diff --git a/misp-core-format/raw.md.txt b/misp-core-format/raw.md.txt index a4ae974..5514a72 100755 --- a/misp-core-format/raw.md.txt +++ b/misp-core-format/raw.md.txt @@ -537,7 +537,7 @@ Internet-Draft MISP core format August 2018 traffic, pattern-in-memory, vulnerability, attachment, malware- sample, link, comment, text, x509-fingerprint-sha1, x509- fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, - github-repository, other, cortex + hassh-md5, hasshserver-md5, github-repository, other, cortex Financial fraud btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, @@ -552,8 +552,8 @@ Internet-Draft MISP core format August 2018 agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint- md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3- - fingerprint-md5, other, hex, cookie, hostname|port, bro - + fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, + hostname|port, bro @@ -580,10 +580,11 @@ Internet-Draft MISP core format August 2018 stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, x509- fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, - ja3-fingerprint-md5, other, hostname|port, email-dst-display-name, - email-src-display-name, email-header, email-reply-to, email- - x-mailer, email-mime-boundary, email-thread-index, email-message- - id, mobile-application-id, whois-registrant-email + ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, + hostname|port, email-dst-display-name, email-src-display-name, + email-header, email-reply-to, email-x-mailer, email-mime-boundary, + email-thread-index, email-message-id, mobile-application-id, + whois-registrant-email Payload installation md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, @@ -609,7 +610,6 @@ Internet-Draft MISP core format August 2018 gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, - frequent-flyer-number, travel-details, payment-details, place- @@ -618,6 +618,7 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 11] Internet-Draft MISP core format August 2018 + frequent-flyer-number, travel-details, payment-details, place- port-of-original-embarkation, place-port-of-clearance, place-port- of-onward-foreign-destination, passenger-name-record-locator- number, comment, text, other, phone-number, identity-card-number @@ -668,7 +669,6 @@ Internet-Draft MISP core format August 2018 - Dulaunoy & Iklody Expires February 9, 2019 [Page 12] Internet-Draft MISP core format August 2018 @@ -909,7 +909,7 @@ Internet-Draft MISP core format August 2018 traffic, pattern-in-memory, vulnerability, attachment, malware- sample, link, comment, text, x509-fingerprint-sha1, x509- fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, - github-repository, other, cortex + hassh-md5, hasshserver-md5, github-repository, other, cortex Financial fraud btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, @@ -924,7 +924,8 @@ Internet-Draft MISP core format August 2018 agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint- md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3- - fingerprint-md5, other, hex, cookie, hostname|port, bro + fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, + hostname|port, bro Other comment, text, other, size-in-bytes, counter, datetime, cpe, port, @@ -944,8 +945,7 @@ Internet-Draft MISP core format August 2018 stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, x509- fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, - ja3-fingerprint-md5, other, hostname|port, email-dst-display-name, - email-src-display-name, email-header, email-reply-to, email- + ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, @@ -954,8 +954,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 17] Internet-Draft MISP core format August 2018 - x-mailer, email-mime-boundary, email-thread-index, email-message- - id, mobile-application-id, whois-registrant-email + hostname|port, email-dst-display-name, email-src-display-name, + email-header, email-reply-to, email-x-mailer, email-mime-boundary, + email-thread-index, email-message-id, mobile-application-id, + whois-registrant-email Payload installation md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, @@ -998,9 +1000,7 @@ Internet-Draft MISP core format August 2018 target-user, target-email, target-machine, target-org, target- location, target-external, comment - Attributes are based on the usage within their different communities. - Attributes can be extended on a regular basis and this reference - document is updated accordingly. + @@ -1010,6 +1010,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 18] Internet-Draft MISP core format August 2018 + Attributes are based on the usage within their different communities. + Attributes can be extended on a regular basis and this reference + document is updated accordingly. + 2.5.2.4. category category represents the intent of what the attribute is describing as @@ -1054,10 +1058,6 @@ Internet-Draft MISP core format August 2018 the ShadowAttribute proposes the creation of a new Attribute, it should be set to 0. - old_id is represented as a JSON string. old_id MUST be present. - - - @@ -1066,6 +1066,8 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 19] Internet-Draft MISP core format August 2018 + old_id is represented as a JSON string. old_id MUST be present. + 2.5.2.8. timestamp timestamp represents a reference time when the attribute was created @@ -1115,8 +1117,6 @@ Internet-Draft MISP core format August 2018 - - Dulaunoy & Iklody Expires February 9, 2019 [Page 20] Internet-Draft MISP core format August 2018