Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Imported schema File_Object.xsd
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element FileObj:FileObjectType / FileObj:File_Name
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_Name field specifies the base name of the file (including an extension, if present).
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The File_Name field specifies the base name of the file (including an extension, if present).</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:File_Path
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType File_Object_xsd.tmp#FilePathType_fully_qualified File_Object_xsd.tmp#FilePathType
Type FileObj:FilePathType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
fully_qualified xs:boolean optional 
The fully_qualified field specifies whether the path is fully qualified.
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="File_Path" type="FileObj:FilePathType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Device_Path
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Device_Path field specifies the path to the physical device where the file system containing the file resides.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Device_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Device_Path field specifies the path to the physical device where the file system containing the file resides.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Full_Path
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:File_Extension
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="File_Extension" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Size_In_Bytes
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Size_In_Bytes field specifies the size of the file, in bytes.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Size_In_Bytes" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Size_In_Bytes field specifies the size of the file, in bytes.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Magic_Number
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element minOccurs="0" name="Magic_Number" type="cyboxCommon:HexBinaryObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:File_Format
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element minOccurs="0" name="File_Format" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Hashes
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Hashes field specifies any hashes of the file.
Diagram
Diagram cybox_common_xsd.tmp#HashListType_Hash cybox_common_xsd.tmp#HashListType
Type cyboxCommon:HashListType
Children cyboxCommon:Hash
Source
 
<xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Hashes field specifies any hashes of the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Digital_Signatures
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Digital_Signatures field is optional and captures one or more digital signatures for the file.
Diagram
Diagram cybox_common_xsd.tmp#DigitalSignaturesType_Digital_Signature cybox_common_xsd.tmp#DigitalSignaturesType
Type cyboxCommon:DigitalSignaturesType
Children cyboxCommon:Digital_Signature
Source
 
<xs:element name="Digital_Signatures" type="cyboxCommon:DigitalSignaturesType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Digital_Signatures field is optional and captures one or more digital signatures for the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Modified_Time
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Modified_Time field specifies the date/time the file was last modified.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Modified_Time field specifies the date/time the file was last modified.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Accessed_Time
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Accessed_Time field specifies the date/time the file was last accessed.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Accessed_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Accessed_Time field specifies the date/time the file was last accessed.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Created_Time
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Created_Time field specifies the date/time the file was created.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Created_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Created_Time field specifies the date/time the file was created.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:File_Attributes_List
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
Diagram
Diagram File_Object_xsd.tmp#FileAttributeType
Type FileObj:FileAttributeType
Source
 
<xs:element name="File_Attributes_List" type="FileObj:FileAttributeType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Permissions
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
Diagram
Diagram File_Object_xsd.tmp#FilePermissionsType
Type FileObj:FilePermissionsType
Source
 
<xs:element name="Permissions" type="FileObj:FilePermissionsType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:User_Owner
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The User_Owner field specifies the name of the user that owns the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="User_Owner" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The User_Owner field specifies the name of the user that owns the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Packer_List
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.
Diagram
Diagram File_Object_xsd.tmp#PackerListType_Packer File_Object_xsd.tmp#PackerListType
Type FileObj:PackerListType
Children FileObj:Packer
Source
 
<xs:element name="Packer_List" type="FileObj:PackerListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerListType / FileObj:Packer
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Packer field specifies a single file packer.
Diagram
Diagram File_Object_xsd.tmp#PackerType_Name File_Object_xsd.tmp#PackerType_Version File_Object_xsd.tmp#PackerType_Entry_Point File_Object_xsd.tmp#PackerType_Signature File_Object_xsd.tmp#PackerType_Type File_Object_xsd.tmp#PackerType_Detected_Entrypoint_Signatures File_Object_xsd.tmp#PackerType_EP_Jump_Codes File_Object_xsd.tmp#PackerType
Type FileObj:PackerType
Children FileObj:Detected_Entrypoint_Signatures, FileObj:EP_Jump_Codes, FileObj:Entry_Point, FileObj:Name, FileObj:Signature, FileObj:Type, FileObj:Version
Source
 
<xs:element name="Packer" type="FileObj:PackerType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Packer field specifies a single file packer.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Name
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Name field specifies the name of the packer.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Name field specifies the name of the packer.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Version
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Version field specifies the version of the packer.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Version field specifies the version of the packer.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Entry_Point
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Entry_Point field specifies the entry point address of the packer, if applicable.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element minOccurs="0" name="Entry_Point" type="cyboxCommon:HexBinaryObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Entry_Point field specifies the entry point address of the packer, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Signature
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Signature field specifies the matching signature detected for the packer, if applicable.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Signature" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Signature field specifies the matching signature detected for the packer, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Type
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Type field specifies the type of packer being characterized.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType File_Object_xsd.tmp#PackerClassType_datatype File_Object_xsd.tmp#PackerClassType
Type FileObj:PackerClassType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This field is optional and specifies the expected type for the value of the specified field.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Type" type="FileObj:PackerClassType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Type field specifies the type of packer being characterized.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:Detected_Entrypoint_Signatures
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Detected_Entrypoint_Signatures field specifies the entrypoint signatures that were detected for the packer.
Diagram
Diagram File_Object_xsd.tmp#EntryPointSignatureListType_Entry_Point_Signature File_Object_xsd.tmp#EntryPointSignatureListType
Type FileObj:EntryPointSignatureListType
Children FileObj:Entry_Point_Signature
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="Detected_Entrypoint_Signatures" type="FileObj:EntryPointSignatureListType">
  <xs:annotation>
    <xs:documentation>The Detected_Entrypoint_Signatures field specifies the entrypoint signatures that were detected for the packer.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:EntryPointSignatureListType / FileObj:Entry_Point_Signature
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Specifies a single field in a list of entry point signatures.
Diagram
Diagram File_Object_xsd.tmp#EntryPointSignatureType_Name File_Object_xsd.tmp#EntryPointSignatureType_Type File_Object_xsd.tmp#EntryPointSignatureType
Type FileObj:EntryPointSignatureType
Children FileObj:Name, FileObj:Type
Source
 
<xs:element maxOccurs="unbounded" name="Entry_Point_Signature" type="FileObj:EntryPointSignatureType">
  <xs:annotation>
    <xs:documentation>Specifies a single field in a list of entry point signatures.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:EntryPointSignatureType / FileObj:Name
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Specifies the signature name.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="Name" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>Specifies the signature name.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:EntryPointSignatureType / FileObj:Type
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Specifies the type of entry point detected (e.g., packer, compiled file).
Diagram
Diagram File_Object_xsd.tmp#DetectedTypeEnum
Type FileObj:DetectedTypeEnum
Facets
enumeration None 
Specifies a type other than those listed.
enumeration Compiler 
Specifies an executable that acts as a compiler.
enumeration Packer 
Specifies an executable that acts as a packer.
enumeration Installer 
Specifies an executable that acts as an installer.
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="Type" type="FileObj:DetectedTypeEnum">
  <xs:annotation>
    <xs:documentation>Specifies the type of entry point detected (e.g., packer, compiled file).</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:PackerType / FileObj:EP_Jump_Codes
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The EP_Jump_Codes field characterizes the entry point jump codes of the packer.
Diagram
Diagram File_Object_xsd.tmp#EPJumpCodeType_Depth File_Object_xsd.tmp#EPJumpCodeType_Opcodes File_Object_xsd.tmp#EPJumpCodeType
Type FileObj:EPJumpCodeType
Children FileObj:Depth, FileObj:Opcodes
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="EP_Jump_Codes" type="FileObj:EPJumpCodeType">
  <xs:annotation>
    <xs:documentation>The EP_Jump_Codes field characterizes the entry point jump codes of the packer.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:EPJumpCodeType / FileObj:Depth
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#IntegerObjectPropertyType_datatype cybox_common_xsd.tmp#IntegerObjectPropertyType
Type cyboxCommon:IntegerObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum int optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="Depth" type="cyboxCommon:IntegerObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:EPJumpCodeType / FileObj:Opcodes
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element maxOccurs="1" minOccurs="0" name="Opcodes" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Peak_Entropy
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Peak_Entropy field specifies the calculated peak entropy of the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DoubleObjectPropertyType_datatype cybox_common_xsd.tmp#DoubleObjectPropertyType
Type cyboxCommon:DoubleObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum double optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Peak_Entropy" type="cyboxCommon:DoubleObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Peak_Entropy field specifies the calculated peak entropy of the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Sym_Links
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
Diagram
Type FileObj:SymLinksListType
Children FileObj:Sym_Link
Source
Element FileObj:SymLinksListType / FileObj:Sym_Link
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
Diagram
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
Source
Element FileObj:FileObjectType / FileObj:Byte_Runs
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.
Diagram
Diagram cybox_common_xsd.tmp#ByteRunsType_Byte_Run cybox_common_xsd.tmp#ByteRunsType
Type cyboxCommon:ByteRunsType
Children cyboxCommon:Byte_Run
Source
 
<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Extracted_Features
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
A description of features extracted from this file.
Diagram
Diagram cybox_common_xsd.tmp#ExtractedFeaturesType_Strings cybox_common_xsd.tmp#ExtractedFeaturesType_Imports cybox_common_xsd.tmp#ExtractedFeaturesType_Functions cybox_common_xsd.tmp#ExtractedFeaturesType_Code_Snippets cybox_common_xsd.tmp#ExtractedFeaturesType
Type cyboxCommon:ExtractedFeaturesType
Children cyboxCommon:Code_Snippets, cyboxCommon:Functions, cyboxCommon:Imports, cyboxCommon:Strings
Source
 
<xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>A description of features extracted from this file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Encryption_Algorithm
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Encryption_Algorithm field specifies the algorithm used to encrypt the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#CipherType
Type cyboxCommon:CipherType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Encryption_Algorithm" type="cyboxCommon:CipherType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Encryption_Algorithm field specifies the algorithm used to encrypt the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Decryption_Key
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Decryption_Key field specifies the key used to decrypt the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Decryption_Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Decryption_Key field specifies the key used to decrypt the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Compression_Method
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Compression_Method field specifies the method used to compress the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Compression_Method" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Compression_Method field specifies the method used to compress the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Compression_Version
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Compression_Version field specifies the version of the compression method used to compress the file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Compression_Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Compression_Version field specifies the version of the compression method used to compress the file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:FileObjectType / FileObj:Compression_Comment
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The Compression_Comment field specifies the comment string associated with the compressed file.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Compression_Comment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Compression_Comment field specifies the comment string associated with the compressed file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element FileObj:File
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File object is intended to characterize a generic file.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType File_Object_xsd.tmp#FileObjectType_is_packed File_Object_xsd.tmp#FileObjectType_is_masqueraded File_Object_xsd.tmp#FileObjectType_File_Name File_Object_xsd.tmp#FileObjectType_File_Path File_Object_xsd.tmp#FileObjectType_Device_Path File_Object_xsd.tmp#FileObjectType_Full_Path File_Object_xsd.tmp#FileObjectType_File_Extension File_Object_xsd.tmp#FileObjectType_Size_In_Bytes File_Object_xsd.tmp#FileObjectType_Magic_Number File_Object_xsd.tmp#FileObjectType_File_Format File_Object_xsd.tmp#FileObjectType_Hashes File_Object_xsd.tmp#FileObjectType_Digital_Signatures File_Object_xsd.tmp#FileObjectType_Modified_Time File_Object_xsd.tmp#FileObjectType_Accessed_Time File_Object_xsd.tmp#FileObjectType_Created_Time File_Object_xsd.tmp#FileObjectType_File_Attributes_List File_Object_xsd.tmp#FileObjectType_Permissions File_Object_xsd.tmp#FileObjectType_User_Owner File_Object_xsd.tmp#FileObjectType_Packer_List File_Object_xsd.tmp#FileObjectType_Peak_Entropy File_Object_xsd.tmp#FileObjectType_Sym_Links File_Object_xsd.tmp#FileObjectType_Byte_Runs File_Object_xsd.tmp#FileObjectType_Extracted_Features File_Object_xsd.tmp#FileObjectType_Encryption_Algorithm File_Object_xsd.tmp#FileObjectType_Decryption_Key File_Object_xsd.tmp#FileObjectType_Compression_Method File_Object_xsd.tmp#FileObjectType_Compression_Version File_Object_xsd.tmp#FileObjectType_Compression_Comment File_Object_xsd.tmp#FileObjectType
Type FileObj:FileObjectType
Type hierarchy
Children FileObj:Accessed_Time, FileObj:Byte_Runs, FileObj:Compression_Comment, FileObj:Compression_Method, FileObj:Compression_Version, FileObj:Created_Time, FileObj:Decryption_Key, FileObj:Device_Path, FileObj:Digital_Signatures, FileObj:Encryption_Algorithm, FileObj:Extracted_Features, FileObj:File_Attributes_List, FileObj:File_Extension, FileObj:File_Format, FileObj:File_Name, FileObj:File_Path, FileObj:Full_Path, FileObj:Hashes, FileObj:Magic_Number, FileObj:Modified_Time, FileObj:Packer_List, FileObj:Peak_Entropy, FileObj:Permissions, FileObj:Size_In_Bytes, FileObj:Sym_Links, FileObj:User_Owner, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
is_masqueraded xs:boolean optional 
The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.
is_packed xs:boolean optional 
The is_packed field is used to indicate whether the file is packed or not.
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="File" type="FileObj:FileObjectType">
  <xs:annotation>
    <xs:documentation>The File object is intended to characterize a generic file.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type FileObj:FileObjectType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The File_ObjectType type is intended to characterize generic files.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType File_Object_xsd.tmp#FileObjectType_is_packed File_Object_xsd.tmp#FileObjectType_is_masqueraded File_Object_xsd.tmp#FileObjectType_File_Name File_Object_xsd.tmp#FileObjectType_File_Path File_Object_xsd.tmp#FileObjectType_Device_Path File_Object_xsd.tmp#FileObjectType_Full_Path File_Object_xsd.tmp#FileObjectType_File_Extension File_Object_xsd.tmp#FileObjectType_Size_In_Bytes File_Object_xsd.tmp#FileObjectType_Magic_Number File_Object_xsd.tmp#FileObjectType_File_Format File_Object_xsd.tmp#FileObjectType_Hashes File_Object_xsd.tmp#FileObjectType_Digital_Signatures File_Object_xsd.tmp#FileObjectType_Modified_Time File_Object_xsd.tmp#FileObjectType_Accessed_Time File_Object_xsd.tmp#FileObjectType_Created_Time File_Object_xsd.tmp#FileObjectType_File_Attributes_List File_Object_xsd.tmp#FileObjectType_Permissions File_Object_xsd.tmp#FileObjectType_User_Owner File_Object_xsd.tmp#FileObjectType_Packer_List File_Object_xsd.tmp#FileObjectType_Peak_Entropy File_Object_xsd.tmp#FileObjectType_Sym_Links File_Object_xsd.tmp#FileObjectType_Byte_Runs File_Object_xsd.tmp#FileObjectType_Extracted_Features File_Object_xsd.tmp#FileObjectType_Encryption_Algorithm File_Object_xsd.tmp#FileObjectType_Decryption_Key File_Object_xsd.tmp#FileObjectType_Compression_Method File_Object_xsd.tmp#FileObjectType_Compression_Version File_Object_xsd.tmp#FileObjectType_Compression_Comment
Type extension of cyboxCommon:ObjectPropertiesType
Type hierarchy
Used by
Children FileObj:Accessed_Time, FileObj:Byte_Runs, FileObj:Compression_Comment, FileObj:Compression_Method, FileObj:Compression_Version, FileObj:Created_Time, FileObj:Decryption_Key, FileObj:Device_Path, FileObj:Digital_Signatures, FileObj:Encryption_Algorithm, FileObj:Extracted_Features, FileObj:File_Attributes_List, FileObj:File_Extension, FileObj:File_Format, FileObj:File_Name, FileObj:File_Path, FileObj:Full_Path, FileObj:Hashes, FileObj:Magic_Number, FileObj:Modified_Time, FileObj:Packer_List, FileObj:Peak_Entropy, FileObj:Permissions, FileObj:Size_In_Bytes, FileObj:Sym_Links, FileObj:User_Owner, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
is_masqueraded xs:boolean optional 
The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.
is_packed xs:boolean optional 
The is_packed field is used to indicate whether the file is packed or not.
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:complexType name="FileObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The File_ObjectType type is intended to characterize generic files.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence minOccurs="1">
        <xs:element name="File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The File_Name field specifies the base name of the file (including an extension, if present).</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="File_Path" type="FileObj:FilePathType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Device_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Device_Path field specifies the path to the physical device where the file system containing the file resides.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="File_Extension" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Size_In_Bytes" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Size_In_Bytes field specifies the size of the file, in bytes.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Magic_Number" type="cyboxCommon:HexBinaryObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="File_Format" type="cyboxCommon:StringObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Hashes field specifies any hashes of the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Digital_Signatures" type="cyboxCommon:DigitalSignaturesType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Digital_Signatures field is optional and captures one or more digital signatures for the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Modified_Time field specifies the date/time the file was last modified.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Accessed_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Accessed_Time field specifies the date/time the file was last accessed.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Created_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Created_Time field specifies the date/time the file was created.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="File_Attributes_List" type="FileObj:FileAttributeType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Permissions" type="FileObj:FilePermissionsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="User_Owner" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The User_Owner field specifies the name of the user that owns the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Packer_List" type="FileObj:PackerListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Peak_Entropy" type="cyboxCommon:DoubleObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Peak_Entropy field specifies the calculated peak entropy of the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Sym_Links" type="FileObj:SymLinksListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Sym_Links field specifies any symbolic links that may exist for the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>A description of features extracted from this file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Encryption_Algorithm" type="cyboxCommon:CipherType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Encryption_Algorithm field specifies the algorithm used to encrypt the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Decryption_Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Decryption_Key field specifies the key used to decrypt the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Compression_Method" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Compression_Method field specifies the method used to compress the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Compression_Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Compression_Version field specifies the version of the compression method used to compress the file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Compression_Comment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Compression_Comment field specifies the comment string associated with the compressed file.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="is_packed" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_packed field is used to indicate whether the file is packed or not.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
      <xs:attribute name="is_masqueraded" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type FileObj:FilePathType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The FilePathType type specifies the path to the file, not including the device. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType File_Object_xsd.tmp#FilePathType_fully_qualified
Type extension of cyboxCommon:StringObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
fully_qualified xs:boolean optional 
The fully_qualified field specifies whether the path is fully qualified.
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:complexType name="FilePathType">
  <xs:annotation>
    <xs:documentation>The FilePathType type specifies the path to the file, not including the device. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:StringObjectPropertyType">
      <xs:attribute name="fully_qualified" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The fully_qualified field specifies whether the path is fully qualified.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type FileObj:FileAttributeType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The FileAttributeType type specifies attribute(s) of a file. Since this Object property(ies) is platform-specific, it is defined here as an abstract type.
Diagram
Diagram
Used by
Source
 
<xs:complexType name="FileAttributeType" abstract="true">
  <xs:annotation>
    <xs:documentation>The FileAttributeType type specifies attribute(s) of a file. Since this Object property(ies) is platform-specific, it is defined here as an abstract type.</xs:documentation>
  </xs:annotation>
</xs:complexType>
Complex Type FileObj:FilePermissionsType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The FilePermissionsType type specifies a permission of a file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
Diagram
Diagram
Used by
Source
 
<xs:complexType name="FilePermissionsType" abstract="true">
  <xs:annotation>
    <xs:documentation>The FilePermissionsType type specifies a permission of a file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation>
  </xs:annotation>
</xs:complexType>
Complex Type FileObj:PackerListType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The PackerListType type specifies a list of file packers.
Diagram
Diagram File_Object_xsd.tmp#PackerListType_Packer
Used by
Children FileObj:Packer
Source
 
<xs:complexType name="PackerListType">
  <xs:annotation>
    <xs:documentation>The PackerListType type specifies a list of file packers.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Packer" type="FileObj:PackerType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Packer field specifies a single file packer.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type FileObj:PackerType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The PackerType specifies the fields that characterize a particular file packer, such as name and version.
Diagram
Diagram File_Object_xsd.tmp#PackerType_Name File_Object_xsd.tmp#PackerType_Version File_Object_xsd.tmp#PackerType_Entry_Point File_Object_xsd.tmp#PackerType_Signature File_Object_xsd.tmp#PackerType_Type File_Object_xsd.tmp#PackerType_Detected_Entrypoint_Signatures File_Object_xsd.tmp#PackerType_EP_Jump_Codes
Used by
Children FileObj:Detected_Entrypoint_Signatures, FileObj:EP_Jump_Codes, FileObj:Entry_Point, FileObj:Name, FileObj:Signature, FileObj:Type, FileObj:Version
Source
 
<xs:complexType name="PackerType">
  <xs:annotation>
    <xs:documentation>The PackerType specifies the fields that characterize a particular file packer, such as name and version.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
      <xs:annotation>
        <xs:documentation>The Name field specifies the name of the packer.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
      <xs:annotation>
        <xs:documentation>The Version field specifies the version of the packer.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element minOccurs="0" name="Entry_Point" type="cyboxCommon:HexBinaryObjectPropertyType">
      <xs:annotation>
        <xs:documentation>The Entry_Point field specifies the entry point address of the packer, if applicable.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Signature" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
      <xs:annotation>
        <xs:documentation>The Signature field specifies the matching signature detected for the packer, if applicable.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Type" type="FileObj:PackerClassType" minOccurs="0">
      <xs:annotation>
        <xs:documentation>The Type field specifies the type of packer being characterized.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element maxOccurs="1" minOccurs="0" name="Detected_Entrypoint_Signatures" type="FileObj:EntryPointSignatureListType">
      <xs:annotation>
        <xs:documentation>The Detected_Entrypoint_Signatures field specifies the entrypoint signatures that were detected for the packer.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element maxOccurs="1" minOccurs="0" name="EP_Jump_Codes" type="FileObj:EPJumpCodeType">
      <xs:annotation>
        <xs:documentation>The EP_Jump_Codes field characterizes the entry point jump codes of the packer.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type FileObj:PackerClassType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
PackerCassType specifies packer classes, via a union of the PackerTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType File_Object_xsd.tmp#PackerClassType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This field is optional and specifies the expected type for the value of the specified field.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:complexType name="PackerClassType">
  <xs:annotation>
    <xs:documentation>PackerCassType specifies packer classes, via a union of the PackerTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="FileObj:PackerClassEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
        <xs:annotation>
          <xs:documentation>This field is optional and specifies the expected type for the value of the specified field.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type FileObj:EntryPointSignatureListType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Species a list of entry point signatures for a packer.
Diagram
Diagram File_Object_xsd.tmp#EntryPointSignatureListType_Entry_Point_Signature
Used by
Children FileObj:Entry_Point_Signature
Source
 
<xs:complexType name="EntryPointSignatureListType">
  <xs:annotation>
    <xs:documentation>Species a list of entry point signatures for a packer.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element maxOccurs="unbounded" name="Entry_Point_Signature" type="FileObj:EntryPointSignatureType">
      <xs:annotation>
        <xs:documentation>Specifies a single field in a list of entry point signatures.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type FileObj:EntryPointSignatureType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Specifies an entry point signature for a packer.
Diagram
Diagram File_Object_xsd.tmp#EntryPointSignatureType_Name File_Object_xsd.tmp#EntryPointSignatureType_Type
Used by
Children FileObj:Name, FileObj:Type
Source
 
<xs:complexType name="EntryPointSignatureType">
  <xs:annotation>
    <xs:documentation>Specifies an entry point signature for a packer.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element maxOccurs="1" minOccurs="0" name="Name" type="cyboxCommon:StringObjectPropertyType">
      <xs:annotation>
        <xs:documentation>Specifies the signature name.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element maxOccurs="1" minOccurs="0" name="Type" type="FileObj:DetectedTypeEnum">
      <xs:annotation>
        <xs:documentation>Specifies the type of entry point detected (e.g., packer, compiled file).</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type FileObj:DetectedTypeEnum
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The DetectedTypeEnum is an enumeration of entry point signature detection types.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration None 
Specifies a type other than those listed.
enumeration Compiler 
Specifies an executable that acts as a compiler.
enumeration Packer 
Specifies an executable that acts as a packer.
enumeration Installer 
Specifies an executable that acts as an installer.
Used by
Source
 
<xs:simpleType name="DetectedTypeEnum">
  <xs:annotation>
    <xs:documentation>The DetectedTypeEnum is an enumeration of entry point signature detection types.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="None">
      <xs:annotation>
        <xs:documentation>Specifies a type other than those listed.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Compiler">
      <xs:annotation>
        <xs:documentation>Specifies an executable that acts as a compiler.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Packer">
      <xs:annotation>
        <xs:documentation>Specifies an executable that acts as a packer.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Installer">
      <xs:annotation>
        <xs:documentation>Specifies an executable that acts as an installer.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type FileObj:EPJumpCodeType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
Specifies an entry-point jump code used by a packer.
Diagram
Diagram File_Object_xsd.tmp#EPJumpCodeType_Depth File_Object_xsd.tmp#EPJumpCodeType_Opcodes
Used by
Children FileObj:Depth, FileObj:Opcodes
Source
 
<xs:complexType name="EPJumpCodeType">
  <xs:annotation>
    <xs:documentation>Specifies an entry-point jump code used by a packer.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element maxOccurs="1" minOccurs="0" name="Depth" type="cyboxCommon:IntegerObjectPropertyType">
      <xs:annotation>
        <xs:documentation>The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element maxOccurs="1" minOccurs="0" name="Opcodes" type="cyboxCommon:StringObjectPropertyType">
      <xs:annotation>
        <xs:documentation>The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type FileObj:SymLinksListType
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The SymLinksListType specifies a list of symbolic links.
Diagram
Diagram File_Object_xsd.tmp#SymLinksListType_Sym_Link
Used by
Children FileObj:Sym_Link
Source
 
<xs:complexType name="SymLinksListType">
  <xs:annotation>
    <xs:documentation>The SymLinksListType specifies a list of symbolic links.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Sym_Link" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Sym_Link element specifies a single symbolic link.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type FileObj:PackerClassEnum
Namespace http://cybox.mitre.org/objects#FileObject-2
Annotations
 
The PackerTypeEnum type is a (non-exhaustive) enumeration of packer classes.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Archiver 
Indicates that the packer is an archiver.
enumeration Installer 
Indicates that the packer is an installer.
enumeration Self-Extracting Archiver 
Indicates that the packer is a self-extracting archiver.
enumeration Crypter 
Indicates that the packer is a crypter.
enumeration Packer 
Indicates a packer.
enumeration Protector 
Indicates that the packer is a protector.
enumeration Bundler 
Indicates that the packer is a bundler.
enumeration Other 
Indicates a different type of packer from the ones listed.
Source
 
<xs:simpleType name="PackerClassEnum">
  <xs:annotation>
    <xs:documentation>The PackerTypeEnum type is a (non-exhaustive) enumeration of packer classes.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Archiver">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is an archiver.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Installer">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is an installer.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Self-Extracting Archiver">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is a self-extracting archiver.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Crypter">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is a crypter.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Packer">
      <xs:annotation>
        <xs:documentation>Indicates a packer.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Protector">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is a protector.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Bundler">
      <xs:annotation>
        <xs:documentation>Indicates that the packer is a bundler.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Other">
      <xs:annotation>
        <xs:documentation>Indicates a different type of packer from the ones listed.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Attribute FileObj:FilePathType / @fully_qualified
Namespace No namespace
Annotations
 
The fully_qualified field specifies whether the path is fully qualified.
Type xs:boolean
Used by
Complex Type FileObj:FilePathType
Source
 
<xs:attribute name="fully_qualified" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The fully_qualified field specifies whether the path is fully qualified.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute FileObj:PackerClassType / @datatype
Namespace No namespace
Annotations
 
This field is optional and specifies the expected type for the value of the specified field.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string 
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int 
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float 
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date 
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger 
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt 
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime 
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time 
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean 
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name 
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long 
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong 
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration 
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double 
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger 
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary 
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI 
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary 
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address 
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address 
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name 
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address 
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name 
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI 
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone 
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal 
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary 
Specifies arbitrary binary encoded data.
enumeration BinHex 
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask 
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID 
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration Collection 
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID 
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID 
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID 
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID 
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name 
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
 
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
  <xs:annotation>
    <xs:documentation>This field is optional and specifies the expected type for the value of the specified field.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute FileObj:FileObjectType / @is_packed
Namespace No namespace
Annotations
 
The is_packed field is used to indicate whether the file is packed or not.
Type xs:boolean
Used by
Complex Type FileObj:FileObjectType
Source
 
<xs:attribute name="is_packed" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_packed field is used to indicate whether the file is packed or not.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute FileObj:FileObjectType / @is_masqueraded
Namespace No namespace
Annotations
 
The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.
Type xs:boolean
Used by
Complex Type FileObj:FileObjectType
Source
 
<xs:attribute name="is_masqueraded" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.</xs:documentation>
  </xs:annotation>
</xs:attribute>
XML Schema documentation generated by ® XML Editor.