Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

ArtifactObjectTypeArtifact Object Schema

The ArtifactObjectType type is intended to encapsulate and convey the content of a Raw Artifact.


Fields

Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

@typeoptional ArtifactTypeEnum

The type field specifies the general type of the artifact contained in this Defined Object.

@content_typeoptional string

The content_type field is optional and specifies the Internet Media Type of the artifact contained in this Defined Object.

@content_type_versionoptional string

The content_type_version field is optional and specifies the content type version of the artifact contained in this Defined Object.

@suspected_maliciousoptional boolean

The suspected_malicious field is optional and conveys whether the content of the Raw_Artifact is believed to be malicious.

Hashes0..1 HashListType

The Hashes field is optional and specifies hashes for the Raw_Artifact content.

Packaging0..1 PackagingType

The Packaging field is optional and characterizes packaging layers (e.g. compression, encryption, encoding) applied to the original content to generate the content of the Raw_Artifact field of this Object. The ordering of entries in this sequence implicitly denotes the ordering of packaging layer operations applied.

Raw_Artifact0..1 RawArtifactType

The Raw_Artifact field contains the raw content of a cyber artifact (rather than simply analysis of that artifact). It is conveyed within a string-based field and should be further enclosed in a CDATA section within the string-based field.

Raw_Artifact_Reference0..1 anyURI

The Raw_Artifact_Reference field contains a reference to an external instance of the raw content of a cyber artifact (rather than simply analysis of that artifact).