-
-
Save johnwunder/5720678022aba33ffabb to your computer and use it in GitHub Desktop.
Proposed Changes, Simple Report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="ISO-8859-1"?> | |
| <stix:STIX_Package | |
| xmlns:cyboxCommon="http://cybox.mitre.org/common-2" | |
| xmlns:cybox="http://cybox.mitre.org/cybox-2" | |
| xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2" | |
| xmlns:EmailMessageObj="http://cybox.mitre.org/objects#EmailMessageObject-2" | |
| xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2" | |
| xmlns:example="http://example.com" | |
| xmlns:indicator="http://stix.mitre.org/Indicator-2" | |
| xmlns:ttp="http://stix.mitre.org/TTP-1" | |
| xmlns:stixCommon="http://stix.mitre.org/common-1" | |
| xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1" | |
| xmlns:stix="http://stix.mitre.org/stix-1" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:ciq="urn:oasis:names:tc:ciq:xpil:3" | |
| xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3" | |
| xmlns:stixCIQIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1" | |
| xmlns:report="http://stix.mitre.org/Report-1" | |
| xsi:schemaLocation=" | |
| http://stix.mitre.org/stix-1 ../stix_core.xsd | |
| http://stix.mitre.org/Indicator-2 ../indicator.xsd | |
| http://stix.mitre.org/TTP-1 ../ttp.xsd | |
| http://cybox.mitre.org/default_vocabularies-2 ../cybox/cybox_default_vocabularies.xsd | |
| http://cybox.mitre.org/objects#EmailMessageObject-2 ../cybox/objects/Email_Message_Object.xsd | |
| http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd | |
| http://cybox.mitre.org/objects#FileObject-2 ../cybox/objects/File_Object.xsd | |
| http://cybox.mitre.org/objects#ArtifactObject-2 ../cybox/objects/Artifact_Object.xsd | |
| http://stix.mitre.org/Report-1 ../report.xsd | |
| http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 ../extensions/identity/ciq_3.0_identity.xsd" | |
| version="1.1.1" | |
| id="example:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87e3"> | |
| <stix:STIX_Header> | |
| <stix:Information_Source> | |
| <stixCommon:Identity> | |
| <stixCommon:Name>ACME Threat Intelligence, Inc.</stixCommon:Name> | |
| </stixCommon:Identity> | |
| <stixCommon:Time> | |
| <cyboxCommon:Produced_Time precision="day">2014-01-16T00:00:00Z</cyboxCommon:Produced_Time> | |
| </stixCommon:Time> | |
| </stix:Information_Source> | |
| </stix:STIX_Header> | |
| <stix:Indicators> | |
| <stix:Indicator id="example:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="indicator:IndicatorType"> | |
| <indicator:Title>Malicious E-mail</indicator:Title> | |
| <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
| <indicator:Observable id="example:Observable-1037c602-9e1c-43fd-8d07-c8e1d01466d1"> | |
| <cybox:Object id="example:EmailMessage-977c4bb1-0a5d-4c36-9bd7-99b5c2082fdd"> | |
| <cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
| <EmailMessageObj:Header> | |
| <EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
| </EmailMessageObj:Header> | |
| <EmailMessageObj:Attachments> | |
| <EmailMessageObj:File object_reference="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"/> | |
| </EmailMessageObj:Attachments> | |
| </cybox:Properties> | |
| </cybox:Object> | |
| </indicator:Observable> | |
| <indicator:Indicated_TTP> | |
| <stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2"/> | |
| </indicator:Indicated_TTP> | |
| <indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
| <stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">High</stixCommon:Value> | |
| </indicator:Confidence> | |
| </stix:Indicator> | |
| <stix:Indicator id="example:indicator-5cc41142-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="indicator:IndicatorType"> | |
| <indicator:Title>Malicious E-mail Subject Line</indicator:Title> | |
| <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
| <indicator:Observable id="example:Observable-6964f5ca-3705-4ebf-9cd5-79ac6244df57"> | |
| <cybox:Object id="example:EmailMessage-f154f5a8-d302-430a-acd5-48f87c6a2119"> | |
| <cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
| <EmailMessageObj:Header> | |
| <EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
| </EmailMessageObj:Header> | |
| </cybox:Properties> | |
| </cybox:Object> | |
| </indicator:Observable> | |
| <indicator:Indicated_TTP> | |
| <stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2"/> | |
| </indicator:Indicated_TTP> | |
| <indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
| <stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
| </indicator:Confidence> | |
| </stix:Indicator> | |
| <stix:Indicator id="example:indicator-5cc4cd76-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="indicator:IndicatorType"> | |
| <indicator:Title>Malicious E-mail Attachment</indicator:Title> | |
| <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Malicious E-mail</indicator:Type> | |
| <indicator:Observable id="example:Observable-484190c0-efdc-49a6-aa19-aa2cb784aacf"> | |
| <cybox:Object id="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"> | |
| <cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
| <EmailMessageObj:Attachments> | |
| <EmailMessageObj:File object_reference="example:EmailMessage-6c5185d4-dfca-46b5-8c15-adcfb464bf99"/> | |
| </EmailMessageObj:Attachments> | |
| </cybox:Properties> | |
| <cybox:Related_Objects> | |
| <cybox:Related_Object id="example:File-4e98a690-408a-4ed8-a7ba-3564a2dfb3fd"> | |
| <cybox:Properties xsi:type="FileObj:FileObjectType"> | |
| <FileObj:File_Name condition="StartsWith">Final Report</FileObj:File_Name> | |
| <FileObj:File_Extension condition="Equals">doc.exe</FileObj:File_Extension> | |
| </cybox:Properties> | |
| <cybox:Relationship xsi:type="cyboxVocabs:ObjectRelationshipVocab-1.0">Contains</cybox:Relationship> | |
| </cybox:Related_Object> | |
| </cybox:Related_Objects> | |
| </cybox:Object> | |
| </indicator:Observable> | |
| <indicator:Indicated_TTP> | |
| <stixCommon:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2"/> | |
| </indicator:Indicated_TTP> | |
| <indicator:Confidence timestamp="2014-05-08T09:00:00.000000Z"> | |
| <stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
| </indicator:Confidence> | |
| </stix:Indicator> | |
| </stix:Indicators> | |
| <stix:TTPs> | |
| <stix:TTP id="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="ttp:TTPType" version="1.1.1"> | |
| <ttp:Title>Phishing against Electricity Sector</ttp:Title> | |
| <ttp:Victim_Targeting> | |
| <ttp:Identity id="example:ciqidentity3.0instance-f8cd0af8-6534-496e-bf53-f6a9aa11e5ce" xsi:type="stixCIQIdentity:CIQIdentity3.0InstanceType"> | |
| <stixCIQIdentity:Specification> | |
| <xpil:OrganisationInfo xpil:IndustryType="Electricity Sector, Industrial Control System Sector"/> | |
| </stixCIQIdentity:Specification> | |
| </ttp:Identity> | |
| </ttp:Victim_Targeting> | |
| </stix:TTP> | |
| </stix:TTPs> | |
| <stix:Reports> | |
| <stix:Report timestamp="2014-05-08T09:00:00.000000Z" id="example:Package-5cc31c10-b8fc-11e3-9a15-0800271e87d2" xsi:type="report:ReportType"> | |
| <report:Header> | |
| <report:Title>Electricity Sector Phishing Alert</report:Title> | |
| <report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators - Phishing</report:Intent> | |
| <report:Description> | |
| The included indicators represent patterns for phishing attacks that have been reported by | |
| several organizations in the electricity sector. | |
| </report:Description> | |
| <report:Information_Source> | |
| <stixCommon:Identity> | |
| <stixCommon:Name>ACME Threat Intelligence, Inc.</stixCommon:Name> | |
| </stixCommon:Identity> | |
| <stixCommon:Time> | |
| <cyboxCommon:Produced_Time precision="day">2014-01-16T00:00:00Z</cyboxCommon:Produced_Time> | |
| </stixCommon:Time> | |
| </report:Information_Source> | |
| </report:Header> | |
| <report:Indicators> | |
| <report:Indicator idref="example:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Indicator idref="example:indicator-5cc41142-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Indicator idref="example:indicator-5cc4cd76-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| </report:Indicators> | |
| <report:TTPs> | |
| <report:TTP idref="example:ttp-5cc396ea-b8fc-11e3-9a15-0800271e87d2" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| </report:TTPs> | |
| </stix:Report> | |
| </stix:Reports> | |
| </stix:STIX_Package> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment