AttackerInfrastructureTypeVocab-1.0STIX Vocabularies Schema

The AttackerInfrastructureTypeVocab is the default STIX vocabulary for expressing the type of infrastructure an attacker uses.

Vocabulary Items

Item Description
Anonymization - Proxy
Anonymization - TOR Network
Anonymization - VPN
Communications - Blogs
Communications - Forums
Communications - Internet Relay Chat
Communications - Micro-Blogs
Communications - Mobile Communications
Communications - Social Networks
Communications - User-Generated Content Websites
Domain Registration
Domain Registration - Dynamic DNS Services
Domain Registration - Legitimate Domain Registration Services
Domain Registration - Malicious Domain Registrars
Domain Registration - Top-Level Domain Registrars
Hosting - Bulletproof / Rogue Hosting
Hosting - Cloud Hosting
Hosting - Compromised Server
Hosting - Fast Flux Botnet Hosting
Hosting - Legitimate Hosting
Electronic Payment Methods


Field Name Type Description
@vocab_nameoptional string

The vocab_name field specifies the name of the controlled vocabulary.

@vocab_referenceoptional anyURI

The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.