ikiril01/gist:db2faa28bbccf03928e8

## gistfile1.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
 MAEC Capability/Objective Example
 -Based on ThreatExpert report: http://www.threatexpert.com/report.aspx?md5=9d7006e30fdf15e9c8e03e62534b3a3e
 -Demonstrates how Capabilities and Objectives may be captured
 -Shows example of full linkage from Capability/Objective->Behavior->Action
  Added February 2014 for MAEC v4.1 -->
<maecPackage:MAEC_Package
 xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
 xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
 xmlns:maecVocabs="http://maec.mitre.org/default_vocabularies-1"
 xmlns:maecCore="http://maec.mitre.org/XMLSchema/maec-core-5"
 xmlns:cybox="http://cybox.mitre.org/cybox-2"
 xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
 xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
 xmlns:maecPackage="http://maec.mitre.org/XMLSchema/maec-package-5"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 id="maec-test-pkg-1" schema_version="5.0">
    <maecPackage:Objects>
        <maecPackage:Object id="object-1">
            <cybox:Properties xsi:type="FileObj:FileObjectType">
                <FileObj:Hashes>
                    <cyboxCommon:Hash>
                        <cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5</cyboxCommon:Type>
                        <cyboxCommon:Simple_Hash_Value>9d7006e30fdf15e9c8e03e62534b3a3e</cyboxCommon:Simple_Hash_Value>
                    </cyboxCommon:Hash>
                </FileObj:Hashes>
            </cybox:Properties>
        </maecPackage:Object>
        <maecPackage:Object id="object-2">
            <cybox:Properties xsi:type="WinRegistryKeyObj:WindowsRegistryKeyObjectType">
                <WinRegistryKeyObj:Key>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</WinRegistryKeyObj:Key>
                <WinRegistryKeyObj:Hive>HKEY_LOCAL_MACHINE</WinRegistryKeyObj:Hive>
                <WinRegistryKeyObj:Values>
                    <WinRegistryKeyObj:Value>
                        <WinRegistryKeyObj:Name>MSInfo</WinRegistryKeyObj:Name>
                        <WinRegistryKeyObj:Data>%Windir%\AVBgle.exe</WinRegistryKeyObj:Data>
                    </WinRegistryKeyObj:Value>
                </WinRegistryKeyObj:Values>
            </cybox:Properties>
        </maecPackage:Object>
    </maecPackage:Objects>

    <maecPackage:Malware_Subjects>
        <maecPackage:Malware_Subject id="maec-test-sub-1">
            <maecPackage:Instance_Properties object_id="maec-tst-obj-1"/>

            <maecPackage:Label xsi:type="maecVocabs:MalwareLabelVocab-1.0">mass-mailer</maecPackage:Label>
            <maecPackage:Label xsi:type="maecVocabs:MalwareLabelVocab-1.0">worm</maecPackage:Label>

            <maecCore:Capabilities>
                <maecCore:Capability id="maec-tst-cpb-1" name="persistence">
                    <maecCore:Strategic_Objective id="maec-tst-obt-1">
                        <maecCore:Name xsi:type="maecVocabs:PersistenceStrategicObjectivesVocab-1.0">persist to continuously execute on system</maecCore:Name>
                        <maecCore:Relationship>
                            <maecCore:Relationship_Type xsi:type="maecVocabs:CapabilityObjectiveRelationshipTypeVocab-1.0">parent of</maecCore:Relationship_Type>
                            <maecCore:Objective_Reference objective_idref="maec-tst-obt-2"/>
                        </maecCore:Relationship>
                    </maecCore:Strategic_Objective>
                    <maecCore:Tactical_Objective id="maec-tst-obt-2">
                        <maecCore:Name xsi:type="maecVocabs:PersistenceTacticalObjectivesVocab-1.0">persist after system reboot</maecCore:Name>
                        <maecCore:Behavior_Reference behavior_idref="maec-tst-bhv-1"/>
                        <maecCore:Relationship>
                            <maecCore:Relationship_Type xsi:type="maecVocabs:CapabilityObjectiveRelationshipTypeVocab-1.0">child of</maecCore:Relationship_Type>
                            <maecCore:Objective_Reference objective_idref="maec-tst-obt-1"/>
                        </maecCore:Relationship>
                    </maecCore:Tactical_Objective>
                </maecCore:Capability>
            </maecCore:Capabilities>

            <maecCore:Behaviors>
                <maecCore:Behavior id="maec-tst-bhv-1">
                    <maecCore:Description>System Reboot Persistence via Registry Startup</maecCore:Description>
                    <maecCore:Action_Composition>
                        <maecCore:Action_Reference action_id="maec-tst-act-1"/>
                    </maecCore:Action_Composition>
                </maecCore:Behavior>
            </maecCore:Behaviors>

            <maecCore:Actions>
                <maecCore:Action id="maec-tst-act-1">
                    <maecCore:Name xsi:type="maecVocabs:RegistryActionNameVocab-1.0">create registry key value</maecCore:Name>
                    <maecCore:Associated_Object object_id="object-2"/>
                </maecCore:Action>
            </maecCore:Actions>
        </maecPackage:Malware_Subject>
    </maecPackage:Malware_Subjects>
</maecPackage:MAEC_Package>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	MAEC Capability/Objective Example
	-Based on ThreatExpert report: http://www.threatexpert.com/report.aspx?md5=9d7006e30fdf15e9c8e03e62534b3a3e
	-Demonstrates how Capabilities and Objectives may be captured
	-Shows example of full linkage from Capability/Objective->Behavior->Action
	Added February 2014 for MAEC v4.1 -->
	<maecPackage:MAEC_Package
	xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
	xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
	xmlns:maecVocabs="http://maec.mitre.org/default_vocabularies-1"
	xmlns:maecCore="http://maec.mitre.org/XMLSchema/maec-core-5"
	xmlns:cybox="http://cybox.mitre.org/cybox-2"
	xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
	xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
	xmlns:maecPackage="http://maec.mitre.org/XMLSchema/maec-package-5"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	id="maec-test-pkg-1" schema_version="5.0">
	<maecPackage:Objects>
	<maecPackage:Object id="object-1">
	<cybox:Properties xsi:type="FileObj:FileObjectType">
	<FileObj:Hashes>
	<cyboxCommon:Hash>
	<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5</cyboxCommon:Type>
	<cyboxCommon:Simple_Hash_Value>9d7006e30fdf15e9c8e03e62534b3a3e</cyboxCommon:Simple_Hash_Value>
	</cyboxCommon:Hash>
	</FileObj:Hashes>
	</cybox:Properties>
	</maecPackage:Object>
	<maecPackage:Object id="object-2">
	<cybox:Properties xsi:type="WinRegistryKeyObj:WindowsRegistryKeyObjectType">
	<WinRegistryKeyObj:Key>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</WinRegistryKeyObj:Key>
	<WinRegistryKeyObj:Hive>HKEY_LOCAL_MACHINE</WinRegistryKeyObj:Hive>
	<WinRegistryKeyObj:Values>
	<WinRegistryKeyObj:Value>
	<WinRegistryKeyObj:Name>MSInfo</WinRegistryKeyObj:Name>
	<WinRegistryKeyObj:Data>%Windir%\AVBgle.exe</WinRegistryKeyObj:Data>
	</WinRegistryKeyObj:Value>
	</WinRegistryKeyObj:Values>
	</cybox:Properties>
	</maecPackage:Object>
	</maecPackage:Objects>

	<maecPackage:Malware_Subjects>
	<maecPackage:Malware_Subject id="maec-test-sub-1">
	<maecPackage:Instance_Properties object_id="maec-tst-obj-1"/>

	<maecPackage:Label xsi:type="maecVocabs:MalwareLabelVocab-1.0">mass-mailer</maecPackage:Label>
	<maecPackage:Label xsi:type="maecVocabs:MalwareLabelVocab-1.0">worm</maecPackage:Label>

	<maecCore:Capabilities>
	<maecCore:Capability id="maec-tst-cpb-1" name="persistence">
	<maecCore:Strategic_Objective id="maec-tst-obt-1">
	<maecCore:Name xsi:type="maecVocabs:PersistenceStrategicObjectivesVocab-1.0">persist to continuously execute on system</maecCore:Name>
	<maecCore:Relationship>
	<maecCore:Relationship_Type xsi:type="maecVocabs:CapabilityObjectiveRelationshipTypeVocab-1.0">parent of</maecCore:Relationship_Type>
	<maecCore:Objective_Reference objective_idref="maec-tst-obt-2"/>
	</maecCore:Relationship>
	</maecCore:Strategic_Objective>
	<maecCore:Tactical_Objective id="maec-tst-obt-2">
	<maecCore:Name xsi:type="maecVocabs:PersistenceTacticalObjectivesVocab-1.0">persist after system reboot</maecCore:Name>
	<maecCore:Behavior_Reference behavior_idref="maec-tst-bhv-1"/>
	<maecCore:Relationship>
	<maecCore:Relationship_Type xsi:type="maecVocabs:CapabilityObjectiveRelationshipTypeVocab-1.0">child of</maecCore:Relationship_Type>
	<maecCore:Objective_Reference objective_idref="maec-tst-obt-1"/>
	</maecCore:Relationship>
	</maecCore:Tactical_Objective>
	</maecCore:Capability>
	</maecCore:Capabilities>

	<maecCore:Behaviors>
	<maecCore:Behavior id="maec-tst-bhv-1">
	<maecCore:Description>System Reboot Persistence via Registry Startup</maecCore:Description>
	<maecCore:Action_Composition>
	<maecCore:Action_Reference action_id="maec-tst-act-1"/>
	</maecCore:Action_Composition>
	</maecCore:Behavior>
	</maecCore:Behaviors>

	<maecCore:Actions>
	<maecCore:Action id="maec-tst-act-1">
	<maecCore:Name xsi:type="maecVocabs:RegistryActionNameVocab-1.0">create registry key value</maecCore:Name>
	<maecCore:Associated_Object object_id="object-2"/>
	</maecCore:Action>
	</maecCore:Actions>
	</maecPackage:Malware_Subject>
	</maecPackage:Malware_Subjects>
	</maecPackage:MAEC_Package>