mirror of https://github.com/MISP/PyMISP
369 lines
7.6 KiB
JSON
369 lines
7.6 KiB
JSON
{
|
|
"result": {
|
|
"types": [
|
|
"md5",
|
|
"sha1",
|
|
"sha256",
|
|
"filename",
|
|
"pdb",
|
|
"filename|md5",
|
|
"filename|sha1",
|
|
"filename|sha256",
|
|
"ip-src",
|
|
"ip-dst",
|
|
"hostname",
|
|
"domain",
|
|
"domain|ip",
|
|
"email-src",
|
|
"email-dst",
|
|
"email-subject",
|
|
"email-attachment",
|
|
"url",
|
|
"http-method",
|
|
"user-agent",
|
|
"regkey",
|
|
"regkey|value",
|
|
"AS",
|
|
"snort",
|
|
"pattern-in-file",
|
|
"pattern-in-traffic",
|
|
"pattern-in-memory",
|
|
"yara",
|
|
"vulnerability",
|
|
"attachment",
|
|
"malware-sample",
|
|
"link",
|
|
"comment",
|
|
"text",
|
|
"other",
|
|
"named pipe",
|
|
"mutex",
|
|
"target-user",
|
|
"target-email",
|
|
"target-machine",
|
|
"target-org",
|
|
"target-location",
|
|
"target-external",
|
|
"btc",
|
|
"iban",
|
|
"bic",
|
|
"bank-account-nr",
|
|
"aba-rtn",
|
|
"bin",
|
|
"cc-number",
|
|
"prtn",
|
|
"threat-actor",
|
|
"campaign-name",
|
|
"campaign-id",
|
|
"malware-type",
|
|
"uri",
|
|
"authentihash",
|
|
"ssdeep",
|
|
"imphash",
|
|
"pehash",
|
|
"sha224",
|
|
"sha384",
|
|
"sha512",
|
|
"sha512/224",
|
|
"sha512/256",
|
|
"tlsh",
|
|
"filename|authentihash",
|
|
"filename|ssdeep",
|
|
"filename|imphash",
|
|
"filename|pehash",
|
|
"filename|sha224",
|
|
"filename|sha384",
|
|
"filename|sha512",
|
|
"filename|sha512/224",
|
|
"filename|sha512/256",
|
|
"filename|tlsh",
|
|
"windows-scheduled-task",
|
|
"windows-service-name",
|
|
"windows-service-displayname",
|
|
"whois-registrant-email",
|
|
"whois-registrant-phone",
|
|
"whois-registrant-name",
|
|
"whois-registrar",
|
|
"whois-creation-date",
|
|
"targeted-threat-index",
|
|
"mailslot",
|
|
"pipe",
|
|
"ssl-cert-attributes",
|
|
"x509-fingerprint-sha1"
|
|
],
|
|
"categories": [
|
|
"Internal reference",
|
|
"Targeting data",
|
|
"Antivirus detection",
|
|
"Payload delivery",
|
|
"Artifacts dropped",
|
|
"Payload installation",
|
|
"Persistence mechanism",
|
|
"Network activity",
|
|
"Payload type",
|
|
"Attribution",
|
|
"External analysis",
|
|
"Financial fraud",
|
|
"Other"
|
|
],
|
|
"category_type_mappings": {
|
|
"Internal reference": [
|
|
"link",
|
|
"comment",
|
|
"text",
|
|
"other"
|
|
],
|
|
"Targeting data": [
|
|
"target-user",
|
|
"target-email",
|
|
"target-machine",
|
|
"target-org",
|
|
"target-location",
|
|
"target-external",
|
|
"comment"
|
|
],
|
|
"Antivirus detection": [
|
|
"link",
|
|
"comment",
|
|
"text",
|
|
"attachment",
|
|
"other"
|
|
],
|
|
"Payload delivery": [
|
|
"md5",
|
|
"sha1",
|
|
"sha224",
|
|
"sha256",
|
|
"sha384",
|
|
"sha512",
|
|
"sha512/224",
|
|
"sha512/256",
|
|
"ssdeep",
|
|
"imphash",
|
|
"authentihash",
|
|
"pehash",
|
|
"tlsh",
|
|
"filename",
|
|
"filename|md5",
|
|
"filename|sha1",
|
|
"filename|sha224",
|
|
"filename|sha256",
|
|
"filename|sha384",
|
|
"filename|sha512",
|
|
"filename|sha512/224",
|
|
"filename|sha512/256",
|
|
"filename|authentihash",
|
|
"filename|ssdeep",
|
|
"filename|tlsh",
|
|
"filename|imphash",
|
|
"filename|pehash",
|
|
"ip-src",
|
|
"ip-dst",
|
|
"hostname",
|
|
"domain",
|
|
"email-src",
|
|
"email-dst",
|
|
"email-subject",
|
|
"email-attachment",
|
|
"url",
|
|
"user-agent",
|
|
"AS",
|
|
"pattern-in-file",
|
|
"pattern-in-traffic",
|
|
"yara",
|
|
"attachment",
|
|
"malware-sample",
|
|
"link",
|
|
"malware-type",
|
|
"comment",
|
|
"text",
|
|
"vulnerability",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"Artifacts dropped": [
|
|
"md5",
|
|
"sha1",
|
|
"sha224",
|
|
"sha256",
|
|
"sha384",
|
|
"sha512",
|
|
"sha512/224",
|
|
"sha512/256",
|
|
"ssdeep",
|
|
"imphash",
|
|
"authentihash",
|
|
"filename",
|
|
"filename|md5",
|
|
"filename|sha1",
|
|
"filename|sha224",
|
|
"filename|sha256",
|
|
"filename|sha384",
|
|
"filename|sha512",
|
|
"filename|sha512/224",
|
|
"filename|sha512/256",
|
|
"filename|authentihash",
|
|
"filename|ssdeep",
|
|
"filename|tlsh",
|
|
"filename|imphash",
|
|
"filename|pehash",
|
|
"regkey",
|
|
"regkey|value",
|
|
"pattern-in-file",
|
|
"pattern-in-memory",
|
|
"pdb",
|
|
"yara",
|
|
"attachment",
|
|
"malware-sample",
|
|
"named pipe",
|
|
"mutex",
|
|
"windows-scheduled-task",
|
|
"windows-service-name",
|
|
"windows-service-displayname",
|
|
"comment",
|
|
"text",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"Payload installation": [
|
|
"md5",
|
|
"sha1",
|
|
"sha224",
|
|
"sha256",
|
|
"sha384",
|
|
"sha512",
|
|
"sha512/224",
|
|
"sha512/256",
|
|
"ssdeep",
|
|
"imphash",
|
|
"authentihash",
|
|
"pehash",
|
|
"tlsh",
|
|
"filename",
|
|
"filename|md5",
|
|
"filename|sha1",
|
|
"filename|sha224",
|
|
"filename|sha256",
|
|
"filename|sha384",
|
|
"filename|sha512",
|
|
"filename|sha512/224",
|
|
"filename|sha512/256",
|
|
"filename|authentihash",
|
|
"filename|ssdeep",
|
|
"filename|tlsh",
|
|
"filename|imphash",
|
|
"filename|pehash",
|
|
"pattern-in-file",
|
|
"pattern-in-traffic",
|
|
"pattern-in-memory",
|
|
"yara",
|
|
"vulnerability",
|
|
"attachment",
|
|
"malware-sample",
|
|
"malware-type",
|
|
"comment",
|
|
"text",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"Persistence mechanism": [
|
|
"filename",
|
|
"regkey",
|
|
"regkey|value",
|
|
"comment",
|
|
"text",
|
|
"other"
|
|
],
|
|
"Network activity": [
|
|
"ip-src",
|
|
"ip-dst",
|
|
"hostname",
|
|
"domain",
|
|
"domain|ip",
|
|
"email-dst",
|
|
"url",
|
|
"uri",
|
|
"user-agent",
|
|
"http-method",
|
|
"AS",
|
|
"snort",
|
|
"pattern-in-file",
|
|
"pattern-in-traffic",
|
|
"attachment",
|
|
"comment",
|
|
"text",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"Payload type": [
|
|
"comment",
|
|
"text",
|
|
"other"
|
|
],
|
|
"Attribution": [
|
|
"threat-actor",
|
|
"campaign-name",
|
|
"campaign-id",
|
|
"whois-registrant-phone",
|
|
"whois-registrant-email",
|
|
"whois-registrant-name",
|
|
"whois-registrar",
|
|
"whois-creation-date",
|
|
"comment",
|
|
"text",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"External analysis": [
|
|
"md5",
|
|
"sha1",
|
|
"sha256",
|
|
"filename",
|
|
"filename|md5",
|
|
"filename|sha1",
|
|
"filename|sha256",
|
|
"ip-src",
|
|
"ip-dst",
|
|
"hostname",
|
|
"domain",
|
|
"domain|ip",
|
|
"url",
|
|
"user-agent",
|
|
"regkey",
|
|
"regkey|value",
|
|
"AS",
|
|
"snort",
|
|
"pattern-in-file",
|
|
"pattern-in-traffic",
|
|
"pattern-in-memory",
|
|
"vulnerability",
|
|
"attachment",
|
|
"malware-sample",
|
|
"link",
|
|
"comment",
|
|
"text",
|
|
"x509-fingerprint-sha1",
|
|
"other"
|
|
],
|
|
"Financial fraud": [
|
|
"btc",
|
|
"iban",
|
|
"bic",
|
|
"bank-account-nr",
|
|
"aba-rtn",
|
|
"bin",
|
|
"cc-number",
|
|
"prtn",
|
|
"comment",
|
|
"text",
|
|
"other"
|
|
],
|
|
"Other": [
|
|
"comment",
|
|
"text",
|
|
"other"
|
|
]
|
|
}
|
|
}
|
|
}
|