OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] The STIX Observables we should be targeting to support in STIX.

How we have currently addressed this, for example in creating Money Mule accounts, by creating TTP objects with a targeted victim with CIQ objects for passing on Account information. 

Aukjan van Belkum 


EclecticIQ – Intelligence Powered Defense 

www.eclecticiq.com <http://www.eclecticiq.com/>
 
Signup for the EclecticIQ newsletter <http://eepurl.com/bJ8leP>.
Download interesting White Papers and Case Studies <https://www.eclecticiq.com/resources>.
Winner of the Deloitte FAST 50 <https://www.eclecticiq.com/news/14-oct-2016-eclecticiq-wins-deloitte-fast50-rising-star-award> Rising Star award

 

 

On 21/11/16 11:42, "cti-stix@lists.oasis-open.org on behalf of Alexandre Dulaunoy" <cti-stix@lists.oasis-open.org on behalf of Alexandre.Dulaunoy@circl.lu> wrote:

    On 21/11/16 00:53, Terry MacDonald wrote:
    > It seems to me that we should be looking to other areas where we can learn
    > what people are actively sharing. MISP is a great example of this. MISP has
    > grown organically, adding features as people have requested for them. In my
    > opinion it is a great list of things that people would find useful if we
    > add them:
    > 
    > http://www.misp-project.org/datamodels/#types
    > 
    > Things that specifically piqued my interest were:
    > - BIC
    > - IBAN
    > - CC number
    > - Link
    > - Text
    > - bitcoin (btc)
    > 
    > Cheers
    > 
    > *Terry MacDonald *| Chief Product Officer
    > 
    > 
    > 
    > M: +64 211 918 814 <+64+211+918+814>
    > E: terry.macdonald@cosive.com
    > W: www.cosive.com
    > 
    
    Forwarded mail from Andras (mailing-list policies reject his original mail ;-)
    
    ----
    
    Hello Terry,
    
    As someone involved in the MISP project, having support for these types in STIX would be a great move for our users. Right now we basically have to omit sharing any of these indicators when exchanging
    information with other systems using STIX, it would be great if we could share the full range of data instead of downgrading it for STIX.
    
    Best regards,
    Andras
    
    PS: We have exactly the same issue with marking as we explained in the F2F meeting in Brussels.
    
    -- 
    Alexandre Dulaunoy
    CIRCL - Computer Incident Response Center Luxembourg
    41, avenue de la gare L-1611 Luxembourg
    info@circl.lu - www.circl.lu
    
    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that 
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]