forked from MAECProject/schemas
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmalware-action.json
57 lines (57 loc) · 2.77 KB
/
malware-action.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
"$schema": "http://json-schema.org/draft-04/schema#",
"definitions": {
"malware-action": {
"title": "MalwareAction",
"type": "object",
"description": "A Malware Action represents an abstraction on a system-level API call (or similar entity) called by the malware instance during its execution, and thereby corresponds to the lowest-level dynamic operation of the malware instance.",
"properties": {
"type": {
"type": "string",
"enum": ["malware-action"]
},
"id": {
"type": "string",
"description": "Specifies a unique id for this Malware Action."
},
"name": {
"type": "string",
"description": "Captures the name of Malware Action. The values for this property SHOULD come from the malware-action-ov vocabulary."
},
"is_successful": {
"type": "boolean",
"description": "Specifies whether the Malware Action was successful in its execution."
},
"description": {
"type": "string",
"description": "Captures a basic textual description of the Malware Action."
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "Captures the local or relative time at which the Malware Action occurred or was observed."
},
"input_object_refs": {
"type": "array",
"items": {"type": "string"},
"description": "References STIX Observable Objects used as input to the Malware Action. The Object(s) referenced MUST be specified in the observable-objects property of the Package."
},
"output_object_refs": {
"type": "array",
"items": {"type": "string"},
"description": "Specifies STIX Observable Objects resulting as output from the Malware Action. The Object(s) referenced MUST be specified in the observable-objects property of the Package."
},
"api_call": {
"type": "object",
"items": {"$ref": "api-call.json#/definitions/api-call"},
"description": "Captures attributes of the specific API call that was used to implement the Malware Action."
}
},
"required": [
"id",
"type",
"name"
]
}
}
}