Westpac Spam and an approach to STIX language

In my previous post regarding Westpac phishing mail, I mentioned associated domain and IP address.

Recently, I am diving into the threat intelligence and especially how to share information about my finding with the rest of the world beside the blog.

I ventured into understanding STIX – Structured Threat Intelligence Expression and below is my first attempt to write a small snippet.

<stix:Observables cybox_major_version=”1″ cybox_minor_version=”1″>
<cybox:Observable id = “mkioc1”>
<cybox:Object id = “IP address”>
<cybox:Properties xsi:type = “AddressObject:AddressObjectType” category = “ipv4-addr”>

I will be writing a bot more about STIX and importance of sharing threat intelligence in later posts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s