Example Content
Create File Action
<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cybox="http://cybox.mitre.org/cybox_v1" xmlns:common="http://cybox.mitre.org/Common_v1"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject"
xsi:schemaLocation="http://cybox.mitre.org/cybox_v1
http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd
http://cybox.mitre.org/objects#FileObject
http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd"
cybox_major_version="1" cybox_minor_version="0(draft)">
<cybox:Observable>
<cybox:Event>
<cybox:Actions>
<cybox:Action id="cybox:Action_1" type="Create" action_status="Success"
context="Host" timestamp="09:22:00.0Z">
<cybox:Action_Name>
<cybox:Defined_Name>Create File</cybox:Defined_Name>
</cybox:Action_Name>
<cybox:Associated_Objects>
<cybox:Associated_Object id="cybox:Object_1" type="File"
object_state="Exists" association_type="Affected">
<cybox:Defined_Object xsi:type="FileObj:FileObjectType">
<FileObj:File_Name>foobar.dll</FileObj:File_Name>
<FileObj:File_Path>C:\Windows\system32</FileObj:File_Path>
<FileObj:Hashes>
<common:Hash>
<common:Type datatype="String">MD5</common:Type>
<common:Simple_Hash_Value datatype="hexBinary"
>6E48C348D742A931EC2CE90ABD7DAC6A</common:Simple_Hash_Value>
</common:Hash>
</FileObj:Hashes>
</cybox:Defined_Object>
</cybox:Associated_Object>
</cybox:Associated_Objects>
</cybox:Action>
</cybox:Actions>
</cybox:Event>
</cybox:Observable>
</cybox:Observables>
|
