| Vulnerability |
A Vulnerability is a mistake in software that can be directly used by a hacke... |
no |
| Directory |
The Directory Object represents the properties common to a file system direct... |
no |
| WindowsRegistryKey |
The Registry Key Object represents the properties of a Windows registry key |
no |
| CourseOfAction |
A Course of Action is an action taken either to prevent an attack or to respo... |
no |
| Opinion |
An Opinion is an assessment of the correctness of the information in a STIX O... |
no |
| Software |
The Software Object represents high-level properties associated with software... |
no |
| Note |
A Note is a comment or note containing informative text to help explain the c... |
no |
| StixDomainObject |
|
no |
| MacAddr |
The MAC Address Object represents a single Media Access Control (MAC) address |
no |
| ThreatActor |
Threat Actors are actual individuals, groups, or organizations believed to be... |
no |
| EmailMessage |
The Email Message Object represents an instance of an email message |
no |
| CyberObservableCore |
Common properties and behavior across all Cyber Observable Objects |
yes |
| UserAccount |
The User Account Object represents an instance of any type of user account, i... |
no |
| ObservedData |
Observed data conveys information that was observed on systems and networks, ... |
no |
| Campaign |
A Campaign is a grouping of adversary behavior that describes a set of malici... |
no |
| Infrastructure |
Infrastructure objects describe systems, software services, and associated ph... |
no |
| AutonomousSystem |
The AS object represents the properties of an Autonomous Systems (AS) |
no |
| Location |
A Location represents a geographic location |
no |
| Report |
Reports are collections of threat intelligence focused on one or more topics,... |
no |
| Ipv4Addr |
The IPv4 Address Object represents one or more IPv4 addresses expressed using... |
no |
| IntrusionSet |
An Intrusion Set is a grouped set of adversary behavior and resources with co... |
no |
| CyberObservableObject |
|
no |
| Grouping |
A Grouping object explicitly asserts that the referenced STIX Objects have a ... |
no |
| MarkingDefinition |
The marking-definition object represents a specific marking |
yes |
| Core |
Common properties and behavior across all STIX Domain Objects and STIX Relati... |
yes |
| Tool |
Tools are legitimate software that can be used by threat actors to perform at... |
no |
| Indicator |
Indicators contain a pattern that can be used to detect suspicious or malicio... |
no |
| LanguageContent |
The language-content object represents text content for STIX Objects represen... |
no |
| Url |
The URL Object represents the properties of a uniform resource locator (URL) |
no |
| MalwareAnalysis |
Malware Analysis captures the metadata and results of a particular analysis p... |
no |
| Artifact |
The Artifact Object permits capturing an array of bytes (8-bits), as a base64... |
no |
| AttackPattern |
Attack Patterns are a type of TTP that describe ways that adversaries attempt... |
no |
| Process |
The Process Object represents common properties of an instance of a computer ... |
no |
| Malware |
Malware is a type of TTP that is also known as malicious code and malicious s... |
no |
| StixRelationshipObject |
|
no |
| Sighting |
A Sighting denotes the belief that something in CTI (e |
no |
| Ipv6Addr |
The IPv6 Address Object represents one or more IPv6 addresses expressed using... |
no |
| Identity |
Identities can represent actual individuals, organizations, or groups (e |
no |
| DomainName |
The Domain Name represents the properties of a network domain name |
no |
| Mutex |
The Mutex Object represents the properties of a mutual exclusion (mutex) obje... |
no |
| Relationship |
The Relationship object is used to link together two SDOs in order to describ... |
no |
| NetworkTraffic |
The Network Traffic Object represents arbitrary network traffic that originat... |
no |
| Incident |
The Incident object in STIX 2 |
no |
| X509Certificate |
The X509 Certificate Object represents the properties of an X |
no |
| ExtensionDefinition |
The STIX Extension Definition object allows producers of threat intelligence ... |
no |
| EmailAddr |
The Email Address Object represents a single email address |
no |
| File |
The File Object represents the properties of a file |
no |