=[indicator, malware, relationship])

        # It prints the result in stix files which describes the relationship in the name 
        # f.e.: disk1_related_with_xmrig_1.stix
        # this way it makes it easier to understand the data before opening it

        print(str(bundle))
        with open(iname+"_related_with_"+mname+"_"+str(count)+".stix", 'a') as f:
            f.write(str(bundle))

A from_csv/malware_IDs.csv => from_csv/malware_IDs.csv +1 -0
@@ 0,0 1,1 @@
XMRIG,malware--ab24aa89-d80e-4293-a722-4b7b83804ee7