@@ 5,6 5,14 @@ from stix2 import Bundle
from stix2 import Identity
import copy
+# functions
+
+def menu():
+ print("Choose an option: ")
+ print("A - Enter SHA1\nB - Enter SHA256\nC - Finish")
+
+
+
# creating identity for the bundle
@@ 27,148 35,226 @@ malware = Malware(name=mal_name,
description=mal_des,
is_family=True)
-# getting the file with SHA1 hashes
-myfile = input("file with SHA1: ")
-file1 = open(myfile, 'r')
-content = file1.readlines()
-
-count = 0
+menu()
+option = input("Choose your option: ")
+
+bundle_option = 1
+
+
+while option != "C":
+
+ # cleaning
+ num_lines=0
+ j=0
+ if option == "A":
+ # fix TODO: this is an emergency measure to save time
+ # choosing the bundle generation, this will make bundle option
+ # odd always
+ bundle_option = bundle_option + 2
+ trick = bundle_option%2
+ if trick == 0:
+ bundle_option = bundle_option + 1
-in_name="file hash for " + mal_name
+ # getting the file with SHA1 hashes
+ myfile = input("file with SHA1: ")
+ file1 = open(myfile, 'r')
+ content = file1.readlines()
+
+ count = 0
-print("Reading hashes for SHA1...")
-print("SHA1: ")
-# iterating the whole file, for each line it creates a temporary
-# stix object with the sha1 hash and the malware family
-# and saves an indicator object with the content. No need to create a
-# list because the object is already stored as a permanent identifier during the session
-# although a trash-temp-indicator is also stored.
+ in_name="file hash for " + mal_name
-for line in content:
+ print("Reading hashes for SHA1...")
- tmp_indicator = Indicator(name=in_name,
- pattern="[file:hashes.sha1 = '"+ line.strip()+"']",
- pattern_type="stix")
- # print("TEMPORARY, DEBUG:")
- # print(tmp_indicator.serialize(pretty=True))
+ print("SHA1: ")
- count = count + 1
+ # iterating the whole file, for each line it creates a temporary
+ # stix object with the sha1 hash and the malware family
+ # and saves an indicator object with the content. No need to create a
+ # list because the object is already stored as a permanent identifier during the session
+ # although a trash-temp-indicator is also stored.
- locals()["indicator_SHA1_" + str(count)] = copy.deepcopy(tmp_indicator)
+ for line in content:
+ tmp_indicator = Indicator(name=in_name,
+ pattern="[file:hashes.sha1 = '"+ line.strip()+"']",
+ pattern_type="stix")
+ # print("TEMPORARY, DEBUG:")
+ # print(tmp_indicator.serialize(pretty=True))
+ count = count + 1
-print("no more lines to read")
+ locals()["indicator_SHA1_" + str(count)] = copy.deepcopy(tmp_indicator)
-num_lines = sum(1 for _ in open(myfile))
-# This prints all the indicators for the SHA1 (commented) and creates
-# a relationship for each one of them with the malware
+ print("no more lines to read")
-for i in range(num_lines):
- #print("The indicator SHA1 is:\n")
- #print(locals()["indicator_SHA1_" + str(i+1)].serialize(pretty=True))
- # creating the relationship with the malware
- locals()["relationship_SHA1_" + str(i+1)] = Relationship(relationship_type='indicates',
- source_ref=locals()["indicator_SHA1_" + str(i+1)].id,
- target_ref=malware.id)
- #print("The relationship is:\n")
- #print(locals()["relationship_SHA1_" + str(i+1)].serialize(pretty=True))
+ num_lines = sum(1 for _ in open(myfile))
-print("DONE\n")
+ # This prints all the indicators for the SHA1 (commented) and creates
+ # a relationship for each one of them with the malware
-# cleaning
-num_lines=0
-j=0
+ for i in range(num_lines):
+ #print("The indicator SHA1 is:\n")
+ #print(locals()["indicator_SHA1_" + str(i+1)].serialize(pretty=True))
-# getting the file with SHA256 hashes
-myfile2 = input("file with SHA256: ")
-file2 = open(myfile2, 'r')
-content2 = file2.readlines()
-
-count = 0
+ # creating the relationship with the malware
+ locals()["relationship_SHA1_" + str(i+1)] = Relationship(relationship_type='indicates',
+ source_ref=locals()["indicator_SHA1_" + str(i+1)].id,
+ target_ref=malware.id)
+ #print("The relationship is:\n")
+ #print(locals()["relationship_SHA1_" + str(i+1)].serialize(pretty=True))
+ print("DONE\n")
+ menu()
+ option = input("Choose your option: ")
-in_name="file hash SHA256 for " + mal_name
+ elif option == "B":
+ # this will make bindle option even always
+ bundle_option = bundle_option * 2
-print("Reading hashes for SHA256...")
+ # getting the file with SHA256 hashes
+ myfile2 = input("file with SHA256: ")
+ file2 = open(myfile2, 'r')
+ content2 = file2.readlines()
+
+ count = 0
-print("SHA256: ")
-# iterating the whole file, for each line it creates a temporary
-# stix object with the sha1 hash and the malware family
-# and saves an indicator object with the content. No need to create a
-# list because the object is already stored as a permanent identifier during the session
-# although a trash-temp-indicator is also stored.
-for line2 in content2:
+ in_name="file hash SHA256 for " + mal_name
- tmp_indicator = Indicator(name=in_name,
- pattern="[file:hashes.sha256 = '"+ line2.strip()+"']",
- pattern_type="stix")
- # print("TEMPORARY, DEBUG:")
- # print(tmp_indicator.serialize(pretty=True))
+ print("Reading hashes for SHA256...")
- count = count + 1
+ print("SHA256: ")
- locals()["indicator_SHA256_" + str(count)] = copy.deepcopy(tmp_indicator)
+ # iterating the whole file, for each line it creates a temporary
+ # stix object with the sha1 hash and the malware family
+ # and saves an indicator object with the content. No need to create a
+ # list because the object is already stored as a permanent identifier during the session
+ # although a trash-temp-indicator is also stored.
+ for line2 in content2:
+ tmp_indicator = Indicator(name=in_name,
+ pattern="[file:hashes.sha256 = '"+ line2.strip()+"']",
+ pattern_type="stix")
+ # print("TEMPORARY, DEBUG:")
+ # print(tmp_indicator.serialize(pretty=True))
-print("no more lines to read")
+ count = count + 1
+ locals()["indicator_SHA256_" + str(count)] = copy.deepcopy(tmp_indicator)
-num_lines = sum(1 for _ in open(myfile))
-# This prints all the indicators for the SHA1 (commented) and creates
-# a relationship for each one of them with the malware
-for i in range(num_lines):
- #print("The indicator SHA1 is:\n")
- #print(locals()["indicator_SHA1_" + str(i+1)].serialize(pretty=True))
+ print("no more lines to read")
- # creating the relationship with the malware
- locals()["relationship_SHA256_" + str(i+1)] = Relationship(relationship_type='indicates',
- source_ref=locals()["indicator_SHA256_" + str(i+1)].id,
- target_ref=malware.id)
- #print("The relationship is:\n")
- #print(locals()["relationship_SHA1_" + str(i+1)].serialize(pretty=True))
-print("DONE\n")
+ num_lines2 = sum(1 for _ in open(myfile2))
+
+ # This prints all the indicators for the SHA1 (commented) and creates
+ # a relationship for each one of them with the malware
+
+ for i in range(num_lines2):
+ #print("The indicator SHA1 is:\n")
+ #print(locals()["indicator_SHA1_" + str(i+1)].serialize(pretty=True))
+
+ # creating the relationship with the malware
+ locals()["relationship_SHA256_" + str(i+1)] = Relationship(relationship_type='indicates',
+ source_ref=locals()["indicator_SHA256_" + str(i+1)].id,
+ target_ref=malware.id)
+ #print("The relationship is:\n")
+ #print(locals()["relationship_SHA1_" + str(i+1)].serialize(pretty=True))
+
+ print("DONE\n")
+
+ menu()
+ option = input("Choose your option: ")
print("creating the bundle...")
-# create lists for the objects above
-my_indicators_SHA1 = []
-my_relationships_SHA1 = []
-my_indicators_SHA256 = []
-my_relationships_SHA256 = []
-for j in range(num_lines):
- my_indicators_SHA1.append(locals()["indicator_SHA1_" + str(j+1)])
- my_relationships_SHA1.append(locals()["relationship_SHA1_" + str(j+1)])
- my_indicators_SHA1.append(locals()["indicator_SHA256_" + str(j+1)])
- my_relationships_SHA1.append(locals()["relationship_SHA256_" + str(j+1)])
-# creating a bundle of objects: indicators, relationships, malware
-my_bundle = Bundle(my_indicators_SHA1[:], my_relationships_SHA1[:], my_indicators_SHA256[:], my_relationships_SHA256[:], malware, my_identity)
+# creating a bundle based on the options selected above
+
+final_trick=bundle_option%2
+
+# debug
+print("final_trick = " + str(final_trick))
+print("bundle_option = " + str(bundle_option))
+
+DEBUG=input("DEBUG")
+
+
+if final_trick == 1:
+ if bundle_option == 3:
+ my_indicators_SHA1 = []
+ my_relationships_SHA1 = []
+ for j in range(num_lines):
+ my_indicators_SHA1.append(locals()["indicator_SHA1_" + str(j+1)])
+ my_relationships_SHA1.append(locals()["relationship_SHA1_" + str(j+1)])
+ my_bundle = Bundle(my_indicators_SHA1[:], my_relationships_SHA1[:], malware, my_identity)
+ print(my_bundle.serialize(pretty=True))
+
+ else:
+ my_indicators_SHA1 = []
+ my_relationships_SHA1 = []
+ my_indicators_SHA256 = []
+ my_relationships_SHA256 = []
+ for j in range(num_lines):
+ my_indicators_SHA1.append(locals()["indicator_SHA1_" + str(j+1)])
+ my_relationships_SHA1.append(locals()["relationship_SHA1_" + str(j+1)])
+ for j in range(num_lines2):
+ my_indicators_SHA256.append(locals()["indicator_SHA256_" + str(j+1)])
+ my_relationships_SHA256.append(locals()["relationship_SHA256_" + str(j+1)])
+ my_bundle = Bundle(my_indicators_SHA1[:], my_relationships_SHA1[:], my_indicators_SHA256[:], my_relationships_SHA256[:], malware, my_identity)
+ print(my_bundle.serialize(pretty=True))
+
+
+
+elif final_trick == 0:
+ if bundle_option == 2:
+ my_indicators_SHA256 = []
+ my_relationships_SHA256 = []
+ for j in range(num_lines2):
+ my_indicators_SHA256.append(locals()["indicator_SHA256_" + str(j+1)])
+ my_relationships_SHA256.append(locals()["relationship_SHA256_" + str(j+1)])
+
+ my_bundle = Bundle(my_indicators_SHA256[:], my_relationships_SHA256[:], malware, my_identity)
+ print(my_bundle.serialize(pretty=True))
+ else:
+ my_indicators_SHA1 = []
+ my_relationships_SHA1 = []
+ my_indicators_SHA256 = []
+ my_relationships_SHA256 = []
+ for j in range(num_lines):
+ my_indicators_SHA1.append(locals()["indicator_SHA1_" + str(j+1)])
+ my_relationships_SHA1.append(locals()["relationship_SHA1_" + str(j+1)])
+ for j in range(num_lines2):
+ my_indicators_SHA256.append(locals()["indicator_SHA256_" + str(j+1)])
+ my_relationships_SHA256.append(locals()["relationship_SHA256_" + str(j+1)])
+
+ my_bundle = Bundle(my_indicators_SHA1[:], my_relationships_SHA1[:], my_indicators_SHA256[:], my_relationships_SHA256[:], malware, my_identity)
+ print(my_bundle.serialize(pretty=True))
+
+else:
+ print("ERROR: No hash was detected to be chosen. Exiting without creating the bundle...")
#print("Bundle:")
-print("\nDone!")
-print(my_bundle.serialize(pretty=True))
+print("\nBye bye!")
+
output_f = mal_name + "_Bundle.json"
f_o = open(output_f, "x")
print("\nWriting the contents into " + output_f + " ...")
-f_o.write(my_bundle.serialize(pretty=True))
-
-print("\nDone! enjoy")>
\ No newline at end of file
+f_o.write(my_bundle.serialize(pretty=True))<
\ No newline at end of file