misp-objects/relationships/definition.json

965 lines
24 KiB
JSON
Raw Normal View History

{
2019-04-15 14:30:21 +02:00
"version": 15,
"values": [
{
"name": "derived-from",
"description": "The information in the target object is based on information from the source object.",
"format": [
"misp",
2018-10-22 18:19:47 +02:00
"stix-2.0",
"alfred"
]
},
2019-04-15 14:30:21 +02:00
{
"name": "executes",
"description": "This relationship describes an object which executes another object",
"format": [
"misp"
]
2019-04-15 14:30:21 +02:00
},
{
"name": "duplicate-of",
"description": "The referenced source and target objects are semantically duplicates of each other.",
"format": [
"misp",
"stix-2.0"
]
},
{
"name": "related-to",
"description": "The referenced source is related to the target object.",
"format": [
"misp",
2018-10-22 18:19:47 +02:00
"stix-2.0",
"alfred"
]
},
{
"name": "connected-to",
"description": "The referenced source is connected to the target object.",
"format": [
"misp",
"stix-1.1"
]
},
2018-06-22 17:27:21 +02:00
{
"name": "connected-from",
"description": "The referenced source is connected from the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "contains",
2018-06-22 17:27:21 +02:00
"description": "The referenced source is containing the target object.",
"format": [
"misp",
2018-10-22 18:19:47 +02:00
"stix-1.1",
"alfred"
2018-06-22 17:27:21 +02:00
]
},
{
"name": "contained-by",
"description": "The referenced source is contained by the target object.",
"format": [
"misp",
"stix-1.1"
]
},
2018-06-22 17:27:21 +02:00
{
"name": "contained-within",
"description": "The referenced source is contained within the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "characterized-by",
"description": "The referenced source is characterized by the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "characterizes",
"description": "The referenced source is characterizing the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "properties-queried",
"description": "The referenced source has queried the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "properties-queried-by",
"description": "The referenced source is queried by the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "extracted-from",
"description": "The referenced source is extracted from the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "supra-domain-of",
"description": "The referenced source is a supra domain of the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "sub-domain-of",
"description": "The referenced source is a sub domain of the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "dropped",
"description": "The referenced source has dropped the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "dropped-by",
"description": "The referenced source is dropped by the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "downloaded",
"description": "The referenced source has downloaded the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "downloaded-from",
"description": "The referenced source has been downloaded from the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "resolved-to",
"description": "The referenced source is resolved to the target object.",
"format": [
"misp",
"stix-1.1"
]
},
{
"name": "attributed-to",
"description": "This referenced source is attributed to the target object.",
"format": [
"misp",
"stix-2.0"
]
},
{
"name": "targets",
"description": "This relationship describes that the source object targets the target object.",
"format": [
"misp",
"stix-2.0"
]
},
{
"name": "uses",
"description": "This relationship describes the use by the source object of the target object.",
"format": [
"misp",
2018-10-22 18:19:47 +02:00
"stix-2.0",
"alfred"
]
},
{
"name": "indicates",
2018-09-04 16:15:08 +02:00
"description": "This relationship describes that the source object indicates the target object.",
"format": [
"misp",
"stix-2.0"
]
},
{
"name": "mitigates",
"description": "This relationship describes a source object which mitigates the target object.",
"format": [
"misp",
"stix-2.0"
]
},
{
"name": "variant-of",
"description": "This relationship describes a source object which is a variant of the target object",
"format": [
"misp",
2018-10-22 18:19:47 +02:00
"stix-2.0",
"alfred"
]
},
{
"name": "impersonates",
2018-06-22 17:27:21 +02:00
"description": "This relationship describes a source object which impersonates the target object",
"format": [
"misp",
"stix-2.0"
]
},
2019-03-12 17:21:52 +01:00
{
"name": "retrieved-from",
"description": "This relationship describes an object retrieved from the target object.",
"format": [
"misp"
]
},
{
"name": "authored-by",
"description": "This relationship describes the author of a specific object.",
"format": [
"misp"
]
},
{
"name": "located",
"description": "This relationship describes the location (of any type) of a specific object.",
"format": [
"misp"
]
},
{
"name": "included-in",
"description": "This relationship describes an object included in another object.",
"format": [
"misp"
]
},
{
"name": "analysed-with",
"description": "This relationship describes an object analysed by another object.",
"format": [
"misp"
]
},
{
"name": "claimed-by",
"description": "This relationship describes an object claimed by another object.",
"format": [
"misp"
]
},
{
"name": "communicates-with",
"description": "This relationship describes an object communicating with another object.",
"format": [
"misp"
]
},
{
"name": "drops",
"description": "This relationship describes an object which drops another object",
"format": [
"misp"
]
},
{
"name": "executed-by",
"description": "This relationship describes an object executed by another object.",
2017-08-23 17:17:56 +02:00
"format": [
"misp"
]
2017-08-23 17:17:56 +02:00
},
{
"name": "affects",
"description": "This relationship describes an object affected by another object.",
2017-08-23 17:17:56 +02:00
"format": [
2018-10-22 18:19:47 +02:00
"misp",
"alfred"
]
2017-08-23 17:17:56 +02:00
},
{
"name": "beacons-to",
"description": "This relationship describes an object beaconing to another object.",
"format": [
2018-10-22 18:19:47 +02:00
"misp",
"alfred"
]
2017-08-24 09:47:28 +02:00
},
{
"name": "abuses",
"description": "This relationship describes an object which abuses another object.",
2017-08-24 09:47:28 +02:00
"format": [
"misp"
]
2017-08-24 09:47:28 +02:00
},
{
"name": "exfiltrates-to",
"description": "This relationship describes an object exfiltrating to another object.",
2017-08-24 09:47:28 +02:00
"format": [
2018-10-22 18:19:47 +02:00
"misp",
"alfred"
]
2017-08-24 09:47:28 +02:00
},
{
"name": "identifies",
"description": "This relationship describes an object which identifies another object.",
2017-08-24 09:47:28 +02:00
"format": [
2018-10-22 18:19:47 +02:00
"misp",
"alfred"
]
2017-08-24 09:47:28 +02:00
},
{
"name": "intercepts",
"description": "This relationship describes an object which intercepts another object.",
2017-08-24 09:47:28 +02:00
"format": [
2018-10-22 18:19:47 +02:00
"misp",
"alfred"
]
2017-08-26 21:50:00 +02:00
},
{
"name": "calls",
"description": "This relationship describes an object which calls another objects.",
"format": [
"misp"
]
},
{
"name": "detected-as",
"description": "This relationship describes an object which is detected as another object.",
2017-08-26 21:50:00 +02:00
"format": [
"misp"
]
},
{
"name": "followed-by",
"description": "This relationship describes an object which is followed by another object. This can be used when a time reference is missing but a sequence is known.",
"format": [
"misp"
]
},
{
"name": "preceding-by",
"description": "This relationship describes an object which is preceded by another object. This can be used when a time reference is missing but a sequence is known.",
"format": [
"misp"
]
},
{
"name": "triggers",
"description": "This relationship describes an object which triggers another object.",
"format": [
"misp"
]
2017-10-26 15:40:53 +02:00
},
{
2017-10-26 15:52:36 +02:00
"name": "vulnerability-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a vulnerability of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "works-like",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which works like another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "seller-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is selling another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "seller-on",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is selling on another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "trying-to-obtain-the-exploit",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is trying to obtain the exploit described by another object",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "used-by",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is used by another object.",
"format": [
"cert-eu"
]
},
{
"name": "affiliated",
"description": "This relationship describes an object which is affiliated with another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "alleged-founder-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is the alleged founder of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "attacking-other-group",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which attacks another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "belongs-to",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which belongs to another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "business-relations",
"description": "This relationship describes an object which has business relations with another object.",
2017-10-26 15:40:53 +02:00
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "claims-to-be-the-founder-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which claims to be the founder of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "cooperates-with",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which cooperates with another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "former-member-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a former member of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "successor-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a successor of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "has-joined",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which has joined another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "member-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a member of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "primary-member-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a primary member of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "administrator-of",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is an administrator of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "is-in-relation-with",
"description": "This relationship describes an object which is in relation with another object,",
2017-10-26 15:40:53 +02:00
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "provide-support-to",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which provides support to another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "regional-branch",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is a regional branch of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "similar",
"description": "This relationship describes an object which is similar to another object.",
2017-10-26 15:40:53 +02:00
"format": [
"cert-eu"
]
},
{
"name": "subgroup",
"description": "This relationship describes an object which is a subgroup of another object.",
"format": [
"cert-eu"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "suspected-link",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is suspected to be linked with another object.",
"format": [
"misp"
]
},
{
2017-10-26 15:52:36 +02:00
"name": "same-as",
2017-10-26 15:40:53 +02:00
"description": "This relationship describes an object which is the same as another object.",
"format": [
"misp"
]
2017-10-27 14:07:46 +02:00
},
{
"name": "creator-of",
"description": "This relationship describes an object which is the creator of another object.",
"format": [
"cert-eu"
]
},
{
"name": "developer-of",
"description": "This relationship describes an object which is a developer of another object.",
"format": [
"cert-eu"
]
},
{
"name": "uses-for-recon",
"description": "This relationship describes an object which uses another object for recon.",
"format": [
"cert-eu"
]
},
{
"name": "operator-of",
"description": "This relationship describes an object which is an operator of another object.",
"format": [
"cert-eu"
]
},
{
"name": "overlaps",
"description": "This relationship describes an object which overlaps another object.",
"format": [
"cert-eu"
]
},
{
"name": "owner-of",
"description": "This relationship describes an object which owns another object.",
"format": [
2018-10-22 18:19:47 +02:00
"cert-eu",
"alfred"
2017-10-27 14:07:46 +02:00
]
},
{
"name": "publishes-method-for",
"description": "This relationship describes an object which publishes method for another object.",
"format": [
"cert-eu"
]
},
{
"name": "recommends-use-of",
"description": "This relationship describes an object which recommends the use of another object.",
"format": [
"cert-eu"
]
},
{
"name": "released-source-code",
"description": "This relationship describes an object which released source code of another object.",
"format": [
"cert-eu"
]
},
{
"name": "released",
"description": "This relationship describes an object which release another object.",
"format": [
"cert-eu"
]
2018-07-10 09:41:27 +02:00
},
{
"name": "exploits",
2018-09-04 16:15:08 +02:00
"description": "This relationship describes an object (like a PoC/exploit) which exploits another object (such as a vulnerability object).",
"format": [
"misp"
]
2018-08-21 10:22:42 +02:00
},
{
"name": "signed-by",
"description": "This relationship describes an object signed by another object.",
"format": [
"misp"
]
},
{
"name": "delivered-by",
"description": "This relationship describes an object by another object (such as exploit kit, dropper).",
"format": [
"misp"
]
},
{
"name": "controls",
"description": "This relationship describes an object which controls another object.",
"format": [
"misp"
]
},
{
"name": "annotates",
"description": "This relationships describes an object which annotates another object.",
"format": [
"misp"
]
},
{
"name": "references",
"description": "This relationships describes an object which references another object or attribute.",
"format": [
"misp"
]
2018-10-22 18:19:47 +02:00
},
{
"name": "child-of",
"description": "A child semantic link to a parent.",
"format": [
"alfred"
]
},
{
"name": "compromised",
"description": "Represents the semantic link of having compromised something.",
"format": [
"alfred"
]
},
{
"name": "connects",
"description": "The initiator of a connection.",
"format": [
"alfred"
]
},
{
"name": "connects-to",
"description": "The destination or target of a connection.",
"format": [
"alfred"
]
},
{
"name": "cover-term-for",
"description": "Represents the semantic link of one thing being the cover term for another.",
"format": [
"alfred"
]
},
{
"name": "disclosed-to",
"description": "Semantic link indicating where information is disclosed to.",
"format": [
"alfred"
]
},
{
"name": "downloads",
"description": "Represents the semantic link of one thing downloading another.",
"format": [
"alfred"
]
},
{
"name": "downloads-from",
"description": "Represents the semantic link of malware being downloaded from a location.",
"format": [
"alfred"
]
},
{
"name": "generated",
"description": "Represents the semantic link of an alert generated from a signature.",
"format": [
"alfred"
]
},
{
"name": "implements",
"description": "One data object implements another.",
"format": [
"alfred"
]
},
{
"name": "initiates",
"description": "Represents the semantic link of a communication initiating an event.",
"format": [
"alfred"
]
},
{
"name": "instance-of",
"description": "Represents the semantic link between a FILE and FILE_BINARY.",
"format": [
"alfred"
]
},
{
"name": "issuer-of",
"description": "Represents the semantic link of being the issuer of something.",
"format": [
"alfred"
]
},
{
"name": "linked-to",
"description": "Represents the semantic link of being associated with something.",
"format": [
"alfred"
]
},
{
"name": "not-relevant-to",
"description": "Represents the semantic link of a comm that is not relevant to an EVENT.",
"format": [
"alfred"
]
},
{
"name": "part-of",
"description": "Represents the semantic link that defines one thing to be part of another in a hierachial structure from the child to the parent.",
"format": [
"alfred"
]
},
{
"name": "processed-by",
"description": "Represents the semantic link of something has been processed by another program.",
"format": [
"alfred"
]
},
{
"name": "produced",
"description": "Represents the semantic link of something having produced something else.",
"format": [
"alfred"
]
},
{
"name": "queried-for",
"description": "The IP Address or domain being queried for.",
"format": [
"alfred"
]
},
{
"name": "query-returned",
"description": "The IP Address or domain returned as the result of a query.",
"format": [
"alfred"
]
},
{
"name": "registered",
"description": "Represents the semantic link of someone registered some thing.",
"format": [
"alfred"
]
},
{
"name": "registered-to",
"description": "Represents the semantic link of something being registered to.",
"format": [
"alfred"
]
},
{
"name": "relates",
"description": "Represents the semantic link between HBS Comms and communication addresses.",
"format": [
"alfred"
]
},
{
"name": "relevant-to",
"description": "Represents the semantic link of a comm that is relevant to an EVENT.",
"format": [
"alfred"
]
},
{
"name": "resolves-to",
"description": "Represents the semantic link of resolving to something.",
"format": [
"alfred"
]
},
{
"name": "responsible-for",
"description": "Represents the semantic link of some entity being responsible for something.",
"format": [
"alfred"
]
},
{
"name": "seeded",
"description": "Represents the semantic link of a seeded domain redirecting to another site.",
"format": [
"alfred"
]
},
{
"name": "sends",
"description": "A sends semantic link meaning 'who sends what'.",
"format": [
"alfred"
]
},
{
"name": "sends-as-bcc-to",
"description": "A sends to as BCC semantic link meaning 'what sends to who as BCC'.",
"format": [
"alfred"
]
},
{
"name": "sends-as-cc-to",
"description": "A sends to as CC semantic link meaning 'what sends to who as CC'.",
"format": [
"alfred"
]
},
{
"name": "sends-to",
"description": "A sends to semantic link meaning 'what sends to who'.",
"format": [
"alfred"
]
},
{
"name": "spoofer-of",
"description": "The represents the semantic link of having spoofed something.",
"format": [
"alfred"
]
},
{
"name": "subdomain-of",
"description": "Represents a domain being a subdomain of another.",
"format": [
"alfred"
]
},
{
"name": "supersedes",
"description": "One data object supersedes another.",
"format": [
"alfred"
]
},
{
"name": "triggered-on",
"description": "Represents the semantic link of an alert triggered on an event.",
"format": [
"alfred"
]
},
{
"name": "uploads",
"description": "Represents the semantic link of one thing uploading another.",
"format": [
"alfred"
]
},
{
"name": "user-of",
"description": "The represents the semantic link of being the user of something.",
"format": [
"alfred"
]
},
{
"name": "works-for",
"description": "Represents the semantic link of working for something.",
"format": [
"alfred"
]
2018-12-21 20:50:12 +01:00
},
{
"name": "witness-of",
"description": "Represents an object being a witness of something.",
"format": [
"misp"
]
2019-04-13 07:30:45 +02:00
},
{
"name": "creates",
"description": "Represents an object that creates something.",
"format": [
"misp",
"haxpak"
2019-04-13 07:30:45 +02:00
]
},
{
"name": "screenshot-of",
"description": "Represents an object being the screenshot of something.",
"format": [
"misp"
]
}
],
"description": "Default type of relationships in MISP objects.",
"uuid": "b002c0d6-320f-450d-82c4-b3aa15bbbd6c",
"name": "relationships"
}