From 444f9a6fd9d78e04797288455d9ef9f8618ccb5f Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Sun, 30 Dec 2018 12:49:44 +0100
Subject: [PATCH 1/3] chg: [data] ja3-fingerprint-md5 type added
---
pymisp/data/describeTypes.json | 1934 ++++++++++++++++----------------
1 file changed, 971 insertions(+), 963 deletions(-)
diff --git a/pymisp/data/describeTypes.json b/pymisp/data/describeTypes.json
index 3b309ce..850668d 100644
--- a/pymisp/data/describeTypes.json
+++ b/pymisp/data/describeTypes.json
@@ -1,49 +1,513 @@
{
"result": {
+ "categories": [
+ "Antivirus detection",
+ "Artifacts dropped",
+ "Attribution",
+ "External analysis",
+ "Financial fraud",
+ "Internal reference",
+ "Network activity",
+ "Other",
+ "Payload delivery",
+ "Payload installation",
+ "Payload type",
+ "Persistence mechanism",
+ "Person",
+ "Social network",
+ "Support Tool",
+ "Targeting data"
+ ],
+ "category_type_mappings": {
+ "Antivirus detection": [
+ "attachment",
+ "comment",
+ "hex",
+ "link",
+ "other",
+ "text"
+ ],
+ "Artifacts dropped": [
+ "attachment",
+ "authentihash",
+ "cdhash",
+ "comment",
+ "cookie",
+ "filename",
+ "filename|authentihash",
+ "filename|impfuzzy",
+ "filename|imphash",
+ "filename|md5",
+ "filename|pehash",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "gene",
+ "hex",
+ "impfuzzy",
+ "imphash",
+ "malware-sample",
+ "md5",
+ "mime-type",
+ "mutex",
+ "named pipe",
+ "other",
+ "pattern-in-file",
+ "pattern-in-memory",
+ "pdb",
+ "regkey",
+ "regkey|value",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "sigma",
+ "ssdeep",
+ "stix2-pattern",
+ "text",
+ "windows-scheduled-task",
+ "windows-service-displayname",
+ "windows-service-name",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256",
+ "yara"
+ ],
+ "Attribution": [
+ "campaign-id",
+ "campaign-name",
+ "comment",
+ "dns-soa-email",
+ "other",
+ "text",
+ "threat-actor",
+ "whois-creation-date",
+ "whois-registrant-email",
+ "whois-registrant-name",
+ "whois-registrant-org",
+ "whois-registrant-phone",
+ "whois-registrar",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256"
+ ],
+ "External analysis": [
+ "AS",
+ "attachment",
+ "bro",
+ "comment",
+ "cortex",
+ "domain",
+ "domain|ip",
+ "filename",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha256",
+ "github-repository",
+ "hostname",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src",
+ "ip-src|port",
+ "ja3-fingerprint-md5",
+ "link",
+ "mac-address",
+ "mac-eui-64",
+ "malware-sample",
+ "md5",
+ "other",
+ "pattern-in-file",
+ "pattern-in-memory",
+ "pattern-in-traffic",
+ "regkey",
+ "regkey|value",
+ "sha1",
+ "sha256",
+ "snort",
+ "text",
+ "url",
+ "user-agent",
+ "vulnerability",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256"
+ ],
+ "Financial fraud": [
+ "aba-rtn",
+ "bank-account-nr",
+ "bic",
+ "bin",
+ "btc",
+ "cc-number",
+ "comment",
+ "hex",
+ "iban",
+ "other",
+ "phone-number",
+ "prtn",
+ "text",
+ "xmr"
+ ],
+ "Internal reference": [
+ "comment",
+ "hex",
+ "link",
+ "other",
+ "text"
+ ],
+ "Network activity": [
+ "AS",
+ "attachment",
+ "bro",
+ "comment",
+ "cookie",
+ "domain",
+ "domain|ip",
+ "email-dst",
+ "hex",
+ "hostname",
+ "hostname|port",
+ "http-method",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src",
+ "ip-src|port",
+ "ja3-fingerprint-md5",
+ "mac-address",
+ "mac-eui-64",
+ "other",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "port",
+ "snort",
+ "stix2-pattern",
+ "text",
+ "uri",
+ "url",
+ "user-agent",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256"
+ ],
+ "Other": [
+ "boolean",
+ "comment",
+ "counter",
+ "cpe",
+ "datetime",
+ "float",
+ "hex",
+ "other",
+ "phone-number",
+ "port",
+ "size-in-bytes",
+ "text"
+ ],
+ "Payload delivery": [
+ "AS",
+ "attachment",
+ "authentihash",
+ "cdhash",
+ "comment",
+ "domain",
+ "email-attachment",
+ "email-body",
+ "email-dst",
+ "email-dst-display-name",
+ "email-header",
+ "email-message-id",
+ "email-mime-boundary",
+ "email-reply-to",
+ "email-src",
+ "email-src-display-name",
+ "email-subject",
+ "email-thread-index",
+ "email-x-mailer",
+ "filename",
+ "filename|authentihash",
+ "filename|impfuzzy",
+ "filename|imphash",
+ "filename|md5",
+ "filename|pehash",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "hex",
+ "hostname",
+ "hostname|port",
+ "impfuzzy",
+ "imphash",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src",
+ "ip-src|port",
+ "ja3-fingerprint-md5",
+ "link",
+ "mac-address",
+ "mac-eui-64",
+ "malware-sample",
+ "malware-type",
+ "md5",
+ "mime-type",
+ "mobile-application-id",
+ "other",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "pehash",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "sigma",
+ "ssdeep",
+ "stix2-pattern",
+ "text",
+ "tlsh",
+ "url",
+ "user-agent",
+ "vulnerability",
+ "whois-registrant-email",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256",
+ "yara"
+ ],
+ "Payload installation": [
+ "attachment",
+ "authentihash",
+ "cdhash",
+ "comment",
+ "filename",
+ "filename|authentihash",
+ "filename|impfuzzy",
+ "filename|imphash",
+ "filename|md5",
+ "filename|pehash",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "hex",
+ "impfuzzy",
+ "imphash",
+ "malware-sample",
+ "malware-type",
+ "md5",
+ "mime-type",
+ "mobile-application-id",
+ "other",
+ "pattern-in-file",
+ "pattern-in-memory",
+ "pattern-in-traffic",
+ "pehash",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "sigma",
+ "ssdeep",
+ "stix2-pattern",
+ "text",
+ "tlsh",
+ "vulnerability",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256",
+ "yara"
+ ],
+ "Payload type": [
+ "comment",
+ "other",
+ "text"
+ ],
+ "Persistence mechanism": [
+ "comment",
+ "filename",
+ "hex",
+ "other",
+ "regkey",
+ "regkey|value",
+ "text"
+ ],
+ "Person": [
+ "comment",
+ "country-of-residence",
+ "date-of-birth",
+ "first-name",
+ "frequent-flyer-number",
+ "gender",
+ "identity-card-number",
+ "issue-date-of-the-visa",
+ "last-name",
+ "middle-name",
+ "nationality",
+ "other",
+ "passenger-name-record-locator-number",
+ "passport-country",
+ "passport-expiration",
+ "passport-number",
+ "payment-details",
+ "phone-number",
+ "place-of-birth",
+ "place-port-of-clearance",
+ "place-port-of-onward-foreign-destination",
+ "place-port-of-original-embarkation",
+ "primary-residence",
+ "redress-number",
+ "special-service-request",
+ "text",
+ "travel-details",
+ "visa-number"
+ ],
+ "Social network": [
+ "comment",
+ "email-dst",
+ "email-src",
+ "github-organisation",
+ "github-repository",
+ "github-username",
+ "jabber-id",
+ "other",
+ "text",
+ "twitter-id",
+ "whois-registrant-email"
+ ],
+ "Support Tool": [
+ "attachment",
+ "comment",
+ "hex",
+ "link",
+ "other",
+ "text"
+ ],
+ "Targeting data": [
+ "comment",
+ "target-email",
+ "target-external",
+ "target-location",
+ "target-machine",
+ "target-org",
+ "target-user"
+ ]
+ },
"sane_defaults": {
- "md5": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha1": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha256": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "pdb": {
- "default_category": "Artifacts dropped",
+ "AS": {
+ "default_category": "Network activity",
"to_ids": 0
},
- "filename|md5": {
+ "aba-rtn": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "attachment": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
+ "authentihash": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "filename|sha1": {
+ "bank-account-nr": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "bic": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "bin": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "boolean": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "bro": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "btc": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "campaign-id": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "campaign-name": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "cc-number": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "cdhash": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "filename|sha256": {
- "default_category": "Payload delivery",
- "to_ids": 1
+ "comment": {
+ "default_category": "Other",
+ "to_ids": 0
},
- "ip-src": {
+ "cookie": {
"default_category": "Network activity",
- "to_ids": 1
+ "to_ids": 0
},
- "ip-dst": {
- "default_category": "Network activity",
- "to_ids": 1
+ "cortex": {
+ "default_category": "External analysis",
+ "to_ids": 0
},
- "hostname": {
- "default_category": "Network activity",
- "to_ids": 1
+ "counter": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "country-of-residence": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "cpe": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "date-of-birth": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "datetime": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "dns-soa-email": {
+ "default_category": "Attribution",
+ "to_ids": 0
},
"domain": {
"default_category": "Network activity",
@@ -53,18 +517,6 @@
"default_category": "Network activity",
"to_ids": 1
},
- "email-src": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "email-dst": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "email-subject": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
"email-attachment": {
"default_category": "Payload delivery",
"to_ids": 1
@@ -73,251 +525,51 @@
"default_category": "Payload delivery",
"to_ids": 0
},
- "float": {
- "default_category": "Other",
- "to_ids": 0
- },
- "url": {
+ "email-dst": {
"default_category": "Network activity",
"to_ids": 1
},
- "http-method": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "user-agent": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "regkey": {
- "default_category": "Persistence mechanism",
- "to_ids": 1
- },
- "regkey|value": {
- "default_category": "Persistence mechanism",
- "to_ids": 1
- },
- "AS": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "snort": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "bro": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "pattern-in-file": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "pattern-in-traffic": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "pattern-in-memory": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "yara": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "stix2-pattern": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "sigma": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "gene": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "mime-type": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "identity-card-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "cookie": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "vulnerability": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "attachment": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "malware-sample": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "link": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "comment": {
- "default_category": "Other",
- "to_ids": 0
- },
- "text": {
- "default_category": "Other",
- "to_ids": 0
- },
- "hex": {
- "default_category": "Other",
- "to_ids": 0
- },
- "other": {
- "default_category": "Other",
- "to_ids": 0
- },
- "named pipe": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "mutex": {
- "default_category": "Artifacts dropped",
- "to_ids": 1
- },
- "target-user": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-email": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-machine": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-org": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-location": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-external": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "btc": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "xmr": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "iban": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "bic": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "bank-account-nr": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "aba-rtn": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "bin": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "cc-number": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "prtn": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "phone-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "threat-actor": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "campaign-name": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "campaign-id": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "malware-type": {
+ "email-dst-display-name": {
"default_category": "Payload delivery",
"to_ids": 0
},
- "uri": {
- "default_category": "Network activity",
- "to_ids": 1
+ "email-header": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
},
- "authentihash": {
+ "email-message-id": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-mime-boundary": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-reply-to": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-src": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "ssdeep": {
+ "email-src-display-name": {
"default_category": "Payload delivery",
- "to_ids": 1
+ "to_ids": 0
},
- "imphash": {
+ "email-subject": {
"default_category": "Payload delivery",
- "to_ids": 1
+ "to_ids": 0
},
- "pehash": {
+ "email-thread-index": {
"default_category": "Payload delivery",
- "to_ids": 1
+ "to_ids": 0
},
- "impfuzzy": {
+ "email-x-mailer": {
"default_category": "Payload delivery",
- "to_ids": 1
+ "to_ids": 0
},
- "sha224": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha384": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha512": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha512/224": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "sha512/256": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "tlsh": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "cdhash": {
+ "filename": {
"default_category": "Payload delivery",
"to_ids": 1
},
@@ -325,7 +577,7 @@
"default_category": "Payload delivery",
"to_ids": 1
},
- "filename|ssdeep": {
+ "filename|impfuzzy": {
"default_category": "Payload delivery",
"to_ids": 1
},
@@ -333,7 +585,7 @@
"default_category": "Payload delivery",
"to_ids": 1
},
- "filename|impfuzzy": {
+ "filename|md5": {
"default_category": "Payload delivery",
"to_ids": 1
},
@@ -341,10 +593,18 @@
"default_category": "Payload delivery",
"to_ids": 1
},
+ "filename|sha1": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
"filename|sha224": {
"default_category": "Payload delivery",
"to_ids": 1
},
+ "filename|sha256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
"filename|sha384": {
"default_category": "Payload delivery",
"to_ids": 1
@@ -361,94 +621,114 @@
"default_category": "Payload delivery",
"to_ids": 1
},
+ "filename|ssdeep": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
"filename|tlsh": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "windows-scheduled-task": {
+ "first-name": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "float": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "frequent-flyer-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "gender": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "gene": {
"default_category": "Artifacts dropped",
"to_ids": 0
},
- "windows-service-name": {
- "default_category": "Artifacts dropped",
+ "github-organisation": {
+ "default_category": "Social network",
"to_ids": 0
},
- "windows-service-displayname": {
- "default_category": "Artifacts dropped",
+ "github-repository": {
+ "default_category": "Social network",
"to_ids": 0
},
- "whois-registrant-email": {
- "default_category": "Attribution",
+ "github-username": {
+ "default_category": "Social network",
"to_ids": 0
},
- "whois-registrant-phone": {
- "default_category": "Attribution",
+ "hex": {
+ "default_category": "Other",
"to_ids": 0
},
- "whois-registrant-name": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "whois-registrant-org": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "whois-registrar": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "whois-creation-date": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "x509-fingerprint-sha1": {
+ "hostname": {
"default_category": "Network activity",
"to_ids": 1
},
- "x509-fingerprint-md5": {
+ "hostname|port": {
"default_category": "Network activity",
"to_ids": 1
},
- "x509-fingerprint-sha256": {
+ "http-method": {
"default_category": "Network activity",
+ "to_ids": 0
+ },
+ "iban": {
+ "default_category": "Financial fraud",
"to_ids": 1
},
- "dns-soa-email": {
- "default_category": "Attribution",
+ "identity-card-number": {
+ "default_category": "Person",
"to_ids": 0
},
- "size-in-bytes": {
- "default_category": "Other",
- "to_ids": 0
+ "impfuzzy": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
},
- "counter": {
- "default_category": "Other",
- "to_ids": 0
+ "imphash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
},
- "datetime": {
- "default_category": "Other",
- "to_ids": 0
- },
- "cpe": {
- "default_category": "Other",
- "to_ids": 0
- },
- "port": {
+ "ip-dst": {
"default_category": "Network activity",
- "to_ids": 0
+ "to_ids": 1
},
"ip-dst|port": {
"default_category": "Network activity",
"to_ids": 1
},
+ "ip-src": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
"ip-src|port": {
"default_category": "Network activity",
"to_ids": 1
},
- "hostname|port": {
+ "issue-date-of-the-visa": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "ja3-fingerprint-md5": {
"default_category": "Network activity",
"to_ids": 1
},
+ "jabber-id": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "last-name": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "link": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
"mac-address": {
"default_category": "Network activity",
"to_ids": 0
@@ -457,83 +737,47 @@
"default_category": "Network activity",
"to_ids": 0
},
- "email-dst-display-name": {
+ "malware-sample": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "malware-type": {
"default_category": "Payload delivery",
"to_ids": 0
},
- "email-src-display-name": {
+ "md5": {
"default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-header": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-reply-to": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-x-mailer": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-mime-boundary": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-thread-index": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-message-id": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "github-username": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "github-repository": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "github-organisation": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "jabber-id": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "twitter-id": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "first-name": {
- "default_category": "Person",
- "to_ids": 0
+ "to_ids": 1
},
"middle-name": {
"default_category": "Person",
"to_ids": 0
},
- "last-name": {
+ "mime-type": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "mobile-application-id": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "mutex": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 1
+ },
+ "named pipe": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "nationality": {
"default_category": "Person",
"to_ids": 0
},
- "date-of-birth": {
- "default_category": "Person",
+ "other": {
+ "default_category": "Other",
"to_ids": 0
},
- "place-of-birth": {
- "default_category": "Person",
- "to_ids": 0
- },
- "gender": {
- "default_category": "Person",
- "to_ids": 0
- },
- "passport-number": {
+ "passenger-name-record-locator-number": {
"default_category": "Person",
"to_ids": 0
},
@@ -545,47 +789,39 @@
"default_category": "Person",
"to_ids": 0
},
- "redress-number": {
+ "passport-number": {
"default_category": "Person",
"to_ids": 0
},
- "nationality": {
- "default_category": "Person",
- "to_ids": 0
+ "pattern-in-file": {
+ "default_category": "Payload installation",
+ "to_ids": 1
},
- "visa-number": {
- "default_category": "Person",
- "to_ids": 0
+ "pattern-in-memory": {
+ "default_category": "Payload installation",
+ "to_ids": 1
},
- "issue-date-of-the-visa": {
- "default_category": "Person",
- "to_ids": 0
- },
- "primary-residence": {
- "default_category": "Person",
- "to_ids": 0
- },
- "country-of-residence": {
- "default_category": "Person",
- "to_ids": 0
- },
- "special-service-request": {
- "default_category": "Person",
- "to_ids": 0
- },
- "frequent-flyer-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "travel-details": {
- "default_category": "Person",
- "to_ids": 0
+ "pattern-in-traffic": {
+ "default_category": "Network activity",
+ "to_ids": 1
},
"payment-details": {
"default_category": "Person",
"to_ids": 0
},
- "place-port-of-original-embarkation": {
+ "pdb": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "pehash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "phone-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "place-of-birth": {
"default_category": "Person",
"to_ids": 0
},
@@ -597,590 +833,362 @@
"default_category": "Person",
"to_ids": 0
},
- "passenger-name-record-locator-number": {
+ "place-port-of-original-embarkation": {
"default_category": "Person",
"to_ids": 0
},
- "mobile-application-id": {
+ "port": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "primary-residence": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "prtn": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "redress-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "regkey": {
+ "default_category": "Persistence mechanism",
+ "to_ids": 1
+ },
+ "regkey|value": {
+ "default_category": "Persistence mechanism",
+ "to_ids": 1
+ },
+ "sha1": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "cortex": {
+ "sha224": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sha256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sha384": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sha512": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sha512/224": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sha512/256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "sigma": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "size-in-bytes": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "snort": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "special-service-request": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "ssdeep": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "stix2-pattern": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "target-email": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-external": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-location": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-machine": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-org": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-user": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "text": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "threat-actor": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "tlsh": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "travel-details": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "twitter-id": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "uri": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "url": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "user-agent": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "visa-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "vulnerability": {
"default_category": "External analysis",
"to_ids": 0
},
- "boolean": {
- "default_category": "Other",
+ "whois-creation-date": {
+ "default_category": "Attribution",
"to_ids": 0
+ },
+ "whois-registrant-email": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "whois-registrant-name": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "whois-registrant-org": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "whois-registrant-phone": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "whois-registrar": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "windows-scheduled-task": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "windows-service-displayname": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "windows-service-name": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "x509-fingerprint-md5": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "x509-fingerprint-sha1": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "x509-fingerprint-sha256": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "xmr": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "yara": {
+ "default_category": "Payload installation",
+ "to_ids": 1
}
},
"types": [
- "md5",
- "sha1",
- "sha256",
- "filename",
- "pdb",
- "filename|md5",
- "filename|sha1",
- "filename|sha256",
- "ip-src",
- "ip-dst",
- "hostname",
+ "AS",
+ "aba-rtn",
+ "attachment",
+ "authentihash",
+ "bank-account-nr",
+ "bic",
+ "bin",
+ "boolean",
+ "bro",
+ "btc",
+ "campaign-id",
+ "campaign-name",
+ "cc-number",
+ "cdhash",
+ "comment",
+ "cookie",
+ "cortex",
+ "counter",
+ "country-of-residence",
+ "cpe",
+ "date-of-birth",
+ "datetime",
+ "dns-soa-email",
"domain",
"domain|ip",
- "email-src",
- "email-dst",
- "email-subject",
"email-attachment",
"email-body",
- "float",
- "url",
- "http-method",
- "user-agent",
- "regkey",
- "regkey|value",
- "AS",
- "snort",
- "bro",
- "pattern-in-file",
- "pattern-in-traffic",
- "pattern-in-memory",
- "yara",
- "stix2-pattern",
- "sigma",
- "gene",
- "mime-type",
- "identity-card-number",
- "cookie",
- "vulnerability",
- "attachment",
- "malware-sample",
- "link",
- "comment",
- "text",
- "hex",
- "other",
- "named pipe",
- "mutex",
- "target-user",
- "target-email",
- "target-machine",
- "target-org",
- "target-location",
- "target-external",
- "btc",
- "xmr",
- "iban",
- "bic",
- "bank-account-nr",
- "aba-rtn",
- "bin",
- "cc-number",
- "prtn",
- "phone-number",
- "threat-actor",
- "campaign-name",
- "campaign-id",
- "malware-type",
- "uri",
- "authentihash",
- "ssdeep",
- "imphash",
- "pehash",
- "impfuzzy",
- "sha224",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "tlsh",
- "cdhash",
+ "email-dst",
+ "email-dst-display-name",
+ "email-header",
+ "email-message-id",
+ "email-mime-boundary",
+ "email-reply-to",
+ "email-src",
+ "email-src-display-name",
+ "email-subject",
+ "email-thread-index",
+ "email-x-mailer",
+ "filename",
"filename|authentihash",
- "filename|ssdeep",
- "filename|imphash",
"filename|impfuzzy",
+ "filename|imphash",
+ "filename|md5",
"filename|pehash",
+ "filename|sha1",
"filename|sha224",
+ "filename|sha256",
"filename|sha384",
"filename|sha512",
"filename|sha512/224",
"filename|sha512/256",
+ "filename|ssdeep",
"filename|tlsh",
- "windows-scheduled-task",
- "windows-service-name",
- "windows-service-displayname",
- "whois-registrant-email",
- "whois-registrant-phone",
- "whois-registrant-name",
- "whois-registrant-org",
- "whois-registrar",
- "whois-creation-date",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "dns-soa-email",
- "size-in-bytes",
- "counter",
- "datetime",
- "cpe",
- "port",
- "ip-dst|port",
- "ip-src|port",
+ "first-name",
+ "float",
+ "frequent-flyer-number",
+ "gender",
+ "gene",
+ "github-organisation",
+ "github-repository",
+ "github-username",
+ "hex",
+ "hostname",
"hostname|port",
+ "http-method",
+ "iban",
+ "identity-card-number",
+ "impfuzzy",
+ "imphash",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src",
+ "ip-src|port",
+ "issue-date-of-the-visa",
+ "ja3-fingerprint-md5",
+ "jabber-id",
+ "last-name",
+ "link",
"mac-address",
"mac-eui-64",
- "email-dst-display-name",
- "email-src-display-name",
- "email-header",
- "email-reply-to",
- "email-x-mailer",
- "email-mime-boundary",
- "email-thread-index",
- "email-message-id",
- "github-username",
- "github-repository",
- "github-organisation",
- "jabber-id",
- "twitter-id",
- "first-name",
+ "malware-sample",
+ "malware-type",
+ "md5",
"middle-name",
- "last-name",
- "date-of-birth",
- "place-of-birth",
- "gender",
- "passport-number",
+ "mime-type",
+ "mobile-application-id",
+ "mutex",
+ "named pipe",
+ "nationality",
+ "other",
+ "passenger-name-record-locator-number",
"passport-country",
"passport-expiration",
- "redress-number",
- "nationality",
- "visa-number",
- "issue-date-of-the-visa",
- "primary-residence",
- "country-of-residence",
- "special-service-request",
- "frequent-flyer-number",
- "travel-details",
+ "passport-number",
+ "pattern-in-file",
+ "pattern-in-memory",
+ "pattern-in-traffic",
"payment-details",
- "place-port-of-original-embarkation",
+ "pdb",
+ "pehash",
+ "phone-number",
+ "place-of-birth",
"place-port-of-clearance",
"place-port-of-onward-foreign-destination",
- "passenger-name-record-locator-number",
- "mobile-application-id",
- "cortex",
- "boolean"
- ],
- "categories": [
- "Internal reference",
- "Targeting data",
- "Antivirus detection",
- "Payload delivery",
- "Artifacts dropped",
- "Payload installation",
- "Persistence mechanism",
- "Network activity",
- "Payload type",
- "Attribution",
- "External analysis",
- "Financial fraud",
- "Support Tool",
- "Social network",
- "Person",
- "Other"
- ],
- "category_type_mappings": {
- "Internal reference": [
- "text",
- "link",
- "comment",
- "other",
- "hex"
- ],
- "Targeting data": [
- "target-user",
- "target-email",
- "target-machine",
- "target-org",
- "target-location",
- "target-external",
- "comment"
- ],
- "Antivirus detection": [
- "link",
- "comment",
- "text",
- "hex",
- "attachment",
- "other"
- ],
- "Payload delivery": [
- "md5",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "ssdeep",
- "imphash",
- "impfuzzy",
- "authentihash",
- "pehash",
- "tlsh",
- "cdhash",
- "filename",
- "filename|md5",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|authentihash",
- "filename|ssdeep",
- "filename|tlsh",
- "filename|imphash",
- "filename|impfuzzy",
- "filename|pehash",
- "mac-address",
- "mac-eui-64",
- "ip-src",
- "ip-dst",
- "ip-dst|port",
- "ip-src|port",
- "hostname",
- "domain",
- "email-src",
- "email-dst",
- "email-subject",
- "email-attachment",
- "email-body",
- "url",
- "user-agent",
- "AS",
- "pattern-in-file",
- "pattern-in-traffic",
- "stix2-pattern",
- "yara",
- "sigma",
- "mime-type",
- "attachment",
- "malware-sample",
- "link",
- "malware-type",
- "comment",
- "text",
- "hex",
- "vulnerability",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "other",
- "hostname|port",
- "email-dst-display-name",
- "email-src-display-name",
- "email-header",
- "email-reply-to",
- "email-x-mailer",
- "email-mime-boundary",
- "email-thread-index",
- "email-message-id",
- "mobile-application-id",
- "whois-registrant-email"
- ],
- "Artifacts dropped": [
- "md5",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "ssdeep",
- "imphash",
- "impfuzzy",
- "authentihash",
- "cdhash",
- "filename",
- "filename|md5",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|authentihash",
- "filename|ssdeep",
- "filename|tlsh",
- "filename|imphash",
- "filename|impfuzzy",
- "filename|pehash",
- "regkey",
- "regkey|value",
- "pattern-in-file",
- "pattern-in-memory",
- "pdb",
- "stix2-pattern",
- "yara",
- "sigma",
- "attachment",
- "malware-sample",
- "named pipe",
- "mutex",
- "windows-scheduled-task",
- "windows-service-name",
- "windows-service-displayname",
- "comment",
- "text",
- "hex",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "other",
- "cookie",
- "gene",
- "mime-type"
- ],
- "Payload installation": [
- "md5",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "ssdeep",
- "imphash",
- "impfuzzy",
- "authentihash",
- "pehash",
- "tlsh",
- "cdhash",
- "filename",
- "filename|md5",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|authentihash",
- "filename|ssdeep",
- "filename|tlsh",
- "filename|imphash",
- "filename|impfuzzy",
- "filename|pehash",
- "pattern-in-file",
- "pattern-in-traffic",
- "pattern-in-memory",
- "stix2-pattern",
- "yara",
- "sigma",
- "vulnerability",
- "attachment",
- "malware-sample",
- "malware-type",
- "comment",
- "text",
- "hex",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "mobile-application-id",
- "other",
- "mime-type"
- ],
- "Persistence mechanism": [
- "filename",
- "regkey",
- "regkey|value",
- "comment",
- "text",
- "other",
- "hex"
- ],
- "Network activity": [
- "ip-src",
- "ip-dst",
- "ip-dst|port",
- "ip-src|port",
- "port",
- "hostname",
- "domain",
- "domain|ip",
- "mac-address",
- "mac-eui-64",
- "email-dst",
- "url",
- "uri",
- "user-agent",
- "http-method",
- "AS",
- "snort",
- "pattern-in-file",
- "stix2-pattern",
- "pattern-in-traffic",
- "attachment",
- "comment",
- "text",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256",
- "other",
- "hex",
- "cookie",
- "hostname|port",
- "bro"
- ],
- "Payload type": [
- "comment",
- "text",
- "other"
- ],
- "Attribution": [
- "threat-actor",
- "campaign-name",
- "campaign-id",
- "whois-registrant-phone",
- "whois-registrant-email",
- "whois-registrant-name",
- "whois-registrant-org",
- "whois-registrar",
- "whois-creation-date",
- "comment",
- "text",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "other",
- "dns-soa-email"
- ],
- "External analysis": [
- "md5",
- "sha1",
- "sha256",
- "filename",
- "filename|md5",
- "filename|sha1",
- "filename|sha256",
- "ip-src",
- "ip-dst",
- "ip-dst|port",
- "ip-src|port",
- "mac-address",
- "mac-eui-64",
- "hostname",
- "domain",
- "domain|ip",
- "url",
- "user-agent",
- "regkey",
- "regkey|value",
- "AS",
- "snort",
- "bro",
- "pattern-in-file",
- "pattern-in-traffic",
- "pattern-in-memory",
- "vulnerability",
- "attachment",
- "malware-sample",
- "link",
- "comment",
- "text",
- "x509-fingerprint-sha1",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha256",
- "github-repository",
- "other",
- "cortex"
- ],
- "Financial fraud": [
- "btc",
- "xmr",
- "iban",
- "bic",
- "bank-account-nr",
- "aba-rtn",
- "bin",
- "cc-number",
- "prtn",
- "phone-number",
- "comment",
- "text",
- "other",
- "hex"
- ],
- "Support Tool": [
- "link",
- "text",
- "attachment",
- "comment",
- "other",
- "hex"
- ],
- "Social network": [
- "github-username",
- "github-repository",
- "github-organisation",
- "jabber-id",
- "twitter-id",
- "email-src",
- "email-dst",
- "comment",
- "text",
- "other",
- "whois-registrant-email"
- ],
- "Person": [
- "first-name",
- "middle-name",
- "last-name",
- "date-of-birth",
- "place-of-birth",
- "gender",
- "passport-number",
- "passport-country",
- "passport-expiration",
- "redress-number",
- "nationality",
- "visa-number",
- "issue-date-of-the-visa",
- "primary-residence",
- "country-of-residence",
- "special-service-request",
- "frequent-flyer-number",
- "travel-details",
- "payment-details",
- "place-port-of-original-embarkation",
- "place-port-of-clearance",
- "place-port-of-onward-foreign-destination",
- "passenger-name-record-locator-number",
- "comment",
- "text",
- "other",
- "phone-number",
- "identity-card-number"
- ],
- "Other": [
- "comment",
- "text",
- "other",
- "size-in-bytes",
- "counter",
- "datetime",
- "cpe",
- "port",
- "float",
- "hex",
- "phone-number",
- "boolean"
- ]
- }
+ "place-port-of-original-embarkation",
+ "port",
+ "primary-residence",
+ "prtn",
+ "redress-number",
+ "regkey",
+ "regkey|value",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "sigma",
+ "size-in-bytes",
+ "snort",
+ "special-service-request",
+ "ssdeep",
+ "stix2-pattern",
+ "target-email",
+ "target-external",
+ "target-location",
+ "target-machine",
+ "target-org",
+ "target-user",
+ "text",
+ "threat-actor",
+ "tlsh",
+ "travel-details",
+ "twitter-id",
+ "uri",
+ "url",
+ "user-agent",
+ "visa-number",
+ "vulnerability",
+ "whois-creation-date",
+ "whois-registrant-email",
+ "whois-registrant-name",
+ "whois-registrant-org",
+ "whois-registrant-phone",
+ "whois-registrar",
+ "windows-scheduled-task",
+ "windows-service-displayname",
+ "windows-service-name",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256",
+ "xmr",
+ "yara"
+ ]
}
}
From e3bc4f2be65f395f94008c34979c2df3f946241e Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Sun, 30 Dec 2018 13:02:14 +0100
Subject: [PATCH 2/3] chg: [data] describeTypes updated (grabbed from MISP
HEAD)
---
pymisp/data/describeTypes.json | 2086 ++++++++++++++++----------------
1 file changed, 1043 insertions(+), 1043 deletions(-)
diff --git a/pymisp/data/describeTypes.json b/pymisp/data/describeTypes.json
index 850668d..5f2bec3 100644
--- a/pymisp/data/describeTypes.json
+++ b/pymisp/data/describeTypes.json
@@ -1,513 +1,49 @@
{
"result": {
- "categories": [
- "Antivirus detection",
- "Artifacts dropped",
- "Attribution",
- "External analysis",
- "Financial fraud",
- "Internal reference",
- "Network activity",
- "Other",
- "Payload delivery",
- "Payload installation",
- "Payload type",
- "Persistence mechanism",
- "Person",
- "Social network",
- "Support Tool",
- "Targeting data"
- ],
- "category_type_mappings": {
- "Antivirus detection": [
- "attachment",
- "comment",
- "hex",
- "link",
- "other",
- "text"
- ],
- "Artifacts dropped": [
- "attachment",
- "authentihash",
- "cdhash",
- "comment",
- "cookie",
- "filename",
- "filename|authentihash",
- "filename|impfuzzy",
- "filename|imphash",
- "filename|md5",
- "filename|pehash",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|ssdeep",
- "filename|tlsh",
- "gene",
- "hex",
- "impfuzzy",
- "imphash",
- "malware-sample",
- "md5",
- "mime-type",
- "mutex",
- "named pipe",
- "other",
- "pattern-in-file",
- "pattern-in-memory",
- "pdb",
- "regkey",
- "regkey|value",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "sigma",
- "ssdeep",
- "stix2-pattern",
- "text",
- "windows-scheduled-task",
- "windows-service-displayname",
- "windows-service-name",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256",
- "yara"
- ],
- "Attribution": [
- "campaign-id",
- "campaign-name",
- "comment",
- "dns-soa-email",
- "other",
- "text",
- "threat-actor",
- "whois-creation-date",
- "whois-registrant-email",
- "whois-registrant-name",
- "whois-registrant-org",
- "whois-registrant-phone",
- "whois-registrar",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256"
- ],
- "External analysis": [
- "AS",
- "attachment",
- "bro",
- "comment",
- "cortex",
- "domain",
- "domain|ip",
- "filename",
- "filename|md5",
- "filename|sha1",
- "filename|sha256",
- "github-repository",
- "hostname",
- "ip-dst",
- "ip-dst|port",
- "ip-src",
- "ip-src|port",
- "ja3-fingerprint-md5",
- "link",
- "mac-address",
- "mac-eui-64",
- "malware-sample",
- "md5",
- "other",
- "pattern-in-file",
- "pattern-in-memory",
- "pattern-in-traffic",
- "regkey",
- "regkey|value",
- "sha1",
- "sha256",
- "snort",
- "text",
- "url",
- "user-agent",
- "vulnerability",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256"
- ],
- "Financial fraud": [
- "aba-rtn",
- "bank-account-nr",
- "bic",
- "bin",
- "btc",
- "cc-number",
- "comment",
- "hex",
- "iban",
- "other",
- "phone-number",
- "prtn",
- "text",
- "xmr"
- ],
- "Internal reference": [
- "comment",
- "hex",
- "link",
- "other",
- "text"
- ],
- "Network activity": [
- "AS",
- "attachment",
- "bro",
- "comment",
- "cookie",
- "domain",
- "domain|ip",
- "email-dst",
- "hex",
- "hostname",
- "hostname|port",
- "http-method",
- "ip-dst",
- "ip-dst|port",
- "ip-src",
- "ip-src|port",
- "ja3-fingerprint-md5",
- "mac-address",
- "mac-eui-64",
- "other",
- "pattern-in-file",
- "pattern-in-traffic",
- "port",
- "snort",
- "stix2-pattern",
- "text",
- "uri",
- "url",
- "user-agent",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256"
- ],
- "Other": [
- "boolean",
- "comment",
- "counter",
- "cpe",
- "datetime",
- "float",
- "hex",
- "other",
- "phone-number",
- "port",
- "size-in-bytes",
- "text"
- ],
- "Payload delivery": [
- "AS",
- "attachment",
- "authentihash",
- "cdhash",
- "comment",
- "domain",
- "email-attachment",
- "email-body",
- "email-dst",
- "email-dst-display-name",
- "email-header",
- "email-message-id",
- "email-mime-boundary",
- "email-reply-to",
- "email-src",
- "email-src-display-name",
- "email-subject",
- "email-thread-index",
- "email-x-mailer",
- "filename",
- "filename|authentihash",
- "filename|impfuzzy",
- "filename|imphash",
- "filename|md5",
- "filename|pehash",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|ssdeep",
- "filename|tlsh",
- "hex",
- "hostname",
- "hostname|port",
- "impfuzzy",
- "imphash",
- "ip-dst",
- "ip-dst|port",
- "ip-src",
- "ip-src|port",
- "ja3-fingerprint-md5",
- "link",
- "mac-address",
- "mac-eui-64",
- "malware-sample",
- "malware-type",
- "md5",
- "mime-type",
- "mobile-application-id",
- "other",
- "pattern-in-file",
- "pattern-in-traffic",
- "pehash",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "sigma",
- "ssdeep",
- "stix2-pattern",
- "text",
- "tlsh",
- "url",
- "user-agent",
- "vulnerability",
- "whois-registrant-email",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256",
- "yara"
- ],
- "Payload installation": [
- "attachment",
- "authentihash",
- "cdhash",
- "comment",
- "filename",
- "filename|authentihash",
- "filename|impfuzzy",
- "filename|imphash",
- "filename|md5",
- "filename|pehash",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|ssdeep",
- "filename|tlsh",
- "hex",
- "impfuzzy",
- "imphash",
- "malware-sample",
- "malware-type",
- "md5",
- "mime-type",
- "mobile-application-id",
- "other",
- "pattern-in-file",
- "pattern-in-memory",
- "pattern-in-traffic",
- "pehash",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
- "sha512/224",
- "sha512/256",
- "sigma",
- "ssdeep",
- "stix2-pattern",
- "text",
- "tlsh",
- "vulnerability",
- "x509-fingerprint-md5",
- "x509-fingerprint-sha1",
- "x509-fingerprint-sha256",
- "yara"
- ],
- "Payload type": [
- "comment",
- "other",
- "text"
- ],
- "Persistence mechanism": [
- "comment",
- "filename",
- "hex",
- "other",
- "regkey",
- "regkey|value",
- "text"
- ],
- "Person": [
- "comment",
- "country-of-residence",
- "date-of-birth",
- "first-name",
- "frequent-flyer-number",
- "gender",
- "identity-card-number",
- "issue-date-of-the-visa",
- "last-name",
- "middle-name",
- "nationality",
- "other",
- "passenger-name-record-locator-number",
- "passport-country",
- "passport-expiration",
- "passport-number",
- "payment-details",
- "phone-number",
- "place-of-birth",
- "place-port-of-clearance",
- "place-port-of-onward-foreign-destination",
- "place-port-of-original-embarkation",
- "primary-residence",
- "redress-number",
- "special-service-request",
- "text",
- "travel-details",
- "visa-number"
- ],
- "Social network": [
- "comment",
- "email-dst",
- "email-src",
- "github-organisation",
- "github-repository",
- "github-username",
- "jabber-id",
- "other",
- "text",
- "twitter-id",
- "whois-registrant-email"
- ],
- "Support Tool": [
- "attachment",
- "comment",
- "hex",
- "link",
- "other",
- "text"
- ],
- "Targeting data": [
- "comment",
- "target-email",
- "target-external",
- "target-location",
- "target-machine",
- "target-org",
- "target-user"
- ]
- },
"sane_defaults": {
- "AS": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "aba-rtn": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "attachment": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "authentihash": {
+ "md5": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "bank-account-nr": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "bic": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "bin": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "boolean": {
- "default_category": "Other",
- "to_ids": 0
- },
- "bro": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "btc": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "campaign-id": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "campaign-name": {
- "default_category": "Attribution",
- "to_ids": 0
- },
- "cc-number": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "cdhash": {
+ "sha1": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "comment": {
- "default_category": "Other",
+ "sha256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "pdb": {
+ "default_category": "Artifacts dropped",
"to_ids": 0
},
- "cookie": {
+ "filename|md5": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha1": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "ip-src": {
"default_category": "Network activity",
- "to_ids": 0
+ "to_ids": 1
},
- "cortex": {
- "default_category": "External analysis",
- "to_ids": 0
+ "ip-dst": {
+ "default_category": "Network activity",
+ "to_ids": 1
},
- "counter": {
- "default_category": "Other",
- "to_ids": 0
- },
- "country-of-residence": {
- "default_category": "Person",
- "to_ids": 0
- },
- "cpe": {
- "default_category": "Other",
- "to_ids": 0
- },
- "date-of-birth": {
- "default_category": "Person",
- "to_ids": 0
- },
- "datetime": {
- "default_category": "Other",
- "to_ids": 0
- },
- "dns-soa-email": {
- "default_category": "Attribution",
- "to_ids": 0
+ "hostname": {
+ "default_category": "Network activity",
+ "to_ids": 1
},
"domain": {
"default_category": "Network activity",
@@ -517,6 +53,18 @@
"default_category": "Network activity",
"to_ids": 1
},
+ "email-src": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "email-dst": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "email-subject": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
"email-attachment": {
"default_category": "Payload delivery",
"to_ids": 1
@@ -525,151 +73,11 @@
"default_category": "Payload delivery",
"to_ids": 0
},
- "email-dst": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "email-dst-display-name": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-header": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-message-id": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-mime-boundary": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-reply-to": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-src": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "email-src-display-name": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-subject": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-thread-index": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "email-x-mailer": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "filename": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|authentihash": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|impfuzzy": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|imphash": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|md5": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|pehash": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha1": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha224": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha256": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha384": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha512": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha512/224": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|sha512/256": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|ssdeep": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "filename|tlsh": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "first-name": {
- "default_category": "Person",
- "to_ids": 0
- },
"float": {
"default_category": "Other",
"to_ids": 0
},
- "frequent-flyer-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "gender": {
- "default_category": "Person",
- "to_ids": 0
- },
- "gene": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "github-organisation": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "github-repository": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "github-username": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "hex": {
- "default_category": "Other",
- "to_ids": 0
- },
- "hostname": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "hostname|port": {
+ "url": {
"default_category": "Network activity",
"to_ids": 1
},
@@ -677,182 +85,14 @@
"default_category": "Network activity",
"to_ids": 0
},
- "iban": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "identity-card-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "impfuzzy": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "imphash": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "ip-dst": {
+ "user-agent": {
"default_category": "Network activity",
- "to_ids": 1
- },
- "ip-dst|port": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "ip-src": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "ip-src|port": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "issue-date-of-the-visa": {
- "default_category": "Person",
"to_ids": 0
},
"ja3-fingerprint-md5": {
"default_category": "Network activity",
"to_ids": 1
},
- "jabber-id": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "last-name": {
- "default_category": "Person",
- "to_ids": 0
- },
- "link": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "mac-address": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "mac-eui-64": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "malware-sample": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "malware-type": {
- "default_category": "Payload delivery",
- "to_ids": 0
- },
- "md5": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "middle-name": {
- "default_category": "Person",
- "to_ids": 0
- },
- "mime-type": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "mobile-application-id": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "mutex": {
- "default_category": "Artifacts dropped",
- "to_ids": 1
- },
- "named pipe": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "nationality": {
- "default_category": "Person",
- "to_ids": 0
- },
- "other": {
- "default_category": "Other",
- "to_ids": 0
- },
- "passenger-name-record-locator-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "passport-country": {
- "default_category": "Person",
- "to_ids": 0
- },
- "passport-expiration": {
- "default_category": "Person",
- "to_ids": 0
- },
- "passport-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "pattern-in-file": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "pattern-in-memory": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "pattern-in-traffic": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "payment-details": {
- "default_category": "Person",
- "to_ids": 0
- },
- "pdb": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "pehash": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "phone-number": {
- "default_category": "Person",
- "to_ids": 0
- },
- "place-of-birth": {
- "default_category": "Person",
- "to_ids": 0
- },
- "place-port-of-clearance": {
- "default_category": "Person",
- "to_ids": 0
- },
- "place-port-of-onward-foreign-destination": {
- "default_category": "Person",
- "to_ids": 0
- },
- "place-port-of-original-embarkation": {
- "default_category": "Person",
- "to_ids": 0
- },
- "port": {
- "default_category": "Network activity",
- "to_ids": 0
- },
- "primary-residence": {
- "default_category": "Person",
- "to_ids": 0
- },
- "prtn": {
- "default_category": "Financial fraud",
- "to_ids": 1
- },
- "redress-number": {
- "default_category": "Person",
- "to_ids": 0
- },
"regkey": {
"default_category": "Persistence mechanism",
"to_ids": 1
@@ -861,7 +101,199 @@
"default_category": "Persistence mechanism",
"to_ids": 1
},
- "sha1": {
+ "AS": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "snort": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "bro": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "pattern-in-file": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "pattern-in-traffic": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "pattern-in-memory": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "yara": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "stix2-pattern": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "sigma": {
+ "default_category": "Payload installation",
+ "to_ids": 1
+ },
+ "gene": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "mime-type": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "identity-card-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "cookie": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "vulnerability": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
+ "attachment": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
+ "malware-sample": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "link": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
+ "comment": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "text": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "hex": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "other": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "named pipe": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 0
+ },
+ "mutex": {
+ "default_category": "Artifacts dropped",
+ "to_ids": 1
+ },
+ "target-user": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-email": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-machine": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-org": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-location": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "target-external": {
+ "default_category": "Targeting data",
+ "to_ids": 0
+ },
+ "btc": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "xmr": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "iban": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "bic": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "bank-account-nr": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "aba-rtn": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "bin": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "cc-number": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "prtn": {
+ "default_category": "Financial fraud",
+ "to_ids": 1
+ },
+ "phone-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "threat-actor": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "campaign-name": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "campaign-id": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "malware-type": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "uri": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "authentihash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "ssdeep": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "imphash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "pehash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "impfuzzy": {
"default_category": "Payload delivery",
"to_ids": 1
},
@@ -869,10 +301,6 @@
"default_category": "Payload delivery",
"to_ids": 1
},
- "sha256": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
"sha384": {
"default_category": "Payload delivery",
"to_ids": 1
@@ -889,102 +317,78 @@
"default_category": "Payload delivery",
"to_ids": 1
},
- "sigma": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "size-in-bytes": {
- "default_category": "Other",
- "to_ids": 0
- },
- "snort": {
- "default_category": "Network activity",
- "to_ids": 1
- },
- "special-service-request": {
- "default_category": "Person",
- "to_ids": 0
- },
- "ssdeep": {
- "default_category": "Payload delivery",
- "to_ids": 1
- },
- "stix2-pattern": {
- "default_category": "Payload installation",
- "to_ids": 1
- },
- "target-email": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-external": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-location": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-machine": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-org": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "target-user": {
- "default_category": "Targeting data",
- "to_ids": 0
- },
- "text": {
- "default_category": "Other",
- "to_ids": 0
- },
- "threat-actor": {
- "default_category": "Attribution",
- "to_ids": 0
- },
"tlsh": {
"default_category": "Payload delivery",
"to_ids": 1
},
- "travel-details": {
- "default_category": "Person",
- "to_ids": 0
- },
- "twitter-id": {
- "default_category": "Social network",
- "to_ids": 0
- },
- "uri": {
- "default_category": "Network activity",
+ "cdhash": {
+ "default_category": "Payload delivery",
"to_ids": 1
},
- "url": {
- "default_category": "Network activity",
+ "filename|authentihash": {
+ "default_category": "Payload delivery",
"to_ids": 1
},
- "user-agent": {
- "default_category": "Network activity",
+ "filename|ssdeep": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|imphash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|impfuzzy": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|pehash": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha224": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha384": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha512": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha512/224": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|sha512/256": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "filename|tlsh": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "windows-scheduled-task": {
+ "default_category": "Artifacts dropped",
"to_ids": 0
},
- "visa-number": {
- "default_category": "Person",
+ "windows-service-name": {
+ "default_category": "Artifacts dropped",
"to_ids": 0
},
- "vulnerability": {
- "default_category": "External analysis",
- "to_ids": 0
- },
- "whois-creation-date": {
- "default_category": "Attribution",
+ "windows-service-displayname": {
+ "default_category": "Artifacts dropped",
"to_ids": 0
},
"whois-registrant-email": {
"default_category": "Attribution",
"to_ids": 0
},
+ "whois-registrant-phone": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
"whois-registrant-name": {
"default_category": "Attribution",
"to_ids": 0
@@ -993,31 +397,19 @@
"default_category": "Attribution",
"to_ids": 0
},
- "whois-registrant-phone": {
- "default_category": "Attribution",
- "to_ids": 0
- },
"whois-registrar": {
"default_category": "Attribution",
"to_ids": 0
},
- "windows-scheduled-task": {
- "default_category": "Artifacts dropped",
+ "whois-creation-date": {
+ "default_category": "Attribution",
"to_ids": 0
},
- "windows-service-displayname": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "windows-service-name": {
- "default_category": "Artifacts dropped",
- "to_ids": 0
- },
- "x509-fingerprint-md5": {
+ "x509-fingerprint-sha1": {
"default_category": "Network activity",
"to_ids": 1
},
- "x509-fingerprint-sha1": {
+ "x509-fingerprint-md5": {
"default_category": "Network activity",
"to_ids": 1
},
@@ -1025,170 +417,778 @@
"default_category": "Network activity",
"to_ids": 1
},
- "xmr": {
- "default_category": "Financial fraud",
+ "dns-soa-email": {
+ "default_category": "Attribution",
+ "to_ids": 0
+ },
+ "size-in-bytes": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "counter": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "datetime": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "cpe": {
+ "default_category": "Other",
+ "to_ids": 0
+ },
+ "port": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "ip-dst|port": {
+ "default_category": "Network activity",
"to_ids": 1
},
- "yara": {
- "default_category": "Payload installation",
+ "ip-src|port": {
+ "default_category": "Network activity",
"to_ids": 1
+ },
+ "hostname|port": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
+ "mac-address": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "mac-eui-64": {
+ "default_category": "Network activity",
+ "to_ids": 0
+ },
+ "email-dst-display-name": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-src-display-name": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-header": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-reply-to": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-x-mailer": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-mime-boundary": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-thread-index": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "email-message-id": {
+ "default_category": "Payload delivery",
+ "to_ids": 0
+ },
+ "github-username": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "github-repository": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "github-organisation": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "jabber-id": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "twitter-id": {
+ "default_category": "Social network",
+ "to_ids": 0
+ },
+ "first-name": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "middle-name": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "last-name": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "date-of-birth": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "place-of-birth": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "gender": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "passport-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "passport-country": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "passport-expiration": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "redress-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "nationality": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "visa-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "issue-date-of-the-visa": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "primary-residence": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "country-of-residence": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "special-service-request": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "frequent-flyer-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "travel-details": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "payment-details": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "place-port-of-original-embarkation": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "place-port-of-clearance": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "place-port-of-onward-foreign-destination": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "passenger-name-record-locator-number": {
+ "default_category": "Person",
+ "to_ids": 0
+ },
+ "mobile-application-id": {
+ "default_category": "Payload delivery",
+ "to_ids": 1
+ },
+ "cortex": {
+ "default_category": "External analysis",
+ "to_ids": 0
+ },
+ "boolean": {
+ "default_category": "Other",
+ "to_ids": 0
}
},
"types": [
- "AS",
- "aba-rtn",
- "attachment",
- "authentihash",
- "bank-account-nr",
- "bic",
- "bin",
- "boolean",
- "bro",
- "btc",
- "campaign-id",
- "campaign-name",
- "cc-number",
- "cdhash",
- "comment",
- "cookie",
- "cortex",
- "counter",
- "country-of-residence",
- "cpe",
- "date-of-birth",
- "datetime",
- "dns-soa-email",
+ "md5",
+ "sha1",
+ "sha256",
+ "filename",
+ "pdb",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha256",
+ "ip-src",
+ "ip-dst",
+ "hostname",
"domain",
"domain|ip",
+ "email-src",
+ "email-dst",
+ "email-subject",
"email-attachment",
"email-body",
- "email-dst",
- "email-dst-display-name",
- "email-header",
- "email-message-id",
- "email-mime-boundary",
- "email-reply-to",
- "email-src",
- "email-src-display-name",
- "email-subject",
- "email-thread-index",
- "email-x-mailer",
- "filename",
- "filename|authentihash",
- "filename|impfuzzy",
- "filename|imphash",
- "filename|md5",
- "filename|pehash",
- "filename|sha1",
- "filename|sha224",
- "filename|sha256",
- "filename|sha384",
- "filename|sha512",
- "filename|sha512/224",
- "filename|sha512/256",
- "filename|ssdeep",
- "filename|tlsh",
- "first-name",
"float",
- "frequent-flyer-number",
- "gender",
- "gene",
- "github-organisation",
- "github-repository",
- "github-username",
- "hex",
- "hostname",
- "hostname|port",
+ "url",
"http-method",
- "iban",
- "identity-card-number",
- "impfuzzy",
- "imphash",
- "ip-dst",
- "ip-dst|port",
- "ip-src",
- "ip-src|port",
- "issue-date-of-the-visa",
+ "user-agent",
"ja3-fingerprint-md5",
- "jabber-id",
- "last-name",
- "link",
- "mac-address",
- "mac-eui-64",
- "malware-sample",
- "malware-type",
- "md5",
- "middle-name",
- "mime-type",
- "mobile-application-id",
- "mutex",
- "named pipe",
- "nationality",
- "other",
- "passenger-name-record-locator-number",
- "passport-country",
- "passport-expiration",
- "passport-number",
- "pattern-in-file",
- "pattern-in-memory",
- "pattern-in-traffic",
- "payment-details",
- "pdb",
- "pehash",
- "phone-number",
- "place-of-birth",
- "place-port-of-clearance",
- "place-port-of-onward-foreign-destination",
- "place-port-of-original-embarkation",
- "port",
- "primary-residence",
- "prtn",
- "redress-number",
"regkey",
"regkey|value",
- "sha1",
+ "AS",
+ "snort",
+ "bro",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "pattern-in-memory",
+ "yara",
+ "stix2-pattern",
+ "sigma",
+ "gene",
+ "mime-type",
+ "identity-card-number",
+ "cookie",
+ "vulnerability",
+ "attachment",
+ "malware-sample",
+ "link",
+ "comment",
+ "text",
+ "hex",
+ "other",
+ "named pipe",
+ "mutex",
+ "target-user",
+ "target-email",
+ "target-machine",
+ "target-org",
+ "target-location",
+ "target-external",
+ "btc",
+ "xmr",
+ "iban",
+ "bic",
+ "bank-account-nr",
+ "aba-rtn",
+ "bin",
+ "cc-number",
+ "prtn",
+ "phone-number",
+ "threat-actor",
+ "campaign-name",
+ "campaign-id",
+ "malware-type",
+ "uri",
+ "authentihash",
+ "ssdeep",
+ "imphash",
+ "pehash",
+ "impfuzzy",
"sha224",
- "sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
- "sigma",
- "size-in-bytes",
- "snort",
- "special-service-request",
- "ssdeep",
- "stix2-pattern",
- "target-email",
- "target-external",
- "target-location",
- "target-machine",
- "target-org",
- "target-user",
- "text",
- "threat-actor",
"tlsh",
- "travel-details",
- "twitter-id",
- "uri",
- "url",
- "user-agent",
- "visa-number",
- "vulnerability",
- "whois-creation-date",
+ "cdhash",
+ "filename|authentihash",
+ "filename|ssdeep",
+ "filename|imphash",
+ "filename|impfuzzy",
+ "filename|pehash",
+ "filename|sha224",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|tlsh",
+ "windows-scheduled-task",
+ "windows-service-name",
+ "windows-service-displayname",
"whois-registrant-email",
+ "whois-registrant-phone",
"whois-registrant-name",
"whois-registrant-org",
- "whois-registrant-phone",
"whois-registrar",
- "windows-scheduled-task",
- "windows-service-displayname",
- "windows-service-name",
- "x509-fingerprint-md5",
+ "whois-creation-date",
"x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
"x509-fingerprint-sha256",
- "xmr",
- "yara"
- ]
+ "dns-soa-email",
+ "size-in-bytes",
+ "counter",
+ "datetime",
+ "cpe",
+ "port",
+ "ip-dst|port",
+ "ip-src|port",
+ "hostname|port",
+ "mac-address",
+ "mac-eui-64",
+ "email-dst-display-name",
+ "email-src-display-name",
+ "email-header",
+ "email-reply-to",
+ "email-x-mailer",
+ "email-mime-boundary",
+ "email-thread-index",
+ "email-message-id",
+ "github-username",
+ "github-repository",
+ "github-organisation",
+ "jabber-id",
+ "twitter-id",
+ "first-name",
+ "middle-name",
+ "last-name",
+ "date-of-birth",
+ "place-of-birth",
+ "gender",
+ "passport-number",
+ "passport-country",
+ "passport-expiration",
+ "redress-number",
+ "nationality",
+ "visa-number",
+ "issue-date-of-the-visa",
+ "primary-residence",
+ "country-of-residence",
+ "special-service-request",
+ "frequent-flyer-number",
+ "travel-details",
+ "payment-details",
+ "place-port-of-original-embarkation",
+ "place-port-of-clearance",
+ "place-port-of-onward-foreign-destination",
+ "passenger-name-record-locator-number",
+ "mobile-application-id",
+ "cortex",
+ "boolean"
+ ],
+ "categories": [
+ "Internal reference",
+ "Targeting data",
+ "Antivirus detection",
+ "Payload delivery",
+ "Artifacts dropped",
+ "Payload installation",
+ "Persistence mechanism",
+ "Network activity",
+ "Payload type",
+ "Attribution",
+ "External analysis",
+ "Financial fraud",
+ "Support Tool",
+ "Social network",
+ "Person",
+ "Other"
+ ],
+ "category_type_mappings": {
+ "Internal reference": [
+ "text",
+ "link",
+ "comment",
+ "other",
+ "hex"
+ ],
+ "Targeting data": [
+ "target-user",
+ "target-email",
+ "target-machine",
+ "target-org",
+ "target-location",
+ "target-external",
+ "comment"
+ ],
+ "Antivirus detection": [
+ "link",
+ "comment",
+ "text",
+ "hex",
+ "attachment",
+ "other"
+ ],
+ "Payload delivery": [
+ "md5",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "ssdeep",
+ "imphash",
+ "impfuzzy",
+ "authentihash",
+ "pehash",
+ "tlsh",
+ "cdhash",
+ "filename",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|authentihash",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "filename|imphash",
+ "filename|impfuzzy",
+ "filename|pehash",
+ "mac-address",
+ "mac-eui-64",
+ "ip-src",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src|port",
+ "hostname",
+ "domain",
+ "email-src",
+ "email-dst",
+ "email-subject",
+ "email-attachment",
+ "email-body",
+ "url",
+ "user-agent",
+ "AS",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "stix2-pattern",
+ "yara",
+ "sigma",
+ "mime-type",
+ "attachment",
+ "malware-sample",
+ "link",
+ "malware-type",
+ "comment",
+ "text",
+ "hex",
+ "vulnerability",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha256",
+ "ja3-fingerprint-md5",
+ "other",
+ "hostname|port",
+ "email-dst-display-name",
+ "email-src-display-name",
+ "email-header",
+ "email-reply-to",
+ "email-x-mailer",
+ "email-mime-boundary",
+ "email-thread-index",
+ "email-message-id",
+ "mobile-application-id",
+ "whois-registrant-email"
+ ],
+ "Artifacts dropped": [
+ "md5",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "ssdeep",
+ "imphash",
+ "impfuzzy",
+ "authentihash",
+ "cdhash",
+ "filename",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|authentihash",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "filename|imphash",
+ "filename|impfuzzy",
+ "filename|pehash",
+ "regkey",
+ "regkey|value",
+ "pattern-in-file",
+ "pattern-in-memory",
+ "pdb",
+ "stix2-pattern",
+ "yara",
+ "sigma",
+ "attachment",
+ "malware-sample",
+ "named pipe",
+ "mutex",
+ "windows-scheduled-task",
+ "windows-service-name",
+ "windows-service-displayname",
+ "comment",
+ "text",
+ "hex",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha256",
+ "other",
+ "cookie",
+ "gene",
+ "mime-type"
+ ],
+ "Payload installation": [
+ "md5",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ "sha512/224",
+ "sha512/256",
+ "ssdeep",
+ "imphash",
+ "impfuzzy",
+ "authentihash",
+ "pehash",
+ "tlsh",
+ "cdhash",
+ "filename",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha224",
+ "filename|sha256",
+ "filename|sha384",
+ "filename|sha512",
+ "filename|sha512/224",
+ "filename|sha512/256",
+ "filename|authentihash",
+ "filename|ssdeep",
+ "filename|tlsh",
+ "filename|imphash",
+ "filename|impfuzzy",
+ "filename|pehash",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "pattern-in-memory",
+ "stix2-pattern",
+ "yara",
+ "sigma",
+ "vulnerability",
+ "attachment",
+ "malware-sample",
+ "malware-type",
+ "comment",
+ "text",
+ "hex",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha256",
+ "mobile-application-id",
+ "other",
+ "mime-type"
+ ],
+ "Persistence mechanism": [
+ "filename",
+ "regkey",
+ "regkey|value",
+ "comment",
+ "text",
+ "other",
+ "hex"
+ ],
+ "Network activity": [
+ "ip-src",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src|port",
+ "port",
+ "hostname",
+ "domain",
+ "domain|ip",
+ "mac-address",
+ "mac-eui-64",
+ "email-dst",
+ "url",
+ "uri",
+ "user-agent",
+ "http-method",
+ "AS",
+ "snort",
+ "pattern-in-file",
+ "stix2-pattern",
+ "pattern-in-traffic",
+ "attachment",
+ "comment",
+ "text",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-sha256",
+ "ja3-fingerprint-md5",
+ "other",
+ "hex",
+ "cookie",
+ "hostname|port",
+ "bro"
+ ],
+ "Payload type": [
+ "comment",
+ "text",
+ "other"
+ ],
+ "Attribution": [
+ "threat-actor",
+ "campaign-name",
+ "campaign-id",
+ "whois-registrant-phone",
+ "whois-registrant-email",
+ "whois-registrant-name",
+ "whois-registrant-org",
+ "whois-registrar",
+ "whois-creation-date",
+ "comment",
+ "text",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha256",
+ "other",
+ "dns-soa-email"
+ ],
+ "External analysis": [
+ "md5",
+ "sha1",
+ "sha256",
+ "filename",
+ "filename|md5",
+ "filename|sha1",
+ "filename|sha256",
+ "ip-src",
+ "ip-dst",
+ "ip-dst|port",
+ "ip-src|port",
+ "mac-address",
+ "mac-eui-64",
+ "hostname",
+ "domain",
+ "domain|ip",
+ "url",
+ "user-agent",
+ "regkey",
+ "regkey|value",
+ "AS",
+ "snort",
+ "bro",
+ "pattern-in-file",
+ "pattern-in-traffic",
+ "pattern-in-memory",
+ "vulnerability",
+ "attachment",
+ "malware-sample",
+ "link",
+ "comment",
+ "text",
+ "x509-fingerprint-sha1",
+ "x509-fingerprint-md5",
+ "x509-fingerprint-sha256",
+ "ja3-fingerprint-md5",
+ "github-repository",
+ "other",
+ "cortex"
+ ],
+ "Financial fraud": [
+ "btc",
+ "xmr",
+ "iban",
+ "bic",
+ "bank-account-nr",
+ "aba-rtn",
+ "bin",
+ "cc-number",
+ "prtn",
+ "phone-number",
+ "comment",
+ "text",
+ "other",
+ "hex"
+ ],
+ "Support Tool": [
+ "link",
+ "text",
+ "attachment",
+ "comment",
+ "other",
+ "hex"
+ ],
+ "Social network": [
+ "github-username",
+ "github-repository",
+ "github-organisation",
+ "jabber-id",
+ "twitter-id",
+ "email-src",
+ "email-dst",
+ "comment",
+ "text",
+ "other",
+ "whois-registrant-email"
+ ],
+ "Person": [
+ "first-name",
+ "middle-name",
+ "last-name",
+ "date-of-birth",
+ "place-of-birth",
+ "gender",
+ "passport-number",
+ "passport-country",
+ "passport-expiration",
+ "redress-number",
+ "nationality",
+ "visa-number",
+ "issue-date-of-the-visa",
+ "primary-residence",
+ "country-of-residence",
+ "special-service-request",
+ "frequent-flyer-number",
+ "travel-details",
+ "payment-details",
+ "place-port-of-original-embarkation",
+ "place-port-of-clearance",
+ "place-port-of-onward-foreign-destination",
+ "passenger-name-record-locator-number",
+ "comment",
+ "text",
+ "other",
+ "phone-number",
+ "identity-card-number"
+ ],
+ "Other": [
+ "comment",
+ "text",
+ "other",
+ "size-in-bytes",
+ "counter",
+ "datetime",
+ "cpe",
+ "port",
+ "float",
+ "hex",
+ "phone-number",
+ "boolean"
+ ]
+ }
}
}
From 2c882c1887807ef8c8462f582415470448e5d68c Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Sun, 30 Dec 2018 16:18:27 +0100
Subject: [PATCH 3/3] chg: [misp-objects] templates updated to the latest
version
---
pymisp/data/misp-objects | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects
index 11a462e..b659345 160000
--- a/pymisp/data/misp-objects
+++ b/pymisp/data/misp-objects
@@ -1 +1 @@
-Subproject commit 11a462e79b02428a08b11698d45aa8aa5ab6887d
+Subproject commit b6593451c2eb7765246e94cb88b650f2a65428ce