MalwareInstanceTypeTTP Schema

Captures basic information about an individual malware instance.

In addition to capturing basic information, this type is intended to be extended to enable the structured description of a malware instance using the XML Schema extension feature. The STIX default extension uses the Malware Attribute Enumeration and Classification (MAEC) schema to do so. The extension that defines this is captured in the MAEC4.1InstanceType in the http://stix.mitre.org/extensions/Malware#MAEC4.1-1 namespace. This type is defined in the extensions/malware/maec_4.1_malware.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/malware/maec_4.1/1.0/maec_4.1_malware.xsd.


Fields

Field Name Type Description
@idoptional QName

Specifies a unique ID for this Malware Instance.

@idrefoptional QName

Specifies a reference to the ID for this Malware Instance specified elsewhere.

Type0..n ControlledVocabularyStringType

The Type field provides a characterization of what type of malware this MalwareInstance is.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is MalwareTypeVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.

Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.

Name0..n ControlledVocabularyStringType

The Name field specifies a name associated with this MalwareInstance.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.

Title0..1 string

The Title field is optional and provides an unstructured, text description of an individual Malware Instance.

Description0..n StructuredTextType

The Description field provides an text description of an individual Malware Instance.

Short_Description0..n StructuredTextType

The Short_Description field provides a short text description of an individual Malware Instance.