Skip to content

Instantly share code, notes, and snippets.

@johnwunder

johnwunder/simple_watchlist_proposed_changes.xml Secret

Last active August 29, 2015 14:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save johnwunder/4c34cc2f97916e2fa143 to your computer and use it in GitHub Desktop.
Save johnwunder/4c34cc2f97916e2fa143 to your computer and use it in GitHub Desktop.
Download ZIP
Proposed Changes, Simple Watchlist
Raw
simple_watchlist_proposed_changes.xml
<stix:STIX_Package
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:AddressObject="http://cybox.mitre.org/objects#AddressObject-2"
xmlns:example="http://example.com"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:ttp="http://stix.mitre.org/TTP-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ciq="urn:oasis:names:tc:ciq:xpil:3"
xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3"
xmlns:stixCIQIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1"
xmlns:report="http://stix.mitre.org/Report-1"
xsi:schemaLocation="
http://stix.mitre.org/stix-1 ../stix_core.xsd
http://stix.mitre.org/Indicator-2 ../indicator.xsd
http://stix.mitre.org/TTP-1 ../ttp.xsd
http://cybox.mitre.org/default_vocabularies-2 ../cybox/cybox_default_vocabularies.xsd
http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd
http://cybox.mitre.org/objects#AddressObject-2 ../cybox/objects/Address_Object.xsd
http://cybox.mitre.org/objects#ArtifactObject-2 ../cybox/objects/Artifact_Object.xsd
http://stix.mitre.org/Report-1 ../report.xsd
http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 ../extensions/identity/ciq_3.0_identity.xsd"
version="1.1.1"
id="example:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87e3">
<stix:Indicators>
<stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528d" timestamp="2014-05-08T09:00:00.000000Z">
<indicator:Title>IP Address for known C2 channel</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Observable id="example:Observable-1c798262-a4cd-434d-a958-884d6980c459">
<cybox:Object id="example:Object-1980ce43-8e03-490b-863a-ea404d12242e">
<cybox:Properties xsi:type="AddressObject:AddressObjectType" category="ipv4-addr">
<AddressObject:Address_Value condition="Equals">10.0.0.0</AddressObject:Address_Value>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Indicated_TTP>
<stixCommon:TTP idref="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da9" />
</indicator:Indicated_TTP>
</stix:Indicator>
<stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528e" timestamp="2014-05-08T09:00:00.000000Z">
<indicator:Title>IP Address for another known C2 channel</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Observable id="example:Observable-1c798262-a4cd-434d-a958-884d6980c456">
<cybox:Object id="example:Object-1980ce43-8e03-490b-863a-ea404d12242b">
<cybox:Properties xsi:type="AddressObject:AddressObjectType" category="ipv4-addr">
<AddressObject:Address_Value condition="Equals">10.0.0.1</AddressObject:Address_Value>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Indicated_TTP>
<stixCommon:TTP idref="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da9" />
</indicator:Indicated_TTP>
</stix:Indicator>
<stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528f" timestamp="2014-05-08T09:00:00.000000Z">
<indicator:Title>IP Address for some known C2 channel</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Observable id="example:Observable-1c798262-a4cd-434d-a958-884d6980c457">
<cybox:Object id="example:Object-1980ce43-8e03-490b-863a-ea404d12242c">
<cybox:Properties xsi:type="AddressObject:AddressObjectType" category="ipv4-addr">
<AddressObject:Address_Value condition="Equals">10.0.0.2</AddressObject:Address_Value>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Indicated_TTP>
<stixCommon:TTP idref="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da9" />
</indicator:Indicated_TTP>
</stix:Indicator>
<stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528a" timestamp="2014-05-08T09:00:00.000000Z">
<indicator:Title>IP Address for a different known C2 channel</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Observable id="example:Observable-1c798262-a4cd-434d-a958-884d6980c458">
<cybox:Object id="example:Object-1980ce43-8e03-490b-863a-ea404d12242d">
<cybox:Properties xsi:type="AddressObject:AddressObjectType" category="ipv4-addr">
<AddressObject:Address_Value condition="Equals">10.0.0.3</AddressObject:Address_Value>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Indicated_TTP>
<stixCommon:TTP idref="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da8" />
</indicator:Indicated_TTP>
</stix:Indicator>
</stix:Indicators>
<stix:TTPs>
<stix:TTP xsi:type="ttp:TTPType" id="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da9" timestamp="2014-05-08T09:00:00.000000Z">
<ttp:Title>C2 Behavior</ttp:Title>
</stix:TTP>
<stix:TTP xsi:type="ttp:TTPType" id="example:TTP-bc66360d-a7d1-4d8c-ad1a-ea3a13d62da8" timestamp="2014-05-08T09:00:00.000000Z">
<ttp:Title>Some Other Behavior</ttp:Title>
</stix:TTP>
</stix:TTPs>
</stix:STIX_Package>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment