Sean Barnum sbarnum
sbarnum
/ STIX_IP_Watchlist.json
Last active
December 1, 2015 21:40
Simple "pure" JSON serialization of JSON-LD example STIX IP Watchlist content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@id": "example:STIXPackage-33fe3b22-0201-47cf-85d0-97c02164528d", | |
| "@type": "stix:Package", | |
| "stix:indicators": [ | |
| { | |
| "@id": "example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528d", | |
| "@type": "ind:Indicator", | |
| "ind:indicatorType": "stixVocabs:IndicatorTypeVocab-1.1:IP_Watchlist", | |
| "ind:observable": {"@id": "example:Observable-1c798262-a4cd-434d-a958-884d6980c459"}, | |
| "stixc:description": {"@value": "Sample IP Address Indicator for this watchlist. This contains one indicator with a set of three IP addresses in the watchlist."}, |
sbarnum
/ incident essentials.json
Last active
December 1, 2015 21:31
Simple "pure" JSON serialization of JSON-LD example STIX content from the "Incident Essentials - Who, What, When" idiom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@id": "example:Package-ec96d2a6-5a95-48f2-93c0-b3b2198633ca", | |
| "@type": "stix:Package", | |
| "stix:incidents": [ | |
| { | |
| "@id": "example:incident-8236b4a2-abe0-4b56-9347-288005c4bb92", | |
| "@type": "inc:Incident", | |
| "inc:impactEffects": "stixVocabs:IncidentEffectVocab-1.0:Financial_Loss", | |
| "inc:reporter": { | |
| "@id": "example:4cdb58ee3d18966146434adc2ce80d0972b2e991", |
sbarnum
/ malicious-email-indicator-with-attachment-mod1.json
Last active
December 2, 2015 19:59
Simple "pure" JSON serialization of JSON-LD example STIX content from the "Malicious E-mail Indicator with Attachment" idiom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@id": "example:Package-8b8ed1c1-f01d-4393-ac65-97017ed15876", | |
| "@type": "stix:Package", | |
| "stix:indicators": [ | |
| { | |
| "@id": "example:indicator-8cf9236f-1b96-493d-98be-0c1c1e8b62d7", | |
| "@type": "ind:Indicator", | |
| "ind:indicatorType": "stixVocabs:IndicatorTypeVocab-1.1:Malicious_E-mail", | |
| "ind:observable": {"@id": "example:Observable-437f0c20-ab26-4400-9f6a-fc395da3ddd9"}, | |
| "stixc:confidence": { |
sbarnum
/ malicious-email-indicator-with-attachment.xml
Created
November 30, 2015 18:17
XML serialization of example STIX content from the "Malicious E-mail Indicator with Attachment" idiom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <stix:STIX_Package> | |
| <stix:Indicators> | |
| <stix:Indicator id="example:indicator-8cf9236f-1b96-493d-98be-0c1c1e8b62d7" timestamp="2014-10-31T15:52:13.127931+00:00" xsi:type='indicator:IndicatorType' negate="false" version="2.1.1"> | |
| <indicator:Title>Malicious E-mail</indicator:Title> | |
| <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Malicious E-mail</indicator:Type> | |
| <indicator:Observable id="example:Observable-437f0c20-ab26-4400-9f6a-fc395da3ddd9"> | |
| <cybox:Object id="example:EmailMessage-0dc3478e-153a-412f-8718-7e9ee65b8084"> | |
| <cybox:Properties xsi:type="EmailMessageObj:EmailMessageObjectType"> | |
| <EmailMessageObj:Header> | |
| <EmailMessageObj:Subject condition="StartsWith">[IMPORTANT] Please Review Before</EmailMessageObj:Subject> |
sbarnum
/ stix-ip-watchlist.xml
Last active
December 1, 2015 21:35
XML serialization of example STIX IP Watchlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <stix:STIX_Package id="example:STIXPackage-33fe3b22-0201-47cf-85d0-97c02164528d" timestamp="2014-05-08T09:00:00.000000Z" version="1.1.1"> | |
| <stix:STIX_Header> | |
| <stix:Title>Example watchlist that contains IP information.</stix:Title> | |
| <stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators - Watchlist</stix:Package_Intent> | |
| </stix:STIX_Header> | |
| <stix:Indicators> | |
| <stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528d" timestamp="2014-05-08T09:00:00.000000Z"> | |
| <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type> | |
| <indicator:Description>Sample IP Address Indicator for this watchlist. This contains one indicator with a set of three IP addresses in the watchlist.</indicator:Description> | |
| <indicator:Observable id="example:Observable-1c798262-a4cd-434d-a958-884d6980c459"> |
sbarnum
/ incident essentials.xml
Created
November 30, 2015 19:03
XML serialization of example STIX content from the "Incident Essentials - Who, What, When" idiom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <stix:STIX_Package> | |
| <stix:Incidents> | |
| <stix:Incident id="example:incident-8236b4a2-abe0-4b56-9347-288005c4bb92" timestamp="2014-11-18T23:40:08.061362+00:00" xsi:type='incident:IncidentType' version="1.2"> | |
| <incident:Title>Breach of Cyber Tech Dynamics</incident:Title> | |
| <incident:Time> | |
| <incident:Initial_Compromise precision="second">2012-01-30T00:00:00</incident:Initial_Compromise> | |
| <incident:Incident_Discovery precision="second">2012-05-10T00:00:00</incident:Incident_Discovery> | |
| <incident:Restoration_Achieved precision="second">2012-08-10T00:00:00</incident:Restoration_Achieved> | |
| <incident:Incident_Reported precision="second">2012-12-10T00:00:00</incident:Incident_Reported> | |
| </incident:Time> |
sbarnum
/ stix-idioms-malicious-email-attachment-EclecticIQ.json
Last active
December 1, 2015 16:06
Simple "pure" JSON serialization (from EclecticIQ) of content from the "Malicious E-mail Indicator with Attachment" idiom. From EclecticIQ: "Note that only the STIX parts are included; the CybOX handling we have is incomplete from a JSON data format perspective (and currently in flux) and it would be confusing to use this as an example right now…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": "{http://example.com}Package-8b8ed1c1-f01d-4393-ac65-97017ed15876", | |
| "id_namespaces": { | |
| "example": "http://example.com" | |
| }, | |
| "indicators": [ | |
| { | |
| "confidence": { | |
| "timestamp": "2014-10-31T15:52:13.127950+00:00", | |
| "type": "confidence", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@context" : | |
| { | |
| "rdf" : "http://www.w3.org/1999/02/22-rdf-syntax-ns#", | |
| "rdfs" : "http://www.w3.org/2000/01/rdf-schema#", | |
| "owl" : "http://www.w3.org/2002/07.owl#", | |
| "xsd" : "http://www.w3.org/2001/XMLSchema#", | |
| "cybox" : "http://cybox.mitre.org/cybox_core#", | |
| "cyboxc" : "http://cybox.mitre.org/cyboxCommon#", | |
| "cyboxVocabs" : "http://cybox.mitre.org/default_vocabularies-2#", |
sbarnum
/ Observed TTP - Tool and Identity
Created
February 9, 2016 16:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": “example:identity-d3082b16-6dbd-4f1a-8cee-9ea2a0a35d5f", | |
| "type": “identity", | |
| "timestamp": "2015-12-21T19:59:11Z", | |
| "name": “Recorded Future" | |
| }, | |
| { | |
| "id": “example:tool-627e862d-04f4-42a3-bd52-561dc890ee99", | |
| "type": “tool", |
sbarnum
/ Leveraged TTP - Tool
Created
February 9, 2016 16:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": “example:tool-627e862d-04f4-42a3-bd52-561dc890ee99", | |
| "type": “tool", | |
| "timestamp": "2015-12-21T19:59:11Z", | |
| "name": “Web Intelligence Engine" | |
| }, | |
| { | |
| "id": "example:rel-a2b0101d-03a8-4d0d-bedf-2b4ea386c1ac", |
OlderNewer