{ "attributes": { "MAC-address": { "description": "Device MAC address", "misp-attribute": "mac-address", "ui-priority": 0 }, "OS": { "description": "OS of the device", "disable_correlation": true, "misp-attribute": "text", "multiple": true, "ui-priority": 98 }, "alias": { "description": "Alias of the Device", "misp-attribute": "text", "multiple": true, "ui-priority": 100 }, "analysis-date": { "description": "Date of device analysis", "misp-attribute": "datetime", "ui-priority": 0 }, "attachment": { "description": "An attachment", "misp-attribute": "attachment", "multiple": true, "ui-priority": 0 }, "description": { "description": "Description of the Device", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "device-type": { "description": "Type of the device", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "PC", "Mobile", "Laptop", "HID", "TV", "IoT", "Hardware", "Other" ], "ui-priority": 99 }, "dns-name": { "description": "Device DNS Name", "misp-attribute": "text", "multiple": true, "ui-priority": 0 }, "hits": { "description": "Number of hits for the device", "disable_correlation": true, "misp-attribute": "counter", "ui-priority": 0 }, "infection_type": { "description": "Type of infection if the device is in Infected status", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "android_spams", "android.bakdoor.prizmes", "android.bankbot", "android.banker.anubis", "android.bankspy", "android.cliaid", "android.darksilent", "android.fakeav", "android.fakebank", "android.fakedoc", "android.fakeinst", "android.fakemart", "android.faketoken", "android.fobus", "android.fungram", "android.geost", "android.gopl", "android.hiddad", "android.hqwar", "android.hummer", "android.infosteal", "android.iop", "android.lockdroid", "android.milipnot", "android.nitmo", "android.opfake", "android.premiumtext", "android.provar", "android.pwstealer", "android.rootnik", "android.skyfin", "android.smsbot", "android.smssilence", "android.smsspy", "android.smsspy.be24", "android.sssaaa", "android.teleplus", "android.uupay", "android.voxv", "avalanche-andromeda", "banatrix", "bankpatch", "bebloh", "bedep", "betabot", "bitcoinminer", "blackbeard", "blakamba", "boinberg", "buhtrap", "caphaw", "carberp", "chafer", "changeup", "chinad", "citadel", "cobint", "coinminer", "conficker", "cryptowall", "cutwail", "cycbot", "diaminer", "dimnie", "dipverdle", "dircrypt", "dirtjumper", "disorderstatus", "dmsniff", "dofoil", "domreg", "dorkbot", "dorkbot-ssl", "dresscode", "dybalom", "ek.fallout", "emoted", "emotet", "esfury", "expiro", "exploitkit.fallout", "extenbro", "fake_cs_updater", "fakerean", "fallout.exploitkit", "fast-flux", "fast-flux-double", "fast-flux;fast-flux-double", "fleercivet", "fobber", "foxbantrix", "foxbantrix-unknown", "generic.malware", "geodo", "gonderici", "gootkit", "gozi", "gspy", "gtfobot", "hancitor", "harnig", "htm5player.vast", "ibanking", "icedid", "infected", "iotreaper", "ip-spoofer", "ircbot", "isfb", "jadtre", "jdk-update-apt", "js.worm.bondat", "junk-domains", "kasidet", "kbot", "kelihos", "kelihos.e", "keylogger", "keylogger-ftp", "keylogger-vbklip", "kidminer", "kingminer", "koobface", "kraken", "kronos", "kwampirs", "lethic", "linux.backdoor.setag", "linux.ngioweb", "litemanager", "loader", "locky", "loki", "lokibot", "luminositylink", "lurkbanker", "madominer", "magecart", "maliciouswebsites", "malvertising.doubleclick", "malwaretom", "marcher", "matrix", "matsnu", "menupass", "mewsspy", "miner.monero", "minr", "mirai", "mix2", "mkero", "monero", "mozi", "muddywater", "murofet", "mysafeproxymonitor", "nametrick", "necurs", "netsupport", "nettraveler", "neurevt", "nitol", "nivdort", "nukebot", "null", "nymaim", "nymain", "osx.fakeflash", "palevo", "pawnstorm", "phishing", "phishing.cobalt", "phishing.cobalt_dickens", "phorpiex", "pitou", "plasma-tomas", "ponmocup", "pony", "poseidon", "powerstats", "proxyback", "pushdo", "pws.pony", "pykspa", "qadars", "qakbot", "qqblack", "qrypter.rat", "qsnatch", "racoon", "ramdo", "ramnit", "ranbyus", "ransom.cerber", "ransomware", "ransomware.shade", "rat.vermin", "renocide", "revil", "rodecap", "sality", "sality-p2p", "servhelper", "sgminer", "shifu", "shiz", "sinowal", "sisron", "sodinokibi", "spam", "sphinx", "spyeye", "ssh-brute-force", "ssl", "ssl-az7", "ssl-unknown-bot-test", "ssl-vmzeus", "stantinko", "tdss", "teleru", "telnet-brute-force", "tinba", "tinba-dga", "trickbot", "triton", "trojan.click3", "trojan.fakeav", "trojan.includer", "trojan.win32.razy.gen", "unknown", "unknown-bot-test", "valak", "vawtrak", "vbklip", "verst", "victorygate.a", "victorygate.b", "victorygate.c", "virut", "vmzeus", "vobfus", "volatile_cedar", "vpnfilter_stage3", "wannacrypt", "wauchos", "webminer.cdn", "win.neurevt", "worm.kasidet", "worm.phorpiex", "wowlik", "wrokni", "xbash", "xmrminer", "xpaj", "xshellghost", "yoddos", "zeus", "zeus_gameover", "zeus_panda", "zloader" ], "ui-priority": 0 }, "ip-address": { "description": "Device IP address", "misp-attribute": "ip-src", "multiple": true, "ui-priority": 0 }, "name": { "description": "Name of the Device", "misp-attribute": "text", "ui-priority": 101 }, "status": { "description": "Status of the device", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "Infected", "Exposed", "Unknown", "Clean" ], "ui-priority": 0 }, "version": { "description": "Version of the device/ OS", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 97 } }, "description": "An object to define a device", "meta-category": "misc", "name": "device", "requiredOneOf": [ "name", "alias" ], "uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52", "version": 9 }