Created
November 30, 2015 18:17
-
-
Save sbarnum/efeafc831f335e00ce62 to your computer and use it in GitHub Desktop.
XML serialization of example STIX content from the "Malicious E-mail Indicator with Attachment" idiom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<stix:STIX_Package> | |
<stix:Indicators> | |
<stix:Indicator id="example:indicator-8cf9236f-1b96-493d-98be-0c1c1e8b62d7" timestamp="2014-10-31T15:52:13.127931+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1"> | |
<indicator:Title>Malicious E-mail</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-437f0c20-ab26-4400-9f6a-fc395da3ddd9"> | |
<cybox:Object id="example:EmailMessage-0dc3478e-153a-412f-8718-7e9ee65b8084"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Header> | |
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
</EmailMessageObj:Header> | |
<EmailMessageObj:Attachments> | |
<EmailMessageObj:File object_reference="example:File-c182bcb6-8023-44a8-b340-157295abc8a6"/> | |
</EmailMessageObj:Attachments> | |
</cybox:Properties> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-10-31T15:52:13.127950+00:00"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">High</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
<stix:Indicator id="example:indicator-b06b0eb7-61dd-4338-a094-0290c380fbd8" timestamp="2014-10-31T15:52:13.126999+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1"> | |
<indicator:Title>Malicious E-mail Subject Line</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-e9926796-6b52-463c-8be1-0ab66e9adb1c"> | |
<cybox:Object id="example:EmailMessage-38afa5c9-ef26-4948-928b-0230521c67b7"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Header> | |
<EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> | |
</EmailMessageObj:Header> | |
</cybox:Properties> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-10-31T15:52:13.127225+00:00"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
<stix:Indicator id="example:indicator-2e17f6fe-3a4d-438a-911a-e509ba1b9933" timestamp="2014-10-31T15:52:13.127668+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1"> | |
<indicator:Title>Malicious E-mail Attachment</indicator:Title> | |
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type> | |
<indicator:Observable id="example:Observable-9c9869a2-f822-4682-bda4-e89d31b18704"> | |
<cybox:Object id="example:EmailMessage-9d56af8e-5588-4ed3-affd-bd769ddd7fe2"> | |
<cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
<EmailMessageObj:Attachments> | |
<EmailMessageObj:File object_reference="example:File-c182bcb6-8023-44a8-b340-157295abc8a6"/> | |
</EmailMessageObj:Attachments> | |
</cybox:Properties> | |
<cybox:Related_Objects> | |
<cybox:Related_Object id="example:File-c182bcb6-8023-44a8-b340-157295abc8a6"> | |
<cybox:Properties xsi:type="FileObj:FileObjectType"> | |
<FileObj:File_Name condition="StartsWith">Final Report</FileObj:File_Name> | |
<FileObj:File_Extension condition="Equals">doc.exe</FileObj:File_Extension> | |
</cybox:Properties> | |
<cybox:Relationship xsi:type="cyboxVocabs:ObjectRelationshipVocab-1.1">Contains</cybox:Relationship> | |
</cybox:Related_Object> | |
</cybox:Related_Objects> | |
</cybox:Object> | |
</indicator:Observable> | |
<indicator:Indicated_TTP> | |
<stixCommon:TTP idref="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" xsi:type='ttp:TTPType' version="1.2"/> | |
</indicator:Indicated_TTP> | |
<indicator:Confidence timestamp="2014-10-31T15:52:13.127775+00:00"> | |
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">Low</stixCommon:Value> | |
</indicator:Confidence> | |
</stix:Indicator> | |
</stix:Indicators> | |
<stix:TTPs> | |
<stix:TTP id="example:ttp-d7b066aa-4091-4276-a142-29d5d81c3484" timestamp="2014-10-31T15:52:13.126765+00:00" xsi:type='ttp:TTPType' version="1.2"> | |
<ttp:Title>Phishing</ttp:Title> | |
</stix:TTP> | |
</stix:TTPs> | |
</stix:STIX_Package> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment