2016-12-07 16:06:52 +01:00
|
|
|
{
|
2017-02-13 11:18:42 +01:00
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"attachment": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"description": "Attachment",
|
|
|
|
"misp-attribute": "email-attachment",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"cc": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"description": "Carbon copy",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "email-dst",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"email-body": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Body of the email",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "email-body",
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"eml": {
|
|
|
|
"description": "Full EML",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "attachment",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"from": {
|
2017-09-27 16:43:21 +02:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Sender email address",
|
|
|
|
"misp-attribute": "email-src",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-09-27 16:43:21 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"from-display-name": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Display name of the sender",
|
|
|
|
"misp-attribute": "email-src-display-name",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"header": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-02-13 12:28:47 +01:00
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Full headers",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "email-header",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2017-11-09 16:07:54 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"ip-src": {
|
|
|
|
"description": "Source IP address of the email sender",
|
|
|
|
"misp-attribute": "ip-src",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"message-id": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Message ID",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "email-message-id",
|
|
|
|
"ui-priority": 0
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"mime-boundary": {
|
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
|
|
|
"description": "MIME Boundary",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "email-mime-boundary",
|
|
|
|
"ui-priority": 0
|
2019-02-14 14:33:39 +01:00
|
|
|
},
|
|
|
|
"received-header-hostname": {
|
|
|
|
"description": "Extracted hostname from parsed headers",
|
|
|
|
"misp-attribute": "hostname",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2019-02-14 14:33:39 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"received-header-ip": {
|
|
|
|
"description": "Extracted IP address from parsed headers",
|
|
|
|
"misp-attribute": "ip-src",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"reply-to": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"description": "Email address the reply will be sent to",
|
|
|
|
"misp-attribute": "email-reply-to",
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"return-path": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2017-03-15 07:42:14 +01:00
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Message return path",
|
|
|
|
"misp-attribute": "email-src",
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"screenshot": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
2020-04-26 02:10:02 +02:00
|
|
|
"External analysis"
|
|
|
|
],
|
|
|
|
"description": "Screenshot of email",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "attachment",
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"send-date": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
2020-04-26 02:10:02 +02:00
|
|
|
"Other"
|
|
|
|
],
|
|
|
|
"description": "Date the email has been sent",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"subject": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-02-13 12:28:47 +01:00
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Subject",
|
|
|
|
"misp-attribute": "email-subject",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"thread-index": {
|
2017-09-25 20:37:02 +02:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"description": "Identifies a particular conversation thread",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "email-thread-index",
|
|
|
|
"ui-priority": 0
|
2017-09-25 20:37:02 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"to": {
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-02-13 12:28:47 +01:00
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Destination email address",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "email-dst",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"to-display-name": {
|
2018-01-30 01:12:53 +01:00
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"description": "Display name of the receiver",
|
|
|
|
"misp-attribute": "email-dst-display-name",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2018-04-27 14:20:10 +02:00
|
|
|
},
|
2018-05-03 20:49:48 +02:00
|
|
|
"user-agent": {
|
|
|
|
"description": "User Agent of the sender",
|
2020-04-26 02:10:02 +02:00
|
|
|
"disable_correlation": true,
|
2018-05-03 20:49:48 +02:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 0
|
2018-05-03 20:49:48 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"x-mailer": {
|
|
|
|
"categories": [
|
|
|
|
"Payload delivery"
|
|
|
|
],
|
|
|
|
"description": "X-Mailer generally tells the program that was used to draft and send the original email",
|
2018-05-03 20:49:48 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "email-x-mailer",
|
|
|
|
"ui-priority": 0
|
2017-02-13 11:18:42 +01:00
|
|
|
}
|
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Email object describing an email with meta-information",
|
|
|
|
"meta-category": "network",
|
|
|
|
"name": "email",
|
2017-02-13 11:18:42 +01:00
|
|
|
"requiredOneOf": [
|
2017-09-17 12:31:50 +02:00
|
|
|
"from",
|
|
|
|
"from-display-name",
|
|
|
|
"to",
|
|
|
|
"to-display-name",
|
|
|
|
"subject",
|
|
|
|
"attachment",
|
|
|
|
"message-id",
|
|
|
|
"reply-to",
|
2017-02-13 11:18:42 +01:00
|
|
|
"send-date",
|
2017-09-17 12:31:50 +02:00
|
|
|
"mime-boundary",
|
|
|
|
"thread-index",
|
|
|
|
"header",
|
2017-09-25 20:37:02 +02:00
|
|
|
"x-mailer",
|
2018-04-26 15:05:19 +02:00
|
|
|
"return-path",
|
2018-04-27 14:20:10 +02:00
|
|
|
"email-body",
|
|
|
|
"eml"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
|
|
|
"version": 15
|
|
|
|
}
|