sra-stix2-validator
Version:
77 lines • 2.72 kB
JSON
{
"$id": "../sdos/malware.json",
"$schema": "http://json-schema.org/draft-06/schema#",
"title": "malware",
"description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.",
"type": "object",
"allOf": [
{
"$ref": "../common/core.json"
},
{
"properties": {
"type": {
"type": "string",
"description": "The type of this object, which MUST be the literal `malware`.",
"const": "malware"
},
"id": {
"title": "id",
"pattern": "^malware--"
},
"labels": {
"type": "array",
"description": "The type of malware being described. Open Vocab - malware-label-ov",
"items": {
"type": "string"
},
"minItems": 1
},
"name": {
"type": "string",
"description": "The name used to identify the Malware."
},
"description": {
"type": "string",
"description": "Provides more context and details about the Malware object."
},
"kill_chain_phases": {
"type": "array",
"description": "The list of kill chain phases for which this Malware instance can be used.",
"items": {
"$ref": "../common/kill-chain-phase.json"
},
"minItems": 1
}
}
}
],
"required": [
"name",
"labels"
],
"definitions": {
"malware-label-ov": {
"type": "string",
"enum": [
"adware",
"backdoor",
"bot",
"ddos",
"dropper",
"exploit-kit",
"keylogger",
"ransomware",
"remote-access-trojan",
"resource-exploitation",
"rogue-security-software",
"rootkit",
"screen-capture",
"spyware",
"trojan",
"virus",
"worm"
]
}
}
}