STIX2

Actors

Attributes conversion

Conversion from STIX2 to Colander:

• created: created_at

• modified: updated_at

• name: name

• description: description

• identity_class: attributes.identity_class

Conversion from Colander to STIX2:

• created_at: created

• updated_at: modified

• name: name

• description: description

• attributes.identity_class: identity_class

Types conversion

• NGO:

  • STIX2 type: identity

• COMPANY:

  • STIX2 type: identity

• APT:

  • STIX2 type: threat-actor

• THREAT_ACTOR:

  • STIX2 type: threat-actor

• INDIVIDUAL:

  • STIX2 type: identity

• PUB_INST:

  • STIX2 type: identity

• GENERIC:

  • STIX2 type: identity

• HACKTIVIST:

  • STIX2 type: identity

• CYBER_CRIMINAL:

  • STIX2 type: threat-actor

• INSIDER:

  • STIX2 type: threat-actor

• NATION_STATE:

  • STIX2 type: identity

Artifacts

Attributes conversion

Conversion from STIX2 to Colander:

• created: created_at

• modified: updated_at

• name: name

• description: description

• hashes.MD5: md5

• hashes.SHA-1: sha1

• hashes.SHA-256: sha256

• mime_type: mime_type

• size: size_in_bytes

Conversion from Colander to STIX2:

• created_at: created

• updated_at: modified

• name: name

• description: description

• md5: hashes.MD5

• sha1: hashes.SHA-1

• sha256: hashes.SHA-256

• mime_type: mime_type

• size_in_bytes: size

Types conversion

• ARCHIVE:

  • STIX2 type: file

• EMAIL:

  • STIX2 type: file

• BACKUP:

  • STIX2 type: file

• ANDROID_BACKUP:

  • STIX2 type: file

• IOS_BACKUP:

  • STIX2 type: file

• SAMPLE:

  • STIX2 type: file

• ANDROID_SAMPLE:

  • STIX2 type: file

• IOS_SAMPLE:

  • STIX2 type: file

• F_DUMP:

  • STIX2 type: file

• PCAP:

  • STIX2 type: file

• HAR:

  • STIX2 type: file

• SOCKET_T:

  • STIX2 type: file

• CRYPTO_T:

  • STIX2 type: file

• SSLKEYLOG:

  • STIX2 type: file

• DOCUMENT:

  • STIX2 type: file

• IMAGE:

  • STIX2 type: file

• VIDEO:

  • STIX2 type: file

• AUDIO:

  • STIX2 type: file

• WEBPAGE:

  • STIX2 type: file

• SOCIAL_POST:

  • STIX2 type: file

• REPORT:

  • STIX2 type: file

• JSON:

  • STIX2 type: file

• TEXT:

  • STIX2 type: file

• BINARY:

  • STIX2 type: file

• GENERIC:

  • STIX2 type: file

Devices

Attributes conversion

Conversion from STIX2 to Colander:

• created: created_at

• modified: updated_at

• name: name

• description: description

• infrastructure_types: attributes.infrastructure_types

Conversion from Colander to STIX2:

• created_at: created

• updated_at: modified

• name: name

• description: description

• attributes.infrastructure_types: infrastructure_types

Types conversion

• SERVER:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['server']

• LAPTOP:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['workstation', 'laptop']

• DESKTOP:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['workstation', 'desktop']

• MOBILE:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['workstation', 'mobile']

• IOT:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['unknown', 'iot']

• ROUTER:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['routers-switches', 'router']

• GENERIC:

  • STIX2 type: infrastructure

  • STIX2 infrastructure types attribute: ['unknown', 'generic']

Observables

Attributes conversion

Conversion from STIX2 to Colander:

• created: created_at

• modified: updated_at

• name: name

• description: description

• pattern: attributes.pattern

Conversion from Colander to STIX2:

• created_at: created

• updated_at: modified

• name: name

• description: description

Types conversion

• IPV4:

  • STIX2 type: indicator

  • STIX2 pattern: [ipv4-addr:value = '{value}']

• IPV6:

  • STIX2 type: indicator

  • STIX2 pattern: [ipv6-addr:value = '{value}']

• MAC:

  • STIX2 type: indicator

  • STIX2 pattern: [mac-addr:value = '{value}']

• DOMAIN:

  • STIX2 type: indicator

  • STIX2 pattern: [domain-name:value = '{value}']

• EMAIL:

  • STIX2 type: indicator

  • STIX2 pattern: [email-addr:value = '{value}']

• SOCIAL_ACCOUNT:

  • STIX2 type: indicator

  • STIX2 pattern: [user-account:user_id = '{value}']

• URL:

  • STIX2 type: indicator

  • STIX2 pattern: [url:value = '{value}']

• MD5:

  • STIX2 type: indicator

  • STIX2 pattern: [file:hashes.'MD5' = '{value}']

• SHA1:

  • STIX2 type: indicator

  • STIX2 pattern: [file:hashes.'SHA-1' = '{value}']

• SHA256:

  • STIX2 type: indicator

  • STIX2 pattern: [file:hashes.'SHA-256' = '{value}']

• PEHASH:

  • STIX2 type: indicator

  • STIX2 pattern: [file:hashes.PEHASH = '{value}']

• PATH:

  • STIX2 type: indicator

  • STIX2 pattern: [directory:path = '{value}']

• MUTEX:

  • STIX2 type: indicator

  • STIX2 pattern: [mutex:name = '{value}']

• ASN:

  • STIX2 type: indicator

  • STIX2 pattern: [autonomous-system:number = {value}]

• PROCESS:

  • STIX2 type: indicator

  • STIX2 pattern: [process:name = '{value}']

Threats

Attributes conversion

Conversion from STIX2 to Colander:

• name: name

• created: created_at

• modified: updated_at

• description: description

Conversion from Colander to STIX2:

• name: name

• created_at: created

• updated_at: modified

• description: description

Types conversion

• ADWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['adware']

• BACKDOOR:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['backdoor']

• BOTNET:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['bot']

• BROWSER_HIJACKER:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• CRYPTOJACKING:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• DROPPER:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['dropper']

• EXPLOIT_KIT:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['exploit-kit']

• FF_BOTNET:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['bot']

• INFO_STEALER:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• LOADER:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• MALVERTISING:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['adware']

• MOBILE_TROJAN:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['trojan']

• POS_MALWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['exploit-kit']

• RANSOMWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['ransomware']

• PHISHING:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• STALKERWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['spyware']

• WATCHWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['spyware']

• MALWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['virus']

• RAT:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['remote-access-trojan']

• ROOTKIT:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['rootkit']

• SCAREWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['virus']

• SINKHOLE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• DIALER:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• GENERIC:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['unknown']

• SPYWARE:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['spyware']

• TROJAN:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['trojan']

• WORM:

  • STIX2 type: malware

  • STIX2 malware types attribute: ['worm']