Closed ikiril01 closed 9 years ago
There appears to be an issue with the expansion/toggling of MAEC Packages in STIX TTPs; the content appears to be present in the HTML, but it won't actually toggle in order to be displayed. Here's a sample TTP that exhibits the behavior:
<stix:TTP id="ttp-1" xsi:type='ttp:TTPType'> <ttp:Title>MAEC Package</ttp:Title> <ttp:Behavior> <ttp:Malware> <ttp:Malware_Instance xsi:type='stix-maec:MAEC4.1InstanceType'> <stix-maec:MAEC id="maec-1" schema_version="2.1"> <maecPackage:Malware_Subjects> <maecPackage:Malware_Subject id="subject-1"> <maecPackage:Malware_Instance_Object_Attributes> <cybox:Properties xsi:type="FileObj:FileObjectType"> <FileObj:File_Name>asdf.exe</FileObj:File_Name> </cybox:Properties> </maecPackage:Malware_Instance_Object_Attributes> <maecPackage:Label xsi:type="maecVocabs:MalwareLabelVocab-1.0">trojan horse</maecPackage:Label> <maecPackage:Findings_Bundles> <maecPackage:Bundle defined_subject="false" id="bundle-1" schema_version="4.1"> <maecBundle:Actions> <maecBundle:Action id="action-1"> <cybox:Name xsi:type="maecVocabs:FileActionNameVocab-1.0">modify file</cybox:Name> <cybox:Associated_Objects> <cybox:Associated_Object id="object-1"> <cybox:Properties xsi:type="FileObj:FileObjectType"> <FileObj:File_Name condition="Equals">kerne32.dll</FileObj:File_Name> </cybox:Properties> <cybox:Association_Type xsi:type="maecVocabs:ActionObjectAssociationTypeVocab-1.0">output</cybox:Association_Type> </cybox:Associated_Object> </cybox:Associated_Objects> </maecBundle:Action> </maecBundle:Actions> </maecPackage:Bundle> </maecPackage:Findings_Bundles> </maecPackage:Malware_Subject> </maecPackage:Malware_Subjects> </stix-maec:MAEC> </ttp:Malware_Instance> </ttp:Malware> </ttp:Behavior> </stix:TTP>
Fixed in 97c7121.
There appears to be an issue with the expansion/toggling of MAEC Packages in STIX TTPs; the content appears to be present in the HTML, but it won't actually toggle in order to be displayed. Here's a sample TTP that exhibits the behavior: