Skip to content

Instantly share code, notes, and snippets.

@sbarnum

sbarnum/stix-idioms-malicious-email-attachment-EclecticIQ.json

Last active December 1, 2015 16:06
Show Gist options
  • Save sbarnum/1fba5b26b6dd3dd28563 to your computer and use it in GitHub Desktop.
Save sbarnum/1fba5b26b6dd3dd28563 to your computer and use it in GitHub Desktop.
Download ZIP
Simple "pure" JSON serialization (from EclecticIQ) of content from the "Malicious E-mail Indicator with Attachment" idiom. From EclecticIQ: "Note that only the STIX parts are included; the CybOX handling we have is incomplete from a JSON data format perspective (and currently in flux) and it would be confusing to use this as an example right now…
Raw
stix-idioms-malicious-email-attachment-EclecticIQ.json
{
"id": "{http://example.com}Package-8b8ed1c1-f01d-4393-ac65-97017ed15876",
"id_namespaces": {
"example": "http://example.com"
},
"indicators": [
{
"confidence": {
"timestamp": "2014-10-31T15:52:13.127950+00:00",
"type": "confidence",
"value": "High",
"value_vocab": "{http://stix.mitre.org/default_vocabularies-1}HighMediumLowVocab-1.0"
},
"id": "{http://example.com}indicator-8cf9236f-1b96-493d-98be-0c1c1e8b62d7",
"indicated_ttps": [
{
"idref": "{http://example.com}ttp-d7b066aa-4091-4276-a142-29d5d81c3484",
"type": "ttp",
"version": "1.2"
}
],
"negate": false,
"observable": {
"id": "{http://example.com}Observable-437f0c20-ab26-4400-9f6a-fc395da3ddd9",
"object": {
"id": "{http://example.com}EmailMessage-0dc3478e-153a-412f-8718-7e9ee65b8084",
"type": "cybox-object",
...: ...
},
"type": "observable"
},
"timestamp": "2014-10-31T15:52:13.127931+00:00",
"title": "Malicious E-mail",
"type": "indicator",
"types": [
{
"value": "Malicious E-mail",
"vocab": "{http://stix.mitre.org/default_vocabularies-1}IndicatorTypeVocab-1.1"
}
],
"version": "2.1.1"
},
{
"confidence": {
"timestamp": "2014-10-31T15:52:13.127225+00:00",
"type": "confidence",
"value": "Low",
"value_vocab": "{http://stix.mitre.org/default_vocabularies-1}HighMediumLowVocab-1.0"
},
"id": "{http://example.com}indicator-b06b0eb7-61dd-4338-a094-0290c380fbd8",
"indicated_ttps": [
{
"idref": "{http://example.com}ttp-d7b066aa-4091-4276-a142-29d5d81c3484",
"type": "ttp",
"version": "1.2"
}
],
"negate": false,
"observable": {
"id": "{http://example.com}Observable-e9926796-6b52-463c-8be1-0ab66e9adb1c",
"object": {
"id": "{http://example.com}EmailMessage-38afa5c9-ef26-4948-928b-0230521c67b7",
"type": "cybox-object",
...: ...
},
"type": "observable"
},
"timestamp": "2014-10-31T15:52:13.126999+00:00",
"title": "Malicious E-mail Subject Line",
"type": "indicator",
"types": [
{
"value": "Malicious E-mail",
"vocab": "{http://stix.mitre.org/default_vocabularies-1}IndicatorTypeVocab-1.1"
}
],
"version": "2.1.1"
},
{
"confidence": {
"timestamp": "2014-10-31T15:52:13.127775+00:00",
"type": "confidence",
"value": "Low",
"value_vocab": "{http://stix.mitre.org/default_vocabularies-1}HighMediumLowVocab-1.0"
},
"id": "{http://example.com}indicator-2e17f6fe-3a4d-438a-911a-e509ba1b9933",
"indicated_ttps": [
{
"idref": "{http://example.com}ttp-d7b066aa-4091-4276-a142-29d5d81c3484",
"type": "ttp",
"version": "1.2"
}
],
"negate": false,
"observable": {
"id": "{http://example.com}Observable-9c9869a2-f822-4682-bda4-e89d31b18704",
"object": {
"id": "{http://example.com}EmailMessage-9d56af8e-5588-4ed3-affd-bd769ddd7fe2",
"type": "cybox-object",
...: ...
},
"type": "observable"
},
"timestamp": "2014-10-31T15:52:13.127668+00:00",
"title": "Malicious E-mail Attachment",
"type": "indicator",
"types": [
{
"value": "Malicious E-mail",
"vocab": "{http://stix.mitre.org/default_vocabularies-1}IndicatorTypeVocab-1.1"
}
],
"version": "2.1.1"
}
],
"ttps": [
{
"id": "{http://example.com}ttp-d7b066aa-4091-4276-a142-29d5d81c3484",
"timestamp": "2014-10-31T15:52:13.126765+00:00",
"title": "Phishing",
"type": "ttp",
"version": "1.2"
}
],
"type": "package",
"version": "1.2"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment