MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [category-types] updated

pull/205/head
Alexandre Dulaunoy 2020-09-04 16:17:36 +02:00
parent bf30e61321
commit 2505911571
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
categories-and-types/README.md
View File

@ -33,6 +33,7 @@
|dns-soa-email| | | X | | | | |dns-soa-email| | | X | | | |
|domain| | | | X | | | |domain| | | | X | | |
|domain|ip| | | | X | | | |domain|ip| | | | X | | |
|email| | | X | | | |
|email-attachment| | | | | | | |email-attachment| | | | | | |
|email-body| | | | | | | |email-body| | | | | | |
|email-dst| | | | | | | |email-dst| | | | | | |
@ -118,6 +119,8 @@
|payment-details| | | | | | | |payment-details| | | | | | |
|pdb| | X | | | | | |pdb| | X | | | | |
|pehash| | | | | | | |pehash| | | | | | |
|pgp-private-key| | X | | | | |
|pgp-public-key| | X | | | | |
|phone-number| | | | | X | | |phone-number| | | | | X | |
|place-of-birth| | | | | | | |place-of-birth| | | | | | |
|place-port-of-clearance| | | | | | | |place-port-of-clearance| | | | | | |
@ -211,6 +214,7 @@
|dns-soa-email| | | | | | | |dns-soa-email| | | | | | |
|domain| X | | X | | | | |domain| X | | X | | | |
|domain|ip| X | | | | | | |domain|ip| X | | | | | |
|email| X | | X | | | |
|email-attachment| | | X | | | | |email-attachment| | | X | | | |
|email-body| | | X | | | | |email-body| | | X | | | |
|email-dst| X | | X | | | | |email-dst| X | | X | | | |
@ -296,6 +300,8 @@
|payment-details| | | | | | | |payment-details| | | | | | |
|pdb| | | | | | | |pdb| | | | | | |
|pehash| | | X | X | | | |pehash| | | X | X | | |
|pgp-private-key| | X | | | | |
|pgp-public-key| | X | | | | |
|phone-number| | X | | | | | |phone-number| | X | | | | |
|place-of-birth| | | | | | | |place-of-birth| | | | | | |
|place-port-of-clearance| | | | | | | |place-port-of-clearance| | | | | | |
@ -389,6 +395,7 @@
|dns-soa-email| | | | | |dns-soa-email| | | | |
|domain| | | | | |domain| | | | |
|domain|ip| | | | | |domain|ip| | | | |
|email| X | X | | |
|email-attachment| | | | | |email-attachment| | | | |
|email-body| | | | | |email-body| | | | |
|email-dst| | X | | | |email-dst| | X | | |
@ -474,6 +481,8 @@
|payment-details| X | | | | |payment-details| X | | | |
|pdb| | | | | |pdb| | | | |
|pehash| | | | | |pehash| | | | |
|pgp-private-key| X | X | | |
|pgp-public-key| X | X | | |
|phone-number| X | | | | |phone-number| X | | | |
|place-of-birth| X | | | | |place-of-birth| X | | | |
|place-port-of-clearance| X | | | | |place-port-of-clearance| X | | | |
@ -587,15 +596,16 @@
* **dns-soa-email**: RFC1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy * **dns-soa-email**: RFC1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy
* **domain**: A domain name used in the malware * **domain**: A domain name used in the malware
* **domain|ip**: A domain name and its IP address (as found in DNS lookup) separated by a | * **domain|ip**: A domain name and its IP address (as found in DNS lookup) separated by a |
* **email**: An e-mail address
* **email-attachment**: File name of the email attachment. * **email-attachment**: File name of the email attachment.
* **email-body**: Email body * **email-body**: Email body
* **email-dst**: A recipient email address * **email-dst**: The destination email address. Used to describe the recipient when describing an e-mail.
* **email-dst-display-name**: Email destination display name * **email-dst-display-name**: Email destination display name
* **email-header**: Email header * **email-header**: Email header
* **email-message-id**: The email message ID * **email-message-id**: The email message ID
* **email-mime-boundary**: The email mime boundary separating parts in a multipart email * **email-mime-boundary**: The email mime boundary separating parts in a multipart email
* **email-reply-to**: Email reply to header * **email-reply-to**: Email reply to header
* **email-src**: The email address used to send the malware. * **email-src**: The source email address. Used to describe the sender when describing an e-mail.
* **email-src-display-name**: Email source display name * **email-src-display-name**: Email source display name
* **email-subject**: The subject of the email * **email-subject**: The subject of the email
* **email-thread-index**: The email thread index header * **email-thread-index**: The email thread index header
@ -672,6 +682,8 @@
* **payment-details**: Payment details * **payment-details**: Payment details
* **pdb**: Microsoft Program database (PDB) path information * **pdb**: Microsoft Program database (PDB) path information
* **pehash**: PEhash - a hash calculated based of certain pieces of a PE executable file * **pehash**: PEhash - a hash calculated based of certain pieces of a PE executable file
* **pgp-private-key**: A PGP private key
* **pgp-public-key**: A PGP public key
* **phone-number**: Telephone Number * **phone-number**: Telephone Number
* **place-of-birth**: Place of birth of a natural person * **place-of-birth**: Place of birth of a natural person
* **place-port-of-clearance**: The port of clearance * **place-port-of-clearance**: The port of clearance