Example Content
File with basic information including multiple hashes
<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cybox="http://cybox.mitre.org/cybox_v1" xmlns:common="http://cybox.mitre.org/Common_v1"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject"
xsi:schemaLocation="http://cybox.mitre.org/cybox_v1
http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd
http://cybox.mitre.org/objects#FileObject
http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd"
cybox_major_version="1" cybox_minor_version="0(draft)">
<cybox:Observable>
<!-- Observable for a file with the name, path, MD5 hash, SHA1 hash, SHA256 hash and size in bytes defined in Sample2 utilizing the base File_Object-->
<cybox:Stateful_Measure>
<cybox:Object id="cybox:A1" type="File">
<cybox:Defined_Object xsi:type="FileObj:FileObjectType">
<FileObj:File_Name datatype="String">notepad.exe</FileObj:File_Name>
<FileObj:File_Path datatype="String">C:\Temp</FileObj:File_Path>
<FileObj:Size_In_Bytes datatype="UnsignedLong">273845</FileObj:Size_In_Bytes>
<FileObj:Hashes>
<common:Hash>
<common:Type datatype="String">MD5</common:Type>
<common:Simple_Hash_Value condition="Equals" datatype="hexBinary"
>59a7078444ee3c862e4c08b601ed7e01</common:Simple_Hash_Value>
</common:Hash>
<common:Hash>
<common:Type datatype="String">SHA1</common:Type>
<common:Simple_Hash_Value condition="Equals" datatype="hexBinary"
>98e969b49ff2aedf66b94eb82c54b916f1a634cd</common:Simple_Hash_Value>
</common:Hash>
<common:Hash>
<common:Type datatype="String">SHA256</common:Type>
<common:Simple_Hash_Value condition="Equals" datatype="hexBinary"
>1706c7cd14a5c9bbf674b21f9c4f873ac04b7a6f1f2202cd0c5977c48968d188</common:Simple_Hash_Value>
</common:Hash>
</FileObj:Hashes>
</cybox:Defined_Object>
</cybox:Object>
</cybox:Stateful_Measure>
</cybox:Observable>
</cybox:Observables>
|
