CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-02-12 16:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds indicators for android properties

Browse Source
This commit is contained in:
tek
2023-03-29 12:57:41 +02:00
parent 70c6f0c153
commit b5d7e528de
7 changed files with 96 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/artifacts/generate_stix.py
View File

@@ -16,6 +16,7 @@ def generate_test_stix_file(file_path):
processes = ["Launch"]
emails = ["foobar@example.org"]
filenames = ["/var/foobar/txt"]
android_property = ["sys.foobar"]
res = []
malware = Malware(name="TestMalware", is_family=False, description="")
@@ -40,6 +41,11 @@ def generate_test_stix_file(file_path):
res.append(i)
res.append(Relationship(i, "indicates", malware))
for p in android_property:
i = Indicator(indicator_types=["malicious-activity"], pattern="[android-property:name='{}']".format(p), pattern_type="stix")
res.append(i)
res.append(Relationship(i, "indicates", malware))
bundle = Bundle(objects=res)
with open(file_path, "w+", encoding="utf-8") as f:
f.write(bundle.serialize(pretty=True))