An Indicator is an Intelligence Object sharing many Relationships with other objects.
โ
According to STIX Version 2.1, Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity. For example, an Indicator may be used to represent a set of malicious domains.
Relationships from the Indicator can describe the malicious or suspicious behavior that it directly detects (Malware, Tool, and Attack Pattern). In addition, it may also imply the presence of a Campaigns, Intrusion Sets, and Threat Actors, etc. (Reference: STIX Version 2.1)
Related Content