From 2e02c40a7e6fd50d226eab072e017f66e2439d94 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 16 Aug 2017 11:22:20 +0200 Subject: [PATCH] add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK - still under testing --- .../mitre-cti/create_attack-pattern_galaxy.py | 59 +++++++++++++++++++ .../create_course-of-action_galaxy.py | 50 ++++++++++++++++ .../mitre-cti/create_intrusion-set_galaxy.py | 57 ++++++++++++++++++ tools/mitre-cti/create_malware_galaxy.py | 57 ++++++++++++++++++ tools/mitre-cti/create_tool_galaxy.py | 57 ++++++++++++++++++ 5 files changed, 280 insertions(+) create mode 100644 tools/mitre-cti/create_attack-pattern_galaxy.py create mode 100644 tools/mitre-cti/create_course-of-action_galaxy.py create mode 100644 tools/mitre-cti/create_intrusion-set_galaxy.py create mode 100644 tools/mitre-cti/create_malware_galaxy.py create mode 100644 tools/mitre-cti/create_tool_galaxy.py diff --git a/tools/mitre-cti/create_attack-pattern_galaxy.py b/tools/mitre-cti/create_attack-pattern_galaxy.py new file mode 100644 index 0000000..e941efd --- /dev/null +++ b/tools/mitre-cti/create_attack-pattern_galaxy.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import json +import re +import os + +''' +Create a couple galaxy/cluster with cti's attack-patterns +Must be in the mitre/cti/ATTACK/attack-pattern folder +''' + +values = [] + +for element in os.listdir('.'): + if element.endswith('.json'): + with open(element) as json_data: + d = json.load(json_data) + json_data.close() + + temp = d['objects'][0] + + value = {} + value['description'] = temp['description'] + value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] + value['name'] = temp['name'] + value['meta'] = {} + value['meta']['refs'] = [] + for reference in temp['external_references']: + if 'url' in reference: + value['meta']['refs'].append(reference['url']) + if 'x_mitre_data_sources' in temp: + value['meta']['x_mitre_data_sources'] = temp['x_mitre_data_sources'] + if 'x_mitre_platforms' in temp: + value['meta']['x_mitre_platforms'] = temp['x_mitre_platforms'] + values.append(value) + +galaxy = {} +galaxy['name'] = "Attack Pattern" +galaxy['type'] = "attack-pattern" +galaxy['description'] = "ATT&CK Tactic" +galaxy['uuid' ] = "c4e851fa-775f-11e7-8163-b774922098cd" +galaxy['version'] = "1" + +cluster = {} +cluster['name'] = "Attack Pattern" +cluster['type'] = "attack-pattern" +cluster['description'] = "ATT&CK tactic" +cluster['version'] = "1" +cluster['source'] = "https://github.com/mitre/cti" +cluster['uuid' ] = "dcb864dc-775f-11e7-9fbb-1f41b4996683" +cluster['authors'] = ["MITRE"] +cluster['values'] = values + +with open('generate/galaxies/mitre_attack-pattern.json', 'w') as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + +with open('generate/clusters/mitre_attack-pattern.json', 'w') as cluster_file: + json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/create_course-of-action_galaxy.py b/tools/mitre-cti/create_course-of-action_galaxy.py new file mode 100644 index 0000000..deda3bb --- /dev/null +++ b/tools/mitre-cti/create_course-of-action_galaxy.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import json +import re +import os + +''' +Create a couple galaxy/cluster with cti's courses-of-action +Must be in the mitre/cti/ATTACK/course-of-action folder +''' + +values = [] + +for element in os.listdir('.'): + if element.endswith('.json'): + with open(element) as json_data: + d = json.load(json_data) + json_data.close() + + temp = d['objects'][0] + + value = {} + value['description'] = temp['description'] + value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] + value['value'] = temp['name'] + values.append(value) + +galaxy = {} +galaxy['name'] = "Course of Action" +galaxy['type'] = "course-of-action" +galaxy['description'] = "ATT&CK Mitigation" +galaxy['uuid' ] = "6fcb4472-6de4-11e7-b5f7-37771619e14e" +galaxy['version'] = "1" + +cluster = {} +cluster['name'] = "Course of Action" +cluster['type'] = "course-of-action" +cluster['description'] = "ATT&CK Mitigation" +cluster['version'] = "1" +cluster['source'] = "https://github.com/mitre/cti" +cluster['uuid' ] = "a8825ae8-6dea-11e7-8d57-7728f3cfe086" +cluster['authors'] = ["MITRE"] +cluster['values'] = values + +with open('generate/galaxies/mitre_course-of-action.json', 'w') as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + +with open('generate/clusters/mitre_course-of-action.json', 'w') as cluster_file: + json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/create_intrusion-set_galaxy.py b/tools/mitre-cti/create_intrusion-set_galaxy.py new file mode 100644 index 0000000..a89db52 --- /dev/null +++ b/tools/mitre-cti/create_intrusion-set_galaxy.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import json +import re +import os + +''' +Create a couple galaxy/cluster with cti's intrusion-sets +Must be in the mitre/cti/ATTACK/intrusion-set folder +''' + +values = [] + +for element in os.listdir('.'): + if element.endswith('.json'): + with open(element) as json_data: + d = json.load(json_data) + json_data.close() + + temp = d['objects'][0] + + value = {} + value['description'] = temp['description'] + value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] + value['name'] = temp['name'] + value['meta'] = {} + value['meta']['synonyms'] = temp['aliases'] + value['meta']['refs']= [] + for reference in temp['external_references']: + if 'url' in reference: + value['meta']['refs'].append(reference['url']) + + values.append(value) + +galaxy = {} +galaxy['name'] = "Intrusion Set" +galaxy['type'] = "course-of-action" +galaxy['description'] = "Name of ATT&CK Group" +galaxy['uuid' ] = "1023f364-7831-11e7-8318-43b5531983ab" +galaxy['version'] = "1" + +cluster = {} +cluster['name'] = "intrusion Set" +cluster['type'] = "intrusion-set" +cluster['description'] = "Name of ATT&CK Group" +cluster['version'] = "1" +cluster['source'] = "https://github.com/mitre/cti" +cluster['uuid' ] = "10df003c-7831-11e7-bdb9-971cdd1218df" +cluster['authors'] = ["MITRE"] +cluster['values'] = values + +with open('generate/galaxies/mitre_intrusion-set.json', 'w') as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + +with open('generate/clusters/mitre_intrusion-set.json', 'w') as cluster_file: + json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/create_malware_galaxy.py b/tools/mitre-cti/create_malware_galaxy.py new file mode 100644 index 0000000..5f453d0 --- /dev/null +++ b/tools/mitre-cti/create_malware_galaxy.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import json +import re +import os + +''' +Create a couple galaxy/cluster with cti's malwares +Must be in the mitre/cti/ATTACK/malware folder +''' + +values = [] + +for element in os.listdir('.'): + if element.endswith('.json'): + with open(element) as json_data: + d = json.load(json_data) + json_data.close() + + temp = d['objects'][0] + + value = {} + value['description'] = temp['description'] + value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] + value['name'] = temp['name'] + value['meta'] = {} + value['meta']['refs'] = [] + for reference in temp['external_references']: + if 'url' in reference: + value['meta']['refs'].append(reference['url']) + if'x_mitre_aliases' in temp: + value['meta']['synonyms'] = temp['x_mitre_aliases'] + values.append(value) + +galaxy = {} +galaxy['name'] = "Malware" +galaxy['type'] = "malware" +galaxy['description'] = "Name of ATT&CK software" +galaxy['uuid' ] = "d752161c-78f6-11e7-a0ea-bfa79b407ce4" +galaxy['version'] = "1" + +cluster = {} +cluster['name'] = "Malware" +cluster['type'] = "malware" +cluster['description'] = "Name of ATT&CK software" +cluster['version'] = "1" +cluster['source'] = "https://github.com/mitre/cti" +cluster['uuid' ] = "d752161c-78f6-11e7-a0ea-bfa79b407ce4" +cluster['authors'] = ["MITRE"] +cluster['values'] = values + +with open('generate/galaxies/mitre_malware.json', 'w') as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + +with open('generate/clusters/mitre_malware.json', 'w') as cluster_file: + json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/create_tool_galaxy.py b/tools/mitre-cti/create_tool_galaxy.py new file mode 100644 index 0000000..1a6a509 --- /dev/null +++ b/tools/mitre-cti/create_tool_galaxy.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import json +import re +import os + +''' +Create a couple galaxy/cluster with cti's tools +Must be in the mitre/cti/ATTACK/tool folder +''' + +values = [] + +for element in os.listdir('.'): + if element.endswith('.json'): + with open(element) as json_data: + d = json.load(json_data) + json_data.close() + + temp = d['objects'][0] + + value = {} + value['description'] = temp['description'] + value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] + value['name'] = temp['name'] + value['meta'] = {} + value['meta']['refs'] = [] + for reference in temp['external_references']: + if 'url' in reference: + value['meta']['refs'].append(reference['url']) + if'x_mitre_aliases' in temp: + value['meta']['synonyms'] = temp['x_mitre_aliases'] + values.append(value) + +galaxy = {} +galaxy['name'] = "Tool" +galaxy['type'] = "tool" +galaxy['description'] = "Name of ATT&CK software" +galaxy['uuid' ] = "d5cbd1a2-78f6-11e7-a833-7b9bccca9649" +galaxy['version'] = "1" + +cluster = {} +cluster['name'] = "Tool" +cluster['type'] = "tool" +cluster['description'] = "Name of ATT&CK software" +cluster['version'] = "1" +cluster['source'] = "https://github.com/mitre/cti" +cluster['uuid' ] = "d700dc5c-78f6-11e7-a476-5f748c8e4fe0" +cluster['authors'] = ["MITRE"] +cluster['values'] = values + +with open('generate/galaxies/mitre_tool.json', 'w') as galaxy_file: + json.dump(galaxy, galaxy_file, indent=4) + +with open('generate/clusters/mitre_tool.json', 'w') as cluster_file: + json.dump(cluster, cluster_file, indent=4)