[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Infrastructure
Common Properties | ||
TODO | ||
Infrastructure Specific Properties | ||
name, description, kill_chain_phases, first_seen, last_seen | ||
Property Name | Type | Description |
type(required) | string | The value of this field MUST be infrastructure |
labels(required) | listof type open-vocab | The
type of infrastructure being described.
|
name(optional) | string | A name for this infrastructure |
description(optional) | string | A description that provides more details and context about the malicious Infrastructure, potentially including its purpose and its key characteristics. |
kill_chain_phases(optional) | listof typekill-chain-phase | The list of Kill Chain phases for which this Infrastructure is used. |
first_seen(optional) | timestamp | The time that this malicious Infrastructure was first seen. |
last_seen(optional) | timestamp | The time that this malicious Infrastructure was last seen. |
Then we would relationships from here to
Embedded Relationships | |||
created_by_ref | source | ||
object_markings_refs | marking-definition | ||
Common Relationships | |||
duplicate-of, derived-from, related-to | |||
Source | Name | Target | Description |
infrastructure | targets | identity, vulnerability | This
Relationship documents that this malicious Infrastructure is being used
to target this Victim Target or Vulnerability.
|
infrastructure | supports, delivers | malware | The infrastructure is used to host a malware family or particular malware instance. |
infrastructure | supports | infrastructure | The infrastructure is a component of some broader/overarching infrastructure. |
infrastructure | owned-by | threat-actor | The infrastructure is owned-by or belongs to a particular threat actor. |
Reverse Relationships | |||
indicator | indicates | infrastructure | See forward relationship for definition. |
course-of-action | mitigates | infrastructure | See forward relationship for definition. |
malware | beacons-to, exfiltrate-to | infrastructure | See forward relationship for definition. |
campaign,
intrusion-set,
malware, threat-actor, tool | uses | infrastructure | See
forward relationship for definition.
|
observed-data | part-of | infrastructure | See forward relationship for definition. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]