Westpac Spam and an approach to STIX language

In my previous post regarding Westpac phishing mail, I mentioned associated domain and IP address.

Recently, I am diving into the threat intelligence and especially how to share information about my finding with the rest of the world beside the blog.

I ventured into understanding STIX – Structured Threat Intelligence Expression and below is my first attempt to write a small snippet.

<stix:Observables cybox_major_version=”1″ cybox_minor_version=”1″>
<cybox:Observable id = “mkioc1”>
<cybox:Object id = “IP address”>
<cybox:Properties xsi:type = “AddressObject:AddressObjectType” category = “ipv4-addr”>

I will be writing a bot more about STIX and importance of sharing threat intelligence in later posts.

Related Posts

Leave a Reply

%d bloggers like this: