Class: Artifact
_The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload. _
URI: attack:Artifact
classDiagram
class Artifact
click Artifact href "../Artifact/"
CyberObservableObject <|-- Artifact
click CyberObservableObject href "../CyberObservableObject/"
Artifact : decryption_key
Artifact : defanged
Artifact : description
Artifact : encryption_algorithm
Artifact : extensions
Artifact : granular_markings
Artifact --> "*" GranularMarking : granular_markings
click GranularMarking href "../GranularMarking/"
Artifact : hashes
Artifact --> "0..1" HashesType : hashes
click HashesType href "../HashesType/"
Artifact : id
Artifact : mime_type
Artifact : name
Artifact : object_marking_refs
Artifact : payload_bin
Artifact : spec_version
Artifact --> "0..1" SpecVersionEnum : spec_version
click SpecVersionEnum href "../SpecVersionEnum/"
Artifact : type
Artifact : url
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| mime_type | 0..1 String |
MIME type value | direct |
| payload_bin | 0..1 String |
Base64 binary payload | direct |
| url | 0..1 Uriorcurie |
A URL reference to an external resource | direct |
| hashes | 0..1 HashesType |
Specifies a dictionary of hashes for the file or content | direct |
| encryption_algorithm | 0..1 String |
Artifact encryption algorithm | direct |
| decryption_key | 0..1 String |
Decryption key material | direct |
| type | 1 StixTypeName |
STIX object type | StixEntity, CyberObservableCore |
| spec_version | 0..1 SpecVersionEnum |
STIX specification version | CyberObservableCore |
| id | 1 StixIdentifier |
STIX object identifier | StixEntity, CyberObservableCore |
| object_marking_refs | * StixIdentifier |
Marking definition references applied to this object | CyberObservableCore |
| granular_markings | * GranularMarking |
Granular markings that apply to selected content | CyberObservableCore |
| defanged | 0..1 Boolean |
Defines whether or not the data contained within the object has been defanged | CyberObservableCore |
| extensions | * String |
Open-ended extension payloads | CyberObservableCore |
| name | 0..1 String |
Human-readable name | StixEntity |
| description | 0..1 String |
Human-readable description | StixEntity |
In Subsets
Comments
- jsonschema_rule: oneOf validator_hint: enforce-artifact-exclusive-payload-and-encryption-rules jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/artifact.json
Notes
- JSON Schema enforces oneOf for payload_bin vs url+hashes and conditional decryption rules.
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | attack:Artifact |
| native | attack:Artifact |
LinkML Source
Direct
name: Artifact
description: 'The Artifact Object permits capturing an array of bytes (8-bits), as
a base64-encoded string string, or linking to a file-like payload. '
notes:
- JSON Schema enforces oneOf for payload_bin vs url+hashes and conditional decryption
rules.
comments:
- 'jsonschema_rule: oneOf validator_hint: enforce-artifact-exclusive-payload-and-encryption-rules
jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/artifact.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CyberObservableObject
slots:
- mime_type
- payload_bin
- url
- hashes
- encryption_algorithm
- decryption_key
slot_usage:
id:
name: id
pattern: ^artifact--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
type:
name: type
pattern: ^artifact$
mime_type:
name: mime_type
pattern: ^(application|audio|font|image|message|model|multipart|text|video)/[a-zA-Z0-9.+_-]+
Induced
name: Artifact
description: 'The Artifact Object permits capturing an array of bytes (8-bits), as
a base64-encoded string string, or linking to a file-like payload. '
notes:
- JSON Schema enforces oneOf for payload_bin vs url+hashes and conditional decryption
rules.
comments:
- 'jsonschema_rule: oneOf validator_hint: enforce-artifact-exclusive-payload-and-encryption-rules
jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/artifact.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CyberObservableObject
slot_usage:
id:
name: id
pattern: ^artifact--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
type:
name: type
pattern: ^artifact$
mime_type:
name: mime_type
pattern: ^(application|audio|font|image|message|model|multipart|text|video)/[a-zA-Z0-9.+_-]+
attributes:
mime_type:
name: mime_type
description: MIME type value.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: mime_type
owner: Artifact
domain_of:
- Artifact
- File
range: string
pattern: ^(application|audio|font|image|message|model|multipart|text|video)/[a-zA-Z0-9.+_-]+
payload_bin:
name: payload_bin
description: Base64 binary payload.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: payload_bin
owner: Artifact
domain_of:
- Artifact
range: string
url:
name: url
description: A URL reference to an external resource.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:URL
rank: 1000
alias: url
owner: Artifact
domain_of:
- ExternalReference
- Artifact
range: uriorcurie
hashes:
name: hashes
description: Specifies a dictionary of hashes for the file or content.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:hashes
rank: 1000
alias: hashes
owner: Artifact
domain_of:
- ExternalReference
- Artifact
- File
- X509Certificate
range: HashesType
encryption_algorithm:
name: encryption_algorithm
description: Artifact encryption algorithm.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: encryption_algorithm
owner: Artifact
domain_of:
- Artifact
range: string
decryption_key:
name: decryption_key
description: Decryption key material.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: decryption_key
owner: Artifact
domain_of:
- Artifact
range: string
type:
name: type
description: STIX object type.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:state
rank: 1000
alias: type
owner: Artifact
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_type_name
required: true
pattern: ^artifact$
spec_version:
name: spec_version
description: STIX specification version.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:specVersion
rank: 1000
alias: spec_version
owner: Artifact
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: SpecVersionEnum
id:
name: id
description: STIX object identifier.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: id
owner: Artifact
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_identifier
required: true
pattern: ^artifact--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
object_marking_refs:
name: object_marking_refs
description: Marking definition references applied to this object.
comments:
- 'jsonschema_minItems: "1"'
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:objectMarking
rank: 1000
alias: object_marking_refs
owner: Artifact
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: stix_identifier
multivalued: true
granular_markings:
name: granular_markings
description: Granular markings that apply to selected content.
comments:
- 'jsonschema_minItems: "1"'
from_schema: https://w3id.org/lmodel/attack
narrow_mappings:
- unified_cyber_ontology:objectMarking
rank: 1000
alias: granular_markings
owner: Artifact
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: GranularMarking
multivalued: true
defanged:
name: defanged
description: Defines whether or not the data contained within the object has been
defanged.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: defanged
owner: Artifact
domain_of:
- CyberObservableCore
range: boolean
extensions:
name: extensions
description: Open-ended extension payloads.
notes:
- JSON Schema uses patternProperties for extension keys; exact key validation
is delegated to validator tooling.
comments:
- 'jsonschema_rule: patternProperties validator_hint: validate-extension-keys-and-values'
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:hasFacet
rank: 1000
alias: extensions
owner: Artifact
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
- File
range: string
multivalued: true
name:
name: name
description: Human-readable name.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:name
rank: 1000
alias: name
owner: Artifact
domain_of:
- RelatedAsset
- StixEntity
- ExtensionDefinition
- MarkingDefinition
- AutonomousSystem
- File
range: string
description:
name: description
description: Human-readable description.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:description
rank: 1000
alias: description
owner: Artifact
domain_of:
- RelatedAsset
- MutableElement
- StixEntity
- ExtensionDefinition
- ExternalReference
range: string