运用 MAEC和STIX 描述恶意软件特征公益 译文项目 V1.0文档信息 原文名称 原文作者 原文发布日期 2014年4月21日 作者简介原文发布单位原文出处 https://stixproject.github.io/ 译者 小蜜蜂公益翻译组 校对者 小蜜蜂公益翻译组 免责声明  本文原文来自于互联网的公共方式，由“安全加”社区出于学习交流的目的进行翻译，而无任何商业利益的考虑和利用， “安全加”社区已经尽可能地对作者和来源进行了通告，但不保证能够穷尽，如您主张相关权利，请及时与“安全加” 社区联系。  “安全加”社区不对翻译版本的准确性、可靠性作任何保证，也不为由翻译不准确所导致的直接或间接损失承担责任。在使用翻译版本中所包含的技术信息时，用户同意“安全加”社区对可能出现的翻译不完整、或不准确导致的全部或 部分损失不承担任何责任。用户亦保证不用做商业用途，也不以任何方式修改本译文，基于上述问题产生侵权行为的， 法律责任由用户自负。 小蜜蜂公益翻译组 “安全加”社区目录 摘要 ·············································································································· 1 1 引言 ············································································································ 2 2 背景 ············································································································ 3 3 现用方法 ···································································································· 5 4 发展历史 ···································································································· 6 5 何为 STIX？ ······························································································· 7 6 用例 ············································································································ 8 6.1 （用例 1）分析网络威胁 ··································································· 8 6.2 （用例 2）明确网络威胁的指标特征 ···················································· 8 6.3 （用例 3）管理网络威胁响应活动 ······················································· 8 6.4 （用例 4）共享网络威胁信息 ····························································· 9 7 指导原则 ·································································································· 10 7.1 清晰表达 ······················································································· 10 7.2 集成，而非复制 ·············································································· 10 7.3 灵活性 ·························································································· 10 7.4 扩展性 ·························································································· 10 7.5 自动化 ·························································································· 10 7.6 可读性 ·························································································· 10 8 架构 ·········································································································· 11 9 STIX结构 ································································································· 12 9.1 可观察物 ······················································································· 12 9.2 指标 ····························································································· 12 9.3 安全事件 ······················································································· 12 9.4 策略、技术与过程（TTP） ······························································· 12 9.5 行动 ····························································································· 13 9.6 威胁源起方 ···················································································· 13 9.7 利用目标 ······················································································· 13 9.8 行动方案（COA） ·········································································· 14 9.9 数据标记 ······················································································· 14 10 实现 ········································································································ 15 11 用法 ········································································································ 16 12 结论及未来工作 ······················································································ 17 13 致谢 ········································································································ 18 参考 ············································································································ 19运用 MAEC和STIX描述恶意软件特征 2014年4月 V1.0公益 译文项目 2017 1 摘要 对组织来说，获得