-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathmalware-indicator-for-file-hash.xml
executable file
·54 lines (54 loc) · 3.03 KB
/
malware-indicator-for-file-hash.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<stix:STIX_Package
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:ttp="http://stix.mitre.org/TTP-1"
xmlns:example="http://example.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
id="example:STIXPackage-fdd39a2e-b67c-41e3-bcc9-f01faf20d111" version="1.2">
<stix:Indicators>
<stix:Indicator id="example:indicator-a932fcc6-e032-476c-a26f-cb970a5a1ade" timestamp="2014-05-08T09:00:00+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>File hash for Poison Ivy variant</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">File Hash Watchlist</indicator:Type>
<indicator:Valid_Time_Position>
<indicator:Start_Time precision="second">2014-05-08T09:00:00+00:00</indicator:Start_Time>
</indicator:Valid_Time_Position>
<indicator:Observable id="example:Observable-be1001c8-f135-4ba5-b47d-7f71e323ea77">
<cybox:Object id="example:File-ff46e10b-f15b-4c4e-ab6d-1ebf7b00bf12">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals">ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Indicated_TTP>
<stixCommon:TTP idref="example:ttp-fdd60b30-b67c-41e3-b0b9-f01faf20d111" xsi:type='ttp:TTPType'/>
</indicator:Indicated_TTP>
</stix:Indicator>
</stix:Indicators>
<stix:TTPs>
<stix:TTP id="example:ttp-fdd60b30-b67c-41e3-b0b9-f01faf20d111" timestamp="2017-01-27T13:49:53.997000+00:00" xsi:type='ttp:TTPType'>
<ttp:Behavior>
<ttp:Malware>
<ttp:Malware_Instance>
<ttp:Type xsi:type="stixVocabs:MalwareTypeVocab-1.0">Remote Access Trojan</ttp:Type>
<ttp:Name>Poison Ivy</ttp:Name>
<ttp:Description>Poison Ivy Trojan</ttp:Description>
</ttp:Malware_Instance>
</ttp:Malware>
</ttp:Behavior>
</stix:TTP>
</stix:TTPs>
</stix:STIX_Package>