@@ 0,0 1,21 @@
+import random
+import string
+import sys
+
+def create_id(itype):
+ # lenghts for generating random strings for the id
+ l1 = 8
+ l2 = 4
+ l3 = 12
+
+ chars = string.ascii_letters + string.digits
+ random_string_1 = ''.join(random.choice(chars) for i in range(l1))
+ random_string_2 = ''.join(random.choice(chars) for i in range(l2))
+ random_string_3 = ''.join(random.choice(chars) for i in range(l2))
+ random_string_4 = ''.join(random.choice(chars) for i in range(l2))
+ random_string_5 = ''.join(random.choice(chars) for i in range(l3))
+
+ print(itype+"--"+random_string_1+"-"+random_string_2+"-"+random_string_3+"-"+random_string_4+"-"+random_string_5)
+
+# read argument from command to check the type
+create_id(str(sys.argv[1]))
@@ 5,11 5,9 @@ import sys
import string
import random
-#by default, the time for creation and modification is the time of the execution
now = datetime.datetime.now()
mytime=now.strftime('%Y-%m-%dT%H:%M:%S.%fZ')
-#funtion to create unique IDs based on random strings starting with the given type (indicator, malware, etc)
def create_id(itype):
# lenghts for generating random strings for the id
l1 = 8
@@ 25,13 23,13 @@ def create_id(itype):
print(itype+"--"+random_string_1+"-"+random_string_2+"-"+random_string_3+"-"+random_string_4+"-"+random_string_5)
-
-#it takes the csv from argument
filename = str(sys.argv[1])
count=0
-with open(filename, 'r') as csvfile:
+with open(filename, 'r') as csvfile, open('malware_IDs.csv','r') as malware_ids:
datareader = csv.reader(csvfile)
+ datareader2 = csv.reader(malware_ids)
+
for row in datareader:
count=count+1
@@ 60,10 58,7 @@ with open(filename, 'r') as csvfile:
mfam = row[7]
- # INDICATOR PROCESSING
-
myid = create_id("indicator")
-
indicator = Indicator(
id=myid,
created=mytime,
@@ 76,9 71,20 @@ with open(filename, 'r') as csvfile:
valid_from=mytime
)
- # MALWARE PROCESSING
+ #myid2 = create_id("malware")
+
+ # condition to assure that if the
+ # malware already has an ID registered, don use
+ skedaddle = False
- myid2 = create_id("malware")
+ while not (skedaddle):
+ for row2 in datareader2:
+ if str(row2[0]) == str(mname):
+ myid2 = row2[1]
+ skedaddle = True
+ else:
+ myid2 = create_id("malware")
+ skedaddle = True
malware = Malware(
id=myid2,
@@ 89,15 95,10 @@ with open(filename, 'r') as csvfile:
is_family=mfam
)
- # The relationship among them is created based on the ids
relationship = Relationship(indicator, 'indicates', malware)
bundle = Bundle(objects=[indicator, malware, relationship])
- # It prints the result in stix files which describes the relationship in the name
- # f.e.: disk1_related_with_xmrig_1.stix
- # this way it makes it easier to understand the data before opening it
-
print(str(bundle))
with open(iname+"_related_with_"+mname+"_"+str(count)+".stix", 'a') as f:
f.write(str(bundle))
@@ 0,0 1,1 @@
+XMRIG,malware--ab24aa89-d80e-4293-a722-4b7b83804ee7