profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/netbroom/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

netbroom/Black-Friday-Deals 0

Black Friday Deal 2020

netbroom/Blackfriday-Deals-2020 0

Black Friday deals (Cyber/OSINT/Infosec)

netbroom/InfoSec-Black-Friday 0

All the deals for InfoSec related software/tools this Black Friday

netbroom/Infosec-Deals-2020 0

Ongoing Infosec Deals 2020

netbroom/Open-source-Malware 0

Repository of open source malware here on Github!

issue commentoasis-open/cti-stix-validator

2.1 validator does not handle top-level extension definition properly

The problem is with a deterministic UUID like v5, the input on which the UUID is based is a hash string. So you can generate a compliant UUID with an input string no problem, that's what we've done. But since it's a hash, it's not reversible.

Embedding the ID in the UUID directly, gives us something like this: malware--1cc4f4cf-885d-5a3b-92bc-000000000085.

This does pass the STIX validation (with warnings, since they are not UUIDv4) and is working fine with how we process TAXII filters, so it looks like this is the route we're going to take. If either of you have additional thoughts please let me know.

New object with compliant UUIDs:

{
    "type": "bundle",
    "id": "bundle--b80f5f60-a4e3-548f-90a3-2095672ad34e",
    "objects": [
        {
            "id": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "type": "identity",
            "name": "Pulsedive",
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "https:\/\/pulsedive.com\/",
            "description": "Pulsedive is an analyst-centric threat intelligence platform built with on-demand scanning for live data, risk scoring to reduce false positives, and powerful integration capabilities for leveraging Pulsedive data inside your organization.",
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "extension-definition--0f9338e0-45c6-5dff-9b9e-1c9d5e55b9b3",
            "type": "extension-definition",
            "name": "Pulsedive Indicator Extension",
            "description": "This schema adds Pulsedive-specific properties to Indicator objects.",
            "schema": "https:\/\/pulsedive.com\/api\/taxii",
            "version": "1.0.0",
            "extension_types": [
                "toplevel-property-extension"
            ],
            "extension_properties": [
                "pulsedive_risk",
                "pulsedive_risk_int",
                "pulsedive_retired",
                "pulsedive_retired_timestamp",
                "pulsedive_retired_reason"
            ],
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1"
        },
        {
            "id": "observed-data--a8d6d7e6-7f7c-5ffb-a299-000000257710",
            "type": "observed-data",
            "first_observed": "2017-11-20T09:01:01.000Z",
            "last_observed": "2021-07-23T04:22:37.000Z",
            "number_observed": 7,
            "created": "2017-11-20T09:01:01.000Z",
            "modified": "2017-11-20T09:01:01.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en",
            "object_refs": [
                "domain-name--e0b66218-5197-56b3-a926-000000257710",
                "ipv4-addr--3c9456ef-3089-552a-99e5-000000257711",
                "ipv4-addr--e48bb4f1-6547-54e5-8379-000000257712",
                "ipv4-addr--eee64230-ae8d-5972-8232-000000930617",
                "ipv4-addr--1cf3600f-d129-5376-9742-000006807628",
                "ipv4-addr--8c9f9d7b-06d1-5a7a-bd57-000006840877",
                "ipv4-addr--1ef81bb7-f1a4-5c2d-8723-000006875565",
                "ipv4-addr--303ae4fa-670e-536b-9771-000007134813",
                "ipv4-addr--3369fdf6-32c6-5a32-9221-000007760342",
                "ipv4-addr--3c2d95e6-a367-5d2a-a29b-000007980187",
                "ipv4-addr--cb0fb39f-407f-5c38-9ed3-000010324602",
                "ipv4-addr--87df8e96-ab48-5927-a567-000010438195",
                "ipv4-addr--d6fa11c2-6eea-5948-9d74-000014498259",
                "ipv4-addr--23821cdd-507e-5273-a455-000014632296"
            ]
        },
        {
            "id": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "type": "domain-name",
            "value": "github.com",
            "spec_version": "2.1"
        },
        {
            "id": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "type": "indicator",
            "pulsedive_risk": "none",
            "pulsedive_risk_int": -1,
            "pulsedive_retired": 0,
            "name": "Detection Pattern",
            "description": "Very low risk of malicious activity.",
            "valid_from": "2017-11-20T09:01:01.000Z",
            "indicator_types": [
                "benign"
            ],
            "pattern": "[domain-name:value = 'github.com']",
            "pattern_type": "stix",
            "extensions": {
                "extension-definition--0f9338e0-45c6-5dff-9b9e-1c9d5e55b9b3": {
                    "extension_type": "toplevel-property-extension"
                }
            },
            "created": "2017-11-20T09:01:01.000Z",
            "modified": "2017-11-20T09:01:01.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--daa20584-8886-59e7-a9dc-cfcf66ee20e5",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "observed-data--a8d6d7e6-7f7c-5ffb-a299-000000257710",
            "relationship_type": "based-on",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2017-11-20T09:01:01.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2017-11-20T09:01:01.000Z"
        },
        {
            "administrative_area": "CA",
            "country": "US",
            "id": "location--fd453f2f-9e65-55c7-9915-19f65a468e03",
            "type": "location",
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--096d0902-a152-57d0-be4f-3eb15541c7aa",
            "type": "relationship",
            "source_ref": "observed-data--a8d6d7e6-7f7c-5ffb-a299-000000257710",
            "target_ref": "location--fd453f2f-9e65-55c7-9915-19f65a468e03",
            "relationship_type": "related-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-23T04:22:37.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-23T04:22:37.000Z"
        },
        {
            "id": "malware--56f470e1-63ac-51ac-a6cb-000000000233",
            "type": "malware",
            "name": "Evo",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--c5870deb-5e70-58a9-addb-b1c6caa78c89",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--56f470e1-63ac-51ac-a6cb-000000000233",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "malware--8dc552bb-177a-5193-91b0-000000000203",
            "type": "malware",
            "name": "Kryptik",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--2e4ea6c4-fb38-5cfa-874f-d5c6c366074a",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--8dc552bb-177a-5193-91b0-000000000203",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "malware--798012d8-4028-5f87-8a3a-000000000030",
            "type": "malware",
            "name": "Malware",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--b7af65da-4f47-50be-b7ff-29d80a8bc30a",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--798012d8-4028-5f87-8a3a-000000000030",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "attack-pattern--d354adc0-eb29-5b74-8099-000000000067",
            "type": "attack-pattern",
            "name": "Phishing",
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--b1cb2e3f-fb29-5b24-b5ce-d3482f460351",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "attack-pattern--d354adc0-eb29-5b74-8099-000000000067",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "malware--01a969a1-9b47-556a-8584-000000000437",
            "type": "malware",
            "name": "Ransomware",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--09f72fdd-3fe3-5e35-8f47-31bfe6851ce8",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--01a969a1-9b47-556a-8584-000000000437",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "malware--d988c885-1887-5838-ad46-000000000003",
            "type": "malware",
            "name": "Tor Proxy",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--94069432-e14f-5ffb-be14-45bdce836fcb",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--d988c885-1887-5838-ad46-000000000003",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "malware--74affa92-ae23-5fdd-8f72-000000000278",
            "type": "malware",
            "name": "Trojan",
            "last_seen": "2021-07-30T06:04:28.000Z",
            "is_family": false,
            "created": "2021-07-30T06:04:28.000Z",
            "modified": "2021-07-30T06:04:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--2847fe04-7fc8-5295-a97a-673498ff9741",
            "type": "relationship",
            "source_ref": "indicator--e92b6e12-415d-554f-815e-000000257710",
            "target_ref": "malware--74affa92-ae23-5fdd-8f72-000000000278",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-30T06:04:28.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-30T06:04:28.000Z"
        },
        {
            "id": "ipv4-addr--3c9456ef-3089-552a-99e5-000000257711",
            "type": "ipv4-addr",
            "value": "192.30.255.113",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--4b79deec-61a7-5569-82d8-f23e5007e81a",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--3c9456ef-3089-552a-99e5-000000257711",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-23T04:22:37.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-23T04:22:37.000Z"
        },
        {
            "id": "ipv4-addr--e48bb4f1-6547-54e5-8379-000000257712",
            "type": "ipv4-addr",
            "value": "192.30.255.112",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--c040d7b1-e487-57c2-bf0d-931e7be56389",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--e48bb4f1-6547-54e5-8379-000000257712",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-18T06:50:36.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-18T06:50:36.000Z"
        },
        {
            "id": "ipv4-addr--eee64230-ae8d-5972-8232-000000930617",
            "type": "ipv4-addr",
            "value": "192.30.253.112",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--bc40a5d9-b1e0-5a86-bab1-e5694d1e869f",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--eee64230-ae8d-5972-8232-000000930617",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2020-03-17T11:23:21.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2020-03-17T11:23:21.000Z"
        },
        {
            "id": "ipv4-addr--1cf3600f-d129-5376-9742-000006807628",
            "type": "ipv4-addr",
            "value": "140.82.113.4",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--b4136d93-254c-5b05-9894-cd5e6dfbf332",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--1cf3600f-d129-5376-9742-000006807628",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-23T07:03:21.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-23T07:03:21.000Z"
        },
        {
            "id": "ipv4-addr--8c9f9d7b-06d1-5a7a-bd57-000006840877",
            "type": "ipv4-addr",
            "value": "140.82.114.4",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--ff421b30-dd76-5132-a0bb-10516e80d1c8",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--8c9f9d7b-06d1-5a7a-bd57-000006840877",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-07T07:58:59.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-07T07:58:59.000Z"
        },
        {
            "id": "ipv4-addr--1ef81bb7-f1a4-5c2d-8723-000006875565",
            "type": "ipv4-addr",
            "value": "140.82.118.3",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--6c5005c4-6d30-5b41-895f-91bdd6bef14c",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--1ef81bb7-f1a4-5c2d-8723-000006875565",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2020-08-22T10:56:58.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2020-08-22T10:56:58.000Z"
        },
        {
            "id": "ipv4-addr--303ae4fa-670e-536b-9771-000007134813",
            "type": "ipv4-addr",
            "value": "140.82.118.4",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--b542299d-a8b0-529f-9fbb-18916b3c2b8b",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--303ae4fa-670e-536b-9771-000007134813",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2020-08-23T16:59:05.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2020-08-23T16:59:05.000Z"
        },
        {
            "id": "ipv4-addr--3369fdf6-32c6-5a32-9221-000007760342",
            "type": "ipv4-addr",
            "value": "140.82.114.3",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--dab84436-b3cb-50d1-87ae-262211c73ea0",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--3369fdf6-32c6-5a32-9221-000007760342",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-07T07:48:06.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-07T07:48:06.000Z"
        },
        {
            "id": "ipv4-addr--3c2d95e6-a367-5d2a-a29b-000007980187",
            "type": "ipv4-addr",
            "value": "140.82.113.3",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--198c23a3-46d3-5076-8a6a-908af19c9f5b",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--3c2d95e6-a367-5d2a-a29b-000007980187",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-04T03:28:47.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-04T03:28:47.000Z"
        },
        {
            "id": "ipv4-addr--cb0fb39f-407f-5c38-9ed3-000010324602",
            "type": "ipv4-addr",
            "value": "140.82.112.4",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--5aef25ed-66bd-5ab0-9fbc-572824469f65",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--cb0fb39f-407f-5c38-9ed3-000010324602",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-07T07:54:09.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-07T07:54:09.000Z"
        },
        {
            "id": "ipv4-addr--87df8e96-ab48-5927-a567-000010438195",
            "type": "ipv4-addr",
            "value": "140.82.112.3",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--9a090c25-086d-5545-b048-eb8be7edd531",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--87df8e96-ab48-5927-a567-000010438195",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-07T07:55:47.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-07T07:55:47.000Z"
        },
        {
            "id": "ipv4-addr--d6fa11c2-6eea-5948-9d74-000014498259",
            "type": "ipv4-addr",
            "value": "140.82.121.3",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--c5bdb0c4-f90d-5791-b99b-dc857d8fb280",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--d6fa11c2-6eea-5948-9d74-000014498259",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-23T04:21:48.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-23T04:21:48.000Z"
        },
        {
            "id": "ipv4-addr--23821cdd-507e-5273-a455-000014632296",
            "type": "ipv4-addr",
            "value": "140.82.121.4",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--5dca7f69-8a26-50ae-9f73-be5daeed0260",
            "type": "relationship",
            "source_ref": "domain-name--e0b66218-5197-56b3-a926-000000257710",
            "target_ref": "ipv4-addr--23821cdd-507e-5273-a455-000014632296",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-06-01T06:44:31.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-06-01T06:44:31.000Z"
        },
        {
            "id": "note--0ec29962-94f8-5b7a-9963-4b69bda49056",
            "type": "note",
            "authors": [
                "sherd"
            ],
            "content": "test",
            "created": "2021-02-28T23:57:28.000Z",
            "modified": "2021-02-28T23:57:28.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en",
            "object_refs": [
                "indicator--e92b6e12-415d-554f-815e-000000257710"
            ]
        },
        {
            "id": "note--8ab3bfe7-ae53-55a5-adf7-5dbc4210eb28",
            "type": "note",
            "authors": [
                "demouser"
            ],
            "content": "test",
            "created": "2021-02-28T23:56:57.000Z",
            "modified": "2021-02-28T23:56:57.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en",
            "object_refs": [
                "indicator--e92b6e12-415d-554f-815e-000000257710"
            ]
        }
    ]
}
netbroom

comment created time in 2 days

issue commentoasis-open/cti-stix-validator

2.1 validator does not handle top-level extension definition properly

Hi @rpiazza, thanks for the quick response.

Turns out I wasn't running the latest version of the validator. 🙂 It's working now by default.

Regarding the STIX IDs, we are using non-standard IDs along with deterministic UUIDv5 because there is no way to retrieve our application-specific IDs from UUIDs without storing the actual UUIDs.

For example, with ipv4-addr--b305ba37-0190-53ee-a784-8a9b2a0863f5--5, the last digit is the ID of the IOC in our system. So when the user is working with TAXII to retrieve an object, we know which object they are referring to.

Is there a better way to do this without storing the UUIDs themselves? This would take up extra space since we have millions of indicators and would need to index the UUIDs as well.

netbroom

comment created time in 4 days

issue openedoasis-open/cti-stix-validator

2.1 validator does not handle top-level extension definition properly

The x_ custom property naming convention (Section 11) is deprecated in favor of extensions (Section 7.3). While using top-level extension properties I receive the below warnings, as well as warnings on my custom properties.

[!] Warning: extension-definition--0f9338e0-45c6-5dff-9b9e-1c9d5e55b9b3: {101} Custom object type 'extension-definition' should start with 'x-' followed by a source unique identifier (like a domain name with dots replaced by hyphens), a hyphen and then the name.

[!] Warning: indicator--58216c7a-3bc0-592a-8a09-cd650402b812--1: {101} Custom property 'extensions' should have a type that starts with 'x_' followed by a source unique identifier (like a domain name with dots replaced by hyphen), a hyphen and then the name.

Command: stix2_validator -d 103 stix.json

My full bundle is below.

{
    "type": "bundle",
    "id": "bundle--b80f5f60-a4e3-548f-90a3-2095672ad34e",
    "objects": [
        {
            "id": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "type": "identity",
            "name": "Pulsedive",
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "https:\/\/pulsedive.com\/",
            "description": "Pulsedive is an analyst-centric threat intelligence platform built with on-demand scanning for live data, risk scoring to reduce false positives, and powerful integration capabilities for leveraging Pulsedive data inside your organization.",
            "created": "2021-07-27T09:26:26.000Z",
            "modified": "2021-07-27T09:26:26.000Z",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "extension-definition--0f9338e0-45c6-5dff-9b9e-1c9d5e55b9b3",
            "type": "extension-definition",
            "name": "Pulsedive Indicator Extension",
            "description": "This schema adds Pulsedive-specific properties to Indicator objects.",
            "schema": "https:\/\/pulsedive.com\/api\/taxii",
            "version": "1.0.0",
            "extension_types": [
                "toplevel-property-extension"
            ],
            "extension_properties": [
                "pulsedive_risk",
                "pulsedive_risk_int",
                "pulsedive_retired",
                "pulsedive_retired_timestamp",
                "pulsedive_retired_reason"
            ],
            "created": "2021-07-27T09:26:26.000Z",
            "modified": "2021-07-27T09:26:26.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "observed-data--ca5c41a9-75c9-5398-a200-71ca894d25c1--1",
            "type": "observed-data",
            "first_observed": "2017-09-27T18:11:38.000Z",
            "last_observed": "2019-06-30T17:29:30.000Z",
            "number_observed": 1,
            "created": "2017-09-27T18:11:38.000Z",
            "modified": "2017-09-27T18:11:38.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en",
            "object_refs": [
                "domain-name--de28af84-479f-5e8d-baf7-6febd0e83147--1",
                "ipv4-addr--b305ba37-0190-53ee-a784-8a9b2a0863f5--5"
            ]
        },
        {
            "id": "domain-name--de28af84-479f-5e8d-baf7-6febd0e83147--1",
            "type": "domain-name",
            "value": "afobal.cl",
            "spec_version": "2.1"
        },
        {
            "id": "indicator--58216c7a-3bc0-592a-8a09-cd650402b812--1",
            "type": "indicator",
            "pulsedive_risk": "low",
            "pulsedive_risk_int": 1,
            "pulsedive_retired": 1,
            "pulsedive_retired_timestamp": "2019-10-03T01:39:22.000Z",
            "pulsedive_retired_reason": "No recent activity",
            "name": "Detection Pattern",
            "description": "Low risk of malicious activity.",
            "valid_from": "2017-09-27T18:11:38.000Z",
            "valid_until": "2019-10-03T01:39:22.000Z",
            "indicator_types": [
                "anomalous-activity"
            ],
            "pattern": "[domain-name:value = 'afobal.cl']",
            "pattern_type": "stix",
            "extensions": {
                "extension-definition--0f9338e0-45c6-5dff-9b9e-1c9d5e55b9b3": {
                    "extension_type": "toplevel-property-extension"
                }
            },
            "created": "2017-09-27T18:11:38.000Z",
            "modified": "2017-09-27T18:11:38.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--ce28fd5c-c8eb-56a9-b165-a273b72d0802",
            "type": "relationship",
            "source_ref": "indicator--58216c7a-3bc0-592a-8a09-cd650402b812--1",
            "target_ref": "observed-data--ca5c41a9-75c9-5398-a200-71ca894d25c1--1",
            "relationship_type": "based-on",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2017-09-27T18:11:38.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2017-09-27T18:11:38.000Z"
        },
        {
            "id": "malware--0ba3df44-2c54-5c9c-a861-08111b379fb0--1",
            "type": "malware",
            "name": "Zeus",
            "last_seen": "2021-07-27T09:26:26.000Z",
            "is_family": false,
            "created": "2021-07-27T09:26:26.000Z",
            "modified": "2021-07-27T09:26:26.000Z",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "spec_version": "2.1",
            "lang": "en"
        },
        {
            "id": "relationship--dcbd29a1-87b6-5b21-b113-eab63b30be0d",
            "type": "relationship",
            "source_ref": "indicator--58216c7a-3bc0-592a-8a09-cd650402b812--1",
            "target_ref": "malware--0ba3df44-2c54-5c9c-a861-08111b379fb0--1",
            "relationship_type": "indicates",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2021-07-27T09:26:26.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2021-07-27T09:26:26.000Z"
        },
        {
            "id": "ipv4-addr--b305ba37-0190-53ee-a784-8a9b2a0863f5--5",
            "type": "ipv4-addr",
            "value": "66.7.198.165",
            "spec_version": "2.1"
        },
        {
            "id": "relationship--1bfb4365-4699-51b5-93c8-62524f99a9bb",
            "type": "relationship",
            "source_ref": "domain-name--de28af84-479f-5e8d-baf7-6febd0e83147--1",
            "target_ref": "ipv4-addr--b305ba37-0190-53ee-a784-8a9b2a0863f5--5",
            "relationship_type": "resolves-to",
            "created_by_ref": "identity--ccd895cd-ef66-5332-8aa7-ea2371c95a7f",
            "created": "2019-06-30T17:29:32.000Z",
            "spec_version": "2.1",
            "lang": "en",
            "modified": "2019-06-30T17:29:32.000Z"
        }
    ]
}

created time in 4 days

fork netbroom/Open-source-Malware

Repository of open source malware here on Github!

fork in a month

fork netbroom/vulns

Named vulnerabilities and their practical impact

fork in 3 months