MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #318 from cvandeplas/master 

sort describeTypes.json output
pull/325/head
Alexandre Dulaunoy 2018-12-20 13:37:36 +01:00 committed by GitHub
parent 268241cb4f bfbaa70ee3
commit 748a310052
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 408 additions and 408 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

816
pymisp/data/describeTypes.json
View File

@ -1,48 +1,44 @@
{ {
"result": { "result": {
"categories": [ "categories": [
"Internal reference",
"Targeting data",
"Antivirus detection", "Antivirus detection",
"Payload delivery",
"Artifacts dropped", "Artifacts dropped",
"Payload installation",
"Persistence mechanism",
"Network activity",
"Payload type",
"Attribution", "Attribution",
"External analysis", "External analysis",
"Financial fraud", "Financial fraud",
"Support Tool", "Internal reference",
"Social network", "Network activity",
"Other",
"Payload delivery",
"Payload installation",
"Payload type",
"Persistence mechanism",
"Person", "Person",
"Other" "Social network",
"Support Tool",
"Targeting data"
], ],
"category_type_mappings": { "category_type_mappings": {
"Antivirus detection": [ "Antivirus detection": [
"link",
"comment",
"text",
"hex",
"attachment", "attachment",
"other" "comment",
"hex",
"link",
"other",
"text"
], ],
"Artifacts dropped": [ "Artifacts dropped": [
"md5", "attachment",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"ssdeep",
"imphash",
"impfuzzy",
"authentihash", "authentihash",
"cdhash", "cdhash",
"comment",
"cookie",
"filename", "filename",
"filename|authentihash",
"filename|impfuzzy",
"filename|imphash",
"filename|md5", "filename|md5",
"filename|pehash",
"filename|sha1", "filename|sha1",
"filename|sha224", "filename|sha224",
"filename|sha256", "filename|sha256",
@ -50,261 +46,196 @@
"filename|sha512", "filename|sha512",
"filename|sha512/224", "filename|sha512/224",
"filename|sha512/256", "filename|sha512/256",
"filename|authentihash",
"filename|ssdeep", "filename|ssdeep",
"filename|tlsh", "filename|tlsh",
"filename|imphash", "gene",
"filename|impfuzzy", "hex",
"filename|pehash", "impfuzzy",
"regkey", "imphash",
"regkey|value", "malware-sample",
"md5",
"mime-type",
"mutex",
"named pipe",
"other",
"pattern-in-file", "pattern-in-file",
"pattern-in-memory", "pattern-in-memory",
"pdb", "pdb",
"stix2-pattern", "regkey",
"yara", "regkey|value",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"sigma", "sigma",
"attachment", "ssdeep",
"malware-sample", "stix2-pattern",
"named pipe",
"mutex",
"windows-scheduled-task",
"windows-service-name",
"windows-service-displayname",
"comment",
"text", "text",
"hex", "windows-scheduled-task",
"x509-fingerprint-sha1", "windows-service-displayname",
"windows-service-name",
"x509-fingerprint-md5", "x509-fingerprint-md5",
"x509-fingerprint-sha1",
"x509-fingerprint-sha256", "x509-fingerprint-sha256",
"other", "yara"
"cookie",
"gene",
"mime-type"
], ],
"Attribution": [ "Attribution": [
"threat-actor",
"campaign-name",
"campaign-id", "campaign-id",
"whois-registrant-phone", "campaign-name",
"comment",
"dns-soa-email",
"other",
"text",
"threat-actor",
"whois-creation-date",
"whois-registrant-email", "whois-registrant-email",
"whois-registrant-name", "whois-registrant-name",
"whois-registrant-org", "whois-registrant-org",
"whois-registrant-phone",
"whois-registrar", "whois-registrar",
"whois-creation-date",
"comment",
"text",
"x509-fingerprint-sha1",
"x509-fingerprint-md5", "x509-fingerprint-md5",
"x509-fingerprint-sha256", "x509-fingerprint-sha1",
"other", "x509-fingerprint-sha256"
"dns-soa-email"
], ],
"External analysis": [ "External analysis": [
"md5", "AS",
"sha1", "attachment",
"sha256", "bro",
"comment",
"cortex",
"domain",
"domain|ip",
"filename", "filename",
"filename|md5", "filename|md5",
"filename|sha1", "filename|sha1",
"filename|sha256", "filename|sha256",
"ip-src", "github-repository",
"hostname",
"ip-dst", "ip-dst",
"ip-dst|port", "ip-dst|port",
"ip-src",
"ip-src|port", "ip-src|port",
"link",
"mac-address", "mac-address",
"mac-eui-64", "mac-eui-64",
"hostname", "malware-sample",
"domain", "md5",
"domain|ip", "other",
"url", "pattern-in-file",
"user-agent", "pattern-in-memory",
"pattern-in-traffic",
"regkey", "regkey",
"regkey|value", "regkey|value",
"AS", "sha1",
"sha256",
"snort", "snort",
"bro",
"pattern-in-file",
"pattern-in-traffic",
"pattern-in-memory",
"vulnerability",
"attachment",
"malware-sample",
"link",
"comment",
"text", "text",
"x509-fingerprint-sha1", "url",
"user-agent",
"vulnerability",
"x509-fingerprint-md5", "x509-fingerprint-md5",
"x509-fingerprint-sha256", "x509-fingerprint-sha1",
"github-repository", "x509-fingerprint-sha256"
"other",
"cortex"
], ],
"Financial fraud": [ "Financial fraud": [
"btc",
"xmr",
"iban",
"bic",
"bank-account-nr",
"aba-rtn", "aba-rtn",
"bank-account-nr",
"bic",
"bin", "bin",
"btc",
"cc-number", "cc-number",
"prtn",
"phone-number",
"comment", "comment",
"text", "hex",
"iban",
"other", "other",
"hex" "phone-number",
"prtn",
"text",
"xmr"
], ],
"Internal reference": [ "Internal reference": [
"text",
"link",
"comment", "comment",
"hex",
"link",
"other", "other",
"hex" "text"
], ],
"Network activity": [ "Network activity": [
"ip-src", "AS",
"ip-dst", "attachment",
"ip-dst|port", "bro",
"ip-src|port", "comment",
"port", "cookie",
"hostname",
"domain", "domain",
"domain|ip", "domain|ip",
"mac-address",
"mac-eui-64",
"email-dst", "email-dst",
"url",
"uri",
"user-agent",
"http-method",
"AS",
"snort",
"pattern-in-file",
"stix2-pattern",
"pattern-in-traffic",
"attachment",
"comment",
"text",
"x509-fingerprint-md5",
"x509-fingerprint-sha1",
"x509-fingerprint-sha256",
"other",
"hex", "hex",
"cookie", "hostname",
"hostname|port", "hostname|port",
"bro" "http-method",
],
"Other": [
"comment",
"text",
"other",
"size-in-bytes",
"counter",
"datetime",
"cpe",
"port",
"float",
"hex",
"phone-number",
"boolean"
],
"Payload delivery": [
"md5",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"ssdeep",
"imphash",
"impfuzzy",
"authentihash",
"pehash",
"tlsh",
"cdhash",
"filename",
"filename|md5",
"filename|sha1",
"filename|sha224",
"filename|sha256",
"filename|sha384",
"filename|sha512",
"filename|sha512/224",
"filename|sha512/256",
"filename|authentihash",
"filename|ssdeep",
"filename|tlsh",
"filename|imphash",
"filename|impfuzzy",
"filename|pehash",
"mac-address",
"mac-eui-64",
"ip-src",
"ip-dst", "ip-dst",
"ip-dst|port", "ip-dst|port",
"ip-src",
"ip-src|port", "ip-src|port",
"hostname", "mac-address",
"domain", "mac-eui-64",
"email-src", "other",
"email-dst",
"email-subject",
"email-attachment",
"email-body",
"url",
"user-agent",
"AS",
"pattern-in-file", "pattern-in-file",
"pattern-in-traffic", "pattern-in-traffic",
"port",
"snort",
"stix2-pattern", "stix2-pattern",
"yara",
"sigma",
"mime-type",
"attachment",
"malware-sample",
"link",
"malware-type",
"comment",
"text", "text",
"hex", "uri",
"vulnerability", "url",
"x509-fingerprint-sha1", "user-agent",
"x509-fingerprint-md5", "x509-fingerprint-md5",
"x509-fingerprint-sha256", "x509-fingerprint-sha1",
"other", "x509-fingerprint-sha256"
"hostname|port",
"email-dst-display-name",
"email-src-display-name",
"email-header",
"email-reply-to",
"email-x-mailer",
"email-mime-boundary",
"email-thread-index",
"email-message-id",
"mobile-application-id",
"whois-registrant-email"
], ],
"Payload installation": [ "Other": [
"md5", "boolean",
"sha1", "comment",
"sha224", "counter",
"sha256", "cpe",
"sha384", "datetime",
"sha512", "float",
"sha512/224", "hex",
"sha512/256", "other",
"ssdeep", "phone-number",
"imphash", "port",
"impfuzzy", "size-in-bytes",
"text"
],
"Payload delivery": [
"AS",
"attachment",
"authentihash", "authentihash",
"pehash",
"tlsh",
"cdhash", "cdhash",
"comment",
"domain",
"email-attachment",
"email-body",
"email-dst",
"email-dst-display-name",
"email-header",
"email-message-id",
"email-mime-boundary",
"email-reply-to",
"email-src",
"email-src-display-name",
"email-subject",
"email-thread-index",
"email-x-mailer",
"filename", "filename",
"filename|authentihash",
"filename|impfuzzy",
"filename|imphash",
"filename|md5", "filename|md5",
"filename|pehash",
"filename|sha1", "filename|sha1",
"filename|sha224", "filename|sha224",
"filename|sha256", "filename|sha256",
@ -312,105 +243,174 @@
"filename|sha512", "filename|sha512",
"filename|sha512/224", "filename|sha512/224",
"filename|sha512/256", "filename|sha512/256",
"filename|authentihash",
"filename|ssdeep", "filename|ssdeep",
"filename|tlsh", "filename|tlsh",
"filename|imphash", "hex",
"filename|impfuzzy", "hostname",
"filename|pehash", "hostname|port",
"pattern-in-file", "impfuzzy",
"pattern-in-traffic", "imphash",
"pattern-in-memory", "ip-dst",
"stix2-pattern", "ip-dst|port",
"yara", "ip-src",
"sigma", "ip-src|port",
"vulnerability", "link",
"attachment", "mac-address",
"mac-eui-64",
"malware-sample", "malware-sample",
"malware-type", "malware-type",
"comment", "md5",
"text", "mime-type",
"hex",
"x509-fingerprint-sha1",
"x509-fingerprint-md5",
"x509-fingerprint-sha256",
"mobile-application-id", "mobile-application-id",
"other", "other",
"mime-type" "pattern-in-file",
"pattern-in-traffic",
"pehash",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"sigma",
"ssdeep",
"stix2-pattern",
"text",
"tlsh",
"url",
"user-agent",
"vulnerability",
"whois-registrant-email",
"x509-fingerprint-md5",
"x509-fingerprint-sha1",
"x509-fingerprint-sha256",
"yara"
],
"Payload installation": [
"attachment",
"authentihash",
"cdhash",
"comment",
"filename",
"filename|authentihash",
"filename|impfuzzy",
"filename|imphash",
"filename|md5",
"filename|pehash",
"filename|sha1",
"filename|sha224",
"filename|sha256",
"filename|sha384",
"filename|sha512",
"filename|sha512/224",
"filename|sha512/256",
"filename|ssdeep",
"filename|tlsh",
"hex",
"impfuzzy",
"imphash",
"malware-sample",
"malware-type",
"md5",
"mime-type",
"mobile-application-id",
"other",
"pattern-in-file",
"pattern-in-memory",
"pattern-in-traffic",
"pehash",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"sigma",
"ssdeep",
"stix2-pattern",
"text",
"tlsh",
"vulnerability",
"x509-fingerprint-md5",
"x509-fingerprint-sha1",
"x509-fingerprint-sha256",
"yara"
], ],
"Payload type": [ "Payload type": [
"comment", "comment",
"text", "other",
"other" "text"
], ],
"Persistence mechanism": [ "Persistence mechanism": [
"comment",
"filename", "filename",
"hex",
"other",
"regkey", "regkey",
"regkey|value", "regkey|value",
"comment", "text"
"text",
"other",
"hex"
], ],
"Person": [ "Person": [
"first-name", "comment",
"middle-name", "country-of-residence",
"last-name",
"date-of-birth", "date-of-birth",
"place-of-birth", "first-name",
"frequent-flyer-number",
"gender", "gender",
"passport-number", "identity-card-number",
"issue-date-of-the-visa",
"last-name",
"middle-name",
"nationality",
"other",
"passenger-name-record-locator-number",
"passport-country", "passport-country",
"passport-expiration", "passport-expiration",
"redress-number", "passport-number",
"nationality",
"visa-number",
"issue-date-of-the-visa",
"primary-residence",
"country-of-residence",
"special-service-request",
"frequent-flyer-number",
"travel-details",
"payment-details", "payment-details",
"place-port-of-original-embarkation", "phone-number",
"place-of-birth",
"place-port-of-clearance", "place-port-of-clearance",
"place-port-of-onward-foreign-destination", "place-port-of-onward-foreign-destination",
"passenger-name-record-locator-number", "place-port-of-original-embarkation",
"comment", "primary-residence",
"redress-number",
"special-service-request",
"text", "text",
"other", "travel-details",
"phone-number", "visa-number"
"identity-card-number"
], ],
"Social network": [ "Social network": [
"github-username",
"github-repository",
"github-organisation",
"jabber-id",
"twitter-id",
"email-src",
"email-dst",
"comment", "comment",
"text", "email-dst",
"email-src",
"github-organisation",
"github-repository",
"github-username",
"jabber-id",
"other", "other",
"text",
"twitter-id",
"whois-registrant-email" "whois-registrant-email"
], ],
"Support Tool": [ "Support Tool": [
"link",
"text",
"attachment", "attachment",
"comment", "comment",
"hex",
"link",
"other", "other",
"hex" "text"
], ],
"Targeting data": [ "Targeting data": [
"target-user", "comment",
"target-email", "target-email",
"target-external",
"target-location",
"target-machine", "target-machine",
"target-org", "target-org",
"target-location", "target-user"
"target-external",
"comment"
] ]
}, },
"sane_defaults": { "sane_defaults": {
@ -1028,159 +1028,159 @@
} }
}, },
"types": [ "types": [
"md5", "AS",
"sha1", "aba-rtn",
"sha256", "attachment",
"filename", "authentihash",
"pdb", "bank-account-nr",
"filename|md5", "bic",
"filename|sha1", "bin",
"filename|sha256", "boolean",
"ip-src", "bro",
"ip-dst", "btc",
"hostname", "campaign-id",
"campaign-name",
"cc-number",
"cdhash",
"comment",
"cookie",
"cortex",
"counter",
"country-of-residence",
"cpe",
"date-of-birth",
"datetime",
"dns-soa-email",
"domain", "domain",
"domain|ip", "domain|ip",
"email-src",
"email-dst",
"email-subject",
"email-attachment", "email-attachment",
"email-body", "email-body",
"float", "email-dst",
"url", "email-dst-display-name",
"http-method", "email-header",
"user-agent", "email-message-id",
"regkey", "email-mime-boundary",
"regkey|value", "email-reply-to",
"AS", "email-src",
"snort", "email-src-display-name",
"bro", "email-subject",
"pattern-in-file", "email-thread-index",
"pattern-in-traffic", "email-x-mailer",
"pattern-in-memory", "filename",
"yara",
"stix2-pattern",
"sigma",
"gene",
"mime-type",
"identity-card-number",
"cookie",
"vulnerability",
"attachment",
"malware-sample",
"link",
"comment",
"text",
"hex",
"other",
"named pipe",
"mutex",
"target-user",
"target-email",
"target-machine",
"target-org",
"target-location",
"target-external",
"btc",
"xmr",
"iban",
"bic",
"bank-account-nr",
"aba-rtn",
"bin",
"cc-number",
"prtn",
"phone-number",
"threat-actor",
"campaign-name",
"campaign-id",
"malware-type",
"uri",
"authentihash",
"ssdeep",
"imphash",
"pehash",
"impfuzzy",
"sha224",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"tlsh",
"cdhash",
"filename|authentihash", "filename|authentihash",
"filename|ssdeep",
"filename|imphash",
"filename|impfuzzy", "filename|impfuzzy",
"filename|imphash",
"filename|md5",
"filename|pehash", "filename|pehash",
"filename|sha1",
"filename|sha224", "filename|sha224",
"filename|sha256",
"filename|sha384", "filename|sha384",
"filename|sha512", "filename|sha512",
"filename|sha512/224", "filename|sha512/224",
"filename|sha512/256", "filename|sha512/256",
"filename|ssdeep",
"filename|tlsh", "filename|tlsh",
"windows-scheduled-task", "first-name",
"windows-service-name", "float",
"windows-service-displayname", "frequent-flyer-number",
"whois-registrant-email", "gender",
"whois-registrant-phone", "gene",
"whois-registrant-name", "github-organisation",
"whois-registrant-org", "github-repository",
"whois-registrar", "github-username",
"whois-creation-date", "hex",
"x509-fingerprint-sha1", "hostname",
"x509-fingerprint-md5",
"x509-fingerprint-sha256",
"dns-soa-email",
"size-in-bytes",
"counter",
"datetime",
"cpe",
"port",
"ip-dst|port",
"ip-src|port",
"hostname|port", "hostname|port",
"http-method",
"iban",
"identity-card-number",
"impfuzzy",
"imphash",
"ip-dst",
"ip-dst|port",
"ip-src",
"ip-src|port",
"issue-date-of-the-visa",
"jabber-id",
"last-name",
"link",
"mac-address", "mac-address",
"mac-eui-64", "mac-eui-64",
"email-dst-display-name", "malware-sample",
"email-src-display-name", "malware-type",
"email-header", "md5",
"email-reply-to",
"email-x-mailer",
"email-mime-boundary",
"email-thread-index",
"email-message-id",
"github-username",
"github-repository",
"github-organisation",
"jabber-id",
"twitter-id",
"first-name",
"middle-name", "middle-name",
"last-name", "mime-type",
"date-of-birth", "mobile-application-id",
"place-of-birth", "mutex",
"gender", "named pipe",
"passport-number", "nationality",
"other",
"passenger-name-record-locator-number",
"passport-country", "passport-country",
"passport-expiration", "passport-expiration",
"redress-number", "passport-number",
"nationality", "pattern-in-file",
"visa-number", "pattern-in-memory",
"issue-date-of-the-visa", "pattern-in-traffic",
"primary-residence",
"country-of-residence",
"special-service-request",
"frequent-flyer-number",
"travel-details",
"payment-details", "payment-details",
"place-port-of-original-embarkation", "pdb",
"pehash",
"phone-number",
"place-of-birth",
"place-port-of-clearance", "place-port-of-clearance",
"place-port-of-onward-foreign-destination", "place-port-of-onward-foreign-destination",
"passenger-name-record-locator-number", "place-port-of-original-embarkation",
"mobile-application-id", "port",
"cortex", "primary-residence",
"boolean" "prtn",
"redress-number",
"regkey",
"regkey|value",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"sigma",
"size-in-bytes",
"snort",
"special-service-request",
"ssdeep",
"stix2-pattern",
"target-email",
"target-external",
"target-location",
"target-machine",
"target-org",
"target-user",
"text",
"threat-actor",
"tlsh",
"travel-details",
"twitter-id",
"uri",
"url",
"user-agent",
"visa-number",
"vulnerability",
"whois-creation-date",
"whois-registrant-email",
"whois-registrant-name",
"whois-registrant-org",
"whois-registrant-phone",
"whois-registrar",
"windows-scheduled-task",
"windows-service-displayname",
"windows-service-name",
"x509-fingerprint-md5",
"x509-fingerprint-sha1",
"x509-fingerprint-sha256",
"xmr",
"yara"
] ]
} }
} }