1# Copyright (c) 2018, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7 8from maec.bindings import maec_bundle as maec_bundle_schema 9from maec.bindings import mmdef_1_2 as metadatasharing 10from cybox.bindings import cybox_core 11from cybox.bindings import system_object 12from cybox.bindings import cybox_common 13from cybox.bindings import file_object 14from cybox.bindings import uri_object 15 16class AnalysisEnvironmentType(GeneratedsSuper): 17 """The AnalysisEnvironmentType provides mechanisms for characterizing 18 the particular hardware/software environment used in the 19 analysis of a Malware Subject.""" 20 subclass = None 21 superclass = None 22 def __init__(self, Hypervisor_Host_System=None, Analysis_Systems=None, Network_Infrastructure=None): 23 self.Hypervisor_Host_System = Hypervisor_Host_System 24 self.Analysis_Systems = Analysis_Systems 25 self.Network_Infrastructure = Network_Infrastructure 26 def factory(*args_, **kwargs_): 27 if AnalysisEnvironmentType.subclass: 28 return AnalysisEnvironmentType.subclass(*args_, **kwargs_) 29 else: 30 return AnalysisEnvironmentType(*args_, **kwargs_) 31 factory = staticmethod(factory) 32 def get_Hypervisor_Host_System(self): return self.Hypervisor_Host_System 33 def set_Hypervisor_Host_System(self, Hypervisor_Host_System): self.Hypervisor_Host_System = Hypervisor_Host_System 34 def get_Analysis_Systems(self): return self.Analysis_Systems 35 def set_Analysis_Systems(self, Analysis_Systems): self.Analysis_Systems = Analysis_Systems 36 def get_Network_Infrastructure(self): return self.Network_Infrastructure 37 def set_Network_Infrastructure(self, Network_Infrastructure): self.Network_Infrastructure = Network_Infrastructure 38 def hasContent_(self): 39 if ( 40 self.Hypervisor_Host_System is not None or 41 self.Analysis_Systems is not None or 42 self.Network_Infrastructure is not None 43 ): 44 return True 45 else: 46 return False 47 def export(self, write, level, namespace_='maecPackage:', name_='AnalysisEnvironmentType', namespacedef_='', pretty_print=True): 48 if pretty_print: 49 eol_ = '\n' 50 else: 51 eol_ = '' 52 showIndent(write, level, pretty_print) 53 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 54 already_processed = set() 55 self.exportAttributes(write, level, already_processed, namespace_, name_='AnalysisEnvironmentType') 56 if self.hasContent_(): 57 write('>%s' % (eol_, )) 58 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 59 showIndent(write, level, pretty_print) 60 write('</%s%s>%s' % (namespace_, name_, eol_)) 61 else: 62 write('/>%s' % (eol_, )) 63 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='AnalysisEnvironmentType'): 64 pass 65 def exportChildren(self, write, level, namespace_='maecPackage:', name_='AnalysisEnvironmentType', fromsubclass_=False, pretty_print=True): 66 if pretty_print: 67 eol_ = '\n' 68 else: 69 eol_ = '' 70 if self.Hypervisor_Host_System is not None: 71 self.Hypervisor_Host_System.export(write, level, 'maecPackage:', name_='Hypervisor_Host_System', pretty_print=pretty_print) 72 if self.Analysis_Systems is not None: 73 self.Analysis_Systems.export(write, level, 'maecPackage:', name_='Analysis_Systems', pretty_print=pretty_print) 74 if self.Network_Infrastructure is not None: 75 self.Network_Infrastructure.export(write, level, 'maecPackage:', name_='Network_Infrastructure', pretty_print=pretty_print) 76 def build(self, node): 77 self.__sourcenode__ = node 78 already_processed = set() 79 self.buildAttributes(node, node.attrib, already_processed) 80 for child in node: 81 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 82 self.buildChildren(child, node, nodeName_) 83 def buildAttributes(self, node, attrs, already_processed): 84 pass 85 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 86 if nodeName_ == 'Hypervisor_Host_System': 87 obj_ = HypervisorHostSystemType.factory() 88 obj_.build(child_) 89 self.set_Hypervisor_Host_System(obj_) 90 elif nodeName_ == 'Analysis_Systems': 91 obj_ = AnalysisSystemListType.factory() 92 obj_.build(child_) 93 self.set_Analysis_Systems(obj_) 94 elif nodeName_ == 'Network_Infrastructure': 95 obj_ = NetworkInfrastructureType.factory() 96 obj_.build(child_) 97 self.set_Network_Infrastructure(obj_) 98# end class AnalysisEnvironmentType 99 100class SourceType(GeneratedsSuper): 101 """The SourceType provides a way of characterizing the external source 102 of a relevant MAEC entity, such as an Analysis.""" 103 subclass = None 104 superclass = None 105 def __init__(self, Name=None, Method=None, Reference=None, Organization=None, URL=None): 106 self.Name = Name 107 self.Method = Method 108 self.Reference = Reference 109 self.Organization = Organization 110 self.URL = URL 111 def factory(*args_, **kwargs_): 112 if SourceType.subclass: 113 return SourceType.subclass(*args_, **kwargs_) 114 else: 115 return SourceType(*args_, **kwargs_) 116 factory = staticmethod(factory) 117 def get_Name(self): return self.Name 118 def set_Name(self, Name): self.Name = Name 119 def get_Method(self): return self.Method 120 def set_Method(self, Method): self.Method = Method 121 def get_Reference(self): return self.Reference 122 def set_Reference(self, Reference): self.Reference = Reference 123 def get_Organization(self): return self.Organization 124 def set_Organization(self, Organization): self.Organization = Organization 125 def get_URL(self): return self.URL 126 def set_URL(self, URL): self.URL = URL 127 def hasContent_(self): 128 if ( 129 self.Name is not None or 130 self.Method is not None or 131 self.Reference is not None or 132 self.Organization is not None or 133 self.URL is not None 134 ): 135 return True 136 else: 137 return False 138 def export(self, write, level, namespace_='maecPackage:', name_='SourceType', namespacedef_='', pretty_print=True): 139 if pretty_print: 140 eol_ = '\n' 141 else: 142 eol_ = '' 143 showIndent(write, level, pretty_print) 144 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 145 already_processed = set() 146 self.exportAttributes(write, level, already_processed, namespace_, name_='SourceType') 147 if self.hasContent_(): 148 write('>%s' % (eol_, )) 149 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 150 showIndent(write, level, pretty_print) 151 write('</%s%s>%s' % (namespace_, name_, eol_)) 152 else: 153 write('/>%s' % (eol_, )) 154 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='SourceType'): 155 pass 156 def exportChildren(self, write, level, namespace_='maecPackage:', name_='SourceType', fromsubclass_=False, pretty_print=True): 157 if pretty_print: 158 eol_ = '\n' 159 else: 160 eol_ = '' 161 if self.Name is not None: 162 showIndent(write, level, pretty_print) 163 write('<%sName>%s</%sName>%s' % ('maecPackage:', quote_xml(self.Name), 'maecPackage:', eol_)) 164 if self.Method is not None: 165 showIndent(write, level, pretty_print) 166 write('<%sMethod>%s</%sMethod>%s' % ('maecPackage:', quote_xml(self.Method), 'maecPackage:', eol_)) 167 if self.Reference is not None: 168 showIndent(write, level, pretty_print) 169 write('<%sReference>%s</%sReference>%s' % ('maecPackage:', quote_xml(self.Reference), 'maecPackage:', eol_)) 170 if self.Organization is not None: 171 showIndent(write, level, pretty_print) 172 write('<%sOrganization>%s</%sOrganization>%s' % ('maecPackage:', quote_xml(self.Organization), 'maecPackage:', eol_)) 173 if self.URL is not None: 174 showIndent(write, level, pretty_print) 175 write('<%sURL>%s</%sURL>%s' % ('maecPackage:', quote_xml(self.URL), 'maecPackage:', eol_)) 176 def build(self, node): 177 self.__sourcenode__ = node 178 already_processed = set() 179 self.buildAttributes(node, node.attrib, already_processed) 180 for child in node: 181 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 182 self.buildChildren(child, node, nodeName_) 183 def buildAttributes(self, node, attrs, already_processed): 184 pass 185 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 186 if nodeName_ == 'Name': 187 Name_ = child_.text 188 Name_ = self.gds_validate_string(Name_, node, 'Name') 189 self.Name = Name_ 190 elif nodeName_ == 'Method': 191 Method_ = child_.text 192 Method_ = self.gds_validate_string(Method_, node, 'Method') 193 self.Method = Method_ 194 elif nodeName_ == 'Reference': 195 Reference_ = child_.text 196 Reference_ = self.gds_validate_string(Reference_, node, 'Reference') 197 self.Reference = Reference_ 198 elif nodeName_ == 'Organization': 199 Organization_ = child_.text 200 Organization_ = self.gds_validate_string(Organization_, node, 'Organization') 201 self.Organization = Organization_ 202 elif nodeName_ == 'URL': 203 URL_ = child_.text 204 URL_ = self.gds_validate_string(URL_, node, 'URL') 205 self.URL = URL_ 206# end class SourceType 207 208class CommentListType(GeneratedsSuper): 209 """The CommentListType provides a simple way of capturing any comments 210 relating to MAEC entities, such as Analyses.""" 211 subclass = None 212 superclass = None 213 def __init__(self, Comment=None): 214 if Comment is None: 215 self.Comment = [] 216 else: 217 self.Comment = Comment 218 def factory(*args_, **kwargs_): 219 if CommentListType.subclass: 220 return CommentListType.subclass(*args_, **kwargs_) 221 else: 222 return CommentListType(*args_, **kwargs_) 223 factory = staticmethod(factory) 224 def get_Comment(self): return self.Comment 225 def set_Comment(self, Comment): self.Comment = Comment 226 def add_Comment(self, value): self.Comment.append(value) 227 def insert_Comment(self, index, value): self.Comment[index] = value 228 def hasContent_(self): 229 if ( 230 self.Comment 231 ): 232 return True 233 else: 234 return False 235 def export(self, write, level, namespace_='maecPackage:', name_='CommentListType', namespacedef_='', pretty_print=True): 236 if pretty_print: 237 eol_ = '\n' 238 else: 239 eol_ = '' 240 showIndent(write, level, pretty_print) 241 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 242 already_processed = set() 243 self.exportAttributes(write, level, already_processed, namespace_, name_='CommentListType') 244 if self.hasContent_(): 245 write('>%s' % (eol_, )) 246 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 247 showIndent(write, level, pretty_print) 248 write('</%s%s>%s' % (namespace_, name_, eol_)) 249 else: 250 write('/>%s' % (eol_, )) 251 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='CommentListType'): 252 pass 253 def exportChildren(self, write, level, namespace_='maecPackage:', name_='CommentListType', fromsubclass_=False, pretty_print=True): 254 if pretty_print: 255 eol_ = '\n' 256 else: 257 eol_ = '' 258 for Comment_ in self.Comment: 259 Comment_.export(write, level, 'maecPackage:', name_='Comment', pretty_print=pretty_print) 260 def build(self, node): 261 self.__sourcenode__ = node 262 already_processed = set() 263 self.buildAttributes(node, node.attrib, already_processed) 264 for child in node: 265 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 266 self.buildChildren(child, node, nodeName_) 267 def buildAttributes(self, node, attrs, already_processed): 268 pass 269 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 270 if nodeName_ == 'Comment': 271 obj_ = CommentType.factory() 272 obj_.build(child_) 273 self.Comment.append(obj_) 274# end class CommentListType 275 276class AnalysisSystemListType(GeneratedsSuper): 277 """The AnalysisSystemListType captures a list of the systems, physical 278 or virtual, used in the analysis of a Malware Subject.""" 279 subclass = None 280 superclass = None 281 def __init__(self, Analysis_System=None): 282 if Analysis_System is None: 283 self.Analysis_System = [] 284 else: 285 self.Analysis_System = Analysis_System 286 def factory(*args_, **kwargs_): 287 if AnalysisSystemListType.subclass: 288 return AnalysisSystemListType.subclass(*args_, **kwargs_) 289 else: 290 return AnalysisSystemListType(*args_, **kwargs_) 291 factory = staticmethod(factory) 292 def get_Analysis_System(self): return self.Analysis_System 293 def set_Analysis_System(self, Analysis_System): self.Analysis_System = Analysis_System 294 def add_Analysis_System(self, value): self.Analysis_System.append(value) 295 def insert_Analysis_System(self, index, value): self.Analysis_System[index] = value 296 def hasContent_(self): 297 if ( 298 self.Analysis_System 299 ): 300 return True 301 else: 302 return False 303 def export(self, write, level, namespace_='maecPackage:', name_='AnalysisSystemListType', namespacedef_='', pretty_print=True): 304 if pretty_print: 305 eol_ = '\n' 306 else: 307 eol_ = '' 308 showIndent(write, level, pretty_print) 309 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 310 already_processed = set() 311 self.exportAttributes(write, level, already_processed, namespace_, name_='AnalysisSystemListType') 312 if self.hasContent_(): 313 write('>%s' % (eol_, )) 314 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 315 showIndent(write, level, pretty_print) 316 write('</%s%s>%s' % (namespace_, name_, eol_)) 317 else: 318 write('/>%s' % (eol_, )) 319 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='AnalysisSystemListType'): 320 pass 321 def exportChildren(self, write, level, namespace_='maecPackage:', name_='AnalysisSystemListType', fromsubclass_=False, pretty_print=True): 322 if pretty_print: 323 eol_ = '\n' 324 else: 325 eol_ = '' 326 for Analysis_System_ in self.Analysis_System: 327 Analysis_System_.export(write, level, 'maecPackage:', name_='Analysis_System', pretty_print=pretty_print) 328 def build(self, node): 329 self.__sourcenode__ = node 330 already_processed = set() 331 self.buildAttributes(node, node.attrib, already_processed) 332 for child in node: 333 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 334 self.buildChildren(child, node, nodeName_) 335 def buildAttributes(self, node, attrs, already_processed): 336 pass 337 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 338 if nodeName_ == 'Analysis_System': 339 obj_ = AnalysisSystemType.factory() 340 obj_.build(child_) 341 self.Analysis_System.append(obj_) 342# end class AnalysisSystemListType 343 344class ToolListType(GeneratedsSuper): 345 """The ToolsType characterizes one or more tools, such as those used in 346 the analysis of a Malware Subject.""" 347 subclass = None 348 superclass = None 349 def __init__(self, Tool=None): 350 if Tool is None: 351 self.Tool = [] 352 else: 353 self.Tool = Tool 354 def factory(*args_, **kwargs_): 355 if ToolListType.subclass: 356 return ToolListType.subclass(*args_, **kwargs_) 357 else: 358 return ToolListType(*args_, **kwargs_) 359 factory = staticmethod(factory) 360 def get_Tool(self): return self.Tool 361 def set_Tool(self, Tool): self.Tool = Tool 362 def add_Tool(self, value): self.Tool.append(value) 363 def insert_Tool(self, index, value): self.Tool[index] = value 364 def hasContent_(self): 365 if ( 366 self.Tool 367 ): 368 return True 369 else: 370 return False 371 def export(self, write, level, namespace_='maecPackage:', name_='ToolListType', namespacedef_='', pretty_print=True): 372 if pretty_print: 373 eol_ = '\n' 374 else: 375 eol_ = '' 376 showIndent(write, level, pretty_print) 377 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 378 already_processed = set() 379 self.exportAttributes(write, level, already_processed, namespace_, name_='ToolListType') 380 if self.hasContent_(): 381 write('>%s' % (eol_, )) 382 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 383 showIndent(write, level, pretty_print) 384 write('</%s%s>%s' % (namespace_, name_, eol_)) 385 else: 386 write('/>%s' % (eol_, )) 387 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ToolListType'): 388 pass 389 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ToolListType', fromsubclass_=False, pretty_print=True): 390 if pretty_print: 391 eol_ = '\n' 392 else: 393 eol_ = '' 394 for Tool_ in self.Tool: 395 Tool_.export(write, level, 'maecPackage:', name_='Tool', pretty_print=pretty_print) 396 def build(self, node): 397 self.__sourcenode__ = node 398 already_processed = set() 399 self.buildAttributes(node, node.attrib, already_processed) 400 for child in node: 401 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 402 self.buildChildren(child, node, nodeName_) 403 def buildAttributes(self, node, attrs, already_processed): 404 pass 405 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 406 if nodeName_ == 'Tool': 407 obj_ = cybox_common.ToolInformationType.factory() 408 obj_.build(child_) 409 self.add_Tool(obj_) 410# end class ToolListType 411 412class DynamicAnalysisMetadataType(GeneratedsSuper): 413 """The DynamicAnalysisMetadataType captures any metadata specific to 414 the dynamic analysis of a malware instance.""" 415 subclass = None 416 superclass = None 417 def __init__(self, Command_Line=None, Analysis_Duration=None, Exit_Code=None): 418 self.Command_Line = Command_Line 419 self.Analysis_Duration = Analysis_Duration 420 self.Exit_Code = Exit_Code 421 def factory(*args_, **kwargs_): 422 if DynamicAnalysisMetadataType.subclass: 423 return DynamicAnalysisMetadataType.subclass(*args_, **kwargs_) 424 else: 425 return DynamicAnalysisMetadataType(*args_, **kwargs_) 426 factory = staticmethod(factory) 427 def get_Command_Line(self): return self.Command_Line 428 def set_Command_Line(self, Command_Line): self.Command_Line = Command_Line 429 def get_Analysis_Duration(self): return self.Analysis_Duration 430 def set_Analysis_Duration(self, Analysis_Duration): self.Analysis_Duration = Analysis_Duration 431 def get_Exit_Code(self): return self.Exit_Code 432 def set_Exit_Code(self, Exit_Code): self.Exit_Code = Exit_Code 433 def hasContent_(self): 434 if ( 435 self.Command_Line is not None or 436 self.Analysis_Duration is not None or 437 self.Exit_Code is not None 438 ): 439 return True 440 else: 441 return False 442 def export(self, write, level, namespace_='maecPackage:', name_='DynamicAnalysisMetadataType', namespacedef_='', pretty_print=True): 443 if pretty_print: 444 eol_ = '\n' 445 else: 446 eol_ = '' 447 showIndent(write, level, pretty_print) 448 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 449 already_processed = set() 450 self.exportAttributes(write, level, already_processed, namespace_, name_='DynamicAnalysisMetadataType') 451 if self.hasContent_(): 452 write('>%s' % (eol_, )) 453 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 454 showIndent(write, level, pretty_print) 455 write('</%s%s>%s' % (namespace_, name_, eol_)) 456 else: 457 write('/>%s' % (eol_, )) 458 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='DynamicAnalysisMetadataType'): 459 pass 460 def exportChildren(self, write, level, namespace_='maecPackage:', name_='DynamicAnalysisMetadataType', fromsubclass_=False, pretty_print=True): 461 if pretty_print: 462 eol_ = '\n' 463 else: 464 eol_ = '' 465 if self.Command_Line is not None: 466 showIndent(write, level, pretty_print) 467 write('<%sCommand_Line>%s</%sCommand_Line>%s' % ('maecPackage:', quote_xml(self.Command_Line), 'maecPackage:', eol_)) 468 if self.Analysis_Duration is not None: 469 showIndent(write, level, pretty_print) 470 write('<%sAnalysis_Duration>%s</%sAnalysis_Duration>%s' % ('maecPackage:', self.gds_format_float(self.Analysis_Duration, input_name='Analysis_Duration'), 'maecPackage:', eol_)) 471 if self.Exit_Code is not None: 472 showIndent(write, level, pretty_print) 473 write('<%sExit_Code>%s</%sExit_Code>%s' % ('maecPackage:', self.gds_format_integer(self.Exit_Code, input_name='Exit_Code'), 'maecPackage:', eol_)) 474 def build(self, node): 475 self.__sourcenode__ = node 476 already_processed = set() 477 self.buildAttributes(node, node.attrib, already_processed) 478 for child in node: 479 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 480 self.buildChildren(child, node, nodeName_) 481 def buildAttributes(self, node, attrs, already_processed): 482 pass 483 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 484 if nodeName_ == 'Command_Line': 485 Command_Line_ = child_.text 486 Command_Line_ = self.gds_validate_string(Command_Line_, node, 'Command_Line') 487 self.Command_Line = Command_Line_ 488 elif nodeName_ == 'Analysis_Duration': 489 sval_ = child_.text 490 try: 491 fval_ = float(sval_) 492 except (TypeError, ValueError) as exp: 493 raise_parse_error(child_, 'requires float or double: %s' % exp) 494 fval_ = self.gds_validate_float(fval_, node, 'Analysis_Duration') 495 self.Analysis_Duration = fval_ 496 elif nodeName_ == 'Exit_Code': 497 sval_ = child_.text 498 try: 499 ival_ = int(sval_) 500 except (TypeError, ValueError) as exp: 501 raise_parse_error(child_, 'requires integer: %s' % exp) 502 ival_ = self.gds_validate_integer(ival_, node, 'Exit_Code') 503 self.Exit_Code = ival_ 504# end class DynamicAnalysisMetadataType 505 506class AnalysisType(GeneratedsSuper): 507 """The AnalysisType provides a way of capturing the information 508 associated with the analysis of a malware instance, such as the 509 subject, authors, start datetime, and other relevant data.The 510 required id field specifies a unique ID for this Analysis. The 511 ID must follow the pattern defined in the AnalysisIDPattern 512 simple type.The type field specifies the type of malware 513 analysis being performed.The method field specifies the analysis 514 method used in the analysis. The ordinal_position field 515 specifies the ordering of the analysis with respect to the other 516 analyses performed on the Malware Subject.The start_datetime 517 field specifies the date/time the analysis was started.The 518 complete_datetime field specifies the date/time the analysis was 519 completed.The lastupdate_datetime field specifies the date/time 520 the analysis was last updated.""" 521 subclass = None 522 superclass = None 523 def __init__(self, start_datetime=None, complete_datetime=None, method=None, ordinal_position=None, lastupdate_datetime=None, type=None, id=None, Source=None, Analysts=None, Summary=None, Comments=None, Findings_Bundle_Reference=None, Tools=None, Dynamic_Analysis_Metadata=None, Analysis_Environment=None, Report=None): 524 self.start_datetime = _cast(None, start_datetime) 525 self.complete_datetime = _cast(None, complete_datetime) 526 self.method = _cast(None, method) 527 self.ordinal_position = _cast(int, ordinal_position) 528 self.lastupdate_datetime = _cast(None, lastupdate_datetime) 529 self.type = _cast(None, type) 530 self.id = _cast(None, id) 531 self.Source = Source 532 self.Analysts = Analysts 533 self.Summary = Summary 534 self.Comments = Comments 535 if Findings_Bundle_Reference is None: 536 self.Findings_Bundle_Reference = [] 537 else: 538 self.Findings_Bundle_Reference = Findings_Bundle_Reference 539 self.Tools = Tools 540 self.Dynamic_Analysis_Metadata = Dynamic_Analysis_Metadata 541 self.Analysis_Environment = Analysis_Environment 542 self.Report = Report 543 def factory(*args_, **kwargs_): 544 if AnalysisType.subclass: 545 return AnalysisType.subclass(*args_, **kwargs_) 546 else: 547 return AnalysisType(*args_, **kwargs_) 548 factory = staticmethod(factory) 549 def get_Source(self): return self.Source 550 def set_Source(self, Source): self.Source = Source 551 def get_Analysts(self): return self.Analysts 552 def set_Analysts(self, Analysts): self.Analysts = Analysts 553 def get_Summary(self): return self.Summary 554 def set_Summary(self, Summary): self.Summary = Summary 555 def get_Comments(self): return self.Comments 556 def set_Comments(self, Comments): self.Comments = Comments 557 def get_Findings_Bundle_Reference(self): return self.Findings_Bundle_Reference 558 def set_Findings_Bundle_Reference(self, Findings_Bundle_Reference): self.Findings_Bundle_Reference = Findings_Bundle_Reference 559 def add_Findings_Bundle_Reference(self, value): self.Findings_Bundle_Reference.append(value) 560 def insert_Findings_Bundle_Reference(self, index, value): self.Findings_Bundle_Reference[index] = value 561 def get_Tools(self): return self.Tools 562 def set_Tools(self, Tools): self.Tools = Tools 563 def get_Dynamic_Analysis_Metadata(self): return self.Dynamic_Analysis_Metadata 564 def set_Dynamic_Analysis_Metadata(self, Dynamic_Analysis_Metadata): self.Dynamic_Analysis_Metadata = Dynamic_Analysis_Metadata 565 def get_Analysis_Environment(self): return self.Analysis_Environment 566 def set_Analysis_Environment(self, Analysis_Environment): self.Analysis_Environment = Analysis_Environment 567 def get_Report(self): return self.Report 568 def set_Report(self, Report): self.Report = Report 569 def get_start_datetime(self): return self.start_datetime 570 def set_start_datetime(self, start_datetime): self.start_datetime = start_datetime 571 def get_complete_datetime(self): return self.complete_datetime 572 def set_complete_datetime(self, complete_datetime): self.complete_datetime = complete_datetime 573 def get_method(self): return self.method 574 def set_method(self, method): self.method = method 575 def get_ordinal_position(self): return self.ordinal_position 576 def set_ordinal_position(self, ordinal_position): self.ordinal_position = ordinal_position 577 def get_lastupdate_datetime(self): return self.lastupdate_datetime 578 def set_lastupdate_datetime(self, lastupdate_datetime): self.lastupdate_datetime = lastupdate_datetime 579 def get_type(self): return self.type 580 def set_type(self, type): self.type = type 581 def get_id(self): return self.id 582 def set_id(self, id): self.id = id 583 def hasContent_(self): 584 if ( 585 self.Source is not None or 586 self.Analysts is not None or 587 self.Summary is not None or 588 self.Comments is not None or 589 self.Findings_Bundle_Reference is not None or 590 self.Tools is not None or 591 self.Dynamic_Analysis_Metadata is not None or 592 self.Analysis_Environment is not None or 593 self.Report is not None 594 ): 595 return True 596 else: 597 return False 598 def export(self, write, level, namespace_='maecPackage:', name_='AnalysisType', namespacedef_='', pretty_print=True): 599 if pretty_print: 600 eol_ = '\n' 601 else: 602 eol_ = '' 603 showIndent(write, level, pretty_print) 604 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 605 already_processed = set() 606 self.exportAttributes(write, level, already_processed, namespace_, name_='AnalysisType') 607 if self.hasContent_(): 608 write('>%s' % (eol_, )) 609 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 610 showIndent(write, level, pretty_print) 611 write('</%s%s>%s' % (namespace_, name_, eol_)) 612 else: 613 write('/>%s' % (eol_, )) 614 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='AnalysisType'): 615 if self.start_datetime is not None and 'start_datetime' not in already_processed: 616 already_processed.add('start_datetime') 617 write(' start_datetime="%s"' % self.start_datetime) 618 if self.complete_datetime is not None and 'complete_datetime' not in already_processed: 619 already_processed.add('complete_datetime') 620 write(' complete_datetime="%s"' % self.complete_datetime) 621 if self.method is not None and 'method' not in already_processed: 622 already_processed.add('method') 623 write(' method=%s' % (quote_attrib(self.method), )) 624 if self.ordinal_position is not None and 'ordinal_position' not in already_processed: 625 already_processed.add('ordinal_position') 626 write(' ordinal_position="%s"' % self.gds_format_integer(self.ordinal_position, input_name='ordinal_position')) 627 if self.lastupdate_datetime is not None and 'lastupdate_datetime' not in already_processed: 628 already_processed.add('lastupdate_datetime') 629 write(' lastupdate_datetime="%s"' % self.lastupdate_datetime) 630 if self.type is not None and 'type' not in already_processed: 631 already_processed.add('type') 632 write(' type=%s' % (quote_attrib(self.type), )) 633 if self.id is not None and 'id' not in already_processed: 634 already_processed.add('id') 635 write(' id=%s' % (quote_attrib(self.id), )) 636 def exportChildren(self, write, level, namespace_='maecPackage:', name_='AnalysisType', fromsubclass_=False, pretty_print=True): 637 if pretty_print: 638 eol_ = '\n' 639 else: 640 eol_ = '' 641 if self.Source is not None: 642 self.Source.export(write, level, 'maecPackage:', name_='Source', pretty_print=pretty_print) 643 if self.Analysts is not None: 644 self.Analysts.export(write, level, 'maecPackage:', name_='Analysts', pretty_print=pretty_print) 645 if self.Summary is not None: 646 self.Summary.export(write, level, 'maecPackage:', name_='Summary', pretty_print=pretty_print) 647 if self.Comments is not None: 648 self.Comments.export(write, level, 'maecPackage:', name_='Comments', pretty_print=pretty_print) 649 for Findings_Bundle_Reference_ in self.Findings_Bundle_Reference: 650 Findings_Bundle_Reference_.export(write, level, 'maecPackage:', name_='Findings_Bundle_Reference', pretty_print=pretty_print) 651 if self.Tools is not None: 652 self.Tools.export(write, level, 'maecPackage:', name_='Tools', pretty_print=pretty_print) 653 if self.Dynamic_Analysis_Metadata is not None: 654 self.Dynamic_Analysis_Metadata.export(write, level, 'maecPackage:', name_='Dynamic_Analysis_Metadata', pretty_print=pretty_print) 655 if self.Analysis_Environment is not None: 656 self.Analysis_Environment.export(write, level, 'maecPackage:', name_='Analysis_Environment', pretty_print=pretty_print) 657 if self.Report is not None: 658 self.Report.export(write, level, 'maecPackage:', name_='Report', pretty_print=pretty_print) 659 def build(self, node): 660 self.__sourcenode__ = node 661 already_processed = set() 662 self.buildAttributes(node, node.attrib, already_processed) 663 for child in node: 664 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 665 self.buildChildren(child, node, nodeName_) 666 def buildAttributes(self, node, attrs, already_processed): 667 value = find_attr_value_('start_datetime', node) 668 if value is not None and 'start_datetime' not in already_processed: 669 already_processed.add('start_datetime') 670 try: 671 self.start_datetime = value 672 except ValueError as exp: 673 raise ValueError('Bad date-time attribute (start_datetime): %s' % exp) 674 value = find_attr_value_('complete_datetime', node) 675 if value is not None and 'complete_datetime' not in already_processed: 676 already_processed.add('complete_datetime') 677 try: 678 self.complete_datetime = value 679 except ValueError as exp: 680 raise ValueError('Bad date-time attribute (complete_datetime): %s' % exp) 681 value = find_attr_value_('method', node) 682 if value is not None and 'method' not in already_processed: 683 already_processed.add('method') 684 self.method = value 685 value = find_attr_value_('ordinal_position', node) 686 if value is not None and 'ordinal_position' not in already_processed: 687 already_processed.add('ordinal_position') 688 try: 689 self.ordinal_position = int(value) 690 except ValueError as exp: 691 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 692 if self.ordinal_position <= 0: 693 raise_parse_error(node, 'Invalid PositiveInteger') 694 value = find_attr_value_('lastupdate_datetime', node) 695 if value is not None and 'lastupdate_datetime' not in already_processed: 696 already_processed.add('lastupdate_datetime') 697 try: 698 self.lastupdate_datetime = value 699 except ValueError as exp: 700 raise ValueError('Bad date-time attribute (lastupdate_datetime): %s' % exp) 701 value = find_attr_value_('type', node) 702 if value is not None and 'type' not in already_processed: 703 already_processed.add('type') 704 self.type = value 705 value = find_attr_value_('id', node) 706 if value is not None and 'id' not in already_processed: 707 already_processed.add('id') 708 self.id = value 709 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 710 if nodeName_ == 'Source': 711 obj_ = SourceType.factory() 712 obj_.build(child_) 713 self.set_Source(obj_) 714 elif nodeName_ == 'Analysts': 715 obj_ = cybox_common.PersonnelType.factory() 716 obj_.build(child_) 717 self.set_Analysts(obj_) 718 elif nodeName_ == 'Summary': 719 obj_ = cybox_common.StructuredTextType.factory() 720 obj_.build(child_) 721 self.set_Summary(obj_) 722 elif nodeName_ == 'Comments': 723 obj_ = CommentListType.factory() 724 obj_.build(child_) 725 self.set_Comments(obj_) 726 elif nodeName_ == 'Findings_Bundle_Reference': 727 obj_ = maec_bundle_schema.BundleReferenceType.factory() 728 obj_.build(child_) 729 self.Findings_Bundle_Reference.append(obj_) 730 elif nodeName_ == 'Tools': 731 obj_ = ToolListType.factory() 732 obj_.build(child_) 733 self.set_Tools(obj_) 734 elif nodeName_ == 'Dynamic_Analysis_Metadata': 735 obj_ = DynamicAnalysisMetadataType.factory() 736 obj_.build(child_) 737 self.set_Dynamic_Analysis_Metadata(obj_) 738 elif nodeName_ == 'Analysis_Environment': 739 obj_ = AnalysisEnvironmentType.factory() 740 obj_.build(child_) 741 self.set_Analysis_Environment(obj_) 742 elif nodeName_ == 'Report': 743 obj_ = cybox_common.StructuredTextType.factory() 744 obj_.build(child_) 745 self.set_Report(obj_) 746# end class AnalysisType 747 748class AnalysisListType(GeneratedsSuper): 749 """The AnalysisListType captures a list of analyses that were performed 750 on a Malware Subject.""" 751 subclass = None 752 superclass = None 753 def __init__(self, Analysis=None): 754 if Analysis is None: 755 self.Analysis = [] 756 else: 757 self.Analysis = Analysis 758 def factory(*args_, **kwargs_): 759 if AnalysisListType.subclass: 760 return AnalysisListType.subclass(*args_, **kwargs_) 761 else: 762 return AnalysisListType(*args_, **kwargs_) 763 factory = staticmethod(factory) 764 def get_Analysis(self): return self.Analysis 765 def set_Analysis(self, Analysis): self.Analysis = Analysis 766 def add_Analysis(self, value): self.Analysis.append(value) 767 def insert_Analysis(self, index, value): self.Analysis[index] = value 768 def hasContent_(self): 769 if ( 770 self.Analysis 771 ): 772 return True 773 else: 774 return False 775 def export(self, write, level, namespace_='maecPackage:', name_='AnalysisListType', namespacedef_='', pretty_print=True): 776 if pretty_print: 777 eol_ = '\n' 778 else: 779 eol_ = '' 780 showIndent(write, level, pretty_print) 781 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 782 already_processed = set() 783 self.exportAttributes(write, level, already_processed, namespace_, name_='AnalysisListType') 784 if self.hasContent_(): 785 write('>%s' % (eol_, )) 786 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 787 showIndent(write, level, pretty_print) 788 write('</%s%s>%s' % (namespace_, name_, eol_)) 789 else: 790 write('/>%s' % (eol_, )) 791 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='AnalysisListType'): 792 pass 793 def exportChildren(self, write, level, namespace_='maecPackage:', name_='AnalysisListType', fromsubclass_=False, pretty_print=True): 794 if pretty_print: 795 eol_ = '\n' 796 else: 797 eol_ = '' 798 for Analysis_ in self.Analysis: 799 Analysis_.export(write, level, 'maecPackage:', name_='Analysis', pretty_print=pretty_print) 800 def build(self, node): 801 self.__sourcenode__ = node 802 already_processed = set() 803 self.buildAttributes(node, node.attrib, already_processed) 804 for child in node: 805 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 806 self.buildChildren(child, node, nodeName_) 807 def buildAttributes(self, node, attrs, already_processed): 808 pass 809 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 810 if nodeName_ == 'Analysis': 811 obj_ = AnalysisType.factory() 812 obj_.build(child_) 813 self.Analysis.append(obj_) 814# end class AnalysisListType 815 816class InstalledProgramsType(GeneratedsSuper): 817 """The InstalledProgramsType captures the programs installed on a 818 particular operating system image, via a list of CPE 819 identifiers.""" 820 subclass = None 821 superclass = None 822 def __init__(self, Program=None): 823 if Program is None: 824 self.Program = [] 825 else: 826 self.Program = Program 827 def factory(*args_, **kwargs_): 828 if InstalledProgramsType.subclass: 829 return InstalledProgramsType.subclass(*args_, **kwargs_) 830 else: 831 return InstalledProgramsType(*args_, **kwargs_) 832 factory = staticmethod(factory) 833 def get_Program(self): return self.Program 834 def set_Program(self, Program): self.Program = Program 835 def add_Program(self, value): self.Program.append(value) 836 def insert_Program(self, index, value): self.Program[index] = value 837 def hasContent_(self): 838 if ( 839 self.Program 840 ): 841 return True 842 else: 843 return False 844 def export(self, write, level, namespace_='maecPackage:', name_='InstalledProgramsType', namespacedef_='', pretty_print=True): 845 if pretty_print: 846 eol_ = '\n' 847 else: 848 eol_ = '' 849 showIndent(write, level, pretty_print) 850 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 851 already_processed = set() 852 self.exportAttributes(write, level, already_processed, namespace_, name_='InstalledProgramsType') 853 if self.hasContent_(): 854 write('>%s' % (eol_, )) 855 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 856 showIndent(write, level, pretty_print) 857 write('</%s%s>%s' % (namespace_, name_, eol_)) 858 else: 859 write('/>%s' % (eol_, )) 860 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='InstalledProgramsType'): 861 pass 862 def exportChildren(self, write, level, namespace_='maecPackage:', name_='InstalledProgramsType', fromsubclass_=False, pretty_print=True): 863 if pretty_print: 864 eol_ = '\n' 865 else: 866 eol_ = '' 867 for Program_ in self.Program: 868 Program_.export(write, level, 'maecPackage:', name_='Program', pretty_print=pretty_print) 869 def build(self, node): 870 self.__sourcenode__ = node 871 already_processed = set() 872 self.buildAttributes(node, node.attrib, already_processed) 873 for child in node: 874 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 875 self.buildChildren(child, node, nodeName_) 876 def buildAttributes(self, node, attrs, already_processed): 877 pass 878 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 879 if nodeName_ == 'Program': 880 obj_ = cybox_common.PlatformSpecificationType.factory() 881 obj_.build(child_) 882 self.set_Program(obj_) 883# end class InstalledProgramsType 884 885class PackageType(GeneratedsSuper): 886 """The PackageType is the namesake type of the MAEC Package schema, and 887 captures either a single Malware Subject, or a collection of 888 Malware Subjects that are related in some way (even if exact 889 details of the metadatasharing.relationship are unknown). Unlike the MAEC 890 Bundle, which captures only the MAEC-characterized analysis 891 results for a malware instance, the Package permits the capture 892 of additional metadata relating to the analysis, relationships 893 between Malware Subjects, and similar types of entities.The 894 required id field specifies a unique ID for this Package. The ID 895 must follow the pattern defined in the PackageIDPattern simple 896 type.The required schema_version field specifies the version of 897 the MAEC Package schema that the document has been written in 898 and that should be used for validation.The timestamp field 899 specifies the date/time that the Package was generated.""" 900 subclass = None 901 superclass = None 902 def __init__(self, timestamp=None, id=None, schema_version=None, Malware_Subjects=None, Grouping_Relationships=None): 903 self.timestamp = _cast(None, timestamp) 904 self.id = _cast(None, id) 905 self.schema_version = schema_version 906 self.Malware_Subjects = Malware_Subjects 907 self.Grouping_Relationships = Grouping_Relationships 908 def factory(*args_, **kwargs_): 909 if PackageType.subclass: 910 return PackageType.subclass(*args_, **kwargs_) 911 else: 912 return PackageType(*args_, **kwargs_) 913 factory = staticmethod(factory) 914 def get_Malware_Subjects(self): return self.Malware_Subjects 915 def set_Malware_Subjects(self, Malware_Subjects): self.Malware_Subjects = Malware_Subjects 916 def get_Grouping_Relationships(self): return self.Grouping_Relationships 917 def set_Grouping_Relationships(self, Grouping_Relationships): self.Grouping_Relationships = Grouping_Relationships 918 def get_timestamp(self): return self.timestamp 919 def set_timestamp(self, timestamp): self.timestamp = timestamp 920 def get_id(self): return self.id 921 def set_id(self, id): self.id = id 922 def get_schema_version(self): return self.schema_version 923 def set_schema_version(self, schema_version): self.schema_version = schema_version 924 def hasContent_(self): 925 if ( 926 self.Malware_Subjects is not None or 927 self.Grouping_Relationships is not None 928 ): 929 return True 930 else: 931 return False 932 def export(self, write, level, namespace_='maecPackage:', name_='MAEC_Package', namespacedef_='', pretty_print=True): 933 if pretty_print: 934 eol_ = '\n' 935 else: 936 eol_ = '' 937 showIndent(write, level, pretty_print) 938 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 939 already_processed = set() 940 self.exportAttributes(write, level, already_processed, namespace_, name_='MAEC_Package') 941 if self.hasContent_(): 942 write('>%s' % (eol_, )) 943 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 944 showIndent(write, level, pretty_print) 945 write('</%s%s>%s' % (namespace_, name_, eol_)) 946 else: 947 write('/>%s' % (eol_, )) 948 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MAEC_Package'): 949 if self.timestamp is not None and 'timestamp' not in already_processed: 950 already_processed.add('timestamp') 951 write(' timestamp="%s"' % self.timestamp) 952 if self.id is not None and 'id' not in already_processed: 953 already_processed.add('id') 954 write(' id=%s' % (quote_attrib(self.id), )) 955 if self.schema_version is not None and 'schema_version' not in already_processed: 956 already_processed.add('schema_version') 957 write(' schema_version="%s"' % self.schema_version) 958 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MAEC_Package', fromsubclass_=False, pretty_print=True): 959 if pretty_print: 960 eol_ = '\n' 961 else: 962 eol_ = '' 963 if self.Malware_Subjects is not None: 964 self.Malware_Subjects.export(write, level, 'maecPackage:', name_='Malware_Subjects', pretty_print=pretty_print) 965 if self.Grouping_Relationships is not None: 966 self.Grouping_Relationships.export(write, level, 'maecPackage:', name_='Grouping_Relationships', pretty_print=pretty_print) 967 def build(self, node): 968 self.__sourcenode__ = node 969 already_processed = set() 970 self.buildAttributes(node, node.attrib, already_processed) 971 for child in node: 972 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 973 self.buildChildren(child, node, nodeName_) 974 def buildAttributes(self, node, attrs, already_processed): 975 value = find_attr_value_('timestamp', node) 976 if value is not None and 'timestamp' not in already_processed: 977 already_processed.add('timestamp') 978 try: 979 self.timestamp = value 980 except ValueError as exp: 981 raise ValueError('Bad date-time attribute (timestamp): %s' % exp) 982 value = find_attr_value_('id', node) 983 if value is not None and 'id' not in already_processed: 984 already_processed.add('id') 985 self.id = value 986 value = find_attr_value_('schema_version', node) 987 if value is not None and 'schema_version' not in already_processed: 988 already_processed.add('schema_version') 989 self.schema_version = value 990 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 991 if nodeName_ == 'Malware_Subjects': 992 obj_ = MalwareSubjectListType.factory() 993 obj_.build(child_) 994 self.set_Malware_Subjects(obj_) 995 elif nodeName_ == 'Grouping_Relationships': 996 obj_ = GroupingRelationshipListType.factory() 997 obj_.build(child_) 998 self.set_Grouping_Relationships(obj_) 999# end class PackageType 1000 1001class MalwareSubjectType(GeneratedsSuper): 1002 """The MalwareSubjectType captures all of the details pertaining to a 1003 single malware instance, including any corresponding Analyses, 1004 Field Data, Findings Bundles, and relationships to other Malware 1005 Subjects.The required id field specifies a unique ID for this 1006 Malware Subject. The ID must follow the pattern defined in the 1007 MalwareSubjectIDPattern simple type.""" 1008 subclass = None 1009 superclass = None 1010 def __init__(self, id=None, Malware_Instance_Object_Attributes=None, Label=None, Configuration_Details=None, Minor_Variants=None, Development_Environment=None, Field_Data=None, Analyses=None, Findings_Bundles=None, Relationships=None, Compatible_Platform=None): 1011 self.id = _cast(None, id) 1012 self.Malware_Instance_Object_Attributes = Malware_Instance_Object_Attributes 1013 self.Configuration_Details = Configuration_Details 1014 self.Minor_Variants = Minor_Variants 1015 self.Development_Environment = Development_Environment 1016 self.Field_Data = Field_Data 1017 self.Analyses = Analyses 1018 self.Findings_Bundles = Findings_Bundles 1019 self.Relationships = Relationships 1020 if Label is None: 1021 self.Label = [] 1022 else: 1023 self.Label = Label 1024 if Compatible_Platform is None: 1025 self.Compatible_Platform = [] 1026 else: 1027 self.Compatible_Platform = Compatible_Platform 1028 def factory(*args_, **kwargs_): 1029 if MalwareSubjectType.subclass: 1030 return MalwareSubjectType.subclass(*args_, **kwargs_) 1031 else: 1032 return MalwareSubjectType(*args_, **kwargs_) 1033 factory = staticmethod(factory) 1034 def get_Malware_Instance_Object_Attributes(self): return self.Malware_Instance_Object_Attributes 1035 def set_Malware_Instance_Object_Attributes(self, Malware_Instance_Object_Attributes): self.Malware_Instance_Object_Attributes = Malware_Instance_Object_Attributes 1036 def get_Configuration_Details(self): return self.Configuration_Details 1037 def set_Configuration_Details(self, Configuration_Details): self.Configuration_Details = Configuration_Details 1038 def get_Label(self): return self.Label 1039 def set_Label(self, Label): self.Label = Label 1040 def add_Label(self, value): self.Label.append(value) 1041 def insert_Label(self, index, value): self.Label[index] = value 1042 def get_Minor_Variants(self): return self.Minor_Variants 1043 def set_Minor_Variants(self, Minor_Variants): self.Minor_Variants = Minor_Variants 1044 def get_Development_Environment(self): return self.Development_Environment 1045 def set_Development_Environment(self, Development_Environment): self.Development_Environment = Development_Environment 1046 def get_Field_Data(self): return self.Field_Data 1047 def set_Field_Data(self, Field_Data): self.Field_Data = Field_Data 1048 def get_Analyses(self): return self.Analyses 1049 def set_Analyses(self, Analyses): self.Analyses = Analyses 1050 def get_Findings_Bundles(self): return self.Findings_Bundles 1051 def set_Findings_Bundles(self, Findings_Bundles): self.Findings_Bundles = Findings_Bundles 1052 def get_Relationships(self): return self.Relationships 1053 def set_Relationships(self, Relationships): self.Relationships = Relationships 1054 def get_Compatible_Platform(self): return self.Compatible_Platform 1055 def set_Compatible_Platform(self, Compatible_Platform): self.Compatible_Platform = Compatible_Platform 1056 def add_Compatible_Platform(self, value): self.Compatible_Platform.append(value) 1057 def insert_Compatible_Platform(self, index, value): self.Compatible_Platform[index] = value 1058 def get_id(self): return self.id 1059 def set_id(self, id): self.id = id 1060 def hasContent_(self): 1061 if ( 1062 self.Malware_Instance_Object_Attributes is not None or 1063 self.Label is not None or 1064 self.Configuration_Details is not None or 1065 self.Minor_Variants is not None or 1066 self.Development_Environment is not None or 1067 self.Field_Data is not None or 1068 self.Analyses is not None or 1069 self.Findings_Bundles is not None or 1070 self.Relationships is not None or 1071 self.Compatible_Platform is not None 1072 ): 1073 return True 1074 else: 1075 return False 1076 def export(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectType', namespacedef_='', pretty_print=True): 1077 if pretty_print: 1078 eol_ = '\n' 1079 else: 1080 eol_ = '' 1081 showIndent(write, level, pretty_print) 1082 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1083 already_processed = set() 1084 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareSubjectType') 1085 if self.hasContent_(): 1086 write('>%s' % (eol_, )) 1087 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1088 showIndent(write, level, pretty_print) 1089 write('</%s%s>%s' % (namespace_, name_, eol_)) 1090 else: 1091 write('/>%s' % (eol_, )) 1092 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareSubjectType'): 1093 if self.id is not None and 'id' not in already_processed: 1094 already_processed.add('id') 1095 write(' id=%s' % (quote_attrib(self.id), )) 1096 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectType', fromsubclass_=False, pretty_print=True): 1097 if pretty_print: 1098 eol_ = '\n' 1099 else: 1100 eol_ = '' 1101 if self.Malware_Instance_Object_Attributes is not None: 1102 self.Malware_Instance_Object_Attributes.export(write, level, 'maecPackage:', name_='Malware_Instance_Object_Attributes', pretty_print=pretty_print) 1103 for Label_ in self.Label: 1104 Label_.export(write, level, 'maecPackage:', name_='Label', pretty_print=pretty_print) 1105 if self.Configuration_Details is not None: 1106 self.Configuration_Details.export(write, level, 'maecPackage:', name_='Configuration_Details', pretty_print=pretty_print) 1107 if self.Minor_Variants is not None: 1108 self.Minor_Variants.export(write, level, 'maecPackage:', name_='Minor_Variants', pretty_print=pretty_print) 1109 if self.Development_Environment is not None: 1110 self.Development_Environment.export(write, level, 'maecPackage:', name_='Development_Environment', pretty_print=pretty_print) 1111 if self.Field_Data is not None: 1112 self.Field_Data.export(write, level, 'maecPackage:', name_='Field_Data', pretty_print=pretty_print) 1113 if self.Analyses is not None: 1114 self.Analyses.export(write, level, 'maecPackage:', name_='Analyses', pretty_print=pretty_print) 1115 if self.Findings_Bundles is not None: 1116 self.Findings_Bundles.export(write, level, 'maecPackage:', name_='Findings_Bundles', pretty_print=pretty_print) 1117 if self.Relationships is not None: 1118 self.Relationships.export(write, level, 'maecPackage:', name_='Relationships', pretty_print=pretty_print) 1119 for Compatible_Platform_ in self.Compatible_Platform: 1120 Compatible_Platform_.export(write, level, 'maecPackage:', name_='Compatible_Platform', pretty_print=pretty_print) 1121 def build(self, node): 1122 self.__sourcenode__ = node 1123 already_processed = set() 1124 self.buildAttributes(node, node.attrib, already_processed) 1125 for child in node: 1126 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1127 self.buildChildren(child, node, nodeName_) 1128 def buildAttributes(self, node, attrs, already_processed): 1129 value = find_attr_value_('id', node) 1130 if value is not None and 'id' not in already_processed: 1131 already_processed.add('id') 1132 self.id = value 1133 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1134 if nodeName_ == 'Malware_Instance_Object_Attributes': 1135 obj_ = cybox_core.ObjectType.factory() 1136 obj_.build(child_) 1137 self.set_Malware_Instance_Object_Attributes(obj_) 1138 elif nodeName_ == 'Label': 1139 obj_ = cybox_common.ControlledVocabularyStringType.factory() 1140 obj_.build(child_) 1141 self.Label.append(obj_) 1142 elif nodeName_ == 'Configuration_Details': 1143 obj_ = MalwareConfigurationDetailsType.factory() 1144 obj_.build(child_) 1145 self.set_Configuration_Details(obj_) 1146 elif nodeName_ == 'Minor_Variants': 1147 obj_ = MinorVariantListType.factory() 1148 obj_.build(child_) 1149 self.set_Minor_Variants(obj_) 1150 elif nodeName_ == 'Development_Environment': 1151 obj_ = MalwareDevelopmentEnvironmentType.factory() 1152 obj_.build(child_) 1153 self.set_Development_Environment(obj_) 1154 elif nodeName_ == 'Field_Data': 1155 obj_ = metadatasharing.fieldDataEntry.factory() 1156 obj_.build(child_) 1157 self.set_Field_Data(obj_) 1158 elif nodeName_ == 'Analyses': 1159 obj_ = AnalysisListType.factory() 1160 obj_.build(child_) 1161 self.set_Analyses(obj_) 1162 elif nodeName_ == 'Findings_Bundles': 1163 obj_ = FindingsBundleListType.factory() 1164 obj_.build(child_) 1165 self.set_Findings_Bundles(obj_) 1166 elif nodeName_ == 'Relationships': 1167 obj_ = MalwareSubjectRelationshipListType.factory() 1168 obj_.build(child_) 1169 self.set_Relationships(obj_) 1170 elif nodeName_ == 'Compatible_Platform': 1171 obj_ = cybox_common.PlatformSpecificationType.factory() 1172 obj_.build(child_) 1173 self.Compatible_Platform.append(obj_) 1174# end class MalwareSubjectType 1175 1176class MetaAnalysisType(GeneratedsSuper): 1177 """The MetaAnalysisType captures meta-analysis entities associated with 1178 the Bundles that were captured for a Malware Subject, such as 1179 Action Equivalencies.""" 1180 subclass = None 1181 superclass = None 1182 def __init__(self, Action_Equivalences=None, Object_Equivalences=None): 1183 self.Action_Equivalences = Action_Equivalences 1184 self.Object_Equivalences = Object_Equivalences 1185 def factory(*args_, **kwargs_): 1186 if MetaAnalysisType.subclass: 1187 return MetaAnalysisType.subclass(*args_, **kwargs_) 1188 else: 1189 return MetaAnalysisType(*args_, **kwargs_) 1190 factory = staticmethod(factory) 1191 def get_Action_Equivalences(self): return self.Action_Equivalences 1192 def set_Action_Equivalences(self, Action_Equivalences): self.Action_Equivalences = Action_Equivalences 1193 def get_Object_Equivalences(self): return self.Object_Equivalences 1194 def set_Object_Equivalences(self, Object_Equivalences): self.Object_Equivalences = Object_Equivalences 1195 def hasContent_(self): 1196 if ( 1197 self.Action_Equivalences is not None or 1198 self.Object_Equivalences is not None 1199 ): 1200 return True 1201 else: 1202 return False 1203 def export(self, write, level, namespace_='maecPackage:', name_='MetaAnalysisType', namespacedef_='', pretty_print=True): 1204 if pretty_print: 1205 eol_ = '\n' 1206 else: 1207 eol_ = '' 1208 showIndent(write, level, pretty_print) 1209 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1210 already_processed = set() 1211 self.exportAttributes(write, level, already_processed, namespace_, name_='MetaAnalysisType') 1212 if self.hasContent_(): 1213 write('>%s' % (eol_, )) 1214 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1215 showIndent(write, level, pretty_print) 1216 write('</%s%s>%s' % (namespace_, name_, eol_)) 1217 else: 1218 write('/>%s' % (eol_, )) 1219 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MetaAnalysisType'): 1220 pass 1221 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MetaAnalysisType', fromsubclass_=False, pretty_print=True): 1222 if pretty_print: 1223 eol_ = '\n' 1224 else: 1225 eol_ = '' 1226 if self.Action_Equivalences is not None: 1227 self.Action_Equivalences.export(write, level, 'maecPackage:', name_='Action_Equivalences', pretty_print=pretty_print) 1228 if self.Object_Equivalences is not None: 1229 self.Object_Equivalences.export(write, level, 'maecPackage:', name_='Object_Equivalences', pretty_print=pretty_print) 1230 def build(self, node): 1231 self.__sourcenode__ = node 1232 already_processed = set() 1233 self.buildAttributes(node, node.attrib, already_processed) 1234 for child in node: 1235 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1236 self.buildChildren(child, node, nodeName_) 1237 def buildAttributes(self, node, attrs, already_processed): 1238 pass 1239 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1240 if nodeName_ == 'Action_Equivalences': 1241 obj_ = ActionEquivalenceListType.factory() 1242 obj_.build(child_) 1243 self.set_Action_Equivalences(obj_) 1244 elif nodeName_ == 'Object_Equivalences': 1245 obj_ = ObjectEquivalenceListType.factory() 1246 obj_.build(child_) 1247 self.set_Object_Equivalences(obj_) 1248# end class MetaAnalysisType 1249 1250class MalwareSubjectRelationshipType(GeneratedsSuper): 1251 """The MalwareSubjectRelationshipType provides a mechanism for 1252 capturing the relationships between a Malware Subject and one or 1253 more other Malware Subjects.""" 1254 subclass = None 1255 superclass = None 1256 def __init__(self, Type=None, Malware_Subject_Reference=None): 1257 self.Type = Type 1258 if Malware_Subject_Reference is None: 1259 self.Malware_Subject_Reference = [] 1260 else: 1261 self.Malware_Subject_Reference = Malware_Subject_Reference 1262 def factory(*args_, **kwargs_): 1263 if MalwareSubjectRelationshipType.subclass: 1264 return MalwareSubjectRelationshipType.subclass(*args_, **kwargs_) 1265 else: 1266 return MalwareSubjectRelationshipType(*args_, **kwargs_) 1267 factory = staticmethod(factory) 1268 def get_Type(self): return self.Type 1269 def set_Type(self, Type): self.Type = Type 1270 def get_Malware_Subject_Reference(self): return self.Malware_Subject_Reference 1271 def set_Malware_Subject_Reference(self, Malware_Subject_Reference): self.Malware_Subject_Reference = Malware_Subject_Reference 1272 def add_Malware_Subject_Reference(self, value): self.Malware_Subject_Reference.append(value) 1273 def insert_Malware_Subject_Reference(self, index, value): self.Malware_Subject_Reference[index] = value 1274 def hasContent_(self): 1275 if ( 1276 self.Type is not None or 1277 self.Malware_Subject_Reference 1278 ): 1279 return True 1280 else: 1281 return False 1282 def export(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectRelationshipType', namespacedef_='', pretty_print=True): 1283 if pretty_print: 1284 eol_ = '\n' 1285 else: 1286 eol_ = '' 1287 showIndent(write, level, pretty_print) 1288 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1289 already_processed = set() 1290 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareSubjectRelationshipType') 1291 if self.hasContent_(): 1292 write('>%s' % (eol_, )) 1293 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1294 showIndent(write, level, pretty_print) 1295 write('</%s%s>%s' % (namespace_, name_, eol_)) 1296 else: 1297 write('/>%s' % (eol_, )) 1298 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareSubjectRelationshipType'): 1299 pass 1300 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectRelationshipType', fromsubclass_=False, pretty_print=True): 1301 if pretty_print: 1302 eol_ = '\n' 1303 else: 1304 eol_ = '' 1305 if self.Type is not None: 1306 self.Type.export(write, level, 'maecPackage:', name_='Type', pretty_print=pretty_print) 1307 for Malware_Subject_Reference_ in self.Malware_Subject_Reference: 1308 Malware_Subject_Reference_.export(write, level, 'maecPackage:', name_='Malware_Subject_Reference', pretty_print=pretty_print) 1309 def build(self, node): 1310 self.__sourcenode__ = node 1311 already_processed = set() 1312 self.buildAttributes(node, node.attrib, already_processed) 1313 for child in node: 1314 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1315 self.buildChildren(child, node, nodeName_) 1316 def buildAttributes(self, node, attrs, already_processed): 1317 pass 1318 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1319 if nodeName_ == 'Type': 1320 obj_ = cybox_common.ControlledVocabularyStringType.factory() 1321 obj_.build(child_) 1322 self.set_Type(obj_) 1323 elif nodeName_ == 'Malware_Subject_Reference': 1324 obj_ = MalwareSubjectReferenceType.factory() 1325 obj_.build(child_) 1326 self.Malware_Subject_Reference.append(obj_) 1327# end class MalwareSubjectRelationshipType 1328 1329class MalwareSubjectRelationshipListType(GeneratedsSuper): 1330 """The MalwareSubjectRelationshipListType captures a list of 1331 relationships between a Malware Subject and other Malware 1332 Subjects.""" 1333 subclass = None 1334 superclass = None 1335 def __init__(self, Relationship=None): 1336 if Relationship is None: 1337 self.Relationship = [] 1338 else: 1339 self.Relationship = Relationship 1340 def factory(*args_, **kwargs_): 1341 if MalwareSubjectRelationshipListType.subclass: 1342 return MalwareSubjectRelationshipListType.subclass(*args_, **kwargs_) 1343 else: 1344 return MalwareSubjectRelationshipListType(*args_, **kwargs_) 1345 factory = staticmethod(factory) 1346 def get_Relationship(self): return self.Relationship 1347 def set_Relationship(self, Relationship): self.Relationship = Relationship 1348 def add_Relationship(self, value): self.Relationship.append(value) 1349 def insert_Relationship(self, index, value): self.Relationship[index] = value 1350 def hasContent_(self): 1351 if ( 1352 self.Relationship 1353 ): 1354 return True 1355 else: 1356 return False 1357 def export(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectRelationshipListType', namespacedef_='', pretty_print=True): 1358 if pretty_print: 1359 eol_ = '\n' 1360 else: 1361 eol_ = '' 1362 showIndent(write, level, pretty_print) 1363 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1364 already_processed = set() 1365 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareSubjectRelationshipListType') 1366 if self.hasContent_(): 1367 write('>%s' % (eol_, )) 1368 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1369 showIndent(write, level, pretty_print) 1370 write('</%s%s>%s' % (namespace_, name_, eol_)) 1371 else: 1372 write('/>%s' % (eol_, )) 1373 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareSubjectRelationshipListType'): 1374 pass 1375 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectRelationshipListType', fromsubclass_=False, pretty_print=True): 1376 if pretty_print: 1377 eol_ = '\n' 1378 else: 1379 eol_ = '' 1380 for Relationship_ in self.Relationship: 1381 Relationship_.export(write, level, 'maecPackage:', name_='Relationship', pretty_print=pretty_print) 1382 def build(self, node): 1383 self.__sourcenode__ = node 1384 already_processed = set() 1385 self.buildAttributes(node, node.attrib, already_processed) 1386 for child in node: 1387 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1388 self.buildChildren(child, node, nodeName_) 1389 def buildAttributes(self, node, attrs, already_processed): 1390 pass 1391 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1392 if nodeName_ == 'Relationship': 1393 obj_ = MalwareSubjectRelationshipType.factory() 1394 obj_.build(child_) 1395 self.Relationship.append(obj_) 1396# end class MalwareSubjectRelationshipListType 1397 1398class MalwareSubjectReferenceType(GeneratedsSuper): 1399 """The MalwareSubjectReferenceType provides a mechanism for specifying 1400 a metadatasharing.reference to a Malware Subject contained in the Package.The 1401 malware_subject_idref field provides a metadatasharing.reference to a Malware 1402 Subject contained in the Package, via its ID.""" 1403 subclass = None 1404 superclass = None 1405 def __init__(self, malware_subject_idref=None): 1406 self.malware_subject_idref = _cast(None, malware_subject_idref) 1407 pass 1408 def factory(*args_, **kwargs_): 1409 if MalwareSubjectReferenceType.subclass: 1410 return MalwareSubjectReferenceType.subclass(*args_, **kwargs_) 1411 else: 1412 return MalwareSubjectReferenceType(*args_, **kwargs_) 1413 factory = staticmethod(factory) 1414 def get_malware_subject_idref(self): return self.malware_subject_idref 1415 def set_malware_subject_idref(self, malware_subject_idref): self.malware_subject_idref = malware_subject_idref 1416 def hasContent_(self): 1417 if ( 1418 1419 ): 1420 return True 1421 else: 1422 return False 1423 def export(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectReferenceType', namespacedef_='', pretty_print=True): 1424 if pretty_print: 1425 eol_ = '\n' 1426 else: 1427 eol_ = '' 1428 showIndent(write, level, pretty_print) 1429 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1430 already_processed = set() 1431 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareSubjectReferenceType') 1432 if self.hasContent_(): 1433 write('>%s' % (eol_, )) 1434 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1435 write('</%s%s>%s' % (namespace_, name_, eol_)) 1436 else: 1437 write('/>%s' % (eol_, )) 1438 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareSubjectReferenceType'): 1439 if self.malware_subject_idref is not None and 'malware_subject_idref' not in already_processed: 1440 already_processed.add('malware_subject_idref') 1441 write(' malware_subject_idref=%s' % (quote_attrib(self.malware_subject_idref), )) 1442 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectReferenceType', fromsubclass_=False, pretty_print=True): 1443 pass 1444 def build(self, node): 1445 self.__sourcenode__ = node 1446 already_processed = set() 1447 self.buildAttributes(node, node.attrib, already_processed) 1448 for child in node: 1449 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1450 self.buildChildren(child, node, nodeName_) 1451 def buildAttributes(self, node, attrs, already_processed): 1452 value = find_attr_value_('malware_subject_idref', node) 1453 if value is not None and 'malware_subject_idref' not in already_processed: 1454 already_processed.add('malware_subject_idref') 1455 self.malware_subject_idref = value 1456 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1457 pass 1458# end class MalwareSubjectReferenceType 1459 1460class MalwareSubjectListType(GeneratedsSuper): 1461 """The MalwareSubjectListType captures a list of Malware Subjects.""" 1462 subclass = None 1463 superclass = None 1464 def __init__(self, Malware_Subject=None): 1465 if Malware_Subject is None: 1466 self.Malware_Subject = [] 1467 else: 1468 self.Malware_Subject = Malware_Subject 1469 def factory(*args_, **kwargs_): 1470 if MalwareSubjectListType.subclass: 1471 return MalwareSubjectListType.subclass(*args_, **kwargs_) 1472 else: 1473 return MalwareSubjectListType(*args_, **kwargs_) 1474 factory = staticmethod(factory) 1475 def get_Malware_Subject(self): return self.Malware_Subject 1476 def set_Malware_Subject(self, Malware_Subject): self.Malware_Subject = Malware_Subject 1477 def add_Malware_Subject(self, value): self.Malware_Subject.append(value) 1478 def insert_Malware_Subject(self, index, value): self.Malware_Subject[index] = value 1479 def hasContent_(self): 1480 if ( 1481 self.Malware_Subject 1482 ): 1483 return True 1484 else: 1485 return False 1486 def export(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectListType', namespacedef_='', pretty_print=True): 1487 if pretty_print: 1488 eol_ = '\n' 1489 else: 1490 eol_ = '' 1491 showIndent(write, level, pretty_print) 1492 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1493 already_processed = set() 1494 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareSubjectListType') 1495 if self.hasContent_(): 1496 write('>%s' % (eol_, )) 1497 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1498 showIndent(write, level, pretty_print) 1499 write('</%s%s>%s' % (namespace_, name_, eol_)) 1500 else: 1501 write('/>%s' % (eol_, )) 1502 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareSubjectListType'): 1503 pass 1504 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareSubjectListType', fromsubclass_=False, pretty_print=True): 1505 if pretty_print: 1506 eol_ = '\n' 1507 else: 1508 eol_ = '' 1509 for Malware_Subject_ in self.Malware_Subject: 1510 Malware_Subject_.export(write, level, 'maecPackage:', name_='Malware_Subject', pretty_print=pretty_print) 1511 def build(self, node): 1512 self.__sourcenode__ = node 1513 already_processed = set() 1514 self.buildAttributes(node, node.attrib, already_processed) 1515 for child in node: 1516 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1517 self.buildChildren(child, node, nodeName_) 1518 def buildAttributes(self, node, attrs, already_processed): 1519 pass 1520 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1521 if nodeName_ == 'Malware_Subject': 1522 obj_ = MalwareSubjectType.factory() 1523 obj_.build(child_) 1524 self.Malware_Subject.append(obj_) 1525# end class MalwareSubjectListType 1526 1527class MinorVariantListType(GeneratedsSuper): 1528 """The MinorVariantListType captures a list of minor variants of a 1529 Malware Subject's malware instance object. For example, the same 1530 binary with but with different filenames.""" 1531 subclass = None 1532 superclass = None 1533 def __init__(self, Minor_Variant=None): 1534 if Minor_Variant is None: 1535 self.Minor_Variant = [] 1536 else: 1537 self.Minor_Variant = Minor_Variant 1538 def factory(*args_, **kwargs_): 1539 if MinorVariantListType.subclass: 1540 return MinorVariantListType.subclass(*args_, **kwargs_) 1541 else: 1542 return MinorVariantListType(*args_, **kwargs_) 1543 factory = staticmethod(factory) 1544 def get_Minor_Variant(self): return self.Minor_Variant 1545 def set_Minor_Variant(self, Minor_Variant): self.Minor_Variant = Minor_Variant 1546 def add_Minor_Variant(self, value): self.Minor_Variant.append(value) 1547 def insert_Minor_Variant(self, index, value): self.Minor_Variant[index] = value 1548 def hasContent_(self): 1549 if ( 1550 self.Minor_Variant 1551 ): 1552 return True 1553 else: 1554 return False 1555 def export(self, write, level, namespace_='maecPackage:', name_='MinorVariantListType', namespacedef_='', pretty_print=True): 1556 if pretty_print: 1557 eol_ = '\n' 1558 else: 1559 eol_ = '' 1560 showIndent(write, level, pretty_print) 1561 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1562 already_processed = set() 1563 self.exportAttributes(write, level, already_processed, namespace_, name_='MinorVariantListType') 1564 if self.hasContent_(): 1565 write('>%s' % (eol_, )) 1566 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1567 showIndent(write, level, pretty_print) 1568 write('</%s%s>%s' % (namespace_, name_, eol_)) 1569 else: 1570 write('/>%s' % (eol_, )) 1571 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MinorVariantListType'): 1572 pass 1573 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MinorVariantListType', fromsubclass_=False, pretty_print=True): 1574 if pretty_print: 1575 eol_ = '\n' 1576 else: 1577 eol_ = '' 1578 for Minor_Variant_ in self.Minor_Variant: 1579 Minor_Variant_.export(write, level, 'maecPackage:', name_='Minor_Variant', pretty_print=pretty_print) 1580 def build(self, node): 1581 self.__sourcenode__ = node 1582 already_processed = set() 1583 self.buildAttributes(node, node.attrib, already_processed) 1584 for child in node: 1585 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1586 self.buildChildren(child, node, nodeName_) 1587 def buildAttributes(self, node, attrs, already_processed): 1588 pass 1589 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1590 if nodeName_ == 'Minor_Variant': 1591 obj_ = cybox_core.ObjectType.factory() 1592 obj_.build(child_) 1593 self.Minor_Variant.append(obj_) 1594# end class MinorVariantListType 1595 1596class FindingsBundleListType(GeneratedsSuper): 1597 """The FindingsBundleListType captures a list of Bundles or external 1598 references to Bundles, along with any related meta-analysis 1599 entities.""" 1600 subclass = None 1601 superclass = None 1602 def __init__(self, Meta_Analysis=None, Bundle=None, Bundle_External_Reference=None): 1603 self.Meta_Analysis = Meta_Analysis 1604 if Bundle is None: 1605 self.Bundle = [] 1606 else: 1607 self.Bundle = Bundle 1608 if Bundle_External_Reference is None: 1609 self.Bundle_External_Reference = [] 1610 else: 1611 self.Bundle_External_Reference = Bundle_External_Reference 1612 def factory(*args_, **kwargs_): 1613 if FindingsBundleListType.subclass: 1614 return FindingsBundleListType.subclass(*args_, **kwargs_) 1615 else: 1616 return FindingsBundleListType(*args_, **kwargs_) 1617 factory = staticmethod(factory) 1618 def get_Meta_Analysis(self): return self.Meta_Analysis 1619 def set_Meta_Analysis(self, Meta_Analysis): self.Meta_Analysis = Meta_Analysis 1620 def get_Bundle(self): return self.Bundle 1621 def set_Bundle(self, Bundle): self.Bundle = Bundle 1622 def add_Bundle(self, value): self.Bundle.append(value) 1623 def insert_Bundle(self, index, value): self.Bundle[index] = value 1624 def get_Bundle_External_Reference(self): return self.Bundle_External_Reference 1625 def set_Bundle_External_Reference(self, Bundle_External_Reference): self.Bundle_External_Reference = Bundle_External_Reference 1626 def add_Bundle_External_Reference(self, value): self.Bundle_External_Reference.append(value) 1627 def insert_Bundle_External_Reference(self, index, value): self.Bundle_External_Reference[index] = value 1628 def hasContent_(self): 1629 if ( 1630 self.Meta_Analysis is not None or 1631 self.Bundle or 1632 self.Bundle_External_Reference 1633 ): 1634 return True 1635 else: 1636 return False 1637 def export(self, write, level, namespace_='maecPackage:', name_='FindingsBundleListType', namespacedef_='', pretty_print=True): 1638 if pretty_print: 1639 eol_ = '\n' 1640 else: 1641 eol_ = '' 1642 showIndent(write, level, pretty_print) 1643 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1644 already_processed = set() 1645 self.exportAttributes(write, level, already_processed, namespace_, name_='FindingsBundleListType') 1646 if self.hasContent_(): 1647 write('>%s' % (eol_, )) 1648 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1649 showIndent(write, level, pretty_print) 1650 write('</%s%s>%s' % (namespace_, name_, eol_)) 1651 else: 1652 write('/>%s' % (eol_, )) 1653 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='FindingsBundleListType'): 1654 pass 1655 def exportChildren(self, write, level, namespace_='maecPackage:', name_='FindingsBundleListType', fromsubclass_=False, pretty_print=True): 1656 if pretty_print: 1657 eol_ = '\n' 1658 else: 1659 eol_ = '' 1660 if self.Meta_Analysis is not None: 1661 self.Meta_Analysis.export(write, level, 'maecPackage:', name_='Meta_Analysis', pretty_print=pretty_print) 1662 for Bundle_ in self.Bundle: 1663 Bundle_.export(write, level, 'maecPackage:', name_='Bundle', pretty_print=pretty_print) 1664 for Bundle_External_Reference_ in self.Bundle_External_Reference: 1665 showIndent(write, level, pretty_print) 1666 write('<%sBundle_External_Reference>%s</%sBundle_External_Reference>%s' % ('maecPackage:', self.gds_format_string(quote_xml(Bundle_External_Reference_).encode(ExternalEncoding), input_name='Bundle_External_Reference'), 'maecPackage:', eol_)) 1667 def build(self, node): 1668 self.__sourcenode__ = node 1669 already_processed = set() 1670 self.buildAttributes(node, node.attrib, already_processed) 1671 for child in node: 1672 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1673 self.buildChildren(child, node, nodeName_) 1674 def buildAttributes(self, node, attrs, already_processed): 1675 pass 1676 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1677 if nodeName_ == 'Meta_Analysis': 1678 obj_ = MetaAnalysisType.factory() 1679 obj_.build(child_) 1680 self.set_Meta_Analysis(obj_) 1681 elif nodeName_ == 'Bundle': 1682 obj_ = maec_bundle_schema.BundleType.factory() 1683 obj_.build(child_) 1684 self.Bundle.append(obj_) 1685 elif nodeName_ == 'Bundle_External_Reference': 1686 Bundle_External_Reference_ = child_.text 1687 Bundle_External_Reference_ = self.gds_validate_string(Bundle_External_Reference_, node, 'Bundle_External_Reference') 1688 self.Bundle_External_Reference.append(Bundle_External_Reference_) 1689# end class FindingsBundleListType 1690 1691class GroupingRelationshipType(GeneratedsSuper): 1692 """The GroupingRelationshipType provides a mechanism for specifying the 1693 metadatasharing.relationship that groups together the Malware Subjects in a 1694 Package.""" 1695 subclass = None 1696 superclass = None 1697 def __init__(self, Type=None, Malware_Family_Name=None, Malware_Toolkit_Name=None, Clustering_Metadata=None): 1698 self.Type = Type 1699 self.Malware_Family_Name = Malware_Family_Name 1700 self.Malware_Toolkit_Name = Malware_Toolkit_Name 1701 self.Clustering_Metadata = Clustering_Metadata 1702 def factory(*args_, **kwargs_): 1703 if GroupingRelationshipType.subclass: 1704 return GroupingRelationshipType.subclass(*args_, **kwargs_) 1705 else: 1706 return GroupingRelationshipType(*args_, **kwargs_) 1707 factory = staticmethod(factory) 1708 def get_Type(self): return self.Type 1709 def set_Type(self, Type): self.Type = Type 1710 def get_Malware_Family_Name(self): return self.Malware_Family_Name 1711 def set_Malware_Family_Name(self, Malware_Family_Name): self.Malware_Family_Name = Malware_Family_Name 1712 def get_Malware_Toolkit_Name(self): return self.Malware_Toolkit_Name 1713 def set_Malware_Toolkit_Name(self, Malware_Toolkit_Name): self.Malware_Toolkit_Name = Malware_Toolkit_Name 1714 def get_Clustering_Metadata(self): return self.Clustering_Metadata 1715 def set_Clustering_Metadata(self, Clustering_Metadata): self.Clustering_Metadata = Clustering_Metadata 1716 def hasContent_(self): 1717 if ( 1718 self.Type is not None or 1719 self.Malware_Family_Name is not None or 1720 self.Malware_Toolkit_Name is not None or 1721 self.Clustering_Metadata is not None 1722 ): 1723 return True 1724 else: 1725 return False 1726 def export(self, write, level, namespace_='maecPackage:', name_='GroupingRelationshipType', namespacedef_='', pretty_print=True): 1727 if pretty_print: 1728 eol_ = '\n' 1729 else: 1730 eol_ = '' 1731 showIndent(write, level, pretty_print) 1732 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1733 already_processed = set() 1734 self.exportAttributes(write, level, already_processed, namespace_, name_='GroupingRelationshipType') 1735 if self.hasContent_(): 1736 write('>%s' % (eol_, )) 1737 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1738 showIndent(write, level, pretty_print) 1739 write('</%s%s>%s' % (namespace_, name_, eol_)) 1740 else: 1741 write('/>%s' % (eol_, )) 1742 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='GroupingRelationshipType'): 1743 pass 1744 def exportChildren(self, write, level, namespace_='maecPackage:', name_='GroupingRelationshipType', fromsubclass_=False, pretty_print=True): 1745 if pretty_print: 1746 eol_ = '\n' 1747 else: 1748 eol_ = '' 1749 if self.Type is not None: 1750 self.Type.export(write, level, 'maecPackage:', name_='Type', pretty_print=pretty_print) 1751 if self.Malware_Family_Name is not None: 1752 showIndent(write, level, pretty_print) 1753 write('<%sMalware_Family_Name>%s</%sMalware_Family_Name>%s' % ('maecPackage:', quote_xml(self.Malware_Family_Name), 'maecPackage:', eol_)) 1754 if self.Malware_Toolkit_Name is not None: 1755 showIndent(write, level, pretty_print) 1756 write('<%sMalware_Toolkit_Name>%s</%sMalware_Toolkit_Name>%s' % ('maecPackage:', quote_xml(self.Malware_Toolkit_Name), 'maecPackage:', eol_)) 1757 if self.Clustering_Metadata is not None: 1758 self.Clustering_Metadata.export(write, level, 'maecPackage:', name_='Clustering_Metadata', pretty_print=pretty_print) 1759 def build(self, node): 1760 self.__sourcenode__ = node 1761 already_processed = set() 1762 self.buildAttributes(node, node.attrib, already_processed) 1763 for child in node: 1764 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1765 self.buildChildren(child, node, nodeName_) 1766 def buildAttributes(self, node, attrs, already_processed): 1767 pass 1768 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1769 if nodeName_ == 'Type': 1770 obj_ = cybox_common.ControlledVocabularyStringType.factory() 1771 obj_.build(child_) 1772 self.set_Type(obj_) 1773 elif nodeName_ == 'Malware_Family_Name': 1774 Malware_Family_Name_ = child_.text 1775 Malware_Family_Name_ = self.gds_validate_string(Malware_Family_Name_, node, 'Malware_Family_Name') 1776 self.Malware_Family_Name = Malware_Family_Name_ 1777 elif nodeName_ == 'Malware_Toolkit_Name': 1778 Malware_Toolkit_Name_ = child_.text 1779 Malware_Toolkit_Name_ = self.gds_validate_string(Malware_Toolkit_Name_, node, 'Malware_Toolkit_Name') 1780 self.Malware_Toolkit_Name = Malware_Toolkit_Name_ 1781 elif nodeName_ == 'Clustering_Metadata': 1782 obj_ = ClusteringMetadataType.factory() 1783 obj_.build(child_) 1784 self.set_Clustering_Metadata(obj_) 1785# end class GroupingRelationshipType 1786 1787class GroupingRelationshipListType(GeneratedsSuper): 1788 """The GroupingRelationshipListType captures a list of grouping 1789 relationships relating the Malware Subjects in a Package.""" 1790 subclass = None 1791 superclass = None 1792 def __init__(self, Grouping_Relationship=None): 1793 if Grouping_Relationship is None: 1794 self.Grouping_Relationship = [] 1795 else: 1796 self.Grouping_Relationship = Grouping_Relationship 1797 def factory(*args_, **kwargs_): 1798 if GroupingRelationshipListType.subclass: 1799 return GroupingRelationshipListType.subclass(*args_, **kwargs_) 1800 else: 1801 return GroupingRelationshipListType(*args_, **kwargs_) 1802 factory = staticmethod(factory) 1803 def get_Grouping_Relationship(self): return self.Grouping_Relationship 1804 def set_Grouping_Relationship(self, Grouping_Relationship): self.Grouping_Relationship = Grouping_Relationship 1805 def add_Grouping_Relationship(self, value): self.Grouping_Relationship.append(value) 1806 def insert_Grouping_Relationship(self, index, value): self.Grouping_Relationship[index] = value 1807 def hasContent_(self): 1808 if ( 1809 self.Grouping_Relationship 1810 ): 1811 return True 1812 else: 1813 return False 1814 def export(self, write, level, namespace_='maecPackage:', name_='GroupingRelationshipListType', namespacedef_='', pretty_print=True): 1815 if pretty_print: 1816 eol_ = '\n' 1817 else: 1818 eol_ = '' 1819 showIndent(write, level, pretty_print) 1820 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1821 already_processed = set() 1822 self.exportAttributes(write, level, already_processed, namespace_, name_='GroupingRelationshipListType') 1823 if self.hasContent_(): 1824 write('>%s' % (eol_, )) 1825 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1826 showIndent(write, level, pretty_print) 1827 write('</%s%s>%s' % (namespace_, name_, eol_)) 1828 else: 1829 write('/>%s' % (eol_, )) 1830 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='GroupingRelationshipListType'): 1831 pass 1832 def exportChildren(self, write, level, namespace_='maecPackage:', name_='GroupingRelationshipListType', fromsubclass_=False, pretty_print=True): 1833 if pretty_print: 1834 eol_ = '\n' 1835 else: 1836 eol_ = '' 1837 for Grouping_Relationship_ in self.Grouping_Relationship: 1838 Grouping_Relationship_.export(write, level, 'maecPackage:', name_='Grouping_Relationship', pretty_print=pretty_print) 1839 def build(self, node): 1840 self.__sourcenode__ = node 1841 already_processed = set() 1842 self.buildAttributes(node, node.attrib, already_processed) 1843 for child in node: 1844 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1845 self.buildChildren(child, node, nodeName_) 1846 def buildAttributes(self, node, attrs, already_processed): 1847 pass 1848 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1849 if nodeName_ == 'Grouping_Relationship': 1850 obj_ = GroupingRelationshipType.factory() 1851 obj_.build(child_) 1852 self.Grouping_Relationship.append(obj_) 1853# end class GroupingRelationshipListType 1854 1855class ClusteringMetadataType(GeneratedsSuper): 1856 """The ClusteringMetadataType specifies the metadata regarding a 1857 particular method used to cluster malware.""" 1858 subclass = None 1859 superclass = None 1860 def __init__(self, Algorithm_Name=None, Algorithm_Version=None, Algorithm_Parameters=None, Cluster_Size=None, Cluster_Description=None, Cluster_Composition=None): 1861 self.Algorithm_Name = Algorithm_Name 1862 self.Algorithm_Version = Algorithm_Version 1863 self.Algorithm_Parameters = Algorithm_Parameters 1864 self.Cluster_Size = Cluster_Size 1865 self.Cluster_Description = Cluster_Description 1866 self.Cluster_Composition = Cluster_Composition 1867 def factory(*args_, **kwargs_): 1868 if ClusteringMetadataType.subclass: 1869 return ClusteringMetadataType.subclass(*args_, **kwargs_) 1870 else: 1871 return ClusteringMetadataType(*args_, **kwargs_) 1872 factory = staticmethod(factory) 1873 def get_Algorithm_Name(self): return self.Algorithm_Name 1874 def set_Algorithm_Name(self, Algorithm_Name): self.Algorithm_Name = Algorithm_Name 1875 def get_Algorithm_Version(self): return self.Algorithm_Version 1876 def set_Algorithm_Version(self, Algorithm_Version): self.Algorithm_Version = Algorithm_Version 1877 def get_Algorithm_Parameters(self): return self.Algorithm_Parameters 1878 def set_Algorithm_Parameters(self, Algorithm_Parameters): self.Algorithm_Parameters = Algorithm_Parameters 1879 def get_Cluster_Size(self): return self.Cluster_Size 1880 def set_Cluster_Size(self, Cluster_Size): self.Cluster_Size = Cluster_Size 1881 def get_Cluster_Description(self): return self.Cluster_Description 1882 def set_Cluster_Description(self, Cluster_Description): self.Cluster_Description = Cluster_Description 1883 def get_Cluster_Composition(self): return self.Cluster_Composition 1884 def set_Cluster_Composition(self, Cluster_Composition): self.Cluster_Composition = Cluster_Composition 1885 def hasContent_(self): 1886 if ( 1887 self.Algorithm_Name is not None or 1888 self.Algorithm_Version is not None or 1889 self.Algorithm_Parameters is not None or 1890 self.Cluster_Size is not None or 1891 self.Cluster_Description is not None or 1892 self.Cluster_Composition is not None 1893 ): 1894 return True 1895 else: 1896 return False 1897 def export(self, write, level, namespace_='maecPackage:', name_='ClusteringMetadataType', namespacedef_='', pretty_print=True): 1898 if pretty_print: 1899 eol_ = '\n' 1900 else: 1901 eol_ = '' 1902 showIndent(write, level, pretty_print) 1903 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1904 already_processed = set() 1905 self.exportAttributes(write, level, already_processed, namespace_, name_='ClusteringMetadataType') 1906 if self.hasContent_(): 1907 write('>%s' % (eol_, )) 1908 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1909 showIndent(write, level, pretty_print) 1910 write('</%s%s>%s' % (namespace_, name_, eol_)) 1911 else: 1912 write('/>%s' % (eol_, )) 1913 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ClusteringMetadataType'): 1914 pass 1915 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ClusteringMetadataType', fromsubclass_=False, pretty_print=True): 1916 if pretty_print: 1917 eol_ = '\n' 1918 else: 1919 eol_ = '' 1920 if self.Algorithm_Name is not None: 1921 showIndent(write, level, pretty_print) 1922 write('<%sAlgorithm_Name>%s</%sAlgorithm_Name>%s' % ('maecPackage:', quote_xml(self.Algorithm_Name), 'maecPackage:', eol_)) 1923 if self.Algorithm_Version is not None: 1924 showIndent(write, level, pretty_print) 1925 write('<%sAlgorithm_Version>%s</%sAlgorithm_Version>%s' % ('maecPackage:', quote_xml(self.Algorithm_Version), 'maecPackage:', eol_)) 1926 if self.Algorithm_Parameters is not None: 1927 self.Algorithm_Parameters.export(write, level, 'maecPackage:', name_='Algorithm_Parameters', pretty_print=pretty_print) 1928 if self.Cluster_Size is not None: 1929 showIndent(write, level, pretty_print) 1930 write('<%sCluster_Size>%s</%sCluster_Size>%s' % ('maecPackage:', self.gds_format_integer(self.Cluster_Size, input_name='Cluster_Size'), 'maecPackage:', eol_)) 1931 if self.Cluster_Description is not None: 1932 showIndent(write, level, pretty_print) 1933 write('<%sCluster_Description>%s</%sCluster_Description>%s' % ('maecPackage:', quote_xml(self.Cluster_Description), 'maecPackage:', eol_)) 1934 if self.Cluster_Composition is not None: 1935 self.Cluster_Composition.export(write, level, 'maecPackage:', name_='Cluster_Composition', pretty_print=pretty_print) 1936 def build(self, node): 1937 self.__sourcenode__ = node 1938 already_processed = set() 1939 self.buildAttributes(node, node.attrib, already_processed) 1940 for child in node: 1941 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1942 self.buildChildren(child, node, nodeName_) 1943 def buildAttributes(self, node, attrs, already_processed): 1944 pass 1945 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1946 if nodeName_ == 'Algorithm_Name': 1947 Algorithm_Name_ = child_.text 1948 Algorithm_Name_ = self.gds_validate_string(Algorithm_Name_, node, 'Algorithm_Name') 1949 self.Algorithm_Name = Algorithm_Name_ 1950 elif nodeName_ == 'Algorithm_Version': 1951 Algorithm_Version_ = child_.text 1952 Algorithm_Version_ = self.gds_validate_string(Algorithm_Version_, node, 'Algorithm_Version') 1953 self.Algorithm_Version = Algorithm_Version_ 1954 elif nodeName_ == 'Algorithm_Parameters': 1955 obj_ = ClusteringAlgorithmParametersType.factory() 1956 obj_.build(child_) 1957 self.set_Algorithm_Parameters(obj_) 1958 elif nodeName_ == 'Cluster_Size': 1959 sval_ = child_.text 1960 try: 1961 ival_ = int(sval_) 1962 except (TypeError, ValueError) as exp: 1963 raise_parse_error(child_, 'requires integer: %s' % exp) 1964 if ival_ <= 0: 1965 raise_parse_error(child_, 'requires positiveInteger') 1966 ival_ = self.gds_validate_integer(ival_, node, 'Cluster_Size') 1967 self.Cluster_Size = ival_ 1968 elif nodeName_ == 'Cluster_Description': 1969 Cluster_Description_ = child_.text 1970 Cluster_Description_ = self.gds_validate_string(Cluster_Description_, node, 'Cluster_Description') 1971 self.Cluster_Description = Cluster_Description_ 1972 elif nodeName_ == 'Cluster_Composition': 1973 obj_ = ClusterCompositionType.factory() 1974 obj_.build(child_) 1975 self.set_Cluster_Composition(obj_) 1976# end class ClusteringMetadataType 1977 1978class ClusterEdgeNodePairType(GeneratedsSuper): 1979 """The ClusterEdgeNodePairType captures a single edge-node pair in a 1980 malware cluster, which is composed of the two Malware Subjects 1981 that correspond to the nodes connected to the edge (via 1982 references), and represents the similarity index between the two 1983 Malware Subjects.The similarity_index field specifies the 1984 similarity index between the two Malware Subjects being 1985 referenced (indicating how similar they are), as a decimal 1986 value. This value should be equivalent to 1 minus the similarity 1987 distance value (if included).The similarity_index field 1988 specifies the similarity distance between the two Malware 1989 Subjects being referenced (indicating how dissimilar they are), 1990 as a decimal value. This value should be equivalent to 1 minus 1991 the similarity index value (if included).""" 1992 subclass = None 1993 superclass = None 1994 def __init__(self, similarity_distance=None, similarity_index=None, Malware_Subject_Node_A=None, Malware_Subject_Node_B=None): 1995 self.similarity_distance = _cast(float, similarity_distance) 1996 self.similarity_index = _cast(float, similarity_index) 1997 self.Malware_Subject_Node_A = Malware_Subject_Node_A 1998 self.Malware_Subject_Node_B = Malware_Subject_Node_B 1999 def factory(*args_, **kwargs_): 2000 if ClusterEdgeNodePairType.subclass: 2001 return ClusterEdgeNodePairType.subclass(*args_, **kwargs_) 2002 else: 2003 return ClusterEdgeNodePairType(*args_, **kwargs_) 2004 factory = staticmethod(factory) 2005 def get_Malware_Subject_Node_A(self): return self.Malware_Subject_Node_A 2006 def set_Malware_Subject_Node_A(self, Malware_Subject_Node_A): self.Malware_Subject_Node_A = Malware_Subject_Node_A 2007 def get_Malware_Subject_Node_B(self): return self.Malware_Subject_Node_B 2008 def set_Malware_Subject_Node_B(self, Malware_Subject_Node_B): self.Malware_Subject_Node_B = Malware_Subject_Node_B 2009 def get_similarity_distance(self): return self.similarity_distance 2010 def set_similarity_distance(self, similarity_distance): self.similarity_distance = similarity_distance 2011 def get_similarity_index(self): return self.similarity_index 2012 def set_similarity_index(self, similarity_index): self.similarity_index = similarity_index 2013 def hasContent_(self): 2014 if ( 2015 self.Malware_Subject_Node_A is not None or 2016 self.Malware_Subject_Node_B is not None 2017 ): 2018 return True 2019 else: 2020 return False 2021 def export(self, write, level, namespace_='maecPackage:', name_='ClusterEdgeNodePairType', namespacedef_='', pretty_print=True): 2022 if pretty_print: 2023 eol_ = '\n' 2024 else: 2025 eol_ = '' 2026 showIndent(write, level, pretty_print) 2027 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2028 already_processed = set() 2029 self.exportAttributes(write, level, already_processed, namespace_, name_='ClusterEdgeNodePairType') 2030 if self.hasContent_(): 2031 write('>%s' % (eol_, )) 2032 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2033 showIndent(write, level, pretty_print) 2034 write('</%s%s>%s' % (namespace_, name_, eol_)) 2035 else: 2036 write('/>%s' % (eol_, )) 2037 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ClusterEdgeNodePairType'): 2038 if self.similarity_distance is not None and 'similarity_distance' not in already_processed: 2039 already_processed.add('similarity_distance') 2040 write(' similarity_distance="%s"' % self.gds_format_float(self.similarity_distance, input_name='similarity_distance')) 2041 if self.similarity_index is not None and 'similarity_index' not in already_processed: 2042 already_processed.add('similarity_index') 2043 write(' similarity_index="%s"' % self.gds_format_float(self.similarity_index, input_name='similarity_index')) 2044 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ClusterEdgeNodePairType', fromsubclass_=False, pretty_print=True): 2045 if pretty_print: 2046 eol_ = '\n' 2047 else: 2048 eol_ = '' 2049 if self.Malware_Subject_Node_A is not None: 2050 self.Malware_Subject_Node_A.export(write, level, 'maecPackage:', name_='Malware_Subject_Node_A', pretty_print=pretty_print) 2051 if self.Malware_Subject_Node_B is not None: 2052 self.Malware_Subject_Node_B.export(write, level, 'maecPackage:', name_='Malware_Subject_Node_B', pretty_print=pretty_print) 2053 def build(self, node): 2054 self.__sourcenode__ = node 2055 already_processed = set() 2056 self.buildAttributes(node, node.attrib, already_processed) 2057 for child in node: 2058 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2059 self.buildChildren(child, node, nodeName_) 2060 def buildAttributes(self, node, attrs, already_processed): 2061 value = find_attr_value_('similarity_distance', node) 2062 if value is not None and 'similarity_distance' not in already_processed: 2063 already_processed.add('similarity_distance') 2064 try: 2065 self.similarity_distance = float(value) 2066 except ValueError as exp: 2067 raise ValueError('Bad float/double attribute (similarity_distance): %s' % exp) 2068 value = find_attr_value_('similarity_index', node) 2069 if value is not None and 'similarity_index' not in already_processed: 2070 already_processed.add('similarity_index') 2071 try: 2072 self.similarity_index = float(value) 2073 except ValueError as exp: 2074 raise ValueError('Bad float/double attribute (similarity_index): %s' % exp) 2075 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2076 if nodeName_ == 'Malware_Subject_Node_A': 2077 obj_ = MalwareSubjectReferenceType.factory() 2078 obj_.build(child_) 2079 self.set_Malware_Subject_Node_A(obj_) 2080 elif nodeName_ == 'Malware_Subject_Node_B': 2081 obj_ = MalwareSubjectReferenceType.factory() 2082 obj_.build(child_) 2083 self.set_Malware_Subject_Node_B(obj_) 2084# end class ClusterEdgeNodePairType 2085 2086class ClusterCompositionType(GeneratedsSuper): 2087 """The ClusterCompositionType captures the composition of a malware 2088 cluster via its edges and their respective connected nodes, as 2089 in an undirected graph.For clustering algorithms that may 2090 capture different types of scores, the score_type attribute 2091 specifies the type of score used to define the composition of 2092 this malware cluster.""" 2093 subclass = None 2094 superclass = None 2095 def __init__(self, score_type=None, Edge_Node_Pair=None): 2096 self.score_type = _cast(None, score_type) 2097 if Edge_Node_Pair is None: 2098 self.Edge_Node_Pair = [] 2099 else: 2100 self.Edge_Node_Pair = Edge_Node_Pair 2101 def factory(*args_, **kwargs_): 2102 if ClusterCompositionType.subclass: 2103 return ClusterCompositionType.subclass(*args_, **kwargs_) 2104 else: 2105 return ClusterCompositionType(*args_, **kwargs_) 2106 factory = staticmethod(factory) 2107 def get_Edge_Node_Pair(self): return self.Edge_Node_Pair 2108 def set_Edge_Node_Pair(self, Edge_Node_Pair): self.Edge_Node_Pair = Edge_Node_Pair 2109 def add_Edge_Node_Pair(self, value): self.Edge_Node_Pair.append(value) 2110 def insert_Edge_Node_Pair(self, index, value): self.Edge_Node_Pair[index] = value 2111 def get_score_type(self): return self.score_type 2112 def set_score_type(self, score_type): self.score_type = score_type 2113 def hasContent_(self): 2114 if ( 2115 self.Edge_Node_Pair 2116 ): 2117 return True 2118 else: 2119 return False 2120 def export(self, write, level, namespace_='maecPackage:', name_='ClusterCompositionType', namespacedef_='', pretty_print=True): 2121 if pretty_print: 2122 eol_ = '\n' 2123 else: 2124 eol_ = '' 2125 showIndent(write, level, pretty_print) 2126 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2127 already_processed = set() 2128 self.exportAttributes(write, level, already_processed, namespace_, name_='ClusterCompositionType') 2129 if self.hasContent_(): 2130 write('>%s' % (eol_, )) 2131 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2132 showIndent(write, level, pretty_print) 2133 write('</%s%s>%s' % (namespace_, name_, eol_)) 2134 else: 2135 write('/>%s' % (eol_, )) 2136 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ClusterCompositionType'): 2137 if self.score_type is not None and 'score_type' not in already_processed: 2138 already_processed.add('score_type') 2139 write(' score_type=%s' % (quote_attrib(self.score_type))) 2140 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ClusterCompositionType', fromsubclass_=False, pretty_print=True): 2141 if pretty_print: 2142 eol_ = '\n' 2143 else: 2144 eol_ = '' 2145 for Edge_Node_Pair_ in self.Edge_Node_Pair: 2146 Edge_Node_Pair_.export(write, level, 'maecPackage:', name_='Edge_Node_Pair', pretty_print=pretty_print) 2147 def build(self, node): 2148 self.__sourcenode__ = node 2149 already_processed = set() 2150 self.buildAttributes(node, node.attrib, already_processed) 2151 for child in node: 2152 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2153 self.buildChildren(child, node, nodeName_) 2154 def buildAttributes(self, node, attrs, already_processed): 2155 value = find_attr_value_('score_type', node) 2156 if value is not None and 'score_type' not in already_processed: 2157 already_processed.add('score_type') 2158 self.score_type = value 2159 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2160 if nodeName_ == 'Edge_Node_Pair': 2161 obj_ = ClusterEdgeNodePairType.factory() 2162 obj_.build(child_) 2163 self.Edge_Node_Pair.append(obj_) 2164# end class ClusterCompositionType 2165 2166class ClusteringAlgorithmParametersType(GeneratedsSuper): 2167 """The ClusteringAlgorithmParametersType captures any parameters that 2168 may have been used in a malware clustering algorithm.""" 2169 subclass = None 2170 superclass = None 2171 def __init__(self, Distance_Threshold=None, Number_of_Iterations=None): 2172 self.Distance_Threshold = Distance_Threshold 2173 self.Number_of_Iterations = Number_of_Iterations 2174 def factory(*args_, **kwargs_): 2175 if ClusteringAlgorithmParametersType.subclass: 2176 return ClusteringAlgorithmParametersType.subclass(*args_, **kwargs_) 2177 else: 2178 return ClusteringAlgorithmParametersType(*args_, **kwargs_) 2179 factory = staticmethod(factory) 2180 def get_Distance_Threshold(self): return self.Distance_Threshold 2181 def set_Distance_Threshold(self, Distance_Threshold): self.Distance_Threshold = Distance_Threshold 2182 def get_Number_of_Iterations(self): return self.Number_of_Iterations 2183 def set_Number_of_Iterations(self, Number_of_Iterations): self.Number_of_Iterations = Number_of_Iterations 2184 def hasContent_(self): 2185 if ( 2186 self.Distance_Threshold is not None or 2187 self.Number_of_Iterations is not None 2188 ): 2189 return True 2190 else: 2191 return False 2192 def export(self, write, level, namespace_='maecPackage:', name_='ClusteringAlgorithmParametersType', namespacedef_='', pretty_print=True): 2193 if pretty_print: 2194 eol_ = '\n' 2195 else: 2196 eol_ = '' 2197 showIndent(write, level, pretty_print) 2198 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2199 already_processed = set() 2200 self.exportAttributes(write, level, already_processed, namespace_, name_='ClusteringAlgorithmParametersType') 2201 if self.hasContent_(): 2202 write('>%s' % (eol_, )) 2203 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2204 showIndent(write, level, pretty_print) 2205 write('</%s%s>%s' % (namespace_, name_, eol_)) 2206 else: 2207 write('/>%s' % (eol_, )) 2208 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ClusteringAlgorithmParametersType'): 2209 pass 2210 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ClusteringAlgorithmParametersType', fromsubclass_=False, pretty_print=True): 2211 if pretty_print: 2212 eol_ = '\n' 2213 else: 2214 eol_ = '' 2215 if self.Distance_Threshold is not None: 2216 showIndent(write, level, pretty_print) 2217 write('<%sDistance_Threshold>%s</%sDistance_Threshold>%s' % ('maecPackage:', self.gds_format_float(self.Distance_Threshold, input_name='Distance_Threshold'), 'maecPackage:', eol_)) 2218 if self.Number_of_Iterations is not None: 2219 showIndent(write, level, pretty_print) 2220 write('<%sNumber_of_Iterations>%s</%sNumber_of_Iterations>%s' % ('maecPackage:', self.gds_format_integer(self.Number_of_Iterations, input_name='Number_of_Iterations'), 'maecPackage:', eol_)) 2221 def build(self, node): 2222 self.__sourcenode__ = node 2223 already_processed = set() 2224 self.buildAttributes(node, node.attrib, already_processed) 2225 for child in node: 2226 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2227 self.buildChildren(child, node, nodeName_) 2228 def buildAttributes(self, node, attrs, already_processed): 2229 pass 2230 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2231 if nodeName_ == 'Distance_Threshold': 2232 sval_ = child_.text 2233 try: 2234 fval_ = float(sval_) 2235 except (TypeError, ValueError) as exp: 2236 raise_parse_error(child_, 'requires float or double: %s' % exp) 2237 fval_ = self.gds_validate_float(fval_, node, 'Distance_Threshold') 2238 self.Distance_Threshold = fval_ 2239 elif nodeName_ == 'Number_of_Iterations': 2240 sval_ = child_.text 2241 try: 2242 ival_ = int(sval_) 2243 except (TypeError, ValueError) as exp: 2244 raise_parse_error(child_, 'requires integer: %s' % exp) 2245 if ival_ <= 0: 2246 raise_parse_error(child_, 'requires positiveInteger') 2247 ival_ = self.gds_validate_integer(ival_, node, 'Number_of_Iterations') 2248 self.Number_of_Iterations = ival_ 2249# end class ClusteringAlgorithmParametersType 2250 2251class NetworkInfrastructureType(GeneratedsSuper): 2252 """The NetworkInfrastructureType captures specific details about the 2253 network infrastructure used in the malware analysis environment.""" 2254 subclass = None 2255 superclass = None 2256 def __init__(self, Captured_Protocols=None): 2257 self.Captured_Protocols = Captured_Protocols 2258 def factory(*args_, **kwargs_): 2259 if NetworkInfrastructureType.subclass: 2260 return NetworkInfrastructureType.subclass(*args_, **kwargs_) 2261 else: 2262 return NetworkInfrastructureType(*args_, **kwargs_) 2263 factory = staticmethod(factory) 2264 def get_Captured_Protocols(self): return self.Captured_Protocols 2265 def set_Captured_Protocols(self, Captured_Protocols): self.Captured_Protocols = Captured_Protocols 2266 def hasContent_(self): 2267 if ( 2268 self.Captured_Protocols is not None 2269 ): 2270 return True 2271 else: 2272 return False 2273 def export(self, write, level, namespace_='maecPackage:', name_='NetworkInfrastructureType', namespacedef_='', pretty_print=True): 2274 if pretty_print: 2275 eol_ = '\n' 2276 else: 2277 eol_ = '' 2278 showIndent(write, level, pretty_print) 2279 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2280 already_processed = set() 2281 self.exportAttributes(write, level, already_processed, namespace_, name_='NetworkInfrastructureType') 2282 if self.hasContent_(): 2283 write('>%s' % (eol_, )) 2284 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2285 showIndent(write, level, pretty_print) 2286 write('</%s%s>%s' % (namespace_, name_, eol_)) 2287 else: 2288 write('/>%s' % (eol_, )) 2289 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='NetworkInfrastructureType'): 2290 pass 2291 def exportChildren(self, write, level, namespace_='maecPackage:', name_='NetworkInfrastructureType', fromsubclass_=False, pretty_print=True): 2292 if pretty_print: 2293 eol_ = '\n' 2294 else: 2295 eol_ = '' 2296 if self.Captured_Protocols is not None: 2297 self.Captured_Protocols.export(write, level, 'maecPackage:', name_='Captured_Protocols', pretty_print=pretty_print) 2298 def build(self, node): 2299 self.__sourcenode__ = node 2300 already_processed = set() 2301 self.buildAttributes(node, node.attrib, already_processed) 2302 for child in node: 2303 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2304 self.buildChildren(child, node, nodeName_) 2305 def buildAttributes(self, node, attrs, already_processed): 2306 pass 2307 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2308 if nodeName_ == 'Captured_Protocols': 2309 obj_ = CapturedProtocolListType.factory() 2310 obj_.build(child_) 2311 self.set_Captured_Protocols(obj_) 2312# end class NetworkInfrastructureType 2313 2314class ActionEquivalenceType(GeneratedsSuper): 2315 """The ActionEquivalenceType relates any Actions that are equivalent to 2316 each other, e.g., those that were found for the same Malware 2317 Subject when using different analysis tools. It can be used as a 2318 way of referencing equivalent actions as a single unit, such as 2319 for specifying the Action composition of a Behavior.The required 2320 id field specifies the ID for the Action Equivalence, and must 2321 be of the format specified by the ActionEquivalenceIDPattern 2322 type.""" 2323 subclass = None 2324 superclass = None 2325 def __init__(self, id=None, Action_Reference=None): 2326 self.id = _cast(None, id) 2327 if Action_Reference is None: 2328 self.Action_Reference = [] 2329 else: 2330 self.Action_Reference = Action_Reference 2331 def factory(*args_, **kwargs_): 2332 if ActionEquivalenceType.subclass: 2333 return ActionEquivalenceType.subclass(*args_, **kwargs_) 2334 else: 2335 return ActionEquivalenceType(*args_, **kwargs_) 2336 factory = staticmethod(factory) 2337 def get_Action_Reference(self): return self.Action_Reference 2338 def set_Action_Reference(self, Action_Reference): self.Action_Reference = Action_Reference 2339 def add_Action_Reference(self, value): self.Action_Reference.append(value) 2340 def insert_Action_Reference(self, index, value): self.Action_Reference[index] = value 2341 def get_id(self): return self.id 2342 def set_id(self, id): self.id = id 2343 def hasContent_(self): 2344 if ( 2345 self.Action_Reference 2346 ): 2347 return True 2348 else: 2349 return False 2350 def export(self, write, level, namespace_='maecPackage:', name_='ActionEquivalenceType', namespacedef_='', pretty_print=True): 2351 if pretty_print: 2352 eol_ = '\n' 2353 else: 2354 eol_ = '' 2355 showIndent(write, level, pretty_print) 2356 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2357 already_processed = set() 2358 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionEquivalenceType') 2359 if self.hasContent_(): 2360 write('>%s' % (eol_, )) 2361 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2362 showIndent(write, level, pretty_print) 2363 write('</%s%s>%s' % (namespace_, name_, eol_)) 2364 else: 2365 write('/>%s' % (eol_, )) 2366 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ActionEquivalenceType'): 2367 if self.id is not None and 'id' not in already_processed: 2368 already_processed.add('id') 2369 write(' id=%s' % (quote_attrib(self.id), )) 2370 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ActionEquivalenceType', fromsubclass_=False, pretty_print=True): 2371 if pretty_print: 2372 eol_ = '\n' 2373 else: 2374 eol_ = '' 2375 for Action_Reference_ in self.Action_Reference: 2376 Action_Reference_.export(write, level, 'maecPackage:', name_='Action_Reference', pretty_print=pretty_print) 2377 def build(self, node): 2378 self.__sourcenode__ = node 2379 already_processed = set() 2380 self.buildAttributes(node, node.attrib, already_processed) 2381 for child in node: 2382 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2383 self.buildChildren(child, node, nodeName_) 2384 def buildAttributes(self, node, attrs, already_processed): 2385 value = find_attr_value_('id', node) 2386 if value is not None and 'id' not in already_processed: 2387 already_processed.add('id') 2388 self.id = value 2389 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2390 if nodeName_ == 'Action_Reference': 2391 obj_ = cybox_core.ActionReferenceType.factory() 2392 obj_.build(child_) 2393 self.Action_Reference.append(obj_) 2394# end class ActionEquivalenceType 2395 2396class ActionEquivalenceListType(GeneratedsSuper): 2397 """The ActionEquivalenceListType captures a list of Action 2398 Equivalences.""" 2399 subclass = None 2400 superclass = None 2401 def __init__(self, Action_Equivalence=None): 2402 if Action_Equivalence is None: 2403 self.Action_Equivalence = [] 2404 else: 2405 self.Action_Equivalence = Action_Equivalence 2406 def factory(*args_, **kwargs_): 2407 if ActionEquivalenceListType.subclass: 2408 return ActionEquivalenceListType.subclass(*args_, **kwargs_) 2409 else: 2410 return ActionEquivalenceListType(*args_, **kwargs_) 2411 factory = staticmethod(factory) 2412 def get_Action_Equivalence(self): return self.Action_Equivalence 2413 def set_Action_Equivalence(self, Action_Equivalence): self.Action_Equivalence = Action_Equivalence 2414 def add_Action_Equivalence(self, value): self.Action_Equivalence.append(value) 2415 def insert_Action_Equivalence(self, index, value): self.Action_Equivalence[index] = value 2416 def hasContent_(self): 2417 if ( 2418 self.Action_Equivalence 2419 ): 2420 return True 2421 else: 2422 return False 2423 def export(self, write, level, namespace_='maecPackage:', name_='ActionEquivalenceListType', namespacedef_='', pretty_print=True): 2424 if pretty_print: 2425 eol_ = '\n' 2426 else: 2427 eol_ = '' 2428 showIndent(write, level, pretty_print) 2429 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2430 already_processed = set() 2431 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionEquivalenceListType') 2432 if self.hasContent_(): 2433 write('>%s' % (eol_, )) 2434 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2435 showIndent(write, level, pretty_print) 2436 write('</%s%s>%s' % (namespace_, name_, eol_)) 2437 else: 2438 write('/>%s' % (eol_, )) 2439 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ActionEquivalenceListType'): 2440 pass 2441 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ActionEquivalenceListType', fromsubclass_=False, pretty_print=True): 2442 if pretty_print: 2443 eol_ = '\n' 2444 else: 2445 eol_ = '' 2446 for Action_Equivalence_ in self.Action_Equivalence: 2447 Action_Equivalence_.export(write, level, 'maecPackage:', name_='Action_Equivalence', pretty_print=pretty_print) 2448 def build(self, node): 2449 self.__sourcenode__ = node 2450 already_processed = set() 2451 self.buildAttributes(node, node.attrib, already_processed) 2452 for child in node: 2453 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2454 self.buildChildren(child, node, nodeName_) 2455 def buildAttributes(self, node, attrs, already_processed): 2456 pass 2457 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2458 if nodeName_ == 'Action_Equivalence': 2459 obj_ = ActionEquivalenceType.factory() 2460 obj_.build(child_) 2461 self.Action_Equivalence.append(obj_) 2462# end class ActionEquivalenceListType 2463 2464class CapturedProtocolListType(GeneratedsSuper): 2465 """The CapturedProtocolListType specifies a list of network protocols 2466 that a malware analysis environment may capture or interact 2467 with.""" 2468 subclass = None 2469 superclass = None 2470 def __init__(self, Protocol=None): 2471 if Protocol is None: 2472 self.Protocol = [] 2473 else: 2474 self.Protocol = Protocol 2475 def factory(*args_, **kwargs_): 2476 if CapturedProtocolListType.subclass: 2477 return CapturedProtocolListType.subclass(*args_, **kwargs_) 2478 else: 2479 return CapturedProtocolListType(*args_, **kwargs_) 2480 factory = staticmethod(factory) 2481 def get_Protocol(self): return self.Protocol 2482 def set_Protocol(self, Protocol): self.Protocol = Protocol 2483 def add_Protocol(self, value): self.Protocol.append(value) 2484 def insert_Protocol(self, index, value): self.Protocol[index] = value 2485 def hasContent_(self): 2486 if ( 2487 self.Protocol 2488 ): 2489 return True 2490 else: 2491 return False 2492 def export(self, write, level, namespace_='maecPackage:', name_='CapturedProtocolListType', namespacedef_='', pretty_print=True): 2493 if pretty_print: 2494 eol_ = '\n' 2495 else: 2496 eol_ = '' 2497 showIndent(write, level, pretty_print) 2498 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2499 already_processed = set() 2500 self.exportAttributes(write, level, already_processed, namespace_, name_='CapturedProtocolListType') 2501 if self.hasContent_(): 2502 write('>%s' % (eol_, )) 2503 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2504 showIndent(write, level, pretty_print) 2505 write('</%s%s>%s' % (namespace_, name_, eol_)) 2506 else: 2507 write('/>%s' % (eol_, )) 2508 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='CapturedProtocolListType'): 2509 pass 2510 def exportChildren(self, write, level, namespace_='maecPackage:', name_='CapturedProtocolListType', fromsubclass_=False, pretty_print=True): 2511 if pretty_print: 2512 eol_ = '\n' 2513 else: 2514 eol_ = '' 2515 for Protocol_ in self.Protocol: 2516 Protocol_.export(write, level, 'maecPackage:', name_='Protocol', pretty_print=pretty_print) 2517 def build(self, node): 2518 self.__sourcenode__ = node 2519 already_processed = set() 2520 self.buildAttributes(node, node.attrib, already_processed) 2521 for child in node: 2522 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2523 self.buildChildren(child, node, nodeName_) 2524 def buildAttributes(self, node, attrs, already_processed): 2525 pass 2526 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2527 if nodeName_ == 'Protocol': 2528 obj_ = CapturedProtocolType.factory() 2529 obj_.build(child_) 2530 self.Protocol.append(obj_) 2531# end class CapturedProtocolListType 2532 2533class CapturedProtocolType(GeneratedsSuper): 2534 """The CapturedProtocolType specifies the details of a network protocol 2535 that may be captured or otherwise manipulated in the malware 2536 analysis environment.The layer7_protocol field specifies the 2537 name of the Layer 7 network protocol (OSI model) captured or 2538 manipulated by the analysis environment.The layer4_protocol 2539 field specifies the name of the Layer 4 network protocol (OSI 2540 model) captured or manipulated by the analysis environment.The 2541 port_number field specifies the port number for this network 2542 protocol that is captured or manipulated by the analysis 2543 environment.The interaction_level field specifies the relative 2544 level of interaction that the analysis environment has with the 2545 specified network protocol.""" 2546 subclass = None 2547 superclass = None 2548 def __init__(self, layer7_protocol=None, port_number=None, interaction_level=None, layer4_protocol=None): 2549 self.layer7_protocol = _cast(None, layer7_protocol) 2550 self.port_number = _cast(int, port_number) 2551 self.interaction_level = _cast(None, interaction_level) 2552 self.layer4_protocol = _cast(None, layer4_protocol) 2553 pass 2554 def factory(*args_, **kwargs_): 2555 if CapturedProtocolType.subclass: 2556 return CapturedProtocolType.subclass(*args_, **kwargs_) 2557 else: 2558 return CapturedProtocolType(*args_, **kwargs_) 2559 factory = staticmethod(factory) 2560 def get_layer7_protocol(self): return self.layer7_protocol 2561 def set_layer7_protocol(self, layer7_protocol): self.layer7_protocol = layer7_protocol 2562 def get_port_number(self): return self.port_number 2563 def set_port_number(self, port_number): self.port_number = port_number 2564 def get_interaction_level(self): return self.interaction_level 2565 def set_interaction_level(self, interaction_level): self.interaction_level = interaction_level 2566 def get_layer4_protocol(self): return self.layer4_protocol 2567 def set_layer4_protocol(self, layer4_protocol): self.layer4_protocol = layer4_protocol 2568 def hasContent_(self): 2569 if ( 2570 2571 ): 2572 return True 2573 else: 2574 return False 2575 def export(self, write, level, namespace_='maecPackage:', name_='CapturedProtocolType', namespacedef_='', pretty_print=True): 2576 if pretty_print: 2577 eol_ = '\n' 2578 else: 2579 eol_ = '' 2580 showIndent(write, level, pretty_print) 2581 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2582 already_processed = set() 2583 self.exportAttributes(write, level, already_processed, namespace_, name_='CapturedProtocolType') 2584 if self.hasContent_(): 2585 write('>%s' % (eol_, )) 2586 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2587 write('</%s%s>%s' % (namespace_, name_, eol_)) 2588 else: 2589 write('/>%s' % (eol_, )) 2590 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='CapturedProtocolType'): 2591 if self.layer7_protocol is not None and 'layer7_protocol' not in already_processed: 2592 already_processed.add('layer7_protocol') 2593 write(' layer7_protocol=%s' % (quote_attrib(self.layer7_protocol), )) 2594 if self.port_number is not None and 'port_number' not in already_processed: 2595 already_processed.add('port_number') 2596 write(' port_number="%s"' % self.gds_format_integer(self.port_number, input_name='port_number')) 2597 if self.interaction_level is not None and 'interaction_level' not in already_processed: 2598 already_processed.add('interaction_level') 2599 write(' interaction_level=%s' % (quote_attrib(self.interaction_level), )) 2600 if self.layer4_protocol is not None and 'layer4_protocol' not in already_processed: 2601 already_processed.add('layer4_protocol') 2602 write(' layer4_protocol=%s' % (quote_attrib(self.layer4_protocol), )) 2603 def exportChildren(self, write, level, namespace_='maecPackage:', name_='CapturedProtocolType', fromsubclass_=False, pretty_print=True): 2604 pass 2605 def build(self, node): 2606 self.__sourcenode__ = node 2607 already_processed = set() 2608 self.buildAttributes(node, node.attrib, already_processed) 2609 for child in node: 2610 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2611 self.buildChildren(child, node, nodeName_) 2612 def buildAttributes(self, node, attrs, already_processed): 2613 value = find_attr_value_('layer7_protocol', node) 2614 if value is not None and 'layer7_protocol' not in already_processed: 2615 already_processed.add('layer7_protocol') 2616 self.layer7_protocol = value 2617 value = find_attr_value_('port_number', node) 2618 if value is not None and 'port_number' not in already_processed: 2619 already_processed.add('port_number') 2620 try: 2621 self.port_number = int(value) 2622 except ValueError as exp: 2623 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 2624 if self.port_number <= 0: 2625 raise_parse_error(node, 'Invalid PositiveInteger') 2626 value = find_attr_value_('interaction_level', node) 2627 if value is not None and 'interaction_level' not in already_processed: 2628 already_processed.add('interaction_level') 2629 self.interaction_level = value 2630 value = find_attr_value_('layer4_protocol', node) 2631 if value is not None and 'layer4_protocol' not in already_processed: 2632 already_processed.add('layer4_protocol') 2633 self.layer4_protocol = value 2634 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2635 pass 2636# end class CapturedProtocolType 2637 2638class ObjectEquivalenceListType(GeneratedsSuper): 2639 """The ObjectEquivalenceListType captures a list of Object 2640 Equivalences.""" 2641 subclass = None 2642 superclass = None 2643 def __init__(self, Object_Equivalence=None): 2644 if Object_Equivalence is None: 2645 self.Object_Equivalence = [] 2646 else: 2647 self.Object_Equivalence = Object_Equivalence 2648 def factory(*args_, **kwargs_): 2649 if ObjectEquivalenceListType.subclass: 2650 return ObjectEquivalenceListType.subclass(*args_, **kwargs_) 2651 else: 2652 return ObjectEquivalenceListType(*args_, **kwargs_) 2653 factory = staticmethod(factory) 2654 def get_Object_Equivalence(self): return self.Object_Equivalence 2655 def set_Object_Equivalence(self, Object_Equivalence): self.Object_Equivalence = Object_Equivalence 2656 def add_Object_Equivalence(self, value): self.Object_Equivalence.append(value) 2657 def insert_Object_Equivalence(self, index, value): self.Object_Equivalence[index] = value 2658 def hasContent_(self): 2659 if ( 2660 self.Object_Equivalence 2661 ): 2662 return True 2663 else: 2664 return False 2665 def export(self, write, level, namespace_='maecPackage:', name_='ObjectEquivalenceListType', namespacedef_='', pretty_print=True): 2666 if pretty_print: 2667 eol_ = '\n' 2668 else: 2669 eol_ = '' 2670 showIndent(write, level, pretty_print) 2671 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2672 already_processed = set() 2673 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectEquivalenceListType') 2674 if self.hasContent_(): 2675 write('>%s' % (eol_, )) 2676 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2677 showIndent(write, level, pretty_print) 2678 write('</%s%s>%s' % (namespace_, name_, eol_)) 2679 else: 2680 write('/>%s' % (eol_, )) 2681 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ObjectEquivalenceListType'): 2682 pass 2683 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ObjectEquivalenceListType', fromsubclass_=False, pretty_print=True): 2684 if pretty_print: 2685 eol_ = '\n' 2686 else: 2687 eol_ = '' 2688 for Object_Equivalence_ in self.Object_Equivalence: 2689 Object_Equivalence_.export(write, level, 'maecPackage:', name_='Object_Equivalence', pretty_print=pretty_print) 2690 def build(self, node): 2691 self.__sourcenode__ = node 2692 already_processed = set() 2693 self.buildAttributes(node, node.attrib, already_processed) 2694 for child in node: 2695 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2696 self.buildChildren(child, node, nodeName_) 2697 def buildAttributes(self, node, attrs, already_processed): 2698 pass 2699 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2700 if nodeName_ == 'Object_Equivalence': 2701 obj_ = ObjectEquivalenceType.factory() 2702 obj_.build(child_) 2703 self.Object_Equivalence.append(obj_) 2704# end class ObjectEquivalenceListType 2705 2706class ObjectEquivalenceType(maec_bundle_schema.ObjectReferenceListType): 2707 """The ObjectEquivalenceType relates the Objects that are equivalent to 2708 each other, e.g., those that were found for the same Malware 2709 Subject when using different analysis tools.The required id 2710 field specifies the ID for the Object Equivalence, and must be 2711 of the format specified by the ObjectEquivalenceIDPattern type.""" 2712 subclass = None 2713 superclass = maec_bundle_schema.ObjectReferenceListType 2714 def __init__(self, Object_Reference=None, id=None): 2715 super(ObjectEquivalenceType, self).__init__(Object_Reference, ) 2716 self.id = _cast(None, id) 2717 pass 2718 def factory(*args_, **kwargs_): 2719 if ObjectEquivalenceType.subclass: 2720 return ObjectEquivalenceType.subclass(*args_, **kwargs_) 2721 else: 2722 return ObjectEquivalenceType(*args_, **kwargs_) 2723 factory = staticmethod(factory) 2724 def get_id(self): return self.id 2725 def set_id(self, id): self.id = id 2726 def hasContent_(self): 2727 if ( 2728 super(ObjectEquivalenceType, self).hasContent_() 2729 ): 2730 return True 2731 else: 2732 return False 2733 def export(self, write, level, namespace_='maecPackage:', name_='ObjectEquivalenceType', namespacedef_='', pretty_print=True): 2734 if pretty_print: 2735 eol_ = '\n' 2736 else: 2737 eol_ = '' 2738 showIndent(write, level, pretty_print) 2739 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2740 already_processed = set() 2741 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectEquivalenceType') 2742 if self.hasContent_(): 2743 write('>%s' % (eol_, )) 2744 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2745 showIndent(write, level, pretty_print) 2746 write('</%s%s>%s' % (namespace_, name_, eol_)) 2747 else: 2748 write('/>%s' % (eol_, )) 2749 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='ObjectEquivalenceType'): 2750 super(ObjectEquivalenceType, self).exportAttributes(write, level, already_processed, namespace_, name_='ObjectEquivalenceType') 2751 if self.id is not None and 'id' not in already_processed: 2752 already_processed.add('id') 2753 write(' id=%s' % (quote_attrib(self.id), )) 2754 def exportChildren(self, write, level, namespace_='maecPackage:', name_='ObjectEquivalenceType', fromsubclass_=False, pretty_print=True): 2755 super(ObjectEquivalenceType, self).exportChildren(write, level, 'maecPackage:', name_, True, pretty_print=pretty_print) 2756 def build(self, node): 2757 self.__sourcenode__ = node 2758 already_processed = set() 2759 self.buildAttributes(node, node.attrib, already_processed) 2760 for child in node: 2761 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2762 self.buildChildren(child, node, nodeName_) 2763 def buildAttributes(self, node, attrs, already_processed): 2764 value = find_attr_value_('id', node) 2765 if value is not None and 'id' not in already_processed: 2766 already_processed.add('id') 2767 self.id = value 2768 super(ObjectEquivalenceType, self).buildAttributes(node, attrs, already_processed) 2769 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2770 super(ObjectEquivalenceType, self).buildChildren(child_, node, nodeName_, True) 2771 pass 2772# end class ObjectEquivalenceType 2773 2774class HypervisorHostSystemType(system_object.SystemObjectType): 2775 """The HypervisorHostSystemType characterizes the VM Hypervisor host 2776 system used in the malware analysis environment.""" 2777 subclass = None 2778 superclass = system_object.SystemObjectType 2779 def __init__(self, object_reference=None, Custom_Properties=None, Available_Physical_Memory=None, BIOS_Info=None, Date=None, Hostname=None, Local_Time=None, Network_Interface_List=None, OS=None, Processor=None, Processor_Architecture=None, System_Time=None, Timezone_DST=None, Timezone_Standard=None, Total_Physical_Memory=None, Uptime=None, Username=None, VM_Hypervisor=None): 2780 super(HypervisorHostSystemType, self).__init__(object_reference, Custom_Properties, Available_Physical_Memory, BIOS_Info, Date, Hostname, Local_Time, Network_Interface_List, OS, Processor, Processor_Architecture, System_Time, Timezone_DST, Timezone_Standard, Total_Physical_Memory, Uptime, Username, ) 2781 self.VM_Hypervisor = VM_Hypervisor 2782 def factory(*args_, **kwargs_): 2783 if HypervisorHostSystemType.subclass: 2784 return HypervisorHostSystemType.subclass(*args_, **kwargs_) 2785 else: 2786 return HypervisorHostSystemType(*args_, **kwargs_) 2787 factory = staticmethod(factory) 2788 def get_VM_Hypervisor(self): return self.VM_Hypervisor 2789 def set_VM_Hypervisor(self, VM_Hypervisor): self.VM_Hypervisor = VM_Hypervisor 2790 def hasContent_(self): 2791 if ( 2792 self.VM_Hypervisor is not None or 2793 super(HypervisorHostSystemType, self).hasContent_() 2794 ): 2795 return True 2796 else: 2797 return False 2798 def export(self, write, level, namespace_='maecPackage:', name_='HypervisorHostSystemType', namespacedef_='', pretty_print=True): 2799 if pretty_print: 2800 eol_ = '\n' 2801 else: 2802 eol_ = '' 2803 showIndent(write, level, pretty_print) 2804 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2805 already_processed = set() 2806 self.exportAttributes(write, level, already_processed, namespace_, name_='HypervisorHostSystemType') 2807 if self.hasContent_(): 2808 write('>%s' % (eol_, )) 2809 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2810 showIndent(write, level, pretty_print) 2811 write('</%s%s>%s' % (namespace_, name_, eol_)) 2812 else: 2813 write('/>%s' % (eol_, )) 2814 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='HypervisorHostSystemType'): 2815 super(HypervisorHostSystemType, self).exportAttributes(write, level, already_processed, namespace_, name_='HypervisorHostSystemType') 2816 def exportChildren(self, write, level, namespace_='maecPackage:', name_='HypervisorHostSystemType', fromsubclass_=False, pretty_print=True): 2817 super(HypervisorHostSystemType, self).exportChildren(write, level, 'maecPackage:', name_, True, pretty_print=pretty_print) 2818 if pretty_print: 2819 eol_ = '\n' 2820 else: 2821 eol_ = '' 2822 if self.VM_Hypervisor is not None: 2823 self.VM_Hypervisor.export(write, level, 'maecPackage:', name_='VM_Hypervisor', pretty_print=pretty_print) 2824 def build(self, node): 2825 self.__sourcenode__ = node 2826 already_processed = set() 2827 self.buildAttributes(node, node.attrib, already_processed) 2828 for child in node: 2829 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2830 self.buildChildren(child, node, nodeName_) 2831 def buildAttributes(self, node, attrs, already_processed): 2832 super(HypervisorHostSystemType, self).buildAttributes(node, attrs, already_processed) 2833 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2834 if nodeName_ == 'VM_Hypervisor': 2835 obj_ = cybox_common.PlatformSpecificationType.factory() 2836 obj_.build(child_) 2837 self.set_VM_Hypervisor(obj_) 2838 super(HypervisorHostSystemType, self).buildChildren(child_, node, nodeName_, True) 2839# end class HypervisorHostSystemType 2840 2841class AnalysisSystemType(system_object.SystemObjectType): 2842 """The AnalysisSystemType is intended to characterize any systems on 2843 which malware analysis is performed. It imports and extends 2844 version 1.3 of the CybOX System Object.""" 2845 subclass = None 2846 superclass = system_object.SystemObjectType 2847 def __init__(self, object_reference=None, Custom_Properties=None, Available_Physical_Memory=None, BIOS_Info=None, Date=None, Hostname=None, Local_Time=None, Network_Interface_List=None, OS=None, Processor=None, Processor_Architecture=None, System_Time=None, Timezone_DST=None, Timezone_Standard=None, Total_Physical_Memory=None, Uptime=None, Username=None, Installed_Programs=None): 2848 super(AnalysisSystemType, self).__init__(object_reference, Custom_Properties, Available_Physical_Memory, BIOS_Info, Date, Hostname, Local_Time, Network_Interface_List, OS, Processor, Processor_Architecture, System_Time, Timezone_DST, Timezone_Standard, Total_Physical_Memory, Uptime, Username, ) 2849 self.Installed_Programs = Installed_Programs 2850 def factory(*args_, **kwargs_): 2851 if AnalysisSystemType.subclass: 2852 return AnalysisSystemType.subclass(*args_, **kwargs_) 2853 else: 2854 return AnalysisSystemType(*args_, **kwargs_) 2855 factory = staticmethod(factory) 2856 def get_Installed_Programs(self): return self.Installed_Programs 2857 def set_Installed_Programs(self, Installed_Programs): self.Installed_Programs = Installed_Programs 2858 def hasContent_(self): 2859 if ( 2860 self.Installed_Programs is not None or 2861 super(AnalysisSystemType, self).hasContent_() 2862 ): 2863 return True 2864 else: 2865 return False 2866 def export(self, write, level, namespace_='maecPackage:', name_='AnalysisSystemType', namespacedef_='', pretty_print=True): 2867 if pretty_print: 2868 eol_ = '\n' 2869 else: 2870 eol_ = '' 2871 showIndent(write, level, pretty_print) 2872 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2873 already_processed = set() 2874 self.exportAttributes(write, level, already_processed, namespace_, name_='AnalysisSystemType') 2875 if self.hasContent_(): 2876 write('>%s' % (eol_, )) 2877 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2878 showIndent(write, level, pretty_print) 2879 write('</%s%s>%s' % (namespace_, name_, eol_)) 2880 else: 2881 write('/>%s' % (eol_, )) 2882 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='AnalysisSystemType'): 2883 super(AnalysisSystemType, self).exportAttributes(write, level, already_processed, namespace_, name_='AnalysisSystemType') 2884 def exportChildren(self, write, level, namespace_='maecPackage:', name_='AnalysisSystemType', fromsubclass_=False, pretty_print=True): 2885 super(AnalysisSystemType, self).exportChildren(write, level, 'maecPackage:', name_, True, pretty_print=pretty_print) 2886 if pretty_print: 2887 eol_ = '\n' 2888 else: 2889 eol_ = '' 2890 if self.Installed_Programs is not None: 2891 self.Installed_Programs.export(write, level, 'maecPackage:', name_='Installed_Programs', pretty_print=pretty_print) 2892 def build(self, node): 2893 self.__sourcenode__ = node 2894 already_processed = set() 2895 self.buildAttributes(node, node.attrib, already_processed) 2896 for child in node: 2897 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2898 self.buildChildren(child, node, nodeName_) 2899 def buildAttributes(self, node, attrs, already_processed): 2900 super(AnalysisSystemType, self).buildAttributes(node, attrs, already_processed) 2901 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2902 if nodeName_ == 'Installed_Programs': 2903 obj_ = InstalledProgramsType.factory() 2904 obj_.build(child_) 2905 self.set_Installed_Programs(obj_) 2906 super(AnalysisSystemType, self).buildChildren(child_, node, nodeName_, True) 2907# end class AnalysisSystemType 2908 2909class CommentType(cybox_common.StructuredTextType): 2910 """The CommentType captures a comment relating to some MAEC entity.The 2911 author field specifies the name of the author that added the 2912 comment.The timestamp field specifies the date/time that the 2913 comment was added.""" 2914 subclass = None 2915 superclass = cybox_common.StructuredTextType 2916 def __init__(self, structuring_format=None, timestamp=None, author=None, observation_name=None, valueOf_=None): 2917 super(CommentType, self).__init__(structuring_format, valueOf_, ) 2918 self.timestamp = _cast(None, timestamp) 2919 self.author = _cast(None, author) 2920 self.observation_name = observation_name 2921 self.valueOf_ = valueOf_ 2922 def factory(*args_, **kwargs_): 2923 if CommentType.subclass: 2924 return CommentType.subclass(*args_, **kwargs_) 2925 else: 2926 return CommentType(*args_, **kwargs_) 2927 factory = staticmethod(factory) 2928 def get_timestamp(self): return self.timestamp 2929 def set_timestamp(self, timestamp): self.timestamp = timestamp 2930 def get_author(self): return self.author 2931 def set_author(self, author): self.author = author 2932 def get_observation_name(self): return self.observation_name 2933 def set_observation_name(self, observation_name): self.observation_name = observation_name 2934 def get_valueOf_(self): return self.valueOf_ 2935 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 2936 def hasContent_(self): 2937 if ( 2938 self.valueOf_ or 2939 super(CommentType, self).hasContent_() 2940 ): 2941 return True 2942 else: 2943 return False 2944 def export(self, write, level, namespace_='maecPackage:', name_='CommentType', namespacedef_='', pretty_print=True): 2945 if pretty_print: 2946 eol_ = '\n' 2947 else: 2948 eol_ = '' 2949 showIndent(write, level, pretty_print) 2950 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2951 already_processed = set() 2952 self.exportAttributes(write, level, already_processed, namespace_, name_='CommentType') 2953 if self.hasContent_(): 2954 write('>') 2955 write(quote_xml(self.valueOf_)) 2956 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2957 write('</%s%s>%s' % (namespace_, name_, eol_)) 2958 else: 2959 write('/>%s' % (eol_, )) 2960 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='CommentType'): 2961 super(CommentType, self).exportAttributes(write, level, already_processed, namespace_, name_='CommentType') 2962 if self.timestamp is not None and 'timestamp' not in already_processed: 2963 already_processed.add('timestamp') 2964 write(' timestamp="%s"' % self.gds_format_datetime(self.timestamp, input_name='timestamp')) 2965 if self.author is not None and 'author' not in already_processed: 2966 already_processed.add('author') 2967 write(' author=%s' % (quote_attrib(self.author))) 2968 if self.observation_name is not None and 'observation_name' not in already_processed: 2969 already_processed.add('observation_name') 2970 write(' observation_name=%s' % (quote_attrib(self.observation_name))) 2971 def exportChildren(self, write, level, namespace_='maecPackage:', name_='CommentType', fromsubclass_=False, pretty_print=True): 2972 super(CommentType, self).exportChildren(write, level, 'maecPackage:', name_, True, pretty_print=pretty_print) 2973 pass 2974 def build(self, node): 2975 self.__sourcenode__ = node 2976 already_processed = set() 2977 self.buildAttributes(node, node.attrib, already_processed) 2978 self.valueOf_ = get_all_text_(node) 2979 for child in node: 2980 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2981 self.buildChildren(child, node, nodeName_) 2982 def buildAttributes(self, node, attrs, already_processed): 2983 value = find_attr_value_('timestamp', node) 2984 if value is not None and 'timestamp' not in already_processed: 2985 already_processed.add('timestamp') 2986 try: 2987 self.timestamp = value 2988 except ValueError as exp: 2989 raise ValueError('Bad date-time attribute (timestamp): %s' % exp) 2990 value = find_attr_value_('author', node) 2991 if value is not None and 'author' not in already_processed: 2992 already_processed.add('author') 2993 self.author = value 2994 super(CommentType, self).buildAttributes(node, attrs, already_processed) 2995 value = find_attr_value_('observation_name', node) 2996 if value is not None and 'observation_name' not in already_processed: 2997 already_processed.add('observation_name') 2998 self.observation_name = value 2999 super(CommentType, self).buildAttributes(node, attrs, already_processed) 3000 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3001 pass 3002# end class CommentType 3003 3004class MalwareExceptionType(cybox_common.ErrorType): 3005 """The MalwareExceptionType captures details of exceptions that may be 3006 raised as a result of a malware instance executing on a 3007 system.The is_fatal field specifies whether the exception is 3008 fatal; that is, whether it caused the malware instance to 3009 terminate.""" 3010 subclass = None 3011 superclass = cybox_common.ErrorType 3012 def __init__(self, is_fatal=None, Error_Type=None, Error_Count=None, Error_Instances=None, Exception_Code=None, Faulting_Address=None, Description=None): 3013 super(MalwareExceptionType, self).__init__(Error_Type=None, Error_Count=None, Error_Instances=None) 3014 self.is_fatal = _cast(bool, is_fatal) 3015 self.Exception_Code = Exception_Code 3016 self.Faulting_Address = Faulting_Address 3017 self.Description = Description 3018 def factory(*args_, **kwargs_): 3019 if MalwareExceptionType.subclass: 3020 return MalwareExceptionType.subclass(*args_, **kwargs_) 3021 else: 3022 return MalwareExceptionType(*args_, **kwargs_) 3023 factory = staticmethod(factory) 3024 def get_Exception_Code(self): return self.Exception_Code 3025 def set_Exception_Code(self, Exception_Code): self.Exception_Code = Exception_Code 3026 def get_Faulting_Address(self): return self.Faulting_Address 3027 def set_Faulting_Address(self, Faulting_Address): self.Faulting_Address = Faulting_Address 3028 def get_Description(self): return self.Description 3029 def set_Description(self, Description): self.Description = Description 3030 def get_is_fatal(self): return self.is_fatal 3031 def set_is_fatal(self, is_fatal): self.is_fatal = is_fatal 3032 def hasContent_(self): 3033 if ( 3034 self.Exception_Code is not None or 3035 self.Faulting_Address is not None or 3036 self.Description is not None 3037 ): 3038 return True 3039 else: 3040 return False 3041 def export(self, write, level, namespace_='maecPackage:', name_='MalwareExceptionType', namespacedef_='', pretty_print=True): 3042 if pretty_print: 3043 eol_ = '\n' 3044 else: 3045 eol_ = '' 3046 showIndent(write, level, pretty_print) 3047 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3048 already_processed = set() 3049 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareExceptionType') 3050 if self.hasContent_(): 3051 write('>%s' % (eol_, )) 3052 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3053 showIndent(write, level, pretty_print) 3054 write('</%s%s>%s' % (namespace_, name_, eol_)) 3055 else: 3056 write('/>%s' % (eol_, )) 3057 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareExceptionType'): 3058 super(MalwareExceptionType, self).exportAttributes(write, level, already_processed, namespace_, name_='MalwareExceptionType') 3059 if self.is_fatal is not None and 'is_fatal' not in already_processed: 3060 already_processed.add('is_fatal') 3061 write(' is_fatal="%s"' % self.gds_format_boolean(self.is_fatal, input_name='is_fatal')) 3062 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareExceptionType', fromsubclass_=False, pretty_print=True): 3063 super(MalwareExceptionType, self).exportChildren(write, level, namespace_, name_, True, pretty_print=pretty_print) 3064 if pretty_print: 3065 eol_ = '\n' 3066 else: 3067 eol_ = '' 3068 if self.Exception_Code is not None: 3069 showIndent(write, level, pretty_print) 3070 write('<%sException_Code>%s</%sException_Code>%s' % (namespace_, quote_xml(self.Exception_Code), namespace_, eol_)) 3071 if self.Faulting_Address is not None: 3072 showIndent(write, level, pretty_print) 3073 write('<%sFaulting_Address>%s</%sFaulting_Address>%s' % (namespace_, quote_xml(self.Faulting_Address), namespace_, eol_)) 3074 if self.Description is not None: 3075 showIndent(write, level, pretty_print) 3076 write('<%sDescription>%s</%sDescription>%s' % (namespace_, self.gds_format_integer(self.Description, input_name='Description'), namespace_, eol_)) 3077 def build(self, node): 3078 self.__sourcenode__ = node 3079 already_processed = set() 3080 self.buildAttributes(node, node.attrib, already_processed) 3081 for child in node: 3082 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3083 self.buildChildren(child, node, nodeName_) 3084 def buildAttributes(self, node, attrs, already_processed): 3085 value = find_attr_value_('is_fatal', node) 3086 if value is not None and 'is_fatal' not in already_processed: 3087 already_processed.add('is_fatal') 3088 if value in ('true', '1'): 3089 self.is_fatal = True 3090 elif value in ('false', '0'): 3091 self.is_fatal = False 3092 else: 3093 raise_parse_error(node, 'Bad boolean attribute') 3094 super(MalwareExceptionType, self).buildAttributes(node, attrs, already_processed) 3095 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3096 if nodeName_ == 'Exception_Code': 3097 Exception_Code_ = child_.text 3098 Exception_Code_ = self.gds_validate_string(Exception_Code_, node, 'Exception_Code') 3099 self.Exception_Code = Exception_Code_ 3100 elif nodeName_ == 'Faulting_Address': 3101 Faulting_Address_ = child_.text 3102 Faulting_Address_ = self.gds_validate_string(Faulting_Address_, node, 'Faulting_Address') 3103 self.Faulting_Address = Faulting_Address_ 3104 elif nodeName_ == 'Description': 3105 sval_ = child_.text 3106 try: 3107 ival_ = int(sval_) 3108 except (TypeError, ValueError) as exp: 3109 raise_parse_error(child_, 'requires integer: %s' % exp) 3110 ival_ = self.gds_validate_integer(ival_, node, 'Description') 3111 self.Description = ival_ 3112 super(MalwareExceptionType, self).buildChildren(child_, node, nodeName_, True) 3113# end class MalwareExceptionType 3114 3115class MalwareDevelopmentEnvironmentType(GeneratedsSuper): 3116 """The MalwareDevelopmentEnvironmentType captures details of the 3117 development environment used in developing the malware instance, 3118 such as information on any tools that were used.""" 3119 subclass = None 3120 superclass = None 3121 def __init__(self, Tools=None, Debugging_File=None): 3122 self.Tools = Tools 3123 if Debugging_File is None: 3124 self.Debugging_File = [] 3125 else: 3126 self.Debugging_File = Debugging_File 3127 def factory(*args_, **kwargs_): 3128 if MalwareDevelopmentEnvironmentType.subclass: 3129 return MalwareDevelopmentEnvironmentType.subclass(*args_, **kwargs_) 3130 else: 3131 return MalwareDevelopmentEnvironmentType(*args_, **kwargs_) 3132 factory = staticmethod(factory) 3133 def get_Tools(self): return self.Tools 3134 def set_Tools(self, Tools): self.Tools = Tools 3135 def get_Debugging_File(self): return self.Debugging_File 3136 def set_Debugging_File(self, Debugging_File): self.Debugging_File = Debugging_File 3137 def add_Debugging_File(self, value): self.Debugging_File.append(value) 3138 def insert_Debugging_File(self, index, value): self.Debugging_File[index] = value 3139 def hasContent_(self): 3140 if ( 3141 self.Tools is not None or 3142 self.Debugging_File 3143 ): 3144 return True 3145 else: 3146 return False 3147 def export(self, write, level, namespace_='maecPackage:', name_='MalwareDevelopmentEnvironmentType', namespacedef_='', pretty_print=True): 3148 if pretty_print: 3149 eol_ = '\n' 3150 else: 3151 eol_ = '' 3152 showIndent(write, level, pretty_print) 3153 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3154 already_processed = set() 3155 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareDevelopmentEnvironmentType') 3156 if self.hasContent_(): 3157 write('>%s' % (eol_, )) 3158 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3159 showIndent(write, level, pretty_print) 3160 write('</%s%s>%s' % (namespace_, name_, eol_)) 3161 else: 3162 write('/>%s' % (eol_, )) 3163 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareDevelopmentEnvironmentType'): 3164 pass 3165 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareDevelopmentEnvironmentType', fromsubclass_=False, pretty_print=True): 3166 if pretty_print: 3167 eol_ = '\n' 3168 else: 3169 eol_ = '' 3170 if self.Tools is not None: 3171 self.Tools.export(write, level, namespace_, name_='Tools', pretty_print=pretty_print) 3172 for Debugging_File_ in self.Debugging_File: 3173 Debugging_File_.export(write, level, namespace_, name_='Debugging_File', pretty_print=pretty_print) 3174 def build(self, node): 3175 self.__sourcenode__ = node 3176 already_processed = set() 3177 self.buildAttributes(node, node.attrib, already_processed) 3178 for child in node: 3179 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3180 self.buildChildren(child, node, nodeName_) 3181 def buildAttributes(self, node, attrs, already_processed): 3182 pass 3183 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3184 if nodeName_ == 'Tools': 3185 obj_ = cybox_common.ToolsInformationType.factory() 3186 obj_.build(child_) 3187 self.set_Tools(obj_) 3188 elif nodeName_ == 'Debugging_File': 3189 obj_ = file_object.FileObjectType.factory() 3190 obj_.build(child_) 3191 self.Debugging_File.append(obj_) 3192# end class MalwareDevelopmentEnvironmentType 3193 3194class MalwareConfigurationParameterType(GeneratedsSuper): 3195 """The MalwareConfigurationParameterType captures a single 3196 configuration parameter that may be defined for a malware 3197 instance, as a name/value pair.""" 3198 subclass = None 3199 superclass = None 3200 def __init__(self, Name=None, Value=None): 3201 self.Name = Name 3202 self.Value = Value 3203 def factory(*args_, **kwargs_): 3204 if MalwareConfigurationParameterType.subclass: 3205 return MalwareConfigurationParameterType.subclass(*args_, **kwargs_) 3206 else: 3207 return MalwareConfigurationParameterType(*args_, **kwargs_) 3208 factory = staticmethod(factory) 3209 def get_Name(self): return self.Name 3210 def set_Name(self, Name): self.Name = Name 3211 def get_Value(self): return self.Value 3212 def set_Value(self, Value): self.Value = Value 3213 def hasContent_(self): 3214 if ( 3215 self.Name is not None or 3216 self.Value is not None 3217 ): 3218 return True 3219 else: 3220 return False 3221 def export(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationParameterType', namespacedef_='', pretty_print=True): 3222 if pretty_print: 3223 eol_ = '\n' 3224 else: 3225 eol_ = '' 3226 showIndent(write, level, pretty_print) 3227 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3228 already_processed = set() 3229 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareConfigurationParameterType') 3230 if self.hasContent_(): 3231 write('>%s' % (eol_, )) 3232 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3233 showIndent(write, level, pretty_print) 3234 write('</%s%s>%s' % (namespace_, name_, eol_)) 3235 else: 3236 write('/>%s' % (eol_, )) 3237 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareConfigurationParameterType'): 3238 pass 3239 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationParameterType', fromsubclass_=False, pretty_print=True): 3240 if pretty_print: 3241 eol_ = '\n' 3242 else: 3243 eol_ = '' 3244 if self.Name is not None: 3245 self.Name.export(write, level, 'maecPackage:', name_='Name', pretty_print=pretty_print) 3246 if self.Value is not None: 3247 showIndent(write, level, pretty_print) 3248 write('<%sValue>%s</%sValue>%s' % ('maecPackage:', quote_xml(self.Value), 'maecPackage:', eol_)) 3249 def build(self, node): 3250 self.__sourcenode__ = node 3251 already_processed = set() 3252 self.buildAttributes(node, node.attrib, already_processed) 3253 for child in node: 3254 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3255 self.buildChildren(child, node, nodeName_) 3256 def buildAttributes(self, node, attrs, already_processed): 3257 pass 3258 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3259 if nodeName_ == 'Name': 3260 obj_ = cybox_common.ControlledVocabularyStringType.factory() 3261 obj_.build(child_) 3262 self.set_Name(obj_) 3263 elif nodeName_ == 'Value': 3264 Value_ = child_.text 3265 Value_ = self.gds_validate_string(Value_, node, 'Value') 3266 self.Value = Value_ 3267# end class MalwareConfigurationParameterType 3268 3269class MalwareConfigurationDetailsType(GeneratedsSuper): 3270 """The MalwareConfigurationDetailsType captures details of malware 3271 configuration parameters and associated metadata.""" 3272 subclass = None 3273 superclass = None 3274 def __init__(self, Storage=None, Obfuscation=None, Configuration_Parameter=None): 3275 self.Storage = Storage 3276 self.Obfuscation = Obfuscation 3277 if Configuration_Parameter is None: 3278 self.Configuration_Parameter = [] 3279 else: 3280 self.Configuration_Parameter = Configuration_Parameter 3281 def factory(*args_, **kwargs_): 3282 if MalwareConfigurationDetailsType.subclass: 3283 return MalwareConfigurationDetailsType.subclass(*args_, **kwargs_) 3284 else: 3285 return MalwareConfigurationDetailsType(*args_, **kwargs_) 3286 factory = staticmethod(factory) 3287 def get_Storage(self): return self.Storage 3288 def set_Storage(self, Storage): self.Storage = Storage 3289 def get_Obfuscation(self): return self.Obfuscation 3290 def set_Obfuscation(self, Obfuscation): self.Obfuscation = Obfuscation 3291 def get_Configuration_Parameter(self): return self.Configuration_Parameter 3292 def set_Configuration_Parameter(self, Configuration_Parameter): self.Configuration_Parameter = Configuration_Parameter 3293 def add_Configuration_Parameter(self, value): self.Configuration_Parameter.append(value) 3294 def insert_Configuration_Parameter(self, index, value): self.Configuration_Parameter[index] = value 3295 def hasContent_(self): 3296 if ( 3297 self.Storage is not None or 3298 self.Obfuscation is not None or 3299 self.Configuration_Parameter 3300 ): 3301 return True 3302 else: 3303 return False 3304 def export(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationDetailsType', namespacedef_='', pretty_print=True): 3305 if pretty_print: 3306 eol_ = '\n' 3307 else: 3308 eol_ = '' 3309 showIndent(write, level, pretty_print) 3310 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3311 already_processed = set() 3312 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareConfigurationDetailsType') 3313 if self.hasContent_(): 3314 write('>%s' % (eol_, )) 3315 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3316 showIndent(write, level, pretty_print) 3317 write('</%s%s>%s' % (namespace_, name_, eol_)) 3318 else: 3319 write('/>%s' % (eol_, )) 3320 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareConfigurationDetailsType'): 3321 pass 3322 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationDetailsType', fromsubclass_=False, pretty_print=True): 3323 if pretty_print: 3324 eol_ = '\n' 3325 else: 3326 eol_ = '' 3327 if self.Storage is not None: 3328 self.Storage.export(write, level, 'maecPackage:', name_='Storage', pretty_print=pretty_print) 3329 if self.Obfuscation is not None: 3330 self.Obfuscation.export(write, level, 'maecPackage:', name_='Obfuscation', pretty_print=pretty_print) 3331 for Configuration_Parameter_ in self.Configuration_Parameter: 3332 Configuration_Parameter_.export(write, level, 'maecPackage:', name_='Configuration_Parameter', pretty_print=pretty_print) 3333 def build(self, node): 3334 self.__sourcenode__ = node 3335 already_processed = set() 3336 self.buildAttributes(node, node.attrib, already_processed) 3337 for child in node: 3338 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3339 self.buildChildren(child, node, nodeName_) 3340 def buildAttributes(self, node, attrs, already_processed): 3341 pass 3342 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3343 if nodeName_ == 'Storage': 3344 obj_ = MalwareConfigurationStorageDetailsType.factory() 3345 obj_.build(child_) 3346 self.set_Storage(obj_) 3347 elif nodeName_ == 'Obfuscation': 3348 obj_ = MalwareConfigurationObfuscationDetailsType.factory() 3349 obj_.build(child_) 3350 self.set_Obfuscation(obj_) 3351 elif nodeName_ == 'Configuration_Parameter': 3352 obj_ = MalwareConfigurationParameterType.factory() 3353 obj_.build(child_) 3354 self.Configuration_Parameter.append(obj_) 3355# end class MalwareConfigurationDetailsType 3356 3357class MalwareConfigurationObfuscationDetailsType(GeneratedsSuper): 3358 """The MalwareConfigurationObfuscationDetailsType captures details 3359 relating to the obfuscation of malware configuration 3360 parameters.The is_encoded field specifies that the malware 3361 configuration parameters are encoded with the algorithm captured 3362 in the Algorithm_Details field.The is_encrypted field specifies 3363 that the malware configuration parameters are encrypted with the 3364 algorithm captured in the Algorithm_Details field.""" 3365 subclass = None 3366 superclass = None 3367 def __init__(self, is_encoded=None, is_encrypted=None, Algorithm_Details=None): 3368 self.is_encoded = _cast(bool, is_encoded) 3369 self.is_encrypted = _cast(bool, is_encrypted) 3370 if Algorithm_Details is None: 3371 self.Algorithm_Details = [] 3372 else: 3373 self.Algorithm_Details = Algorithm_Details 3374 def factory(*args_, **kwargs_): 3375 if MalwareConfigurationObfuscationDetailsType.subclass: 3376 return MalwareConfigurationObfuscationDetailsType.subclass(*args_, **kwargs_) 3377 else: 3378 return MalwareConfigurationObfuscationDetailsType(*args_, **kwargs_) 3379 factory = staticmethod(factory) 3380 def get_Algorithm_Details(self): return self.Algorithm_Details 3381 def set_Algorithm_Details(self, Algorithm_Details): self.Algorithm_Details = Algorithm_Details 3382 def add_Algorithm_Details(self, value): self.Algorithm_Details.append(value) 3383 def insert_Algorithm_Details(self, index, value): self.Algorithm_Details[index] = value 3384 def get_is_encoded(self): return self.is_encoded 3385 def set_is_encoded(self, is_encoded): self.is_encoded = is_encoded 3386 def get_is_encrypted(self): return self.is_encrypted 3387 def set_is_encrypted(self, is_encrypted): self.is_encrypted = is_encrypted 3388 def hasContent_(self): 3389 if ( 3390 self.Algorithm_Details 3391 ): 3392 return True 3393 else: 3394 return False 3395 def export(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationDetailsType', namespacedef_='', pretty_print=True): 3396 if pretty_print: 3397 eol_ = '\n' 3398 else: 3399 eol_ = '' 3400 showIndent(write, level, pretty_print) 3401 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3402 already_processed = set() 3403 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareConfigurationObfuscationDetailsType') 3404 if self.hasContent_(): 3405 write('>%s' % (eol_, )) 3406 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3407 showIndent(write, level, pretty_print) 3408 write('</%s%s>%s' % (namespace_, name_, eol_)) 3409 else: 3410 write('/>%s' % (eol_, )) 3411 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationDetailsType'): 3412 if self.is_encoded is not None and 'is_encoded' not in already_processed: 3413 already_processed.add('is_encoded') 3414 write(' is_encoded="%s"' % self.gds_format_boolean(self.is_encoded, input_name='is_encoded')) 3415 if self.is_encrypted is not None and 'is_encrypted' not in already_processed: 3416 already_processed.add('is_encrypted') 3417 write(' is_encrypted="%s"' % self.gds_format_boolean(self.is_encrypted, input_name='is_encrypted')) 3418 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationDetailsType', fromsubclass_=False, pretty_print=True): 3419 if pretty_print: 3420 eol_ = '\n' 3421 else: 3422 eol_ = '' 3423 for Algorithm_Details_ in self.Algorithm_Details: 3424 Algorithm_Details_.export(write, level, 'maecPackage:', name_='Algorithm_Details', pretty_print=pretty_print) 3425 def build(self, node): 3426 self.__sourcenode__ = node 3427 already_processed = set() 3428 self.buildAttributes(node, node.attrib, already_processed) 3429 for child in node: 3430 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3431 self.buildChildren(child, node, nodeName_) 3432 def buildAttributes(self, node, attrs, already_processed): 3433 value = find_attr_value_('is_encoded', node) 3434 if value is not None and 'is_encoded' not in already_processed: 3435 already_processed.add('is_encoded') 3436 if value in ('true', '1'): 3437 self.is_encoded = True 3438 elif value in ('false', '0'): 3439 self.is_encoded = False 3440 else: 3441 raise_parse_error(node, 'Bad boolean attribute') 3442 value = find_attr_value_('is_encrypted', node) 3443 if value is not None and 'is_encrypted' not in already_processed: 3444 already_processed.add('is_encrypted') 3445 if value in ('true', '1'): 3446 self.is_encrypted = True 3447 elif value in ('false', '0'): 3448 self.is_encrypted = False 3449 else: 3450 raise_parse_error(node, 'Bad boolean attribute') 3451 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3452 if nodeName_ == 'Algorithm_Details': 3453 obj_ = MalwareConfigurationObfuscationAlgorithmType.factory() 3454 obj_.build(child_) 3455 self.Algorithm_Details.append(obj_) 3456# end class MalwareConfigurationObfuscationDetailsType 3457 3458class MalwareConfigurationObfuscationAlgorithmType(GeneratedsSuper): 3459 """The MalwareConfigurationObfuscationDetailsType captures of an 3460 algorithm used to encode or encrypt malware configuration 3461 parameters.The ordinal_position field specifies the explicit 3462 ordering of the usage of the algorithm with respect to the other 3463 algorithms used to encrypt or encode the malware configuration 3464 parameters, for cases where more than one algorithm was used.""" 3465 subclass = None 3466 superclass = None 3467 def __init__(self, ordinal_position=None, Key=None, Algorithm_Name=None): 3468 self.ordinal_position = _cast(int, ordinal_position) 3469 self.Key = Key 3470 self.Algorithm_Name = Algorithm_Name 3471 def factory(*args_, **kwargs_): 3472 if MalwareConfigurationObfuscationAlgorithmType.subclass: 3473 return MalwareConfigurationObfuscationAlgorithmType.subclass(*args_, **kwargs_) 3474 else: 3475 return MalwareConfigurationObfuscationAlgorithmType(*args_, **kwargs_) 3476 factory = staticmethod(factory) 3477 def get_Key(self): return self.Key 3478 def set_Key(self, Key): self.Key = Key 3479 def get_Algorithm_Name(self): return self.Algorithm_Name 3480 def set_Algorithm_Name(self, Algorithm_Name): self.Algorithm_Name = Algorithm_Name 3481 def get_ordinal_position(self): return self.ordinal_position 3482 def set_ordinal_position(self, ordinal_position): self.ordinal_position = ordinal_position 3483 def hasContent_(self): 3484 if ( 3485 self.Key is not None or 3486 self.Algorithm_Name is not None 3487 ): 3488 return True 3489 else: 3490 return False 3491 def export(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationAlgorithmType', namespacedef_='', pretty_print=True): 3492 if pretty_print: 3493 eol_ = '\n' 3494 else: 3495 eol_ = '' 3496 showIndent(write, level, pretty_print) 3497 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3498 already_processed = set() 3499 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareConfigurationObfuscationAlgorithmType') 3500 if self.hasContent_(): 3501 write('>%s' % (eol_, )) 3502 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3503 showIndent(write, level, pretty_print) 3504 write('</%s%s>%s' % (namespace_, name_, eol_)) 3505 else: 3506 write('/>%s' % (eol_, )) 3507 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationAlgorithmType'): 3508 if self.ordinal_position is not None and 'ordinal_position' not in already_processed: 3509 already_processed.add('ordinal_position') 3510 write(' ordinal_position="%s"' % self.gds_format_integer(self.ordinal_position, input_name='ordinal_position')) 3511 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationObfuscationAlgorithmType', fromsubclass_=False, pretty_print=True): 3512 if pretty_print: 3513 eol_ = '\n' 3514 else: 3515 eol_ = '' 3516 if self.Key is not None: 3517 showIndent(write, level, pretty_print) 3518 write('<%sKey>%s</%sKey>%s' % ('maecPackage:', quote_xml(self.Key), 'maecPackage:', eol_)) 3519 if self.Algorithm_Name is not None: 3520 self.Algorithm_Name.export(write, level, 'maecPackage:', name_='Algorithm_Name', pretty_print=pretty_print) 3521 def build(self, node): 3522 self.__sourcenode__ = node 3523 already_processed = set() 3524 self.buildAttributes(node, node.attrib, already_processed) 3525 for child in node: 3526 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3527 self.buildChildren(child, node, nodeName_) 3528 def buildAttributes(self, node, attrs, already_processed): 3529 value = find_attr_value_('ordinal_position', node) 3530 if value is not None and 'ordinal_position' not in already_processed: 3531 already_processed.add('ordinal_position') 3532 try: 3533 self.ordinal_position = int(value) 3534 except ValueError as exp: 3535 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 3536 if self.ordinal_position <= 0: 3537 raise_parse_error(node, 'Invalid PositiveInteger') 3538 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3539 if nodeName_ == 'Key': 3540 Key_ = child_.text 3541 Key_ = self.gds_validate_string(Key_, node, 'Key') 3542 self.Key = Key_ 3543 elif nodeName_ == 'Algorithm_Name': 3544 obj_ = cybox_common.ControlledVocabularyStringType.factory() 3545 obj_.build(child_) 3546 self.set_Algorithm_Name(obj_) 3547# end class MalwareConfigurationObfuscationAlgorithmType 3548 3549class MalwareConfigurationStorageDetailsType(GeneratedsSuper): 3550 """The MalwareConfigurationStorageDetailsType captures details relating 3551 to the storage of malware configuration parameters.""" 3552 subclass = None 3553 superclass = None 3554 def __init__(self, Malware_Binary=None, File=None, URL=None): 3555 self.Malware_Binary = Malware_Binary 3556 self.File = File 3557 if URL is None: 3558 self.URL = [] 3559 else: 3560 self.URL = URL 3561 def factory(*args_, **kwargs_): 3562 if MalwareConfigurationStorageDetailsType.subclass: 3563 return MalwareConfigurationStorageDetailsType.subclass(*args_, **kwargs_) 3564 else: 3565 return MalwareConfigurationStorageDetailsType(*args_, **kwargs_) 3566 factory = staticmethod(factory) 3567 def get_Malware_Binary(self): return self.Malware_Binary 3568 def set_Malware_Binary(self, Malware_Binary): self.Malware_Binary = Malware_Binary 3569 def get_File(self): return self.File 3570 def set_File(self, File): self.File = File 3571 def get_URL(self): return self.URL 3572 def set_URL(self, URL): self.URL = URL 3573 def add_URL(self, value): self.URL.append(value) 3574 def insert_URL(self, index, value): self.URL[index] = value 3575 def hasContent_(self): 3576 if ( 3577 self.Malware_Binary is not None or 3578 self.File is not None or 3579 self.URL 3580 ): 3581 return True 3582 else: 3583 return False 3584 def export(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationStorageDetailsType', namespacedef_='', pretty_print=True): 3585 if pretty_print: 3586 eol_ = '\n' 3587 else: 3588 eol_ = '' 3589 showIndent(write, level, pretty_print) 3590 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3591 already_processed = set() 3592 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareConfigurationStorageDetailsType') 3593 if self.hasContent_(): 3594 write('>%s' % (eol_, )) 3595 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3596 showIndent(write, level, pretty_print) 3597 write('</%s%s>%s' % (namespace_, name_, eol_)) 3598 else: 3599 write('/>%s' % (eol_, )) 3600 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareConfigurationStorageDetailsType'): 3601 pass 3602 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareConfigurationStorageDetailsType', fromsubclass_=False, pretty_print=True): 3603 if pretty_print: 3604 eol_ = '\n' 3605 else: 3606 eol_ = '' 3607 if self.Malware_Binary is not None: 3608 self.Malware_Binary.export(write, level, 'maecPackage:', name_='Malware_Binary', pretty_print=pretty_print) 3609 if self.File is not None: 3610 self.File.export(write, level, 'maecPackage:', name_='File', pretty_print=pretty_print) 3611 for URL_ in self.URL: 3612 URL_.export(write, level, 'maecPackage:', name_='URL', pretty_print=pretty_print) 3613 def build(self, node): 3614 self.__sourcenode__ = node 3615 already_processed = set() 3616 self.buildAttributes(node, node.attrib, already_processed) 3617 for child in node: 3618 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3619 self.buildChildren(child, node, nodeName_) 3620 def buildAttributes(self, node, attrs, already_processed): 3621 pass 3622 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3623 if nodeName_ == 'Malware_Binary': 3624 obj_ = MalwareBinaryConfigurationStorageDetailsType.factory() 3625 obj_.build(child_) 3626 self.set_Malware_Binary(obj_) 3627 elif nodeName_ == 'File': 3628 obj_ = file_object.FileObjectType.factory() 3629 obj_.build(child_) 3630 self.set_File(obj_) 3631 elif nodeName_ == 'URL': 3632 obj_ = uri_object.URIObjectType.factory() 3633 obj_.build(child_) 3634 self.URL.append(obj_) 3635# end class MalwareConfigurationStorageDetailsType 3636 3637class MalwareBinaryConfigurationStorageDetailsType(GeneratedsSuper): 3638 """The MalwareBinaryConfigurationStorageDetailsType captures details 3639 relating to the storage of malware configuration parameters 3640 inside the malware binary itself.""" 3641 subclass = None 3642 superclass = None 3643 def __init__(self, File_Offset=None, Section_Name=None, Section_Offset=None): 3644 self.File_Offset = File_Offset 3645 self.Section_Name = Section_Name 3646 self.Section_Offset = Section_Offset 3647 def factory(*args_, **kwargs_): 3648 if MalwareBinaryConfigurationStorageDetailsType.subclass: 3649 return MalwareBinaryConfigurationStorageDetailsType.subclass(*args_, **kwargs_) 3650 else: 3651 return MalwareBinaryConfigurationStorageDetailsType(*args_, **kwargs_) 3652 factory = staticmethod(factory) 3653 def get_File_Offset(self): return self.File_Offset 3654 def set_File_Offset(self, File_Offset): self.File_Offset = File_Offset 3655 def get_Section_Name(self): return self.Section_Name 3656 def set_Section_Name(self, Section_Name): self.Section_Name = Section_Name 3657 def get_Section_Offset(self): return self.Section_Offset 3658 def set_Section_Offset(self, Section_Offset): self.Section_Offset = Section_Offset 3659 def hasContent_(self): 3660 if ( 3661 self.File_Offset is not None or 3662 self.Section_Name is not None or 3663 self.Section_Offset is not None 3664 ): 3665 return True 3666 else: 3667 return False 3668 def export(self, write, level, namespace_='maecPackage:', name_='MalwareBinaryConfigurationStorageDetailsType', namespacedef_='', pretty_print=True): 3669 if pretty_print: 3670 eol_ = '\n' 3671 else: 3672 eol_ = '' 3673 showIndent(write, level, pretty_print) 3674 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3675 already_processed = set() 3676 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareBinaryConfigurationStorageDetailsType') 3677 if self.hasContent_(): 3678 write('>%s' % (eol_, )) 3679 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3680 showIndent(write, level, pretty_print) 3681 write('</%s%s>%s' % (namespace_, name_, eol_)) 3682 else: 3683 write('/>%s' % (eol_, )) 3684 def exportAttributes(self, write, level, already_processed, namespace_='maecPackage:', name_='MalwareBinaryConfigurationStorageDetailsType'): 3685 pass 3686 def exportChildren(self, write, level, namespace_='maecPackage:', name_='MalwareBinaryConfigurationStorageDetailsType', fromsubclass_=False, pretty_print=True): 3687 if pretty_print: 3688 eol_ = '\n' 3689 else: 3690 eol_ = '' 3691 if self.File_Offset is not None: 3692 showIndent(write, level, pretty_print) 3693 write('<%sFile_Offset>%s</%sFile_Offset>%s' % ('maecPackage:', quote_xml(self.File_Offset), 'maecPackage:', eol_)) 3694 if self.Section_Name is not None: 3695 showIndent(write, level, pretty_print) 3696 write('<%sSection_Name>%s</%sSection_Name>%s' % ('maecPackage:', quote_xml(self.Section_Name), 'maecPackage:', eol_)) 3697 if self.Section_Offset is not None: 3698 showIndent(write, level, pretty_print) 3699 write('<%sSection_Offset>%s</%sSection_Offset>%s' % ('maecPackage:', quote_xml(self.Section_Offset), 'maecPackage:', eol_)) 3700 def build(self, node): 3701 self.__sourcenode__ = node 3702 already_processed = set() 3703 self.buildAttributes(node, node.attrib, already_processed) 3704 for child in node: 3705 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3706 self.buildChildren(child, node, nodeName_) 3707 def buildAttributes(self, node, attrs, already_processed): 3708 pass 3709 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3710 if nodeName_ == 'File_Offset': 3711 File_Offset_ = child_.text 3712 File_Offset_ = self.gds_validate_string(File_Offset_, node, 'File_Offset') 3713 self.File_Offset = File_Offset_ 3714 elif nodeName_ == 'Section_Name': 3715 Section_Name_ = child_.text 3716 Section_Name_ = self.gds_validate_string(Section_Name_, node, 'Section_Name') 3717 self.Section_Name = Section_Name_ 3718 elif nodeName_ == 'Section_Offset': 3719 Section_Offset_ = child_.text 3720 Section_Offset_ = self.gds_validate_string(Section_Offset_, node, 'Section_Offset') 3721 self.Section_Offset = Section_Offset_ 3722# end class MalwareBinaryConfigurationStorageDetailsType 3723 3724USAGE_TEXT = """ 3725Usage: python <Parser>.py [ -s ] <in_xml_file> 3726""" 3727 3728def usage(): 3729 print(USAGE_TEXT) 3730 sys.exit(1) 3731 3732def get_root_tag(node): 3733 tag = Tag_pattern_.match(node.tag).groups()[-1] 3734 rootClass = GDSClassesMapping.get(tag) 3735 if rootClass is None: 3736 rootClass = globals().get(tag) 3737 return tag, rootClass 3738 3739def parse(inFileName): 3740 doc = parsexml_(inFileName) 3741 rootNode = doc.getroot() 3742 rootTag, rootClass = get_root_tag(rootNode) 3743 rootObj = rootClass.factory() 3744 rootObj.build(rootNode) 3745 # Enable Python to collect the space used by the DOM. 3746 doc = None 3747 #sys.stdout.write('<?xml version="1.0" ?>\n') 3748 #rootObj.export(sys.stdout, 0, name_=rootTag, 3749 # namespacedef_='', 3750 # pretty_print=True) 3751 return rootObj 3752 3753def parseEtree(inFileName): 3754 doc = parsexml_(inFileName) 3755 rootNode = doc.getroot() 3756 rootTag, rootClass = get_root_tag(rootNode) 3757 rootObj = rootClass.factory() 3758 rootObj.build(rootNode) 3759 # Enable Python to collect the space used by the DOM. 3760 doc = None 3761 rootElement = rootObj.to_etree(None, name_=rootTag) 3762 content = etree_.tostring(rootElement, pretty_print=True, 3763 xml_declaration=True, encoding="utf-8") 3764 sys.stdout.write(content) 3765 sys.stdout.write('\n') 3766 return rootObj, rootElement 3767 3768def parseString(inString): 3769 from mixbox.vendor.six import StringIO 3770 doc = parsexml_(StringIO(inString)) 3771 rootNode = doc.getroot() 3772 rootTag, rootClass = get_root_tag(rootNode) 3773 rootObj = rootClass.factory() 3774 rootObj.build(rootNode) 3775 # Enable Python to collect the space used by the DOM. 3776 doc = None 3777 #sys.stdout.write('<?xml version="1.0" ?>\n') 3778 #rootObj.export(sys.stdout, 0, name_="MAEC_Package", 3779 # namespacedef_='') 3780 return rootObj 3781 3782def parseLiteral(inFileName): 3783 doc = parsexml_(inFileName) 3784 rootNode = doc.getroot() 3785 rootTag, rootClass = get_root_tag(rootNode) 3786 rootObj = rootClass.factory() 3787 rootObj.build(rootNode) 3788 # Enable Python to collect the space used by the DOM. 3789 doc = None 3790 sys.stdout.write('#from maec_package_temp import *\n\n') 3791 sys.stdout.write('from datetime import datetime as datetime_\n\n') 3792 sys.stdout.write('import maec_package_temp as model_\n\n') 3793 sys.stdout.write('rootObj = model_.rootTag(\n') 3794 rootObj.exportLiteral(sys.stdout, 0, name_=rootTag) 3795 sys.stdout.write(')\n') 3796 return rootObj 3797 3798def main(): 3799 args = sys.argv[1:] 3800 if len(args) == 1: 3801 parse(args[0]) 3802 else: 3803 usage() 3804 3805if __name__ == '__main__': 3806 #import pdb; pdb.set_trace() 3807 main() 3808 3809__all__ = [ 3810 "AnalysisEnvironmentType", 3811 "SourceType", 3812 "CommentListType", 3813 "AnalysisSystemListType", 3814 "ToolListType", 3815 "CommentType", 3816 "AnalysisSystemType", 3817 "HypervisorHostSystemType", 3818 "DynamicAnalysisMetadataType", 3819 "AnalysisType", 3820 "AnalysisListType", 3821 "InstalledProgramsType", 3822 "PackageType", 3823 "MalwareSubjectType", 3824 "MetaAnalysisType", 3825 "MalwareSubjectRelationshipType", 3826 "MalwareSubjectRelationshipListType", 3827 "MalwareSubjectReferenceType", 3828 "MalwareSubjectListType", 3829 "MinorVariantListType", 3830 "FindingsBundleListType", 3831 "GroupingRelationshipType", 3832 "GroupingRelationshipListType", 3833 "ClusteringMetadataType", 3834 "ClusterEdgeNodePairType", 3835 "ClusterCompositionType", 3836 "ClusteringAlgorithmParametersType", 3837 "NetworkInfrastructureType", 3838 "ActionEquivalenceType", 3839 "ActionEquivalenceListType", 3840 "CapturedProtocolListType", 3841 "CapturedProtocolType", 3842 "ObjectEquivalenceType", 3843 "ObjectEquivalenceListType" 3844 ] 3845 3846GDSClassesMapping = { 3847 "AnalysisEnvironmentType": AnalysisEnvironmentType, 3848 "SourceType": SourceType, 3849 "CommentListType": CommentListType, 3850 "AnalysisSystemListType": AnalysisSystemListType, 3851 "ToolListType": ToolListType, 3852 "CommentType": CommentType, 3853 "AnalysisSystemType": AnalysisSystemType, 3854 "HypervisorHostSystemType": HypervisorHostSystemType, 3855 "DynamicAnalysisMetadataType": DynamicAnalysisMetadataType, 3856 "AnalysisType": AnalysisType, 3857 "AnalysisListType": AnalysisListType, 3858 "InstalledProgramsType": InstalledProgramsType, 3859 "MAEC_Package": PackageType, 3860 "MalwareSubjectType": MalwareSubjectType, 3861 "MetaAnalysisType": MetaAnalysisType, 3862 "MalwareSubjectRelationshipType": MalwareSubjectRelationshipType, 3863 "MalwareSubjectRelationshipListType": MalwareSubjectRelationshipListType, 3864 "MalwareSubjectReferenceType": MalwareSubjectReferenceType, 3865 "MalwareSubjectListType": MalwareSubjectListType, 3866 "MinorVariantListType": MinorVariantListType, 3867 "FindingsBundleListType": FindingsBundleListType, 3868 "GroupingRelationshipType": GroupingRelationshipType, 3869 "GroupingRelationshipListType": GroupingRelationshipListType, 3870 "ClusteringMetadataType": ClusteringMetadataType, 3871 "ClusterEdgeNodePairType": ClusterEdgeNodePairType, 3872 "ClusterCompositionType": ClusterCompositionType, 3873 "ClusteringAlgorithmParametersType": ClusteringAlgorithmParametersType, 3874 "NetworkInfrastructureType": NetworkInfrastructureType, 3875 "ActionEquivalenceType": ActionEquivalenceType, 3876 "ActionEquivalenceListType": ActionEquivalenceListType, 3877 "CapturedProtocolListType": CapturedProtocolListType, 3878 "CapturedProtocolType": CapturedProtocolType, 3879 "ObjectEquivalenceType": ObjectEquivalenceType, 3880 "ObjectEquivalenceListType": ObjectEquivalenceListType 3881} 3882