105 lines
7.4 KiB
XML
105 lines
7.4 KiB
XML
<stix:STIX_Package
|
|
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
|
|
xmlns:cybox="http://cybox.mitre.org/cybox-2"
|
|
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
|
|
xmlns:EmailMessageObj="http://cybox.mitre.org/objects#EmailMessageObject-2"
|
|
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
|
|
xmlns:example="http://example.com"
|
|
xmlns:incident="http://stix.mitre.org/Incident-1"
|
|
xmlns:indicator="http://stix.mitre.org/Indicator-2"
|
|
xmlns:ttp="http://stix.mitre.org/TTP-1"
|
|
xmlns:stixCommon="http://stix.mitre.org/common-1"
|
|
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
|
|
xmlns:stix="http://stix.mitre.org/stix-1"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="
|
|
http://cybox.mitre.org/common-2 http://cybox.mitre.org/XMLSchema/common/2.1/cybox_common.xsd
|
|
http://cybox.mitre.org/cybox-2 http://cybox.mitre.org/XMLSchema/core/2.1/cybox_core.xsd
|
|
http://cybox.mitre.org/default_vocabularies-2 http://cybox.mitre.org/XMLSchema/default_vocabularies/2.1/cybox_default_vocabularies.xsd
|
|
http://cybox.mitre.org/objects#EmailMessageObject-2 http://cybox.mitre.org/XMLSchema/objects/Email_Message/2.1/Email_Message_Object.xsd
|
|
http://cybox.mitre.org/objects#FileObject-2 http://cybox.mitre.org/XMLSchema/objects/File/2.1/File_Object.xsd
|
|
http://stix.mitre.org/Incident-1 http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd
|
|
http://stix.mitre.org/Indicator-2 http://stix.mitre.org/XMLSchema/indicator/2.2/indicator.xsd
|
|
http://stix.mitre.org/TTP-1 http://stix.mitre.org/XMLSchema/ttp/1.2/ttp.xsd
|
|
http://stix.mitre.org/common-1 http://stix.mitre.org/XMLSchema/common/1.2/stix_common.xsd
|
|
http://stix.mitre.org/default_vocabularies-1 http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd
|
|
http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.2/stix_core.xsd" id="example:Package-8b8ed1c1-f01d-4393-ac65-97017ed15876" version="1.2" >
|
|
<stix:Indicators>
|
|
<stix:Indicator id="example:indicator-8cf9236f-1b96-493d-98be-0c1c1e8b62d7" timestamp="2014-10-31T15:52:13.127931+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1">
|
|
<indicator:Title>Malicious E-mail</indicator:Title>
|
|
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type>
|
|
<indicator:Observable id="example:Observable-437f0c20-ab26-4400-9f6a-fc395da3ddd9">
|
|
<cybox:Object id="example:EmailMessage-0dc3478e-153a-412f-8718-7e9ee65b8084">
|
|
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType">
|
|
<EmailMessageObj:Header>
|
|
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject>
|
|
</EmailMessageObj:Header>
|
|
<EmailMessageObj:Attachments>
|
|
<EmailMessageObj:File object_reference="example:File-c182bcb6-8023-44a8-b340-157295abc8a6"/>
|
|
</EmailMessageObj:Attachments>
|
|
</cybox:Properties>
|
|
</cybox:Object>
|
|
</indicator:Observable>
|
|
<indicator:Indicated_TTP>
|
|
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/>
|
|
</indicator:Indicated_TTP>
|
|
<indicator:Confidence timestamp="2014-10-31T15:52:13.127950+00:00">
|
|
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">High</stixCommon:Value>
|
|
</indicator:Confidence>
|
|
</stix:Indicator>
|
|
<stix:Indicator id="example:indicator-b06b0eb7-61dd-4338-a094-0290c380fbd8" timestamp="2014-10-31T15:52:13.126999+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1">
|
|
<indicator:Title>Malicious E-mail Subject Line</indicator:Title>
|
|
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type>
|
|
<indicator:Observable id="example:Observable-e9926796-6b52-463c-8be1-0ab66e9adb1c">
|
|
<cybox:Object id="example:EmailMessage-38afa5c9-ef26-4948-928b-0230521c67b7">
|
|
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType">
|
|
<EmailMessageObj:Header>
|
|
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject>
|
|
</EmailMessageObj:Header>
|
|
</cybox:Properties>
|
|
</cybox:Object>
|
|
</indicator:Observable>
|
|
<indicator:Indicated_TTP>
|
|
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/>
|
|
</indicator:Indicated_TTP>
|
|
<indicator:Confidence timestamp="2014-10-31T15:52:13.127225+00:00">
|
|
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value>
|
|
</indicator:Confidence>
|
|
</stix:Indicator>
|
|
<stix:Indicator id="example:indicator-2e17f6fe-3a4d-438a-911a-e509ba1b9933" timestamp="2014-10-31T15:52:13.127668+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1">
|
|
<indicator:Title>Malicious E-mail Attachment</indicator:Title>
|
|
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type>
|
|
<indicator:Observable id="example:Observable-9c9869a2-f822-4682-bda4-e89d31b18704">
|
|
<cybox:Object id="example:EmailMessage-9d56af8e-5588-4ed3-affd-bd769ddd7fe2">
|
|
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType">
|
|
<EmailMessageObj:Attachments>
|
|
<EmailMessageObj:File object_reference="example:File-c182bcb6-8023-44a8-b340-157295abc8a6"/>
|
|
</EmailMessageObj:Attachments>
|
|
</cybox:Properties>
|
|
<cybox:Related_Objects>
|
|
<cybox:Related_Object id="example:File-c182bcb6-8023-44a8-b340-157295abc8a6">
|
|
<cybox:Properties xsi:type="FileObj:FileObjectType">
|
|
<FileObj:File_Name condition="StartsWith">Final Report</FileObj:File_Name>
|
|
<FileObj:File_Extension condition="Equals">doc.exe</FileObj:File_Extension>
|
|
</cybox:Properties>
|
|
<cybox:Relationship xsi:type="cyboxVocabs:ObjectRelationshipVocab-1.1">Contains</cybox:Relationship>
|
|
</cybox:Related_Object>
|
|
</cybox:Related_Objects>
|
|
</cybox:Object>
|
|
</indicator:Observable>
|
|
<indicator:Indicated_TTP>
|
|
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/>
|
|
</indicator:Indicated_TTP>
|
|
<indicator:Confidence timestamp="2014-10-31T15:52:13.127775+00:00">
|
|
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value>
|
|
</indicator:Confidence>
|
|
</stix:Indicator>
|
|
</stix:Indicators>
|
|
<stix:TTPs>
|
|
<stix:TTP id="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" timestamp="2014-10-31T15:52:13.126765+00:00" xsi:type='ttp:TTPType' version="1.2">
|
|
<ttp:Title>Phishing</ttp:Title>
|
|
</stix:TTP>
|
|
</stix:TTPs>
|
|
</stix:STIX_Package>
|
|
|