Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

MAEC4.1InstanceTypeMAEC 4.1 Malware Instance Schema

The MAEC4.1InstanceType provides an extension to MalwareInstanceType which imports and leverages the MAEC 4.1 schema for structured characterization of Malware.


Fields

Field Name Type Description
@idoptional QName

Specifies a unique ID for this Malware Instance.

@idrefoptional QName

Specifies a reference to the ID for this Malware Instance specified elsewhere.

Type0..n ControlledVocabularyStringType

The Type field provides a characterization of what type of malware this MalwareInstance is.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is MalwareTypeVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.1.1/stix_default_vocabularies.xsd.

Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.

Name0..n ControlledVocabularyStringType

The Name field specifies a name associated with this MalwareInstance.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.1.1. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.

Title0..1 string

The Title field is optional and provides an unstructured, text description of an individual Malware Instance.

Description0..1 StructuredTextType

The Description field provides an text description of an individual Malware Instance.

Short_Description0..1 StructuredTextType

The Short_Description field provides a short text description of an individual Malware Instance.

MAEC1..1 PackageType

The MAEC field contains the structured characterization of instances of Malware utilizing the MAEC Package schema.