STIX Version of Mandiant APT1 Report

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

STIX Version of Mandiant APT1 Report

Wunder, John A.

This past February, Mandiant released a report titled “APT1: Exposing One of China’s Cyber Espionage Units”. The report describes an investigation Mandiant had performed and details both a set of findings regarding high-level activities of particular threat actors as well as low-level analysis of their tools and techniques. The report is available at http://intelreport.mandiant.com.

 

Since that report was released, MITRE has developed a set of STIX content based on the report.  Mandiant has given us permission to share that STIX content, with the following disclaimer:

 

                APT1: Exposing One of China's Cyber Espionage Units (the "APT1 Report")

                is copyright 2013 by Mandiant Corporation and can be downloaded at

                intelreport.mandiant.com.  This XML file using the STIX standard was created

                by The MITRE Corporation using the content of the APT1 Report with Mandiant's

                permission.  Mandiant is not responsible for the content of this file.

 

Please note that the intent of this conversion was not to create a complete 1:1 parity mapping to the original report, rather it was to provide an illustrative example of what a comprehensive report such as APT1 might look like in STIX.  Therefore, not everything that appears in the original APT1 report is represented in the STIX content that MITRE developed.  One particularly noteworthy feature of this content is that it makes substantial use of the higher-level constructs in STIX, including TTPs, Threat Actors and Campaigns. Thus, we hope that you find the report useful in understanding how these constructs work and how they can be related to lower-level technical intelligence.

 

The STIX conversion is available here: http://stix.mitre.org/downloads/APT1-STIX.zip. The attached README contains a listing of the files included in the ZIP (the README is included in the ZIP as well). The bundle also includes HTML representations of the STIX content that were created using stix_to_html. Please note that because the stix_to_html tool is still experimental and still under development the HTML views are incomplete representations of the full STIX XML. In particular, some of the higher-level constructs like Campaign and Threat Actor are still under development in the tool so the HTML views of those components will be missing content that’s present in the XML.

 

MITRE would like to thank Mandiant for giving us the permission to publish this conversion as well as the feedback they gave us during this process and on STIX in general.  We look forward to your feedback on this mapping and your suggestions for additional examples of STIX content.

 

Thanks,

STIX Project Team


README.txt (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

python-cybox dependency error?

Foley, Alexander - GIS

Dear list,

 

I’m hoping someone might have run into this problem before – when attempting to use setuptools to install python-cybox I ran into this error… any idea how I might be able to rectify the problem?

 

Alex

 

Processing dependencies for cybox==2.0.1.2

Searching for lxml>=2.3

Reading http://pypi.python.org/simple/lxml/

Best match: lxml 3.2.4

Downloading https://pypi.python.org/packages/source/l/lxml/lxml-3.2.4.tar.gz#md5=cc363499060f615aca1ec8dcc04df331

Processing lxml-3.2.4.tar.gz

Running lxml-3.2.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-Fk5KPd/lxml-3.2.4/egg-dist-tmp-0Rc7Vi

Building lxml version 3.2.4.

Building without Cython.

Using build configuration of libxslt 1.1.17

Building against libxml2/libxslt in the following directory: /usr/lib64

/usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'bugtrack_url'

  warnings.warn(msg)

warning: no files found matching '*.txt' under directory 'src/lxml/tests'

unable to execute gcc: No such file or directory

error: Setup script exited with error: command 'gcc' failed with exit status 1


This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
Reply | Threaded
Open this post in threaded view
|

Re: python-cybox dependency error?

Johnny Vestergaard
Looks like you do not have gcc installed. 

Mvh,
Johnny Vestergaard

On 27/11/2013, at 00.12, "Foley, Alexander" <[hidden email]> wrote:

Dear list,

 

I’m hoping someone might have run into this problem before – when attempting to use setuptools to install python-cybox I ran into this error… any idea how I might be able to rectify the problem?

 

Alex

 

Processing dependencies for cybox==2.0.1.2

Searching for lxml>=2.3

Reading http://pypi.python.org/simple/lxml/

Best match: lxml 3.2.4

Downloading https://pypi.python.org/packages/source/l/lxml/lxml-3.2.4.tar.gz#md5=cc363499060f615aca1ec8dcc04df331

Processing lxml-3.2.4.tar.gz

Running lxml-3.2.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-Fk5KPd/lxml-3.2.4/egg-dist-tmp-0Rc7Vi

Building lxml version 3.2.4.

Building without Cython.

Using build configuration of libxslt 1.1.17

Building against libxml2/libxslt in the following directory: /usr/lib64

/usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'bugtrack_url'

  warnings.warn(msg)

warning: no files found matching '*.txt' under directory 'src/lxml/tests'

unable to execute gcc: No such file or directory

error: Setup script exited with error: command 'gcc' failed with exit status 1


This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
Reply | Threaded
Open this post in threaded view
|

RE: python-cybox dependency error?

Shields, Wesley
In reply to this post by Foley, Alexander - GIS
Looks like you don't have a compiler installed. If you're on Ubuntu it's the build-essential package and if you're on RHEL it is the gcc and gcc-c++ packages (or so I think, I don't run those to be sure). If you google around for how to install a compiler on your OS you'll find it.

-- WXS

>-----Original Message-----
>From: [hidden email] [mailto:owner-stix-
>[hidden email]] On Behalf Of Foley, Alexander
>Sent: Tuesday, November 26, 2013 6:12 PM
>To: stix-discussion-list Structured Threat Information Expression/ST
>Subject: python-cybox dependency error?
>
>Dear list,
>
>
>
>I'm hoping someone might have run into this problem before - when
>attempting to use setuptools to install python-cybox I ran into this error... any
>idea how I might be able to rectify the problem?
>
>
>
>Alex
>
>
>
>Processing dependencies for cybox==2.0.1.2
>
>Searching for lxml>=2.3
>
>Reading http://pypi.python.org/simple/lxml/
>
>Best match: lxml 3.2.4
>
>Downloading https://pypi.python.org/packages/source/l/lxml/lxml-
>3.2.4.tar.gz#md5=cc363499060f615aca1ec8dcc04df331
>
>Processing lxml-3.2.4.tar.gz
>
>Running lxml-3.2.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-
>Fk5KPd/lxml-3.2.4/egg-dist-tmp-0Rc7Vi
>
>Building lxml version 3.2.4.
>
>Building without Cython.
>
>Using build configuration of libxslt 1.1.17
>
>Building against libxml2/libxslt in the following directory: /usr/lib64
>
>/usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown
>distribution option: 'bugtrack_url'
>
>  warnings.warn(msg)
>
>warning: no files found matching '*.txt' under directory 'src/lxml/tests'
>
>unable to execute gcc: No such file or directory
>
>error: Setup script exited with error: command 'gcc' failed with exit status 1
>
>________________________________
>
>This message, and any attachments, is for the intended recipient(s) only, may
>contain information that is privileged, confidential and/or proprietary and
>subject to important terms and conditions available at
>http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
>recipient, please delete this message.
Reply | Threaded
Open this post in threaded view
|

RE: python-cybox dependency error?

Foley, Alexander - GIS
In reply to this post by Johnny Vestergaard

Thank you Wesley and Johnny gcc did the trick!

 

Alex

 

From: Johnny Vestergaard [mailto:[hidden email]]
Sent: Tuesday, November 26, 2013 6:18 PM
To: Foley, Alexander
Cc: stix-discussion-list Structured Threat Information Expression/ST
Subject: Re: python-cybox dependency error?

 

Looks like you do not have gcc installed. 

Mvh,

Johnny Vestergaard


On 27/11/2013, at 00.12, "Foley, Alexander" <[hidden email]> wrote:

Dear list,

 

I’m hoping someone might have run into this problem before – when attempting to use setuptools to install python-cybox I ran into this error… any idea how I might be able to rectify the problem?

 

Alex

 

Processing dependencies for cybox==2.0.1.2

Searching for lxml>=2.3

Reading http://pypi.python.org/simple/lxml/

Best match: lxml 3.2.4

Downloading https://pypi.python.org/packages/source/l/lxml/lxml-3.2.4.tar.gz#md5=cc363499060f615aca1ec8dcc04df331

Processing lxml-3.2.4.tar.gz

Running lxml-3.2.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-Fk5KPd/lxml-3.2.4/egg-dist-tmp-0Rc7Vi

Building lxml version 3.2.4.

Building without Cython.

Using build configuration of libxslt 1.1.17

Building against libxml2/libxslt in the following directory: /usr/lib64

/usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'bugtrack_url'

  warnings.warn(msg)

warning: no files found matching '*.txt' under directory 'src/lxml/tests'

unable to execute gcc: No such file or directory

error: Setup script exited with error: command 'gcc' failed with exit status 1


This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.


This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
Reply | Threaded
Open this post in threaded view
|

Re: python-cybox dependency error?

Dave Dittrich
In reply to this post by Foley, Alexander - GIS
On 11/26/13 3:12 PM, Foley, Alexander wrote:
> warning: no files found matching '*.txt' under directory 'src/lxml/tests'
> unable to execute gcc: No such file or directory
> error: Setup script exited with error: command 'gcc' failed with exit status 1

It looks like you don't have a development environment
installed (i.e., no GCC compiler.)

--
Dave Dittrich
[hidden email]
http://staff.washington.edu/dittrich

PGP key:     http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint: 097B 4DCB BF16 E1D8 A06C  7512 A751 C80A D15E E079