-
Notifications
You must be signed in to change notification settings - Fork 16
/
malware-family.json
71 lines (71 loc) · 3.49 KB
/
malware-family.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
{
"$schema": "http://json-schema.org/draft-04/schema#",
"definitions": {"malware-family": {
"title": "MalwareFamily",
"type": "object",
"description": "A set of malware instances that are related by common authorship and/or lineage. Malware Families are often named and may have components such as strings that are common across all members of the family.",
"properties": {
"type": {
"type": "string",
"enum": ["malware-family"]
},
"id": {
"type": "string",
"description": "Specifies a unique id for the Malware Family"
},
"name": {
"$ref": "name.json#/definitions/name",
"description": "Captures a name of the Malware Family, as specified by the producer of the MAEC package."
},
"aliases": {
"type": "array",
"items": {"$ref": "name.json#/definitions/name"},
"minItems": 1,
"description": "Captures aliases for the Malware Family. For cases where the alias comes from an external source, the name of the source SHOULD be provided."
},
"labels": {
"type": "array",
"items": {"type": "string"},
"description": "Specifies a single commonly accepted label to describe the members of the Malware Family, e.g. \"worm\". The values for this property SHOULD come from the malware-label-ov vocabulary."
},
"description": {
"type": "string",
"description": "Captures a basic, textual description of the Malware Family."
},
"field_data": {
"$ref": "field-data.json#/definitions/field-data",
"description": "Specifies field data about the Malware Family, such as first seen and last seen dates."
},
"common_strings": {
"type": "array",
"items": {"type": "string"},
"description": "Specifies any strings common to all members of the Malware Family."
},
"common_capabilities": {
"type": "array",
"description": "Specifies a set of one or more Capabilities that are common to all members of the Malware Family.",
"items": {"$ref": "capability.json#/definitions/capability"}
},
"common_code_refs": {
"type": "array",
"items": {"type": "string"},
"description": "References code snippets that are shared between all of the members of the Malware Family. The Object(s) referenced MUST be of STIX type artifact and MUST be specified in the observable-objects property of the Package."
},
"common_behavior_refs": {
"type": "array",
"items": {"type": "string"},
"description": "Specifies a set of one or more Behaviors that are common to all of the members of the Malware Family. Each item specifies a unique ID of the Behavior being referenced."
},
"references": {
"type": "array",
"items": {"$ref": "external-reference.json#/definitions/external-reference"},
"description": "Specifies a set of one or more external references to the Malware Family."
}
},
"required": [
"type",
"id",
"name"
]
}}
}