Cyber Observable eXpression

Example Content

Observable pattern for a file with one of a set of three MD5 hashes

<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cybox="http://cybox.mitre.org/cybox_v1" xmlns:common="http://cybox.mitre.org/Common_v1"
    xmlns:FileObj="http://cybox.mitre.org/objects#FileObject"
    xsi:schemaLocation="http://cybox.mitre.org/cybox_v1 
        http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd
        http://cybox.mitre.org/objects#FileObject
        http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd"
    cybox_major_version="1" cybox_minor_version="0(draft)">
    <cybox:Observable>
        <cybox:Stateful_Measure>
            <cybox:Object id="cybox:A1" type="File">
                <cybox:Defined_Object xsi:type="FileObj:FileObjectType">
                    <FileObj:Hashes>
                        <common:Hash>
                            <common:Type datatype="String">MD5</common:Type>
                            <common:Simple_Hash_Value condition="IsInSet"
                                value_set="4EC0027BEF4D7E1786A04D021FA8A67F, 21F0027ACF4D9017861B1D021FA8CF76,2B4D027BEF4D7E1786A04D021FA8CC01"
                                datatype="hexBinary"/>
                        </common:Hash>
                    </FileObj:Hashes>
                </cybox:Defined_Object>
            </cybox:Object>
        </cybox:Stateful_Measure>
    </cybox:Observable>
</cybox:Observables>

CybOX is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration.
Copyright © 2011 -2013, The MITRE Corporation. CybOX and the CybOX logo are trademarks of The MITRE Corporation.

Contact cybox@mitre.org for more information.

Privacy policy

Terms of use

Contact us