2019-04-13 10:02:56 +02:00
|
|
|
{
|
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"MAC-address": {
|
|
|
|
"description": "Device MAC address",
|
|
|
|
"misp-attribute": "mac-address",
|
|
|
|
"ui-priority": 0
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"OS": {
|
|
|
|
"description": "OS of the device",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 98
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
2019-04-13 10:15:05 +02:00
|
|
|
"alias": {
|
|
|
|
"description": "Alias of the Device",
|
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 100
|
|
|
|
},
|
|
|
|
"analysis-date": {
|
|
|
|
"description": "Date of device analysis",
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"attachment": {
|
|
|
|
"description": "An attachment",
|
|
|
|
"misp-attribute": "attachment",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"description": {
|
|
|
|
"description": "Description of the Device",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
|
|
|
"device-type": {
|
|
|
|
"description": "Type of the device",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "text",
|
2019-04-16 05:01:43 +02:00
|
|
|
"sane_default": [
|
2019-04-13 10:02:56 +02:00
|
|
|
"PC",
|
|
|
|
"Mobile",
|
|
|
|
"Laptop",
|
|
|
|
"HID",
|
|
|
|
"TV",
|
|
|
|
"IoT",
|
|
|
|
"Hardware",
|
|
|
|
"Other"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"ui-priority": 99
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"dns-name": {
|
|
|
|
"description": "Device DNS Name",
|
2019-04-15 07:03:08 +02:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2019-04-15 06:59:09 +02:00
|
|
|
},
|
2021-10-25 15:52:34 +02:00
|
|
|
"hits": {
|
|
|
|
"description": "Number of hits for the device",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "counter",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"infection_type": {
|
|
|
|
"description": "Type of infection if the device is in Infected status",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"sane_default": [
|
|
|
|
"android_spams",
|
|
|
|
"android.bakdoor.prizmes",
|
|
|
|
"android.bankbot",
|
|
|
|
"android.banker.anubis",
|
|
|
|
"android.bankspy",
|
|
|
|
"android.cliaid",
|
|
|
|
"android.darksilent",
|
|
|
|
"android.fakeav",
|
|
|
|
"android.fakebank",
|
|
|
|
"android.fakedoc",
|
|
|
|
"android.fakeinst",
|
|
|
|
"android.fakemart",
|
|
|
|
"android.faketoken",
|
|
|
|
"android.fobus",
|
|
|
|
"android.fungram",
|
|
|
|
"android.geost",
|
|
|
|
"android.gopl",
|
|
|
|
"android.hiddad",
|
|
|
|
"android.hqwar",
|
|
|
|
"android.hummer",
|
|
|
|
"android.infosteal",
|
|
|
|
"android.iop",
|
|
|
|
"android.lockdroid",
|
|
|
|
"android.milipnot",
|
|
|
|
"android.nitmo",
|
|
|
|
"android.opfake",
|
|
|
|
"android.premiumtext",
|
|
|
|
"android.provar",
|
|
|
|
"android.pwstealer",
|
|
|
|
"android.rootnik",
|
|
|
|
"android.skyfin",
|
|
|
|
"android.smsbot",
|
|
|
|
"android.smssilence",
|
|
|
|
"android.smsspy",
|
|
|
|
"android.smsspy.be24",
|
|
|
|
"android.sssaaa",
|
|
|
|
"android.teleplus",
|
|
|
|
"android.uupay",
|
|
|
|
"android.voxv",
|
|
|
|
"avalanche-andromeda",
|
|
|
|
"banatrix",
|
|
|
|
"bankpatch",
|
|
|
|
"bebloh",
|
|
|
|
"bedep",
|
|
|
|
"betabot",
|
|
|
|
"bitcoinminer",
|
|
|
|
"blackbeard",
|
|
|
|
"blakamba",
|
|
|
|
"boinberg",
|
|
|
|
"buhtrap",
|
|
|
|
"caphaw",
|
|
|
|
"carberp",
|
|
|
|
"chafer",
|
|
|
|
"changeup",
|
|
|
|
"chinad",
|
|
|
|
"citadel",
|
|
|
|
"cobint",
|
|
|
|
"coinminer",
|
|
|
|
"conficker",
|
|
|
|
"cryptowall",
|
|
|
|
"cutwail",
|
|
|
|
"cycbot",
|
|
|
|
"diaminer",
|
|
|
|
"dimnie",
|
|
|
|
"dipverdle",
|
|
|
|
"dircrypt",
|
|
|
|
"dirtjumper",
|
|
|
|
"disorderstatus",
|
|
|
|
"dmsniff",
|
|
|
|
"dofoil",
|
|
|
|
"domreg",
|
|
|
|
"dorkbot",
|
|
|
|
"dorkbot-ssl",
|
|
|
|
"dresscode",
|
|
|
|
"dybalom",
|
|
|
|
"ek.fallout",
|
|
|
|
"emoted",
|
|
|
|
"emotet",
|
|
|
|
"esfury",
|
|
|
|
"expiro",
|
|
|
|
"exploitkit.fallout",
|
|
|
|
"extenbro",
|
|
|
|
"fake_cs_updater",
|
|
|
|
"fakerean",
|
|
|
|
"fallout.exploitkit",
|
|
|
|
"fast-flux",
|
|
|
|
"fast-flux-double",
|
|
|
|
"fast-flux;fast-flux-double",
|
|
|
|
"fleercivet",
|
|
|
|
"fobber",
|
|
|
|
"foxbantrix",
|
|
|
|
"foxbantrix-unknown",
|
|
|
|
"generic.malware",
|
|
|
|
"geodo",
|
|
|
|
"gonderici",
|
|
|
|
"gootkit",
|
|
|
|
"gozi",
|
|
|
|
"gspy",
|
|
|
|
"gtfobot",
|
|
|
|
"hancitor",
|
|
|
|
"harnig",
|
|
|
|
"htm5player.vast",
|
|
|
|
"ibanking",
|
|
|
|
"icedid",
|
|
|
|
"infected",
|
|
|
|
"iotreaper",
|
|
|
|
"ip-spoofer",
|
|
|
|
"ircbot",
|
|
|
|
"isfb",
|
|
|
|
"jadtre",
|
|
|
|
"jdk-update-apt",
|
|
|
|
"js.worm.bondat",
|
|
|
|
"junk-domains",
|
|
|
|
"kasidet",
|
|
|
|
"kbot",
|
|
|
|
"kelihos",
|
|
|
|
"kelihos.e",
|
|
|
|
"keylogger",
|
|
|
|
"keylogger-ftp",
|
|
|
|
"keylogger-vbklip",
|
|
|
|
"kidminer",
|
|
|
|
"kingminer",
|
|
|
|
"koobface",
|
|
|
|
"kraken",
|
|
|
|
"kronos",
|
|
|
|
"kwampirs",
|
|
|
|
"lethic",
|
|
|
|
"linux.backdoor.setag",
|
|
|
|
"linux.ngioweb",
|
|
|
|
"litemanager",
|
|
|
|
"loader",
|
|
|
|
"locky",
|
|
|
|
"loki",
|
|
|
|
"lokibot",
|
|
|
|
"luminositylink",
|
|
|
|
"lurkbanker",
|
|
|
|
"madominer",
|
|
|
|
"magecart",
|
|
|
|
"maliciouswebsites",
|
|
|
|
"malvertising.doubleclick",
|
|
|
|
"malwaretom",
|
|
|
|
"marcher",
|
|
|
|
"matrix",
|
|
|
|
"matsnu",
|
|
|
|
"menupass",
|
|
|
|
"mewsspy",
|
|
|
|
"miner.monero",
|
|
|
|
"minr",
|
|
|
|
"mirai",
|
|
|
|
"mix2",
|
|
|
|
"mkero",
|
|
|
|
"monero",
|
|
|
|
"mozi",
|
|
|
|
"muddywater",
|
|
|
|
"murofet",
|
|
|
|
"mysafeproxymonitor",
|
|
|
|
"nametrick",
|
|
|
|
"necurs",
|
|
|
|
"netsupport",
|
|
|
|
"nettraveler",
|
|
|
|
"neurevt",
|
|
|
|
"nitol",
|
|
|
|
"nivdort",
|
|
|
|
"nukebot",
|
|
|
|
"null",
|
|
|
|
"nymaim",
|
|
|
|
"nymain",
|
|
|
|
"osx.fakeflash",
|
|
|
|
"palevo",
|
|
|
|
"pawnstorm",
|
|
|
|
"phishing",
|
|
|
|
"phishing.cobalt",
|
|
|
|
"phishing.cobalt_dickens",
|
|
|
|
"phorpiex",
|
|
|
|
"pitou",
|
|
|
|
"plasma-tomas",
|
|
|
|
"ponmocup",
|
|
|
|
"pony",
|
|
|
|
"poseidon",
|
|
|
|
"powerstats",
|
|
|
|
"proxyback",
|
|
|
|
"pushdo",
|
|
|
|
"pws.pony",
|
|
|
|
"pykspa",
|
|
|
|
"qadars",
|
|
|
|
"qakbot",
|
|
|
|
"qqblack",
|
|
|
|
"qrypter.rat",
|
|
|
|
"qsnatch",
|
|
|
|
"racoon",
|
|
|
|
"ramdo",
|
|
|
|
"ramnit",
|
|
|
|
"ranbyus",
|
|
|
|
"ransom.cerber",
|
|
|
|
"ransomware",
|
|
|
|
"ransomware.shade",
|
|
|
|
"rat.vermin",
|
|
|
|
"renocide",
|
|
|
|
"revil",
|
|
|
|
"rodecap",
|
|
|
|
"sality",
|
|
|
|
"sality-p2p",
|
|
|
|
"servhelper",
|
|
|
|
"sgminer",
|
|
|
|
"shifu",
|
|
|
|
"shiz",
|
|
|
|
"sinowal",
|
|
|
|
"sisron",
|
|
|
|
"sodinokibi",
|
|
|
|
"spam",
|
|
|
|
"sphinx",
|
|
|
|
"spyeye",
|
|
|
|
"ssh-brute-force",
|
|
|
|
"ssl",
|
|
|
|
"ssl-az7",
|
|
|
|
"ssl-unknown-bot-test",
|
|
|
|
"ssl-vmzeus",
|
|
|
|
"stantinko",
|
|
|
|
"tdss",
|
|
|
|
"teleru",
|
|
|
|
"telnet-brute-force",
|
|
|
|
"tinba",
|
|
|
|
"tinba-dga",
|
|
|
|
"trickbot",
|
|
|
|
"triton",
|
|
|
|
"trojan.click3",
|
|
|
|
"trojan.fakeav",
|
|
|
|
"trojan.includer",
|
|
|
|
"trojan.win32.razy.gen",
|
|
|
|
"unknown",
|
|
|
|
"unknown-bot-test",
|
|
|
|
"valak",
|
|
|
|
"vawtrak",
|
|
|
|
"vbklip",
|
|
|
|
"verst",
|
|
|
|
"victorygate.a",
|
|
|
|
"victorygate.b",
|
|
|
|
"victorygate.c",
|
|
|
|
"virut",
|
|
|
|
"vmzeus",
|
|
|
|
"vobfus",
|
|
|
|
"volatile_cedar",
|
|
|
|
"vpnfilter_stage3",
|
|
|
|
"wannacrypt",
|
|
|
|
"wauchos",
|
|
|
|
"webminer.cdn",
|
|
|
|
"win.neurevt",
|
|
|
|
"worm.kasidet",
|
|
|
|
"worm.phorpiex",
|
|
|
|
"wowlik",
|
|
|
|
"wrokni",
|
|
|
|
"xbash",
|
|
|
|
"xmrminer",
|
|
|
|
"xpaj",
|
|
|
|
"xshellghost",
|
|
|
|
"yoddos",
|
|
|
|
"zeus",
|
|
|
|
"zeus_gameover",
|
|
|
|
"zeus_panda",
|
|
|
|
"zloader"
|
2021-10-25 15:56:50 +02:00
|
|
|
],
|
|
|
|
"ui-priority": 0
|
2021-10-25 15:52:34 +02:00
|
|
|
},
|
2019-04-13 10:02:56 +02:00
|
|
|
"ip-address": {
|
|
|
|
"description": "Device IP address",
|
2019-04-15 06:59:09 +02:00
|
|
|
"misp-attribute": "ip-src",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2019-04-15 06:59:09 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": {
|
|
|
|
"description": "Name of the Device",
|
2019-04-15 06:59:09 +02:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 101
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
2021-10-25 15:52:34 +02:00
|
|
|
"status": {
|
|
|
|
"description": "Status of the device",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"sane_default": [
|
|
|
|
"Infected",
|
|
|
|
"Exposed",
|
|
|
|
"Unknown",
|
|
|
|
"Clean"
|
2021-10-25 16:05:04 +02:00
|
|
|
],
|
|
|
|
"ui-priority": 0
|
2021-10-25 15:52:34 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"version": {
|
|
|
|
"description": "Version of the device/ OS",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 97
|
2019-04-13 10:15:05 +02:00
|
|
|
}
|
2019-04-13 10:02:56 +02:00
|
|
|
},
|
|
|
|
"description": "An object to define a device",
|
2019-04-13 10:32:26 +02:00
|
|
|
"meta-category": "misc",
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": "device",
|
|
|
|
"requiredOneOf": [
|
|
|
|
"name",
|
|
|
|
"alias"
|
|
|
|
],
|
2019-04-13 10:02:56 +02:00
|
|
|
"uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52",
|
2021-10-25 15:52:34 +02:00
|
|
|
"version": 9
|
2020-04-26 02:10:02 +02:00
|
|
|
}
|