Westpac Spam and an approach to STIX language

In my previous post regarding Westpac phishing mail, I mentioned associated domain and IP address.

Recently, I am diving into the threat intelligence and especially how to share information about my finding with the rest of the world beside the blog.

I ventured into understanding STIX – Structured Threat Intelligence Expression and below is my first attempt to write a small snippet.

<stix:Observables cybox_major_version=”1″ cybox_minor_version=”1″>
<cybox:Observable id = “mkioc1”>
<cybox:Object id = “IP address”>
<cybox:Properties xsi:type = “AddressObject:AddressObjectType” category = “ipv4-addr”>
<AddressObject:Address_Value>197.232.31.99</AddressObject:Address_value>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
</stix:Observables>

I will be writing a bot more about STIX and importance of sharing threat intelligence in later posts.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s