The AttackerInfrastructureTypeVocab is the default STIX vocabulary for expressing the type of infrastructure an attacker uses.
| Item | Description |
|---|---|
| Anonymization | |
| Anonymization - Proxy | |
| Anonymization - TOR Network | |
| Anonymization - VPN | |
| Communications | |
| Communications - Blogs | |
| Communications - Forums | |
| Communications - Internet Relay Chat | |
| Communications - Micro-Blogs | |
| Communications - Mobile Communications | |
| Communications - Social Networks | |
| Communications - User-Generated Content Websites | |
| Domain Registration | |
| Domain Registration - Dynamic DNS Services | |
| Domain Registration - Legitimate Domain Registration Services | |
| Domain Registration - Malicious Domain Registrars | |
| Domain Registration - Top-Level Domain Registrars | |
| Hosting | |
| Hosting - Bulletproof / Rogue Hosting | |
| Hosting - Cloud Hosting | |
| Hosting - Compromised Server | |
| Hosting - Fast Flux Botnet Hosting | |
| Hosting - Legitimate Hosting | |
| Electronic Payment Methods |
| Field Name | Type | Description |
|---|---|---|
| @vocab_nameoptional | string |
The vocab_name field specifies the name of the controlled vocabulary. |
| @vocab_referenceoptional | anyURI |
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file. |
