mirror of https://github.com/MISP/misp-rfc
export: [core] updated
parent
01a1918aca
commit
92b133f929
|
@ -794,10 +794,10 @@
|
||||||
<br> link, comment, text, hex, attachment, other, anonymised</dd>
|
<br> link, comment, text, hex, attachment, other, anonymised</dd>
|
||||||
<dt>Artifacts dropped</dt>
|
<dt>Artifacts dropped</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Attribution</dt>
|
<dt>Attribution</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
<br> threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised, email</dd>
|
||||||
<dt>External analysis</dt>
|
<dt>External analysis</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
<br> md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
||||||
|
@ -809,13 +809,13 @@
|
||||||
<br> text, link, comment, other, hex, anonymised, git-commit-id</dd>
|
<br> text, link, comment, other, hex, anonymised, git-commit-id</dd>
|
||||||
<dt>Network activity</dt>
|
<dt>Network activity</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
<br> ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
||||||
<dt>Other</dt>
|
<dt>Other</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
<br> comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Payload delivery</dt>
|
<dt>Payload delivery</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</dd>
|
||||||
<dt>Payload installation</dt>
|
<dt>Payload installation</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</dd>
|
||||||
|
@ -827,10 +827,10 @@
|
||||||
<br> filename, regkey, regkey|value, comment, text, other, hex, anonymised</dd>
|
<br> filename, regkey, regkey|value, comment, text, other, hex, anonymised</dd>
|
||||||
<dt>Person</dt>
|
<dt>Person</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised</dd>
|
<br> first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised, email, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Social network</dt>
|
<dt>Social network</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> github-username, github-repository, github-organisation, jabber-id, twitter-id, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised</dd>
|
<br> github-username, github-repository, github-organisation, jabber-id, twitter-id, email, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Support Tool</dt>
|
<dt>Support Tool</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> link, text, attachment, comment, other, hex, anonymised</dd>
|
<br> link, text, attachment, comment, other, hex, anonymised</dd>
|
||||||
|
@ -993,10 +993,10 @@
|
||||||
<br> link, comment, text, hex, attachment, other, anonymised</dd>
|
<br> link, comment, text, hex, attachment, other, anonymised</dd>
|
||||||
<dt>Artifacts dropped</dt>
|
<dt>Artifacts dropped</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Attribution</dt>
|
<dt>Attribution</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
<br> threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised, email</dd>
|
||||||
<dt>External analysis</dt>
|
<dt>External analysis</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
<br> md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
||||||
|
@ -1008,13 +1008,13 @@
|
||||||
<br> text, link, comment, other, hex, anonymised, git-commit-id</dd>
|
<br> text, link, comment, other, hex, anonymised, git-commit-id</dd>
|
||||||
<dt>Network activity</dt>
|
<dt>Network activity</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
<br> ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
||||||
<dt>Other</dt>
|
<dt>Other</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
<br> comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Payload delivery</dt>
|
<dt>Payload delivery</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</dd>
|
||||||
<dt>Payload installation</dt>
|
<dt>Payload installation</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</dd>
|
<br> md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</dd>
|
||||||
|
@ -1026,10 +1026,10 @@
|
||||||
<br> filename, regkey, regkey|value, comment, text, other, hex, anonymised</dd>
|
<br> filename, regkey, regkey|value, comment, text, other, hex, anonymised</dd>
|
||||||
<dt>Person</dt>
|
<dt>Person</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised</dd>
|
<br> first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised, email, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Social network</dt>
|
<dt>Social network</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> github-username, github-repository, github-organisation, jabber-id, twitter-id, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised</dd>
|
<br> github-username, github-repository, github-organisation, jabber-id, twitter-id, email, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised, pgp-public-key, pgp-private-key</dd>
|
||||||
<dt>Support Tool</dt>
|
<dt>Support Tool</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br> link, text, attachment, comment, other, hex, anonymised</dd>
|
<br> link, text, attachment, comment, other, hex, anonymised</dd>
|
||||||
|
|
|
@ -524,14 +524,14 @@ Internet-Draft MISP core format May 2020
|
||||||
task, windows-service-name, windows-service-displayname, comment,
|
task, windows-service-name, windows-service-displayname, comment,
|
||||||
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
||||||
fingerprint-sha256, other, cookie, gene, kusto-query, mime-type,
|
fingerprint-sha256, other, cookie, gene, kusto-query, mime-type,
|
||||||
anonymised
|
anonymised, pgp-public-key, pgp-private-key
|
||||||
|
|
||||||
Attribution
|
Attribution
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
||||||
whois-registrant-email, whois-registrant-name, whois-registrant-
|
whois-registrant-email, whois-registrant-name, whois-registrant-
|
||||||
org, whois-registrar, whois-creation-date, comment, text, x509-
|
org, whois-registrar, whois-creation-date, comment, text, x509-
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
other, dns-soa-email, anonymised
|
other, dns-soa-email, anonymised, email
|
||||||
|
|
||||||
External analysis
|
External analysis
|
||||||
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512,
|
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512,
|
||||||
|
@ -563,17 +563,18 @@ Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
|
|
||||||
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain,
|
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain,
|
||||||
domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn,
|
domain|ip, mac-address, mac-eui-64, email, email-dst, email-src,
|
||||||
url, uri, user-agent, http-method, AS, snort, pattern-in-file,
|
eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-
|
||||||
stix2-pattern, pattern-in-traffic, attachment, comment, text,
|
file, stix2-pattern, pattern-in-traffic, attachment, comment,
|
||||||
x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-
|
text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-
|
||||||
sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-
|
||||||
hex, cookie, hostname|port, bro, zeek, anonymised, community-id,
|
md5, other, hex, cookie, hostname|port, bro, zeek, anonymised,
|
||||||
email-subject
|
community-id, email-subject
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
float, hex, phone-number, boolean, anonymised
|
float, hex, phone-number, boolean, anonymised, pgp-public-key,
|
||||||
|
pgp-private-key
|
||||||
|
|
||||||
Payload delivery
|
Payload delivery
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
|
@ -585,9 +586,9 @@ Internet-Draft MISP core format May 2020
|
||||||
filename|sha3-512, filename|authentihash, filename|vhash,
|
filename|sha3-512, filename|authentihash, filename|vhash,
|
||||||
filename|ssdeep, filename|tlsh, filename|imphash,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
||||||
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-
|
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email,
|
||||||
src, email-dst, email-subject, email-attachment, email-body, url,
|
email-src, email-dst, email-subject, email-attachment, email-body,
|
||||||
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
url, user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, weakness,
|
link, malware-type, comment, text, hex, vulnerability, weakness,
|
||||||
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
|
@ -609,7 +610,6 @@ Internet-Draft MISP core format May 2020
|
||||||
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
||||||
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
||||||
vulnerability, weakness, attachment, malware-sample, malware-type,
|
vulnerability, weakness, attachment, malware-sample, malware-type,
|
||||||
comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5,
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -618,6 +618,7 @@ Dulaunoy & Iklody Expires November 27, 2020 [Page 11]
|
||||||
Internet-Draft MISP core format May 2020
|
Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
|
|
||||||
|
comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5,
|
||||||
x509-fingerprint-sha256, mobile-application-id, chrome-extension-
|
x509-fingerprint-sha256, mobile-application-id, chrome-extension-
|
||||||
id, other, mime-type, anonymised
|
id, other, mime-type, anonymised
|
||||||
|
|
||||||
|
@ -637,12 +638,13 @@ Internet-Draft MISP core format May 2020
|
||||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||||
of-onward-foreign-destination, passenger-name-record-locator-
|
of-onward-foreign-destination, passenger-name-record-locator-
|
||||||
number, comment, text, other, phone-number, identity-card-number,
|
number, comment, text, other, phone-number, identity-card-number,
|
||||||
anonymised
|
anonymised, email, pgp-public-key, pgp-private-key
|
||||||
|
|
||||||
Social network
|
Social network
|
||||||
github-username, github-repository, github-organisation, jabber-
|
github-username, github-repository, github-organisation, jabber-
|
||||||
id, twitter-id, email-src, email-dst, eppn, comment, text, other,
|
id, twitter-id, email, email-src, email-dst, eppn, comment, text,
|
||||||
whois-registrant-email, anonymised
|
other, whois-registrant-email, anonymised, pgp-public-key, pgp-
|
||||||
|
private-key
|
||||||
|
|
||||||
Support Tool
|
Support Tool
|
||||||
link, text, attachment, comment, other, hex, anonymised
|
link, text, attachment, comment, other, hex, anonymised
|
||||||
|
@ -667,8 +669,6 @@ Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires November 27, 2020 [Page 12]
|
Dulaunoy & Iklody Expires November 27, 2020 [Page 12]
|
||||||
|
|
||||||
Internet-Draft MISP core format May 2020
|
Internet-Draft MISP core format May 2020
|
||||||
|
@ -929,14 +929,14 @@ Internet-Draft MISP core format May 2020
|
||||||
task, windows-service-name, windows-service-displayname, comment,
|
task, windows-service-name, windows-service-displayname, comment,
|
||||||
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
||||||
fingerprint-sha256, other, cookie, gene, kusto-query, mime-type,
|
fingerprint-sha256, other, cookie, gene, kusto-query, mime-type,
|
||||||
anonymised
|
anonymised, pgp-public-key, pgp-private-key
|
||||||
|
|
||||||
Attribution
|
Attribution
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
||||||
whois-registrant-email, whois-registrant-name, whois-registrant-
|
whois-registrant-email, whois-registrant-name, whois-registrant-
|
||||||
org, whois-registrar, whois-creation-date, comment, text, x509-
|
org, whois-registrar, whois-creation-date, comment, text, x509-
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
other, dns-soa-email, anonymised
|
other, dns-soa-email, anonymised, email
|
||||||
|
|
||||||
External analysis
|
External analysis
|
||||||
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512,
|
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512,
|
||||||
|
@ -968,17 +968,18 @@ Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
Network activity
|
Network activity
|
||||||
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain,
|
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain,
|
||||||
domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn,
|
domain|ip, mac-address, mac-eui-64, email, email-dst, email-src,
|
||||||
url, uri, user-agent, http-method, AS, snort, pattern-in-file,
|
eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-
|
||||||
stix2-pattern, pattern-in-traffic, attachment, comment, text,
|
file, stix2-pattern, pattern-in-traffic, attachment, comment,
|
||||||
x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-
|
text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-
|
||||||
sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-
|
||||||
hex, cookie, hostname|port, bro, zeek, anonymised, community-id,
|
md5, other, hex, cookie, hostname|port, bro, zeek, anonymised,
|
||||||
email-subject
|
community-id, email-subject
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
float, hex, phone-number, boolean, anonymised
|
float, hex, phone-number, boolean, anonymised, pgp-public-key,
|
||||||
|
pgp-private-key
|
||||||
|
|
||||||
Payload delivery
|
Payload delivery
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
|
@ -990,9 +991,9 @@ Internet-Draft MISP core format May 2020
|
||||||
filename|sha3-512, filename|authentihash, filename|vhash,
|
filename|sha3-512, filename|authentihash, filename|vhash,
|
||||||
filename|ssdeep, filename|tlsh, filename|imphash,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
||||||
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-
|
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email,
|
||||||
src, email-dst, email-subject, email-attachment, email-body, url,
|
email-src, email-dst, email-subject, email-attachment, email-body,
|
||||||
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
url, user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, weakness,
|
link, malware-type, comment, text, hex, vulnerability, weakness,
|
||||||
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
|
@ -1004,7 +1005,6 @@ Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires November 27, 2020 [Page 18]
|
Dulaunoy & Iklody Expires November 27, 2020 [Page 18]
|
||||||
|
|
||||||
Internet-Draft MISP core format May 2020
|
Internet-Draft MISP core format May 2020
|
||||||
|
@ -1042,12 +1042,13 @@ Internet-Draft MISP core format May 2020
|
||||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||||
of-onward-foreign-destination, passenger-name-record-locator-
|
of-onward-foreign-destination, passenger-name-record-locator-
|
||||||
number, comment, text, other, phone-number, identity-card-number,
|
number, comment, text, other, phone-number, identity-card-number,
|
||||||
anonymised
|
anonymised, email, pgp-public-key, pgp-private-key
|
||||||
|
|
||||||
Social network
|
Social network
|
||||||
github-username, github-repository, github-organisation, jabber-
|
github-username, github-repository, github-organisation, jabber-
|
||||||
id, twitter-id, email-src, email-dst, eppn, comment, text, other,
|
id, twitter-id, email, email-src, email-dst, eppn, comment, text,
|
||||||
whois-registrant-email, anonymised
|
other, whois-registrant-email, anonymised, pgp-public-key, pgp-
|
||||||
|
private-key
|
||||||
|
|
||||||
Support Tool
|
Support Tool
|
||||||
link, text, attachment, comment, other, hex, anonymised
|
link, text, attachment, comment, other, hex, anonymised
|
||||||
|
@ -1060,7 +1061,6 @@ Internet-Draft MISP core format May 2020
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires November 27, 2020 [Page 19]
|
Dulaunoy & Iklody Expires November 27, 2020 [Page 19]
|
||||||
|
|
||||||
Internet-Draft MISP core format May 2020
|
Internet-Draft MISP core format May 2020
|
||||||
|
|
|
@ -368,10 +368,10 @@ represented as an unsigned integer.
|
||||||
link, comment, text, hex, attachment, other, anonymised</t>
|
link, comment, text, hex, attachment, other, anonymised</t>
|
||||||
<t hangText="Artifacts dropped">
|
<t hangText="Artifacts dropped">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Attribution">
|
<t hangText="Attribution">
|
||||||
<vspace />
|
<vspace />
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</t>
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised, email</t>
|
||||||
<t hangText="External analysis">
|
<t hangText="External analysis">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</t>
|
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</t>
|
||||||
|
@ -383,13 +383,13 @@ btc, dash, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone
|
||||||
text, link, comment, other, hex, anonymised, git-commit-id</t>
|
text, link, comment, other, hex, anonymised, git-commit-id</t>
|
||||||
<t hangText="Network activity">
|
<t hangText="Network activity">
|
||||||
<vspace />
|
<vspace />
|
||||||
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</t>
|
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</t>
|
||||||
<t hangText="Other">
|
<t hangText="Other">
|
||||||
<vspace />
|
<vspace />
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</t>
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Payload delivery">
|
<t hangText="Payload delivery">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</t>
|
||||||
<t hangText="Payload installation">
|
<t hangText="Payload installation">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</t>
|
||||||
|
@ -401,10 +401,10 @@ comment, text, other, anonymised</t>
|
||||||
filename, regkey, regkey|value, comment, text, other, hex, anonymised</t>
|
filename, regkey, regkey|value, comment, text, other, hex, anonymised</t>
|
||||||
<t hangText="Person">
|
<t hangText="Person">
|
||||||
<vspace />
|
<vspace />
|
||||||
first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised</t>
|
first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised, email, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Social network">
|
<t hangText="Social network">
|
||||||
<vspace />
|
<vspace />
|
||||||
github-username, github-repository, github-organisation, jabber-id, twitter-id, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised</t>
|
github-username, github-repository, github-organisation, jabber-id, twitter-id, email, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Support Tool">
|
<t hangText="Support Tool">
|
||||||
<vspace />
|
<vspace />
|
||||||
link, text, attachment, comment, other, hex, anonymised</t>
|
link, text, attachment, comment, other, hex, anonymised</t>
|
||||||
|
@ -606,10 +606,10 @@ id is represented as a JSON string. id SHALL be present.
|
||||||
link, comment, text, hex, attachment, other, anonymised</t>
|
link, comment, text, hex, attachment, other, anonymised</t>
|
||||||
<t hangText="Artifacts dropped">
|
<t hangText="Artifacts dropped">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, regkey, regkey|value, pattern-in-file, pattern-in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-sample, named pipe, mutex, windows-scheduled-task, windows-service-name, windows-service-displayname, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, cookie, gene, kusto-query, mime-type, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Attribution">
|
<t hangText="Attribution">
|
||||||
<vspace />
|
<vspace />
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</t>
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised, email</t>
|
||||||
<t hangText="External analysis">
|
<t hangText="External analysis">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</t>
|
md5, sha1, sha256, sha3-224, sha3-256, sha3-384, sha3-512, filename, filename|md5, filename|sha1, filename|sha256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</t>
|
||||||
|
@ -621,13 +621,13 @@ btc, dash, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone
|
||||||
text, link, comment, other, hex, anonymised, git-commit-id</t>
|
text, link, comment, other, hex, anonymised, git-commit-id</t>
|
||||||
<t hangText="Network activity">
|
<t hangText="Network activity">
|
||||||
<vspace />
|
<vspace />
|
||||||
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</t>
|
ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</t>
|
||||||
<t hangText="Other">
|
<t hangText="Other">
|
||||||
<vspace />
|
<vspace />
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</t>
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Payload delivery">
|
<t hangText="Payload delivery">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, chrome-extension-id, whois-registrant-email, anonymised</t>
|
||||||
<t hangText="Payload installation">
|
<t hangText="Payload installation">
|
||||||
<vspace />
|
<vspace />
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</t>
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512, ssdeep, imphash, impfuzzy, authentihash, vhash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|sha3-224, filename|sha3-256, filename|sha3-384, filename|sha3-512, filename|authentihash, filename|vhash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, chrome-extension-id, other, mime-type, anonymised</t>
|
||||||
|
@ -639,10 +639,10 @@ comment, text, other, anonymised</t>
|
||||||
filename, regkey, regkey|value, comment, text, other, hex, anonymised</t>
|
filename, regkey, regkey|value, comment, text, other, hex, anonymised</t>
|
||||||
<t hangText="Person">
|
<t hangText="Person">
|
||||||
<vspace />
|
<vspace />
|
||||||
first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised</t>
|
first-name, middle-name, last-name, date-of-birth, place-of-birth, gender, passport-number, passport-country, passport-expiration, redress-number, nationality, visa-number, issue-date-of-the-visa, primary-residence, country-of-residence, special-service-request, frequent-flyer-number, travel-details, payment-details, place-port-of-original-embarkation, place-port-of-clearance, place-port-of-onward-foreign-destination, passenger-name-record-locator-number, comment, text, other, phone-number, identity-card-number, anonymised, email, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Social network">
|
<t hangText="Social network">
|
||||||
<vspace />
|
<vspace />
|
||||||
github-username, github-repository, github-organisation, jabber-id, twitter-id, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised</t>
|
github-username, github-repository, github-organisation, jabber-id, twitter-id, email, email-src, email-dst, eppn, comment, text, other, whois-registrant-email, anonymised, pgp-public-key, pgp-private-key</t>
|
||||||
<t hangText="Support Tool">
|
<t hangText="Support Tool">
|
||||||
<vspace />
|
<vspace />
|
||||||
link, text, attachment, comment, other, hex, anonymised</t>
|
link, text, attachment, comment, other, hex, anonymised</t>
|
||||||
|
|
Loading…
Reference in New Issue