In my previous post regarding Westpac phishing mail, I mentioned associated domain and IP address.
Recently, I am diving into the threat intelligence and especially how to share information about my finding with the rest of the world beside the blog.
I ventured into understanding STIX – Structured Threat Intelligence Expression and below is my first attempt to write a small snippet.
<stix:Observables cybox_major_version=”1″ cybox_minor_version=”1″>
<cybox:Observable id = “mkioc1”>
<cybox:Object id = “IP address”>
<cybox:Properties xsi:type = “AddressObject:AddressObjectType” category = “ipv4-addr”>
<AddressObject:Address_Value>197.232.31.99</AddressObject:Address_value>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
</stix:Observables>
I will be writing a bot more about STIX and importance of sharing threat intelligence in later posts.
