STIX is released under a permissive license for any commercial or non-commercial purpose (see LICENSE below) while helper scripts and related tools have individual licenses that typically follow Berkeley Software Distribution.
The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Structured Threat Information eXpression (STIX™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy.
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN “AS IS” BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
APT1: Exposing One of China’s Cyber Espionage Units (the “APT1 Report”) is copyright 2013 by Mandiant Corporation and can be downloaded at intelreport.mandiant.com. The STIX version was created by The MITRE Corporation with Mandiant’s permission. Mandiant is not responsible for the content of this file.
Poison Ivy: Assessing Damage and Extracting Intelligence is copyright FireEye corporation. The STIX version was created by The MITRE Corporation with permission.