CTI STIX Subcommittee

 View Only

Observed Data Proposal for Malware / Infrastructure

  • 1.  Observed Data Proposal for Malware / Infrastructure

    Posted 08-27-2018 21:54
      |   view attached
    I wanted to share out a proposal to revise the Observed Data object that Gary put together in order to allow mappings from STIX objects into the content of the Observed Data block while still respecting existing mappings. This should allow for infrastructure and malware objects to more easily reference fully mapped observed data graphs while limiting the overhead associated with creating large numbers of additional observed data objects. Jeffrey Mates, Civ DC3/DCCI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computer Scientist Defense Cyber Crime Institute jeffrey.mates@dc3.mil 410-694-4335 Attachment: Observed Data Presentation.pptx Description: application/vnd.openxmlformats-officedocument.presentationml.presentation Attachment: Observed_data2.json Description: Binary data Attachment: Observed_data1.json Description: Binary data Attachment: smime.p7s Description: S/MIME cryptographic signature

    Attachment(s)