PackageIntentVocab-1.0STIX Vocabularies Schema

The PackageIntentVocab is the default STIX vocabulary for Package Intent.

NOTE: As of STIX Version 1.2, the PackageIntentVocab is deprecated and should only be used with the deprecated STIXHeaderType/Package_Intent field. Please use a Report and ReportIntentVocab-1.0 instead.


Vocabulary Items

Item Description
Collective Threat Intelligence Package is intended to convey a broad characterization of a threat across multiple facets.
Threat Report Package is intended to convey a broad characterization of a threat across multiple facets expressed as a cohesive report.
Indicators Package is intended to convey mainly indicators.
Indicators - Phishing Package is intended to convey mainly phishing indicators.
Indicators - Watchlist Package is intended to convey mainly network watchlist indicators.
Indicators - Malware Artifacts Package is intended to convey mainly malware artifact indicators.
Indicators - Network Activity Package is intended to convey mainly network activity indicators.
Indicators - Endpoint Characteristics Package is intended to convey mainly endpoint characteristics (hashes, registry values, installed software, known vulnerabilities, etc.) indicators.
Campaign Characterization Package is intended to convey mainly a characterization of one or more campaigns.
Threat Actor Characterization Package is intended to convey mainly a characterization of one or more threat actors.
Exploit Characterization Package is intended to convey mainly a characterization of one or more exploits.
Attack Pattern Characterization Package is intended to convey mainly a characterization of one or more attack patterns.
Malware Characterization Package is intended to convey mainly a characterization of one or more malware instances.
TTP - Infrastructure Package is intended to convey mainly a characterization of attacker infrastructure.
TTP - Tools Package is intended to convey mainly a characterization of attacker tools.
Courses of Action Package is intended to convey mainly a set of courses of action.
Incident Package is intended to convey mainly information about one or more incidents.
Observations Package is intended to convey mainly information about instantial observations (cyber observables).
Observations - Email Package is intended to convey mainly information about instantial email observations (email cyber observables).
Malware Samples Package is intended to convey a set of malware samples.

Fields

Field Name Type Description
@vocab_nameoptional string

The vocab_name field specifies the name of the controlled vocabulary.

@vocab_referenceoptional anyURI

The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.