The AttackerInfrastructureTypeVocab is the default STIX vocabulary for expressing the type of infrastructure an attacker uses.
Item | Description |
---|---|
Anonymization | |
Anonymization - Proxy | |
Anonymization - TOR Network | |
Anonymization - VPN | |
Communications | |
Communications - Blogs | |
Communications - Forums | |
Communications - Internet Relay Chat | |
Communications - Micro-Blogs | |
Communications - Mobile Communications | |
Communications - Social Networks | |
Communications - User-Generated Content Websites | |
Domain Registration | |
Domain Registration - Dynamic DNS Services | |
Domain Registration - Legitimate Domain Registration Services | |
Domain Registration - Malicious Domain Registrars | |
Domain Registration - Top-Level Domain Registrars | |
Hosting | |
Hosting - Bulletproof / Rogue Hosting | |
Hosting - Cloud Hosting | |
Hosting - Compromised Server | |
Hosting - Fast Flux Botnet Hosting | |
Hosting - Legitimate Hosting | |
Electronic Payment Methods |
Field Name | Type | Description |
---|---|---|
@vocab_nameoptional | string |
The vocab_name field specifies the name of the controlled vocabulary. |
@vocab_referenceoptional | anyURI |
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file. |