johnwunder/multiple_reports_proposed_changes.xml Secret

## multiple_reports_proposed_changes.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<stix:STIX_Package
   xmlns:stix="http://stix.mitre.org/stix-1"
   xmlns:campaign="http://stix.mitre.org/Campaign-1"
   xmlns:coa="http://stix.mitre.org/CourseOfAction-1"
   xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
   xmlns:AddressObj="http://cybox.mitre.org/objects#AddressObject-2"
   xmlns:CodeObj="http://cybox.mitre.org/objects#CodeObject-2"
   xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
   xmlns:MutexObj="http://cybox.mitre.org/objects#MutexObject-2"
   xmlns:DomainNameObj="http://cybox.mitre.org/objects#DomainNameObject-1"
   xmlns:cybox="http://cybox.mitre.org/cybox-2"
   xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
   xmlns:fireeye="http://www.fireeye.com"
   xmlns:marking="http://data-marking.mitre.org/Marking-1"
   xmlns:indicator="http://stix.mitre.org/Indicator-2"
   xmlns:terms="http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1"
   xmlns:stixCiqIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1"
   xmlns:stixCommon="http://stix.mitre.org/common-1"
   xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
   xmlns:ta="http://stix.mitre.org/ThreatActor-1"
   xmlns:ttp="http://stix.mitre.org/TTP-1"
   xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:report="http://stix.mitre.org/Report-1"
   xsi:schemaLocation="
   http://stix.mitre.org/stix-1 ../stix_core.xsd
   http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd
   http://stix.mitre.org/Campaign-1 ../campaign.xsd
   http://stix.mitre.org/ThreatActor-1 ../threat_actor.xsd
   http://stix.mitre.org/TTP-1 ../ttp.xsd
   http://stix.mitre.org/COA-1 ../course_of_action.xsd
   http://data-marking.mitre.org/Marking-1 ../data_marking.xsd
   http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1 ../extensions/marking/terms_of_use_marking.xsd
   http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 ../extensions/identity/ciq_3.0_identity.xsd
   http://stix.mitre.org/Report-1 ../report.xsd
   " version="1.1.1">
   <stix:Reports>
      <stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723b" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
         <report:Header>
            <report:Title>Poison Ivy: Assessing Damage and Extracting Intelligence</report:Title>
            <report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
            <report:Description>The reports talks about Poison Ivy!</report:Description>
            <report:Information_Source>
               <stixCommon:Identity>
                  <stixCommon:Name>MITRE</stixCommon:Name>
               </stixCommon:Identity>
            </report:Information_Source>
         </report:Header>
         <report:TTPs>
            <report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:TTPs>
         <report:Campaigns>
            <report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Campaigns>
         <report:Threat_Actors>
            <report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Threat_Actors>
      </stix:Report>
      <stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723a" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
         <report:Header>
            <report:Title>Cryptolocker: Ransom is great!</report:Title>
            <report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
            <report:Description>The reports talks about Cryptolocker!</report:Description>
            <report:Information_Source>
               <stixCommon:Identity>
                  <stixCommon:Name>MITRE</stixCommon:Name>
               </stixCommon:Identity>
            </report:Information_Source>
         </report:Header>
         <report:TTPs>
            <report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:TTPs>
         <report:Campaigns>
            <report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Campaigns>
         <report:Threat_Actors>
            <report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Threat_Actors>
      </stix:Report>
      <stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723c" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
         <report:Header>
            <report:Title>Mobile Banking Malware</report:Title>
            <report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
            <report:Description>The reports talks about some mobile banking malware!</report:Description>
            <report:Information_Source>
               <stixCommon:Identity>
                  <stixCommon:Name>MITRE</stixCommon:Name>
               </stixCommon:Identity>
            </report:Information_Source>
         </report:Header>
         <report:TTPs>
            <report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:TTPs>
         <report:Campaigns>
            <report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Campaigns>
         <report:Threat_Actors>
            <report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
            <report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
         </report:Threat_Actors>
      </stix:Report>
   </stix:Reports>
</stix:STIX_Package>
	<?xml version="1.0" encoding="ISO-8859-1"?>

	<stix:STIX_Package
	xmlns:stix="http://stix.mitre.org/stix-1"
	xmlns:campaign="http://stix.mitre.org/Campaign-1"
	xmlns:coa="http://stix.mitre.org/CourseOfAction-1"
	xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
	xmlns:AddressObj="http://cybox.mitre.org/objects#AddressObject-2"
	xmlns:CodeObj="http://cybox.mitre.org/objects#CodeObject-2"
	xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
	xmlns:MutexObj="http://cybox.mitre.org/objects#MutexObject-2"
	xmlns:DomainNameObj="http://cybox.mitre.org/objects#DomainNameObject-1"
	xmlns:cybox="http://cybox.mitre.org/cybox-2"
	xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
	xmlns:fireeye="http://www.fireeye.com"
	xmlns:marking="http://data-marking.mitre.org/Marking-1"
	xmlns:indicator="http://stix.mitre.org/Indicator-2"
	xmlns:terms="http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1"
	xmlns:stixCiqIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1"
	xmlns:stixCommon="http://stix.mitre.org/common-1"
	xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
	xmlns:ta="http://stix.mitre.org/ThreatActor-1"
	xmlns:ttp="http://stix.mitre.org/TTP-1"
	xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:report="http://stix.mitre.org/Report-1"
	xsi:schemaLocation="
	http://stix.mitre.org/stix-1 ../stix_core.xsd
	http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd
	http://stix.mitre.org/Campaign-1 ../campaign.xsd
	http://stix.mitre.org/ThreatActor-1 ../threat_actor.xsd
	http://stix.mitre.org/TTP-1 ../ttp.xsd
	http://stix.mitre.org/COA-1 ../course_of_action.xsd
	http://data-marking.mitre.org/Marking-1 ../data_marking.xsd
	http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1 ../extensions/marking/terms_of_use_marking.xsd
	http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 ../extensions/identity/ciq_3.0_identity.xsd
	http://stix.mitre.org/Report-1 ../report.xsd
	" version="1.1.1">
	<stix:Reports>
	<stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723b" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
	<report:Header>
	<report:Title>Poison Ivy: Assessing Damage and Extracting Intelligence</report:Title>
	<report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
	<report:Description>The reports talks about Poison Ivy!</report:Description>
	<report:Information_Source>
	<stixCommon:Identity>
	<stixCommon:Name>MITRE</stixCommon:Name>
	</stixCommon:Identity>
	</report:Information_Source>
	</report:Header>
	<report:TTPs>
	<report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:TTPs>
	<report:Campaigns>
	<report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Campaigns>
	<report:Threat_Actors>
	<report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Threat_Actors>
	</stix:Report>
	<stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723a" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
	<report:Header>
	<report:Title>Cryptolocker: Ransom is great!</report:Title>
	<report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
	<report:Description>The reports talks about Cryptolocker!</report:Description>
	<report:Information_Source>
	<stixCommon:Identity>
	<stixCommon:Name>MITRE</stixCommon:Name>
	</stixCommon:Identity>
	</report:Information_Source>
	</report:Header>
	<report:TTPs>
	<report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:TTPs>
	<report:Campaigns>
	<report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Campaigns>
	<report:Threat_Actors>
	<report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Threat_Actors>
	</stix:Report>
	<stix:Report id="fireeye:stix-b7b16e67-4292-46a3-ba64-60c1a491723c" timestamp="2014-05-08T09:00:00.000000Z" xsi:type="report:ReportType">
	<report:Header>
	<report:Title>Mobile Banking Malware</report:Title>
	<report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent>
	<report:Description>The reports talks about some mobile banking malware!</report:Description>
	<report:Information_Source>
	<stixCommon:Identity>
	<stixCommon:Name>MITRE</stixCommon:Name>
	</stixCommon:Identity>
	</report:Information_Source>
	</report:Header>
	<report:TTPs>
	<report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:TTPs>
	<report:Campaigns>
	<report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Campaigns>
	<report:Threat_Actors>
	<report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/>
	<report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/>
	</report:Threat_Actors>
	</stix:Report>
	</stix:Reports>
	</stix:STIX_Package>