PyMISP/pymisp/data/describeTypes.json

1 line
10 KiB
JSON

{"result":{"sane_defaults":{"md5":{"default_category":"Payload delivery","to_ids":1},"sha1":{"default_category":"Payload delivery","to_ids":1},"sha256":{"default_category":"Payload delivery","to_ids":1},"filename":{"default_category":"Payload delivery","to_ids":1},"pdb":{"default_category":"Artifacts dropped","to_ids":0},"filename|md5":{"default_category":"Payload delivery","to_ids":1},"filename|sha1":{"default_category":"Payload delivery","to_ids":1},"filename|sha256":{"default_category":"Payload delivery","to_ids":1},"ip-src":{"default_category":"Network activity","to_ids":1},"ip-dst":{"default_category":"Network activity","to_ids":1},"hostname":{"default_category":"Network activity","to_ids":1},"domain":{"default_category":"Network activity","to_ids":1},"domain|ip":{"default_category":"Network activity","to_ids":1},"email-src":{"default_category":"Payload delivery","to_ids":1},"email-dst":{"default_category":"Network activity","to_ids":1},"email-subject":{"default_category":"Payload delivery","to_ids":0},"email-attachment":{"default_category":"Payload delivery","to_ids":1},"url":{"default_category":"External analysis","to_ids":1},"http-method":{"default_category":"Network activity","to_ids":0},"user-agent":{"default_category":"Network activity","to_ids":0},"regkey":{"default_category":"Persistence mechanism","to_ids":1},"regkey|value":{"default_category":"Persistence mechanism","to_ids":1},"AS":{"default_category":"Network activity","to_ids":0},"snort":{"default_category":"Network activity","to_ids":1},"pattern-in-file":{"default_category":"Payload installation","to_ids":1},"pattern-in-traffic":{"default_category":"Network activity","to_ids":1},"pattern-in-memory":{"default_category":"Payload installation","to_ids":1},"yara":{"default_category":"Payload installation","to_ids":1},"vulnerability":{"default_category":"External analysis","to_ids":0},"attachment":{"default_category":"External analysis","to_ids":0},"malware-sample":{"default_category":"Payload delivery","to_ids":1},"link":{"default_category":"External analysis","to_ids":0},"comment":{"default_category":"Other","to_ids":0},"text":{"default_category":"Other","to_ids":0},"other":{"default_category":"Other","to_ids":0},"named pipe":{"default_category":"Artifacts dropped","to_ids":0},"mutex":{"default_category":"Artifacts dropped","to_ids":1},"target-user":{"default_category":"Targeting data","to_ids":0},"target-email":{"default_category":"Targeting data","to_ids":0},"target-machine":{"default_category":"Targeting data","to_ids":0},"target-org":{"default_category":"Targeting data","to_ids":0},"target-location":{"default_category":"Targeting data","to_ids":0},"target-external":{"default_category":"Targeting data","to_ids":0},"btc":{"default_category":"Financial fraud","to_ids":1},"iban":{"default_category":"Financial fraud","to_ids":1},"bic":{"default_category":"Financial fraud","to_ids":1},"bank-account-nr":{"default_category":"Financial fraud","to_ids":1},"aba-rtn":{"default_category":"Financial fraud","to_ids":1},"bin":{"default_category":"Financial fraud","to_ids":1},"cc-number":{"default_category":"Financial fraud","to_ids":1},"prtn":{"default_category":"Financial fraud","to_ids":1},"threat-actor":{"default_category":"Attribution","to_ids":0},"campaign-name":{"default_category":"Attribution","to_ids":0},"campaign-id":{"default_category":"Attribution","to_ids":0},"malware-type":{"default_category":"Payload delivery","to_ids":0},"uri":{"default_category":"Network activity","to_ids":1},"authentihash":{"default_category":"Payload delivery","to_ids":1},"ssdeep":{"default_category":"Payload delivery","to_ids":1},"imphash":{"default_category":"Payload delivery","to_ids":1},"pehash":{"default_category":"Payload delivery","to_ids":1},"sha224":{"default_category":"Payload delivery","to_ids":1},"sha384":{"default_category":"Payload delivery","to_ids":1},"sha512":{"default_category":"Payload delivery","to_ids":1},"sha512\/224":{"default_category":"Payload delivery","to_ids":1},"sha512\/256":{"default_category":"Payload delivery","to_ids":1},"tlsh":{"default_category":"Payload delivery","to_ids":1},"filename|authentihash":{"default_category":"Payload delivery","to_ids":1},"filename|ssdeep":{"default_category":"Payload delivery","to_ids":1},"filename|imphash":{"default_category":"Payload delivery","to_ids":1},"filename|pehash":{"default_category":"Payload delivery","to_ids":1},"filename|sha224":{"default_category":"Payload delivery","to_ids":1},"filename|sha384":{"default_category":"Payload delivery","to_ids":1},"filename|sha512":{"default_category":"Payload delivery","to_ids":1},"filename|sha512\/224":{"default_category":"Payload delivery","to_ids":1},"filename|sha512\/256":{"default_category":"Payload delivery","to_ids":1},"filename|tlsh":{"default_category":"Payload delivery","to_ids":1},"windows-scheduled-task":{"default_category":"Artifacts dropped","to_ids":0},"windows-service-name":{"default_category":"Artifacts dropped","to_ids":0},"windows-service-displayname":{"default_category":"Artifacts dropped","to_ids":0},"whois-registrant-email":{"default_category":"Attribution","to_ids":0},"whois-registrant-phone":{"default_category":"Attribution","to_ids":0},"whois-registrant-name":{"default_category":"Attribution","to_ids":0},"whois-registrar":{"default_category":"Attribution","to_ids":0},"whois-creation-date":{"default_category":"Attribution","to_ids":0},"x509-fingerprint-sha1":{"default_category":"Network activity","to_ids":1}},"types":["md5","sha1","sha256","filename","pdb","filename|md5","filename|sha1","filename|sha256","ip-src","ip-dst","hostname","domain","domain|ip","email-src","email-dst","email-subject","email-attachment","url","http-method","user-agent","regkey","regkey|value","AS","snort","pattern-in-file","pattern-in-traffic","pattern-in-memory","yara","vulnerability","attachment","malware-sample","link","comment","text","other","named pipe","mutex","target-user","target-email","target-machine","target-org","target-location","target-external","btc","iban","bic","bank-account-nr","aba-rtn","bin","cc-number","prtn","threat-actor","campaign-name","campaign-id","malware-type","uri","authentihash","ssdeep","imphash","pehash","sha224","sha384","sha512","sha512\/224","sha512\/256","tlsh","filename|authentihash","filename|ssdeep","filename|imphash","filename|pehash","filename|sha224","filename|sha384","filename|sha512","filename|sha512\/224","filename|sha512\/256","filename|tlsh","windows-scheduled-task","windows-service-name","windows-service-displayname","whois-registrant-email","whois-registrant-phone","whois-registrant-name","whois-registrar","whois-creation-date","x509-fingerprint-sha1"],"categories":["Internal reference","Targeting data","Antivirus detection","Payload delivery","Artifacts dropped","Payload installation","Persistence mechanism","Network activity","Payload type","Attribution","External analysis","Financial fraud","Other"],"category_type_mappings":{"Internal reference":["text","link","comment","other"],"Targeting data":["target-user","target-email","target-machine","target-org","target-location","target-external","comment"],"Antivirus detection":["link","comment","text","attachment","other"],"Payload delivery":["md5","sha1","sha224","sha256","sha384","sha512","sha512\/224","sha512\/256","ssdeep","imphash","authentihash","pehash","tlsh","filename","filename|md5","filename|sha1","filename|sha224","filename|sha256","filename|sha384","filename|sha512","filename|sha512\/224","filename|sha512\/256","filename|authentihash","filename|ssdeep","filename|tlsh","filename|imphash","filename|pehash","ip-src","ip-dst","hostname","domain","email-src","email-dst","email-subject","email-attachment","url","user-agent","AS","pattern-in-file","pattern-in-traffic","yara","attachment","malware-sample","link","malware-type","comment","text","vulnerability","x509-fingerprint-sha1","other"],"Artifacts dropped":["md5","sha1","sha224","sha256","sha384","sha512","sha512\/224","sha512\/256","ssdeep","imphash","authentihash","filename","filename|md5","filename|sha1","filename|sha224","filename|sha256","filename|sha384","filename|sha512","filename|sha512\/224","filename|sha512\/256","filename|authentihash","filename|ssdeep","filename|tlsh","filename|imphash","filename|pehash","regkey","regkey|value","pattern-in-file","pattern-in-memory","pdb","yara","attachment","malware-sample","named pipe","mutex","windows-scheduled-task","windows-service-name","windows-service-displayname","comment","text","x509-fingerprint-sha1","other"],"Payload installation":["md5","sha1","sha224","sha256","sha384","sha512","sha512\/224","sha512\/256","ssdeep","imphash","authentihash","pehash","tlsh","filename","filename|md5","filename|sha1","filename|sha224","filename|sha256","filename|sha384","filename|sha512","filename|sha512\/224","filename|sha512\/256","filename|authentihash","filename|ssdeep","filename|tlsh","filename|imphash","filename|pehash","pattern-in-file","pattern-in-traffic","pattern-in-memory","yara","vulnerability","attachment","malware-sample","malware-type","comment","text","x509-fingerprint-sha1","other"],"Persistence mechanism":["filename","regkey","regkey|value","comment","text","other"],"Network activity":["ip-src","ip-dst","hostname","domain","domain|ip","email-dst","url","uri","user-agent","http-method","AS","snort","pattern-in-file","pattern-in-traffic","attachment","comment","text","x509-fingerprint-sha1","other"],"Payload type":["comment","text","other"],"Attribution":["threat-actor","campaign-name","campaign-id","whois-registrant-phone","whois-registrant-email","whois-registrant-name","whois-registrar","whois-creation-date","comment","text","x509-fingerprint-sha1","other"],"External analysis":["md5","sha1","sha256","filename","filename|md5","filename|sha1","filename|sha256","ip-src","ip-dst","hostname","domain","domain|ip","url","user-agent","regkey","regkey|value","AS","snort","pattern-in-file","pattern-in-traffic","pattern-in-memory","vulnerability","attachment","malware-sample","link","comment","text","x509-fingerprint-sha1","other"],"Financial fraud":["btc","iban","bic","bank-account-nr","aba-rtn","bin","cc-number","prtn","comment","text","other"],"Other":["comment","text","other"]}}}