mirror of https://github.com/MISP/misp-book
chg: [types] updated
parent
d4a18c2f51
commit
6d5c71fc9d
|
@ -45,6 +45,7 @@
|
||||||
|email-subject| | | | | | |
|
|email-subject| | | | | | |
|
||||||
|email-thread-index| | | | | | |
|
|email-thread-index| | | | | | |
|
||||||
|email-x-mailer| | | | | | |
|
|email-x-mailer| | | | | | |
|
||||||
|
|eppn| | | | | | |
|
||||||
|filename| | X | | X | | |
|
|filename| | X | | X | | |
|
||||||
|filename|authentihash| | X | | | | |
|
|filename|authentihash| | X | | | | |
|
||||||
|filename|impfuzzy| | X | | | | |
|
|filename|impfuzzy| | X | | | | |
|
||||||
|
@ -204,11 +205,12 @@
|
||||||
|email-message-id| | | X | | | |
|
|email-message-id| | | X | | | |
|
||||||
|email-mime-boundary| | | X | | | |
|
|email-mime-boundary| | | X | | | |
|
||||||
|email-reply-to| | | X | | | |
|
|email-reply-to| | | X | | | |
|
||||||
|email-src| | | X | | | |
|
|email-src| X | | X | | | |
|
||||||
|email-src-display-name| | | X | | | |
|
|email-src-display-name| | | X | | | |
|
||||||
|email-subject| X | | X | | | |
|
|email-subject| X | | X | | | |
|
||||||
|email-thread-index| | | X | | | |
|
|email-thread-index| | | X | | | |
|
||||||
|email-x-mailer| | | X | | | |
|
|email-x-mailer| | | X | | | |
|
||||||
|
|eppn| X | | | | | |
|
||||||
|filename| | | X | X | | X |
|
|filename| | | X | X | | X |
|
||||||
|filename|authentihash| | | X | X | | |
|
|filename|authentihash| | | X | X | | |
|
||||||
|filename|impfuzzy| | | X | X | | |
|
|filename|impfuzzy| | | X | X | | |
|
||||||
|
@ -373,6 +375,7 @@
|
||||||
|email-subject| | | | |
|
|email-subject| | | | |
|
||||||
|email-thread-index| | | | |
|
|email-thread-index| | | | |
|
||||||
|email-x-mailer| | | | |
|
|email-x-mailer| | | | |
|
||||||
|
|eppn| | X | | |
|
||||||
|filename| | | | |
|
|filename| | | | |
|
||||||
|filename|authentihash| | | | |
|
|filename|authentihash| | | | |
|
||||||
|filename|impfuzzy| | | | |
|
|filename|impfuzzy| | | | |
|
||||||
|
@ -557,6 +560,7 @@
|
||||||
* **email-subject**: The subject of the email
|
* **email-subject**: The subject of the email
|
||||||
* **email-thread-index**: The email thread index header
|
* **email-thread-index**: The email thread index header
|
||||||
* **email-x-mailer**: Email x-mailer header
|
* **email-x-mailer**: Email x-mailer header
|
||||||
|
* **eppn**: eduPersonPrincipalName - eppn - the NetId of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain.
|
||||||
* **filename**: Filename
|
* **filename**: Filename
|
||||||
* **filename|authentihash**: A checksum in md5 format
|
* **filename|authentihash**: A checksum in md5 format
|
||||||
* **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample.
|
* **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample.
|
||||||
|
@ -584,16 +588,16 @@
|
||||||
* **hasshserver-md5**: hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
|
* **hasshserver-md5**: hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
|
||||||
* **hex**: A value in hexadecimal format
|
* **hex**: A value in hexadecimal format
|
||||||
* **hostname**: A full host/dnsname of an attacker
|
* **hostname**: A full host/dnsname of an attacker
|
||||||
* **hostname|port**: Hostname and port number seperated by a |
|
* **hostname|port**: Hostname and port number separated by a |
|
||||||
* **http-method**: HTTP method used by the malware (e.g. POST, GET, ...).
|
* **http-method**: HTTP method used by the malware (e.g. POST, GET, ...).
|
||||||
* **iban**: International Bank Account Number
|
* **iban**: International Bank Account Number
|
||||||
* **identity-card-number**: Identity card number
|
* **identity-card-number**: Identity card number
|
||||||
* **impfuzzy**: A fuzzy hash of import table of Portable Executable format
|
* **impfuzzy**: A fuzzy hash of import table of Portable Executable format
|
||||||
* **imphash**: Import hash - a hash created based on the imports in the sample.
|
* **imphash**: Import hash - a hash created based on the imports in the sample.
|
||||||
* **ip-dst**: A destination IP address of the attacker or C&C server
|
* **ip-dst**: A destination IP address of the attacker or C&C server
|
||||||
* **ip-dst|port**: IP destination and port number seperated by a |
|
* **ip-dst|port**: IP destination and port number separated by a |
|
||||||
* **ip-src**: A source IP address of the attacker
|
* **ip-src**: A source IP address of the attacker
|
||||||
* **ip-src|port**: IP source and port number seperated by a |
|
* **ip-src|port**: IP source and port number separated by a |
|
||||||
* **issue-date-of-the-visa**: The date on which the visa was issued
|
* **issue-date-of-the-visa**: The date on which the visa was issued
|
||||||
* **ja3-fingerprint-md5**: JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.
|
* **ja3-fingerprint-md5**: JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.
|
||||||
* **jabber-id**: Jabber ID
|
* **jabber-id**: Jabber ID
|
||||||
|
|
Loading…
Reference in New Issue