The MalwareSubjectRelationshipTypeVocab is the default MAEC vocabulary for the Malware Subject relationships in a Package, captured via the MalwareSubjectRelationshipType/Type element in the MAEC Package. Deprecated as of MAEC 4.1.
| Item | Description |
|---|---|
| downloads | The 'downloads' value specifies that the Malware Subject downloads one or more other Malware Subject(s). |
| downloaded by | The 'downloaded by' value specifies that the current Malware Subject was downloaded by one or more other Malware Subject(s). |
| drops | The 'drops' value specifies that the Malware Subject drops (or writes to disk) one or more other Malware Subject(s). |
| dropped by | The 'dropped by' value specifies that the current Malware Subject was dropped (or written to disk) by one or more other Malware Subject(s). |
| extracts | The 'extracts' value specifies that the Malware Subject extracts (from an embedded archive or another container) one or more other Malware Subject(s). |
| extracted from | The 'extracted from' value specifies that the current Malware Subject was extracted from one or more other Malware Subject(s). |
| Field Name | Type | Description |
|---|---|---|
| @conditionoptional | ConditionTypeEnum |
This field is optional and defines the relevant condition to apply to the value. |
| @is_case_sensitiveoptional | boolean |
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive. |
| @apply_conditionoptional | ConditionApplicationEnum |
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body. |
| @delimiteroptional | string |
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##". |
| @bit_maskoptional | hexBinary |
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation. |
| @pattern_typeoptional | PatternTypeEnum |
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'. |
| @regex_syntaxoptional | string |
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'. Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case. |
| @has_changedoptional | boolean |
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed. |
| @trendoptional | boolean |
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field. |
| @vocab_nameoptional | string |
The vocab_name field specifies the name of the controlled vocabulary. |
| @vocab_referenceoptional | anyURI |
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file. |
