chg: [types] updated

pull/179/head
Alexandre Dulaunoy 2019-12-05 19:21:22 +01:00
parent d4a18c2f51
commit 6d5c71fc9d
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 8 additions and 4 deletions

View File

@ -45,6 +45,7 @@
|email-subject| | | | | | | |email-subject| | | | | | |
|email-thread-index| | | | | | | |email-thread-index| | | | | | |
|email-x-mailer| | | | | | | |email-x-mailer| | | | | | |
|eppn| | | | | | |
|filename| | X | | X | | | |filename| | X | | X | | |
|filename|authentihash| | X | | | | | |filename|authentihash| | X | | | | |
|filename|impfuzzy| | X | | | | | |filename|impfuzzy| | X | | | | |
@ -204,11 +205,12 @@
|email-message-id| | | X | | | | |email-message-id| | | X | | | |
|email-mime-boundary| | | X | | | | |email-mime-boundary| | | X | | | |
|email-reply-to| | | X | | | | |email-reply-to| | | X | | | |
|email-src| | | X | | | | |email-src| X | | X | | | |
|email-src-display-name| | | X | | | | |email-src-display-name| | | X | | | |
|email-subject| X | | X | | | | |email-subject| X | | X | | | |
|email-thread-index| | | X | | | | |email-thread-index| | | X | | | |
|email-x-mailer| | | X | | | | |email-x-mailer| | | X | | | |
|eppn| X | | | | | |
|filename| | | X | X | | X | |filename| | | X | X | | X |
|filename|authentihash| | | X | X | | | |filename|authentihash| | | X | X | | |
|filename|impfuzzy| | | X | X | | | |filename|impfuzzy| | | X | X | | |
@ -373,6 +375,7 @@
|email-subject| | | | | |email-subject| | | | |
|email-thread-index| | | | | |email-thread-index| | | | |
|email-x-mailer| | | | | |email-x-mailer| | | | |
|eppn| | X | | |
|filename| | | | | |filename| | | | |
|filename|authentihash| | | | | |filename|authentihash| | | | |
|filename|impfuzzy| | | | | |filename|impfuzzy| | | | |
@ -557,6 +560,7 @@
* **email-subject**: The subject of the email * **email-subject**: The subject of the email
* **email-thread-index**: The email thread index header * **email-thread-index**: The email thread index header
* **email-x-mailer**: Email x-mailer header * **email-x-mailer**: Email x-mailer header
* **eppn**: eduPersonPrincipalName - eppn - the NetId of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain.
* **filename**: Filename * **filename**: Filename
* **filename|authentihash**: A checksum in md5 format * **filename|authentihash**: A checksum in md5 format
* **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample. * **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample.
@ -584,16 +588,16 @@
* **hasshserver-md5**: hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint. * **hasshserver-md5**: hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
* **hex**: A value in hexadecimal format * **hex**: A value in hexadecimal format
* **hostname**: A full host/dnsname of an attacker * **hostname**: A full host/dnsname of an attacker
* **hostname|port**: Hostname and port number seperated by a | * **hostname|port**: Hostname and port number separated by a |
* **http-method**: HTTP method used by the malware (e.g. POST, GET, ...). * **http-method**: HTTP method used by the malware (e.g. POST, GET, ...).
* **iban**: International Bank Account Number * **iban**: International Bank Account Number
* **identity-card-number**: Identity card number * **identity-card-number**: Identity card number
* **impfuzzy**: A fuzzy hash of import table of Portable Executable format * **impfuzzy**: A fuzzy hash of import table of Portable Executable format
* **imphash**: Import hash - a hash created based on the imports in the sample. * **imphash**: Import hash - a hash created based on the imports in the sample.
* **ip-dst**: A destination IP address of the attacker or C&C server * **ip-dst**: A destination IP address of the attacker or C&C server
* **ip-dst|port**: IP destination and port number seperated by a | * **ip-dst|port**: IP destination and port number separated by a |
* **ip-src**: A source IP address of the attacker * **ip-src**: A source IP address of the attacker
* **ip-src|port**: IP source and port number seperated by a | * **ip-src|port**: IP source and port number separated by a |
* **issue-date-of-the-visa**: The date on which the visa was issued * **issue-date-of-the-visa**: The date on which the visa was issued
* **ja3-fingerprint-md5**: JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence. * **ja3-fingerprint-md5**: JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.
* **jabber-id**: Jabber ID * **jabber-id**: Jabber ID