2016-02-09 16:08:15 +01:00
|
|
|
{
|
2017-02-13 11:18:42 +01:00
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"comment": {
|
|
|
|
|
"description": "Comment of the whois entry",
|
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 0
|
2017-12-18 14:04:53 +01:00
|
|
|
},
|
2017-07-03 12:26:40 +02:00
|
|
|
"creation-date": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"description": "Initial creation of the whois entry",
|
2017-12-20 15:22:45 +01:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
|
"ui-priority": 0
|
2017-08-29 18:36:46 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"domain": {
|
|
|
|
|
"categories": [
|
|
|
|
|
"Network activity",
|
|
|
|
|
"External analysis"
|
|
|
|
|
],
|
|
|
|
|
"description": "Domain of the whois entry",
|
|
|
|
|
"misp-attribute": "domain",
|
|
|
|
|
"multiple": true,
|
|
|
|
|
"ui-priority": 0
|
2017-08-29 18:36:46 +02:00
|
|
|
},
|
|
|
|
|
"expiration-date": {
|
|
|
|
|
"description": "Expiration of the whois entry",
|
2017-12-20 15:22:45 +01:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"ip-address": {
|
|
|
|
|
"description": "IP address of the whois entry",
|
|
|
|
|
"misp-attribute": "ip-src",
|
|
|
|
|
"multiple": true,
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"modification-date": {
|
|
|
|
|
"description": "Last update of the whois entry",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
|
"ui-priority": 0
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-12-20 15:22:45 +01:00
|
|
|
"nameserver": {
|
|
|
|
|
"description": "Nameserver",
|
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "hostname",
|
2017-12-20 15:22:45 +01:00
|
|
|
"multiple": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"to_ids": false,
|
|
|
|
|
"ui-priority": 0
|
2017-12-20 15:22:45 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"registrant-email": {
|
|
|
|
|
"description": "Registrant email address",
|
|
|
|
|
"misp-attribute": "whois-registrant-email",
|
|
|
|
|
"ui-priority": 1
|
2018-03-16 13:29:39 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"registrant-name": {
|
|
|
|
|
"description": "Registrant name",
|
|
|
|
|
"misp-attribute": "whois-registrant-name",
|
|
|
|
|
"ui-priority": 0
|
2018-03-16 13:29:39 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"registrant-org": {
|
|
|
|
|
"description": "Registrant organisation",
|
|
|
|
|
"misp-attribute": "whois-registrant-org",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"registrant-phone": {
|
|
|
|
|
"description": "Registrant phone number",
|
|
|
|
|
"misp-attribute": "whois-registrant-phone",
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"registrar": {
|
|
|
|
|
"description": "Registrar of the whois entry",
|
|
|
|
|
"misp-attribute": "whois-registrar",
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"text": {
|
|
|
|
|
"description": "Full whois entry",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
2017-02-13 11:18:42 +01:00
|
|
|
}
|
|
|
|
|
},
|
2018-03-16 13:29:39 +01:00
|
|
|
"description": "Whois records information for a domain name or an IP address.",
|
2017-07-03 12:26:40 +02:00
|
|
|
"meta-category": "network",
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": "whois",
|
|
|
|
|
"requiredOneOf": [
|
|
|
|
|
"registrant-email",
|
|
|
|
|
"registrant-phone",
|
|
|
|
|
"creation-date",
|
|
|
|
|
"registrant-name",
|
|
|
|
|
"registrar",
|
|
|
|
|
"text",
|
|
|
|
|
"domain",
|
|
|
|
|
"ip-address"
|
|
|
|
|
],
|
2017-07-03 12:26:40 +02:00
|
|
|
"uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
2020-04-26 02:10:02 +02:00
|
|
|
"version": 10
|
|
|
|
|
}
|
