Skip to content

MAECProject/anubis-to-maec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
samples
samples
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README
README
 
 
anubis.py
anubis.py
 
 
anubis_parser.py
anubis_parser.py
 
 
anubis_to_maec.py
anubis_to_maec.py
 
 

Repository files navigation

****************************************************

Anubis XML -> MAEC XML Converter Script

Copyright (c) 2015 - The MITRE Corporation

****************************************************

BY USING THE ANUBIS TO MAEC SCRIPT, YOU SIGNIFY YOUR ACCEPTANCE OF THE TERMS AND 
CONDITIONS OF USE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SCRIPT.

For more information, please refer to the LICENSE.txt file.

#################################################################

Generates MAEC Package Output from an Anubis XML File     

Compatible with Malware Attribute Enumeration and Characterization (MAEC™) Schema v4.1 and
Cyber Observable eXpression (CybOX™) 2.1           
                                                               
v0.98 - BETA                                                   
Updated 2/10/2015                                             
                                                             
#################################################################

MAEC - https://maecproject.github.io/                                 
Anubis - http://anubis.iseclab.org 
CybOX - https://cyboxproject.github.io/  

#################################################################

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Included Files

README: this file.
anubis_to_maec.py: the Anubis XML to MAEC XML Python converter script.
anubis_v2.py: the Anubis Python bindings, which the script imports.
anubis_parser.py: the Anubis to MAEC parser class, which does most of the work.
LICENSE.txt: the terms of use for this script.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Dependencies

This code has been developed and tested under Python 2.7.x and so may not
be compatible with Python 3.x.

There are three dependencies for this script:
1) The Python lxml library  >= 3.2.x, http://lxml.de/
2) The python-maec library  >= v4.1.0.8: https://pypi.python.org/pypi/maec
3) The python-cybox library >= v2.1.0.8: https://pypi.python.org/pypi/cybox

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Usage Notes

The input Anubis file or directory should be specified as the first argument, and the output file or directory should be specified as the second argument.

The script also supports the following optional command line parameters:

--deduplicate, -dd: deduplicate objects in MAEC output

--dereference, -dr: dereference the MAEC output

--normalize, -n: normalize the MAEC output

--verbose, -v: print verbose error output (tracebacks)

To use the script, run the following command:

python anubis_to_maec.py <flags> <input Anubis file/dir> <output MAEC file/dir>

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

About MAEC

Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

The goal of the MAEC (pronounced "mike") effort is to provide a basis for transforming malware research and response. MAEC aims to eliminate the ambiguity and inaccuracy that currently exists in malware descriptions and to reduce reliance on signatures. In this way, MAEC seeks to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. The MAEC Language enables correlation, integration, and automation.

Please visit the MAEC website at https://maecproject.github.io/ for more information about the MAEC Language.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Getting Help

Join the public MAEC Community Email Discussion List at https://maec.mitre.org/community/discussionlist.html.

Email the MAEC Developers at maec@mitre.org.

--------------------------------------------------------------------------------
-------------------------------------------------------------------------------

About

Generate MAEC XML from Anubis XML output

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

4 stars

Watchers

10 watching

Forks

3 forks
Report repository

Releases 1

v0.96 Latest
Aug 27, 2014

Packages

No packages published

Contributors 5

Languages