-
-
Save johnwunder/4806f98e2c0d9d58220f to your computer and use it in GitHub Desktop.
Simple Report, STIX 1.1.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<stix:STIX_Package | |
xmlns:cyboxCommon="http://cybox.mitre.org/common-2" | |
xmlns:cybox="http://cybox.mitre.org/cybox-2" | |
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2" | |
xmlns:EmailMessageObj="http://cybox.mitre.org/objects#EmailMessageObject-2" | |
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2" | |
xmlns:example="http://example.com" | |
xmlns:indicator="http://stix.mitre.org/Indicator-2" | |
xmlns:ttp="http://stix.mitre.org/TTP-1" | |
xmlns:stixCommon="http://stix.mitre.org/common-1" | |
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1" | |
xmlns:stix="http://stix.mitre.org/stix-1" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:ciq="urn:oasis:names:tc:ciq:xpil:3" | |
xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3" | |
xmlns:stixCIQIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1" | |
xsi:schemaLocation=" | |
http://cybox.mitre.org/common-2 http://cybox.mitre.org/XMLSchema/common/2.1/cybox_common.xsd | |
http://cybox.mitre.org/cybox-2 http://cybox.mitre.org/XMLSchema/core/2.1/cybox_core.xsd | |
http://cybox.mitre.org/default_vocabularies-2 http://cybox.mitre.org/XMLSchema/default_vocabularies/2.1/cybox_default_vocabularies.xsd | |
http://cybox.mitre.org/objects#EmailMessageObject-2 http://cybox.mitre.org/XMLSchema/objects/Email_Message/2.1/Email_Message_Object.xsd | |
http://cybox.mitre.org/objects#FileObject-2 http://cybox.mitre.org/XMLSchema/objects/File/2.1/File_Object.xsd | |
http://stix.mitre.org/Indicator-2 http://stix.mitre.org/XMLSchema/indicator/2.1.1/indicator.xsd | |
http://stix.mitre.org/TTP-1 http://stix.mitre.org/XMLSchema/ttp/1.1.1/ttp.xsd | |
http://stix.mitre.org/common-1 http://stix.mitre.org/XMLSchema/common/1.1.1/stix_common.xsd | |
http://stix.mitre.org/default_vocabularies-1 http://stix.mitre.org/XMLSchema/default_vocabularies/1.1.1/stix_default_vocabularies.xsd | |
http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.1.1/stix_core.xsd | |
http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 http://stix.mitre.org/XMLSchema/extensions/identity/ciq_3.0/1.1.1/ciq_3.0_identity.xsd" | |
id="example:Package-5cc31c10-b8fc-11e3-9a15-0800271e87d2" | |
timestamp="2014-05-08T09:00:00.000000Z" | |
version="1.1.1" | |
> | |
<stix:STIX_Header> | |
<stix:Title>Electricity Sector Phishing Alert</stix:Title> | |
<stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators - Phishing</stix:Package_Intent> | |
<stix:Description> | |
The included indicators represent patterns for phishing attacks that have been reported by | |
several organizations in the electricity sector. | |
</stix:Description> | |
<stix:Information_Source> | |
<stixCommon:Identity> | |
<stixCommon:Name>ACME Threat Intelligence, Inc.</stixCommon:Name> | |
</stixCommon:Identity> | |
<stixCommon:Time> | |
<cyboxCommon:Produced_Time precision="day">2014-01-16T00:00:00Z</cyboxCommon:Produced_Time> | |
</stixCommon:Time> | |
</stix:Information_Source> | |
</stix:STIX_Header> | |
<stix:Indicators> | |
<stix:Indicator id="example:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type='indicator:IndicatorType'> | |
<indicator:Title>Malicious E-mail</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-1037c602-9e1c-43fd-8d07-c8e1d01466d1"> | |
<cybox:Object id="example:EmailMessage-977c4bb1-0a5d-4c36-9bd7-99b5c2082fdd"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Header> | |
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
</EmailMessageObj:Header> | |
<EmailMessageObj:Attachments> | |
<EmailMessageObj:File object_reference="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"/> | |
</EmailMessageObj:Attachments> | |
</cybox:Properties> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" /> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">High</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
<stix:Indicator id="example:indicator-5cc41142-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type='indicator:IndicatorType'> | |
<indicator:Title>Malicious E-mail Subject Line</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-6964f5ca-3705-4ebf-9cd5-79ac6244df57"> | |
<cybox:Object id="example:EmailMessage-f154f5a8-d302-430a-acd5-48f87c6a2119"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Header> | |
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
</EmailMessageObj:Header> | |
</cybox:Properties> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" /> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
<stix:Indicator id="example:indicator-5cc4cd76-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type='indicator:IndicatorType'> | |
<indicator:Title>Malicious E-mail Attachment</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-484190c0-efdc-49a6-aa19-aa2cb784aacf"> | |
<cybox:Object id="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Attachments> | |
<EmailMessageObj:File object_reference="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"/> | |
</EmailMessageObj:Attachments> | |
</cybox:Properties> | |
<cybox:Related_Objects> | |
<cybox:Related_Object id="example:File-4e98a690-408a-4ed8-a7ba-3564a2dfb3fd"> | |
<cybox:Properties xsi:type="FileObj:FileObjectType"> | |
<FileObj:File_Name condition="StartsWith">Final Report</FileObj:File_Name> | |
<FileObj:File_Extension condition="Equals">doc.exe</FileObj:File_Extension> | |
</cybox:Properties> | |
<cybox:Relationship xsi:type="cyboxVocabs:ObjectRelationshipVocab-1.0">Contains</cybox:Relationship> | |
</cybox:Related_Object> | |
</cybox:Related_Objects> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" /> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
</stix:Indicators> | |
<stix:TTPs> | |
<stix:TTP id="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type='ttp:TTPType' version="1.1.1"> | |
<ttp:Title>Phishing against Electricity Sector</ttp:Title> | |
<ttp:Victim_Targeting> | |
<ttp:Identity id="example:ciqidentity3.0instance-f8cd0af8-6534-496e-bf53-f6a9aa11e5ce" xsi:type="stixCIQIdentity:CIQIdentity3.0InstanceType"> | |
<stixCIQIdentity:Specification> | |
<xpil:OrganisationInfo xpil:IndustryType="Electricity Sector, Industrial Control System Sector"/> | |
</stixCIQIdentity:Specification> | |
</ttp:Identity> | |
</ttp:Victim_Targeting> | |
</stix:TTP> | |
</stix:TTPs> | |
</stix:STIX_Package> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment