mirror of https://github.com/MISP/misp-objects
218 lines
6.0 KiB
JSON
218 lines
6.0 KiB
JSON
{
|
|
"attributes": {
|
|
"asn": {
|
|
"description": "ASN where the content is hosted",
|
|
"misp-attribute": "AS",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-common-name": {
|
|
"description": "Certificate common name",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-country": {
|
|
"description": "Certificate country name",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-creation-date": {
|
|
"description": "Certificate date it was created",
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-expiry-date": {
|
|
"description": "Certificate date it will expire",
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-issuer": {
|
|
"description": "Certificate Issuer",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-organization": {
|
|
"description": "Certificate organization",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-organization-locality": {
|
|
"description": "Certificate locality",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-organization-state": {
|
|
"description": "Certificate state or provincy name",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"certificate-organization-unit": {
|
|
"description": "Certificate organization unit",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"dns-server": {
|
|
"description": "DNS server",
|
|
"misp-attribute": "hostname",
|
|
"multiple": true,
|
|
"to_ids": false,
|
|
"ui-priority": 0
|
|
},
|
|
"domain": {
|
|
"categories": [
|
|
"Network activity",
|
|
"External analysis"
|
|
],
|
|
"description": "Domain of the whois entry",
|
|
"misp-attribute": "domain",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"evidences": {
|
|
"categories": [
|
|
"External analysis"
|
|
],
|
|
"description": "Screenshot of the network resources.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "attachment",
|
|
"multiple": true,
|
|
"ui-priority": 1
|
|
},
|
|
"google-analytics-id": {
|
|
"description": "Google analytics IDS",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"hosting-provider": {
|
|
"description": "The hosting provider/ISP where the resources are.",
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"ip-address": {
|
|
"description": "IP address of the whois entry",
|
|
"misp-attribute": "ip-src",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"jarm": {
|
|
"description": "JARM Footprint string",
|
|
"misp-attribute": "jarm-fingerprint",
|
|
"ui-priority": 0
|
|
},
|
|
"port": {
|
|
"description": "Port number",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "port",
|
|
"ui-priority": 0
|
|
},
|
|
"query_string": {
|
|
"description": "Query (after path, preceded by '?')",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"resource_path": {
|
|
"description": "Path (between hostname:port and query)",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"service-abuse": {
|
|
"description": "Service abused by threat actors as part of their infrastructure.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0,
|
|
"values_list": [
|
|
"OneDrive",
|
|
"Google Drive",
|
|
"Dropbox",
|
|
"Microsoft",
|
|
"Google",
|
|
"DuckDNS",
|
|
"Cloudflare",
|
|
"AWS"
|
|
]
|
|
},
|
|
"subdomain": {
|
|
"description": "Subdomain",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"text": {
|
|
"description": "Full whois entry",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 1
|
|
},
|
|
"threat-actor-infrastructure-pattern": {
|
|
"description": "Patterns found on threat actor infrastructure that can correlate with other analysis.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"threat-actor-infrastructure-value": {
|
|
"description": "Unique valeu found on threat actor infrastructure identified through an investigation.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"tld": {
|
|
"description": "Top-Level Domain",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"url": {
|
|
"description": "Full URL",
|
|
"misp-attribute": "url",
|
|
"ui-priority": 1
|
|
},
|
|
"whois-creation-date": {
|
|
"description": "Initial creation of the whois entry",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 0
|
|
},
|
|
"whois-expiration-date": {
|
|
"description": "Expiration of the whois entry",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 0
|
|
},
|
|
"whois-registrant-email": {
|
|
"description": "Registrant email address",
|
|
"misp-attribute": "whois-registrant-email",
|
|
"ui-priority": 1
|
|
},
|
|
"whois-registrant-name": {
|
|
"description": "Registrant name",
|
|
"misp-attribute": "whois-registrant-name",
|
|
"ui-priority": 0
|
|
},
|
|
"whois-registrant-org": {
|
|
"description": "Registrant organisation",
|
|
"misp-attribute": "whois-registrant-org",
|
|
"ui-priority": 1
|
|
},
|
|
"whois-registrant-phone": {
|
|
"description": "Registrant phone number",
|
|
"misp-attribute": "whois-registrant-phone",
|
|
"ui-priority": 0
|
|
},
|
|
"whois-registrar": {
|
|
"description": "Registrar of the whois entry",
|
|
"misp-attribute": "whois-registrar",
|
|
"ui-priority": 0
|
|
}
|
|
},
|
|
"description": "Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls.",
|
|
"meta-category": "network",
|
|
"name": "network-profile",
|
|
"requiredOneOf": [
|
|
"domain",
|
|
"ip-address",
|
|
"url"
|
|
],
|
|
"uuid": "f0f9e287-8067-49a4-b0f8-7a0fed8d4e43",
|
|
"version": 5
|
|
} |