mirror of https://github.com/MISP/misp-objects
chg: [doc] misp-objects list updated
parent
a9d51da83c
commit
2902024f5f
350
README.md
350
README.md
|
@ -66,108 +66,254 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
|
||||||
|
|
||||||
## Existing MISP objects
|
## Existing MISP objects
|
||||||
|
|
||||||
* [objects/ail-leak](objects/ail-leak/definition.json) - Information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework).
|
- [objects/ail-leak](objects/ail-leak/definition.json) - An information leak as defined by the AIL Analysis Information Leak framework.
|
||||||
* [objects/ais-info](objects/ais-info/definition.json) - Object describing Automated Indicator Sharing (AIS) information source markings.
|
- [objects/ais-info](objects/ais-info/definition.json) - Automated Indicator Sharing (AIS) Information Source Markings.
|
||||||
* [objects/android-permission](objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. file).
|
- [objects/android-app](objects/android-app/definition.json) - Indicators related to an Android app.
|
||||||
* [objects/asn](objects/asn/definition.json) - Autonomous system object describing a BGP autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
|
- [objects/android-permission](objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app).
|
||||||
* [objects/attack-pattern](objects/attack-pattern/definition.json) - Attack Pattern object describing a common attack pattern enumeration and classification.
|
- [objects/annotation](objects/annotation/definition.json) - An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.
|
||||||
* [objects/authenticode-signerinfo](objects/authenticode-signerinfo/definition.json) - Authenticode signer info.
|
- [objects/anonymisation](objects/anonymisation/definition.json) - Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml.
|
||||||
* [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature.
|
- [objects/asn](objects/asn/definition.json) - Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
|
||||||
* [objects/bank-account](objects/bank-account/definition.json) - Object describing bank account information based on account description from goAML 4.0.
|
- [objects/attack-pattern](objects/attack-pattern/definition.json) - Attack pattern describing a common attack pattern enumeration and classification.
|
||||||
* [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com
|
- [objects/authentication-failure-report](objects/authentication-failure-report/definition.json) - Authentication Failure Report.
|
||||||
* [objects/btc-transaction](objects/btc-transaction/definition.json) - Object describing BTC transaction (often attached to a btc-wallet object.
|
- [objects/authenticode-signerinfo](objects/authenticode-signerinfo/definition.json) - Authenticode Signer Info.
|
||||||
* [objects/btc-wallet](objects/btc-wallet/definition.json) - Object describing a BTC wallet.
|
- [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature.
|
||||||
* [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
|
- [objects/bank-account](objects/bank-account/definition.json) - An object describing bank account information based on account description from goAML 4.0.
|
||||||
* [objects/cap-info](objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
|
- [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com.
|
||||||
* [objects/cap-resource](objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.
|
- [objects/blog](objects/blog/definition.json) - Blog post like Medium or WordPress.
|
||||||
* [objects/coin-address](objects/coin-address/definition.json) - An address used in a cryptocurrency.
|
- [objects/boleto](objects/boleto/definition.json) - A common form of payment used in Brazil.
|
||||||
* [objects/cookie](objects/cookie/definition.json) - A cookie object describes an HTTP cookie including its use in malicious cases.
|
- [objects/btc-transaction](objects/btc-transaction/definition.json) - An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.
|
||||||
* [objects/course-of-action](objects/course-of-action/definition.json) - An object describing a Course of Action such as a specific measure taken to prevent or respond to an attack.
|
- [objects/btc-wallet](objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with bitcoin-transactions.
|
||||||
* [objects/cowrie](objects/cowrie/definition.json) - A cowrie object describes cowrie honeypot sessions.
|
- [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
|
||||||
* [objects/credential](objects/credential/definition.json) - A credential object describes one or more credential(s) including password(s), api key(s) or decryption key(s).
|
- [objects/cap-info](objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
|
||||||
* [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
|
- [objects/cap-resource](objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.
|
||||||
* [objects/device](objects/device/definition.json) - An object to describe a device such as a computer, laptop or alike.
|
- [objects/coin-address](objects/coin-address/definition.json) - An address used in a cryptocurrency.
|
||||||
* [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
|
- [objects/command](objects/command/definition.json) - Command functionalities related to specific commands executed by a program, whether it is malicious or not. Command-line are attached to this object for the related commands.
|
||||||
* [objects/dns-record](objects/dns-record/definition.json) - A DNS record object to describe the associated records for a domain.
|
- [objects/command-line](objects/command-line/definition.json) - Command line and options related to a specific command executed by a program, whether it is malicious or not.
|
||||||
* [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
|
- [objects/cookie](objects/cookie/definition.json) - An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.
|
||||||
* [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).
|
- [objects/cortex](objects/cortex/definition.json) - Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object.
|
||||||
* [objects/elf-section](objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format (ELF).
|
- [objects/cortex-taxonomy](objects/cortex-taxonomy/definition.json) - Cortex object describing an Cortex Taxonomy (or mini report).
|
||||||
* [objects/email](objects/email/definition.json) - An email object.
|
- [objects/course-of-action](objects/course-of-action/definition.json) - An object describing a specific measure taken to prevent or respond to an attack.
|
||||||
* [objects/employee](objects/employee/definition.json) - An employee object.
|
- [objects/covid19-csse-daily-report](objects/covid19-csse-daily-report/definition.json) - CSSE COVID-19 Daily report.
|
||||||
* [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.
|
- [objects/covid19-dxy-live-city](objects/covid19-dxy-live-city/definition.json) - COVID 19 from dxy.cn - Aggregation by city.
|
||||||
* [objects/facial-composite](objects/facial-composite/definition.json) A facial composite object.
|
- [objects/covid19-dxy-live-province](objects/covid19-dxy-live-province/definition.json) - COVID 19 from dxy.cn - Aggregation by province.
|
||||||
* [objects/fail2ban](objects/fail2ban/definition.json) - A fail2ban object.
|
- [objects/cowrie](objects/cowrie/definition.json) - Cowrie honeypot object template.
|
||||||
* [objects/file](objects/file/definition.json) - File object describing a file with meta-information.
|
- [objects/credential](objects/credential/definition.json) - Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).
|
||||||
* [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
|
- [objects/credit-card](objects/credit-card/definition.json) - A payment card like credit card, debit card or any similar cards which can be used for financial transactions.
|
||||||
* [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
|
- [objects/crypto-material](objects/crypto-material/definition.json) - Cryptographic materials such as public or/and private keys.
|
||||||
* [objects/geolocation](objects/geolocation/definition.json) - A geolocation object to describe a location.
|
- [objects/cytomic-orion-file](objects/cytomic-orion-file/definition.json) - Cytomic Orion File Detection.
|
||||||
* [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
|
- [objects/cytomic-orion-machine](objects/cytomic-orion-machine/definition.json) - Cytomic Orion File at Machine Detection.
|
||||||
* [objects/http-request](objects/http-request/definition.json) - A single HTTP request header object.
|
- [objects/dark-pattern-item](objects/dark-pattern-item/definition.json) - An Item whose User Interface implements a dark pattern.
|
||||||
* [objects/imsi-catcher](objects/imsi-catcher/definition.json) - Object describing IMSI catcher associated event.
|
- [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy.
|
||||||
* [objects/interpol-notice](objects/interpol-notice/definition.json) - Object used to represent an Interpol notice
|
- [objects/device](objects/device/definition.json) - An object to define a device.
|
||||||
* [objects/ip-api-address](objects/ip-api-address/definition.json) - Object describing IP Address information, as defined in [ip-api.com](http://ip-api.com).
|
- [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
|
||||||
* [objects/ip-port](objects/ip-port/definition.json) - An IP address and a port seen as a tuple (or as a triple) in a specific time frame.
|
- [objects/dns-record](objects/dns-record/definition.json) - A set of dns records observed for a specific domain.
|
||||||
* [objects/ja3](objects/ja3/definition.json) - A ja3 object which describes an SSL client fingerprint in an easy to produce and shareable way.
|
- [objects/domain-crawled](objects/domain-crawled/definition.json) - A domain crawled over time.
|
||||||
* [objects/legal-entity](objects/legal-entity/definition.json) - Object describing a legal entity, such as an organisation.
|
- [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
|
||||||
* [objects/lnk](objects/lnk/definition.json) - Object describing a Windows LNK (Windows Shortcut) file.
|
- [objects/elf](objects/elf/definition.json) - Object describing a Executable and Linkable Format.
|
||||||
* [objects/macho](objects/macho/definition.json) - Object describing a Mach object file format.
|
- [objects/elf-section](objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format.
|
||||||
* [objects/macho-section](objects/macho-section/definition.json) - Object describing a section of a Mach object file format.
|
- [objects/email](objects/email/definition.json) - Email object describing an email with meta-information.
|
||||||
* [objects/mactime-timeline-analysis](objects/mactime-timeline-analysis/definition.json) - Mactime template, used in forensic investigations to describe the timeline of a file activity.
|
- [objects/employee](objects/employee/definition.json) - An employee and related data points.
|
||||||
* [objects/malware-config](objects/malware-config/definition.json) - Object describing a malware configuration recovered or extracted from a malicious binary.
|
- [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.
|
||||||
* [objects/microblog](objects/microblog/definition.json) - Object describing microblog post like Twitter or Facebook.
|
- [objects/facebook-account](objects/facebook-account/definition.json) - Facebook account.
|
||||||
* [objects/mutex](objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
|
- [objects/facebook-group](objects/facebook-group/definition.json) - Public or private facebook group.
|
||||||
* [objects/netflow](objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
|
- [objects/facebook-page](objects/facebook-page/definition.json) - Facebook page.
|
||||||
* [objects/network-connection](objects/network-connection/definition.json) - Network object describes a local or remote network connection.
|
- [objects/facebook-post](objects/facebook-post/definition.json) - Post on a Facebook wall.
|
||||||
* [objects/network-socket](objects/network-socket/definition.json) - Object to describe a local or remote network connections based on the socket data structure.
|
- [objects/facial-composite](objects/facial-composite/definition.json) - An object which describes a facial composite.
|
||||||
* [objects/original-imported-file](objects/original-imported-file/definition.json) - Object to describe the original files used to import data in MISP.
|
- [objects/fail2ban](objects/fail2ban/definition.json) - Fail2ban event.
|
||||||
* [objects/organization](objects/organization/definition.json) - An object which describes an organization.
|
- [objects/file](objects/file/definition.json) - File object describing a file with meta-information.
|
||||||
* [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in [draft-dulaunoy-dnsop-passive-dns-cof-01](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01).
|
- [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
|
||||||
* [objects/paste](objects/paste/definition.json) - Object describing a paste or similar post from a website allowing to share privately or publicly posts.
|
- [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
|
||||||
* [objects/pe](objects/pe/definition.json) - Portable Executable (PE) object.
|
- [objects/forged-document](objects/forged-document/definition.json) - Object describing a forged document.
|
||||||
* [objects/pe-section](objects/pe-section/definition.json) - Portable Executable (PE) object - section description.
|
- [objects/ftm-Airplane](objects/ftm-Airplane/definition.json) - .
|
||||||
* [objects/person](objects/person/definition.json) - A person object which describes a person or an identity.
|
- [objects/ftm-Assessment](objects/ftm-Assessment/definition.json) - .
|
||||||
* [objects/phishing](objects/phishing/definition.json) - Phishing template to describe a phishing website and its analysis.
|
- [objects/ftm-Asset](objects/ftm-Asset/definition.json) - .
|
||||||
* [objects/phishing-kit](objects/phishing-kit/definition.json) - Object to describe a phishing kit.
|
- [objects/ftm-Associate](objects/ftm-Associate/definition.json) - Non-family association between two people.
|
||||||
* [objects/phone](objects/phone/definition.json) - A phone or mobile phone object.
|
- [objects/ftm-Audio](objects/ftm-Audio/definition.json) - .
|
||||||
* [objects/process](objects/process/definition.json) - A process object.
|
- [objects/ftm-BankAccount](objects/ftm-BankAccount/definition.json) - .
|
||||||
* [objects/regexp](objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.
|
- [objects/ftm-Call](objects/ftm-Call/definition.json) - .
|
||||||
* [objects/registry-key](objects/registry-key/definition.json) - A registry-key object.
|
- [objects/ftm-Company](objects/ftm-Company/definition.json) - .
|
||||||
* [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from binary files using radare2 and graphml.
|
- [objects/ftm-Contract](objects/ftm-Contract/definition.json) - An contract or contract lot issued by an authority. Multiple lots may be awarded to different suppliers (see ContractAward).
|
||||||
* [objects/report](objects/report/definition.json) - Object to describe metadata used to generate an executive level report.
|
.
|
||||||
* [objects/research-scanner](objects/research-scanner/definition.json) - Information related to known scanning activity (e.g. from research projects)
|
- [objects/ftm-ContractAward](objects/ftm-ContractAward/definition.json) - A contract or contract lot as awarded to a supplier.
|
||||||
* [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response.
|
- [objects/ftm-CourtCase](objects/ftm-CourtCase/definition.json) - .
|
||||||
* [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report object.
|
- [objects/ftm-CourtCaseParty](objects/ftm-CourtCaseParty/definition.json) - .
|
||||||
* [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature object.
|
- [objects/ftm-Debt](objects/ftm-Debt/definition.json) - A monetary debt between two parties.
|
||||||
* [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
|
- [objects/ftm-Directorship](objects/ftm-Directorship/definition.json) - .
|
||||||
* [objects/shell-commands](objects/shell-commands/definition.json) - Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
|
- [objects/ftm-Document](objects/ftm-Document/definition.json) - .
|
||||||
* [objects/shodan](objects/shodan/definition.json) - A shodan object to describe a shodan report.
|
- [objects/ftm-Documentation](objects/ftm-Documentation/definition.json) - .
|
||||||
* [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target.
|
- [objects/ftm-EconomicActivity](objects/ftm-EconomicActivity/definition.json) - A foreign economic activity.
|
||||||
* [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message(s).
|
- [objects/ftm-Email](objects/ftm-Email/definition.json) - .
|
||||||
* [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
|
- [objects/ftm-Event](objects/ftm-Event/definition.json) - .
|
||||||
* [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
|
- [objects/ftm-Family](objects/ftm-Family/definition.json) - Family relationship between two people.
|
||||||
* [objects/ssh-authorized-keys](objects/ssh-authorized-keys/definition.json) - SSH authorized keys object to store keys and option from SSH authorized_keys file.
|
- [objects/ftm-Folder](objects/ftm-Folder/definition.json) - .
|
||||||
* [objects/suricata](objects/suricata/definition.json) - Suricata rule with context.
|
- [objects/ftm-HyperText](objects/ftm-HyperText/definition.json) - .
|
||||||
* [objects/target-system](objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromised internal system.
|
- [objects/ftm-Image](objects/ftm-Image/definition.json) - .
|
||||||
* [objects/threatgrid-report](objects/threatgrid-report/definition.json) - A threatgrid report object.
|
- [objects/ftm-Land](objects/ftm-Land/definition.json) - .
|
||||||
* [objects/timecode](objects/timecode/definition.json) - Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
|
- [objects/ftm-LegalEntity](objects/ftm-LegalEntity/definition.json) - A legal entity may be a person or a company.
|
||||||
* [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) - A timesketch timeline object based on mandatory field in timesketch to describe a log entry.
|
- [objects/ftm-License](objects/ftm-License/definition.json) - A grant of land, rights or property. A type of Contract.
|
||||||
* [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.
|
- [objects/ftm-Membership](objects/ftm-Membership/definition.json) - .
|
||||||
* [objects/tor-hiddenservice](objects/tor-hiddenservice/definition.json) - Tor hidden service (Onion Service) object to describe a Tor hidden service.
|
- [objects/ftm-Message](objects/ftm-Message/definition.json) - .
|
||||||
* [objects/tor-node](objects/tor-node/definition.json) - Tor node description which are part of the Tor network at a time.
|
- [objects/ftm-Organization](objects/ftm-Organization/definition.json) - .
|
||||||
* [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
|
- [objects/ftm-Ownership](objects/ftm-Ownership/definition.json) - .
|
||||||
* [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction.
|
- [objects/ftm-Package](objects/ftm-Package/definition.json) - .
|
||||||
* [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
|
- [objects/ftm-Page](objects/ftm-Page/definition.json) - .
|
||||||
* [objects/user-account](objects/user-account/definition.json) - Object describing a user account (UNIX, Windows, etc).
|
- [objects/ftm-Pages](objects/ftm-Pages/definition.json) - .
|
||||||
* [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
|
- [objects/ftm-Passport](objects/ftm-Passport/definition.json) - Passport.
|
||||||
* [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused.
|
- [objects/ftm-Payment](objects/ftm-Payment/definition.json) - A monetary payment between two parties.
|
||||||
* [objects/virustotal-graph](objects/virustotal-graph/definition.json) - VirusTotal graph.
|
- [objects/ftm-Person](objects/ftm-Person/definition.json) - An individual.
|
||||||
* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
|
- [objects/ftm-PlainText](objects/ftm-PlainText/definition.json) - .
|
||||||
* [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE.
|
- [objects/ftm-PublicBody](objects/ftm-PublicBody/definition.json) - A public body, such as a ministry, department or state company.
|
||||||
* [objects/weakness](objects/weakness/definition.json) - Weakness object as described in a CWE.
|
- [objects/ftm-RealEstate](objects/ftm-RealEstate/definition.json) - A piece of land or property.
|
||||||
* [objects/whois](objects/whois/definition.json) - Whois records information for a domain name.
|
- [objects/ftm-Representation](objects/ftm-Representation/definition.json) - A mediatory, intermediary, middleman, or broker acting on behalf of a legal entity.
|
||||||
* [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate.
|
- [objects/ftm-Row](objects/ftm-Row/definition.json) - .
|
||||||
* [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: [yabin](https://github.com/AlienVault-OTX/yabin).
|
- [objects/ftm-Sanction](objects/ftm-Sanction/definition.json) - A sanction designation.
|
||||||
* [objects/yara](objects/yara/definition.json) - YARA object describing a YARA rule along with the version supported and context (such as memory, network, disk).
|
- [objects/ftm-Succession](objects/ftm-Succession/definition.json) - Two entities that legally succeed each other.
|
||||||
|
- [objects/ftm-Table](objects/ftm-Table/definition.json) - .
|
||||||
|
- [objects/ftm-TaxRoll](objects/ftm-TaxRoll/definition.json) - A tax declaration of an individual.
|
||||||
|
- [objects/ftm-UnknownLink](objects/ftm-UnknownLink/definition.json) - .
|
||||||
|
- [objects/ftm-UserAccount](objects/ftm-UserAccount/definition.json) - .
|
||||||
|
- [objects/ftm-Vehicle](objects/ftm-Vehicle/definition.json) - .
|
||||||
|
- [objects/ftm-Vessel](objects/ftm-Vessel/definition.json) - A boat or ship.
|
||||||
|
- [objects/ftm-Video](objects/ftm-Video/definition.json) - .
|
||||||
|
- [objects/ftm-Workbook](objects/ftm-Workbook/definition.json) - .
|
||||||
|
- [objects/geolocation](objects/geolocation/definition.json) - An object to describe a geographic location.
|
||||||
|
- [objects/git-vuln-finder](objects/git-vuln-finder/definition.json) - Export from git-vuln-finder.
|
||||||
|
- [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
|
||||||
|
- [objects/http-request](objects/http-request/definition.json) - A single HTTP request header.
|
||||||
|
- [objects/ilr-impact](objects/ilr-impact/definition.json) - Institut Luxembourgeois de Regulation - Impact.
|
||||||
|
- [objects/ilr-notification-incident](objects/ilr-notification-incident/definition.json) - Institut Luxembourgeois de Regulation - Notification d'incident.
|
||||||
|
- [objects/image](objects/image/definition.json) - Object describing an image file.
|
||||||
|
- [objects/impersonation](objects/impersonation/definition.json) - Represent an impersonating account.
|
||||||
|
- [objects/imsi-catcher](objects/imsi-catcher/definition.json) - IMSI Catcher entry object based on the open source IMSI cather.
|
||||||
|
- [objects/instant-message](objects/instant-message/definition.json) - Instant Message (IM) object template describing one or more IM message.
|
||||||
|
- [objects/instant-message-group](objects/instant-message-group/definition.json) - Instant Message (IM) group object template describing a public or private IM group, channel or conversation.
|
||||||
|
- [objects/intelmq_event](objects/intelmq_event/definition.json) - IntelMQ Event.
|
||||||
|
- [objects/intelmq_report](objects/intelmq_report/definition.json) - IntelMQ Report.
|
||||||
|
- [objects/internal-reference](objects/internal-reference/definition.json) - Internal reference.
|
||||||
|
- [objects/interpol-notice](objects/interpol-notice/definition.json) - An object which describes a Interpol notice.
|
||||||
|
- [objects/iot-device](objects/iot-device/definition.json) - An IoT device.
|
||||||
|
- [objects/iot-firmware](objects/iot-firmware/definition.json) - A firmware for an IoT device.
|
||||||
|
- [objects/ip-api-address](objects/ip-api-address/definition.json) - IP Address information. Useful if you are pulling your ip information from ip-api.com.
|
||||||
|
- [objects/ip-port](objects/ip-port/definition.json) - An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.
|
||||||
|
- [objects/irc](objects/irc/definition.json) - An IRC object to describe an IRC server and the associated channels.
|
||||||
|
- [objects/ja3](objects/ja3/definition.json) - JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3.
|
||||||
|
- [objects/leaked-document](objects/leaked-document/definition.json) - Object describing a leaked document.
|
||||||
|
- [objects/legal-entity](objects/legal-entity/definition.json) - An object to describe a legal entity.
|
||||||
|
- [objects/lnk](objects/lnk/definition.json) - LNK object describing a Windows LNK binary file (aka Windows shortcut).
|
||||||
|
- [objects/macho](objects/macho/definition.json) - Object describing a file in Mach-O format.
|
||||||
|
- [objects/macho-section](objects/macho-section/definition.json) - Object describing a section of a file in Mach-O format.
|
||||||
|
- [objects/mactime-timeline-analysis](objects/mactime-timeline-analysis/definition.json) - Mactime template, used in forensic investigations to describe the timeline of a file activity.
|
||||||
|
- [objects/malware-config](objects/malware-config/definition.json) - Malware configuration recovered or extracted from a malicious binary.
|
||||||
|
- [objects/meme-image](objects/meme-image/definition.json) - Object describing a meme (image).
|
||||||
|
- [objects/microblog](objects/microblog/definition.json) - Microblog post like a Twitter tweet or a post on a Facebook wall.
|
||||||
|
- [objects/mutex](objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
|
||||||
|
- [objects/narrative](objects/narrative/definition.json) - Object describing a narrative.
|
||||||
|
- [objects/netflow](objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
|
||||||
|
- [objects/network-connection](objects/network-connection/definition.json) - A local or remote network connection.
|
||||||
|
- [objects/network-socket](objects/network-socket/definition.json) - Network socket object describes a local or remote network connections based on the socket data structure.
|
||||||
|
- [objects/news-agency](objects/news-agency/definition.json) - News agencies compile news and disseminate news in bulk.
|
||||||
|
- [objects/news-media](objects/news-media/definition.json) - News media are forms of mass media delivering news to the general public.
|
||||||
|
- [objects/organization](objects/organization/definition.json) - An object which describes an organization.
|
||||||
|
- [objects/original-imported-file](objects/original-imported-file/definition.json) - Object describing the original file used to import data in MISP.
|
||||||
|
- [objects/parler-account](objects/parler-account/definition.json) - Parler account.
|
||||||
|
- [objects/parler-comment](objects/parler-comment/definition.json) - Parler comment.
|
||||||
|
- [objects/parler-post](objects/parler-post/definition.json) - Parler post (parley).
|
||||||
|
- [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.
|
||||||
|
- [objects/paste](objects/paste/definition.json) - Paste or similar post from a website allowing to share privately or publicly posts.
|
||||||
|
- [objects/pcap-metadata](objects/pcap-metadata/definition.json) - Network packet capture metadata.
|
||||||
|
- [objects/pe](objects/pe/definition.json) - Object describing a Portable Executable.
|
||||||
|
- [objects/pe-section](objects/pe-section/definition.json) - Object describing a section of a Portable Executable.
|
||||||
|
- [objects/person](objects/person/definition.json) - An object which describes a person or an identity.
|
||||||
|
- [objects/pgp-meta](objects/pgp-meta/definition.json) - Metadata extracted from a PGP keyblock, message or signature.
|
||||||
|
- [objects/phishing](objects/phishing/definition.json) - Phishing template to describe a phishing website and its analysis.
|
||||||
|
- [objects/phishing-kit](objects/phishing-kit/definition.json) - Object to describe a phishing-kit.
|
||||||
|
- [objects/phone](objects/phone/definition.json) - A phone or mobile phone object which describe a phone.
|
||||||
|
- [objects/process](objects/process/definition.json) - Object describing a system process.
|
||||||
|
- [objects/publication](objects/publication/definition.json) - An object to describe a book, journal, or academic publication.
|
||||||
|
- [objects/python-etvx-event-log](objects/python-etvx-event-log/definition.json) - Event log object template to share information of the activities conducted on a system. .
|
||||||
|
- [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml.
|
||||||
|
- [objects/reddit-account](objects/reddit-account/definition.json) - Reddit account.
|
||||||
|
- [objects/reddit-comment](objects/reddit-comment/definition.json) - A Reddit post comment.
|
||||||
|
- [objects/reddit-post](objects/reddit-post/definition.json) - A Reddit post.
|
||||||
|
- [objects/reddit-subreddit](objects/reddit-subreddit/definition.json) - Public or private subreddit.
|
||||||
|
- [objects/regexp](objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.
|
||||||
|
- [objects/registry-key](objects/registry-key/definition.json) - Registry key object describing a Windows registry key with value and last-modified timestamp.
|
||||||
|
- [objects/regripper-NTUser](objects/regripper-NTUser/definition.json) - Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.
|
||||||
|
- [objects/regripper-sam-hive-single-user](objects/regripper-sam-hive-single-user/definition.json) - Regripper Object template designed to present user profile details extracted from the SAM hive.
|
||||||
|
- [objects/regripper-sam-hive-user-group](objects/regripper-sam-hive-user-group/definition.json) - Regripper Object template designed to present group profile details extracted from the SAM hive.
|
||||||
|
- [objects/regripper-software-hive-BHO](objects/regripper-software-hive-BHO/definition.json) - Regripper Object template designed to gather information of the browser helper objects installed on the system.
|
||||||
|
- [objects/regripper-software-hive-appInit-DLLS](objects/regripper-software-hive-appInit-DLLS/definition.json) - Regripper Object template designed to gather information of the DLL files installed on the system.
|
||||||
|
- [objects/regripper-software-hive-application-paths](objects/regripper-software-hive-application-paths/definition.json) - Regripper Object template designed to gather information of the application paths.
|
||||||
|
- [objects/regripper-software-hive-applications-installed](objects/regripper-software-hive-applications-installed/definition.json) - Regripper Object template designed to gather information of the applications installed on the system.
|
||||||
|
- [objects/regripper-software-hive-command-shell](objects/regripper-software-hive-command-shell/definition.json) - Regripper Object template designed to gather information of the shell commands executed on the system.
|
||||||
|
- [objects/regripper-software-hive-software-run](objects/regripper-software-hive-software-run/definition.json) - Regripper Object template designed to gather information of the applications set to run on the system.
|
||||||
|
- [objects/regripper-software-hive-userprofile-winlogon](objects/regripper-software-hive-userprofile-winlogon/definition.json) - Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.
|
||||||
|
- [objects/regripper-software-hive-windows-general-info](objects/regripper-software-hive-windows-general-info/definition.json) - Regripper Object template designed to gather general windows information extracted from the software-hive.
|
||||||
|
- [objects/regripper-system-hive-firewall-configuration](objects/regripper-system-hive-firewall-configuration/definition.json) - Regripper Object template designed to present firewall configuration information extracted from the system-hive.
|
||||||
|
- [objects/regripper-system-hive-general-configuration](objects/regripper-system-hive-general-configuration/definition.json) - Regripper Object template designed to present general system properties extracted from the system-hive.
|
||||||
|
- [objects/regripper-system-hive-network-information](objects/regripper-system-hive-network-information/definition.json) - Regripper object template designed to gather network information from the system-hive.
|
||||||
|
- [objects/regripper-system-hive-services-drivers](objects/regripper-system-hive-services-drivers/definition.json) - Regripper Object template designed to gather information regarding the services/drivers from the system-hive.
|
||||||
|
- [objects/report](objects/report/definition.json) - Metadata used to generate an executive level report.
|
||||||
|
- [objects/research-scanner](objects/research-scanner/definition.json) - Information related to known scanning activity (e.g. from research projects).
|
||||||
|
- [objects/rogue-dns](objects/rogue-dns/definition.json) - Rogue DNS as defined by CERT.br.
|
||||||
|
- [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response.
|
||||||
|
- [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report.
|
||||||
|
- [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature.
|
||||||
|
- [objects/scheduled-event](objects/scheduled-event/definition.json) - Event object template describing a gathering of individuals in meatspace.
|
||||||
|
- [objects/scrippsco2-c13-daily](objects/scrippsco2-c13-daily/definition.json) - Daily average C13 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/scrippsco2-c13-monthly](objects/scrippsco2-c13-monthly/definition.json) - Monthly average C13 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/scrippsco2-co2-daily](objects/scrippsco2-co2-daily/definition.json) - Daily average CO2 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/scrippsco2-co2-monthly](objects/scrippsco2-co2-monthly/definition.json) - Monthly average CO2 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/scrippsco2-o18-daily](objects/scrippsco2-o18-daily/definition.json) - Daily average O18 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/scrippsco2-o18-monthly](objects/scrippsco2-o18-monthly/definition.json) - Monthly average O18 concentrations (ppm) derived from flask air samples.
|
||||||
|
- [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
|
||||||
|
- [objects/shell-commands](objects/shell-commands/definition.json) - Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
|
||||||
|
- [objects/shodan-report](objects/shodan-report/definition.json) - Shodan Report for a given IP.
|
||||||
|
- [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message. Restriction of the initial format 3GPP 23.038 GSM character set doesn't apply.
|
||||||
|
- [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target.
|
||||||
|
- [objects/social-media-group](objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel.
|
||||||
|
- [objects/splunk](objects/splunk/definition.json) - Splunk / Splunk ES object.
|
||||||
|
- [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
|
||||||
|
- [objects/ssh-authorized-keys](objects/ssh-authorized-keys/definition.json) - An object to store ssh authorized keys file.
|
||||||
|
- [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
|
||||||
|
- [objects/suricata](objects/suricata/definition.json) - An object describing one or more Suricata rule(s) along with version and contextual information.
|
||||||
|
- [objects/target-system](objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromissed internal system.
|
||||||
|
- [objects/threatgrid-report](objects/threatgrid-report/definition.json) - ThreatGrid report.
|
||||||
|
- [objects/timecode](objects/timecode/definition.json) - Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
|
||||||
|
- [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) - A timesketch timeline object based on mandatory field in timesketch to describe a log entry.
|
||||||
|
- [objects/timesketch_message](objects/timesketch_message/definition.json) - A timesketch message entry.
|
||||||
|
- [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.
|
||||||
|
- [objects/tor-hiddenservice](objects/tor-hiddenservice/definition.json) - Tor hidden service (onion service) object.
|
||||||
|
- [objects/tor-node](objects/tor-node/definition.json) - Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.
|
||||||
|
- [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
|
||||||
|
- [objects/transaction](objects/transaction/definition.json) - An object to describe a financial transaction.
|
||||||
|
- [objects/translation](objects/translation/definition.json) - Used to keep a text and its translation.
|
||||||
|
- [objects/trustar_report](objects/trustar_report/definition.json) - TruStar Report.
|
||||||
|
- [objects/tsk-chats](objects/tsk-chats/definition.json) - An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.
|
||||||
|
- [objects/tsk-web-bookmark](objects/tsk-web-bookmark/definition.json) - An Object Template to add evidential bookmarks identified during a digital forensic investigation.
|
||||||
|
- [objects/tsk-web-cookie](objects/tsk-web-cookie/definition.json) - An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.
|
||||||
|
- [objects/tsk-web-downloads](objects/tsk-web-downloads/definition.json) - An Object Template to add web-downloads.
|
||||||
|
- [objects/tsk-web-history](objects/tsk-web-history/definition.json) - An Object Template to share web history information.
|
||||||
|
- [objects/tsk-web-search-query](objects/tsk-web-search-query/definition.json) - An Object Template to share web search query information.
|
||||||
|
- [objects/twitter-account](objects/twitter-account/definition.json) - Twitter account.
|
||||||
|
- [objects/twitter-list](objects/twitter-list/definition.json) - Twitter list.
|
||||||
|
- [objects/twitter-post](objects/twitter-post/definition.json) - Twitter post (tweet).
|
||||||
|
- [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.
|
||||||
|
- [objects/user-account](objects/user-account/definition.json) - .
|
||||||
|
- [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
|
||||||
|
- [objects/victim](objects/victim/definition.json) - Victim object describes the target of an attack or abuse.
|
||||||
|
- [objects/virustotal-graph](objects/virustotal-graph/definition.json) - VirusTotal graph.
|
||||||
|
- [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
|
||||||
|
- [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.
|
||||||
|
- [objects/weakness](objects/weakness/definition.json) - Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.
|
||||||
|
- [objects/whois](objects/whois/definition.json) - Whois records information for a domain name or an IP address.
|
||||||
|
- [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate.
|
||||||
|
- [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: https://github.com/AlienVault-OTX/yabin.
|
||||||
|
- [objects/yara](objects/yara/definition.json) - An object describing a YARA rule (or a YARA rule name) along with its version.
|
||||||
|
- [objects/youtube-channel](objects/youtube-channel/definition.json) - A YouTube channel.
|
||||||
|
- [objects/youtube-comment](objects/youtube-comment/definition.json) - A YouTube video comment.
|
||||||
|
- [objects/youtube-playlist](objects/youtube-playlist/definition.json) - A YouTube playlist.
|
||||||
|
- [objects/youtube-video](objects/youtube-video/definition.json) - A YouTube video.
|
||||||
|
|
||||||
## MISP objects relationships
|
## MISP objects relationships
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue