-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathfile-hash-pattern-2.xml
executable file
·69 lines (69 loc) · 4.72 KB
/
file-hash-pattern-2.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<stix:STIX_Package
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:example="http://example.com"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
id="example:STIXPackage-f9375fce-5c32-4e9c-9013-57e6c21c5d75" version="1.2">
<stix:Indicators>
<stix:Indicator id="example:indicator-cc0ab183-6de7-4286-940e-bf143398d090" timestamp="2014-05-08T09:00:00+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>IP Address for known C2 channel</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Valid_Time_Position>
<indicator:Start_Time precision="second">2014-05-08T09:00:00+00:00</indicator:Start_Time>
</indicator:Valid_Time_Position>
<indicator:Observable id="example:Observable-2c909861-a400-48a6-86e5-ed6c4f68a878">
<cybox:Observable_Composition operator="AND">
<cybox:Observable id="example:Observable-cee1d29c-bf57-4918-ad7d-41660b864367">
<cybox:Observable_Composition operator="OR">
<cybox:Observable id="example:Observable-215fbcfc-f716-4437-acd3-55d62fbeec1a">
<cybox:Object id="example:File-4624165a-1b55-4e3e-bb05-cde268e14f23">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals">bf07a7fbb825fc0aae7bf4a1177b2b31fcf8a3feeaf7092761e18c859ee52a9c</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
<cybox:Observable id="example:Observable-6092136c-d2e7-439a-a831-9ef18c7fcbb0">
<cybox:Object id="example:File-896c625e-de95-40bd-9e69-fd09c01fc876">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals">cead3f77f6cda6ec00f57d76c9a6879f</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
</cybox:Observable_Composition>
</cybox:Observable>
<cybox:Observable id="example:Observable-91e9f844-b2f8-47e5-945f-666ca242e6ba">
<cybox:Object id="example:File-d3ea15ee-66a6-4e86-b0ab-218faa207214">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals">aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
</cybox:Observable_Composition>
</indicator:Observable>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>