A Threat Note conveys informative text to provide additional analysis not contained in the STIX Objects, Marking Definition objects, or Language Content objects which the Note relates to. Threat notes applies for STIX 2.x.

For example, an analyst may add a Note to a Campaign object created by another organization. The note may indicate that they've seen posts related to that Campaign on a hacker forum.

Notes are usually created by human analysts and are composed of human-oriented text, they contain an extra property to capture the author that created the Note.