chg: [rfcs] updated
parent
d4d0cf6575
commit
ff6b733d91
|
|
@ -9,8 +9,8 @@ image:
|
||||||
feature:
|
feature:
|
||||||
date: 2019-07-15T15:01:55-04:00
|
date: 2019-07-15T15:01:55-04:00
|
||||||
header:
|
header:
|
||||||
overlay_image: /assets/images/road.jpg
|
overlay_image: /assets/images/ball.jpg
|
||||||
overlay_filter: 0.5 # same as adding an opacity of 0.5 to a black background
|
overlay_filter: 0.4 # same as adding an opacity of 0.5 to a black background
|
||||||
---
|
---
|
||||||
|
|
||||||
The MISP threat sharing platform is the leading free and open source threat intelligence platform. MISP supports and enables information sharing of a wide range of information related to threat intelligence, including, but not limited to, cyber security indicators, financial intelligence and any custom-defined intelligence between sharing communities. The MISP open source software is now a key component of the default toolchain of a wide range of organisations within the private sector, CSIRT/CERT community, military and intelligence sectors. The formats developed over the past 8 years within the MISP project framework are now the de-facto standards which allow interoperability between many open source and proprietary tools in an effort to support security operations.
|
The MISP threat sharing platform is the leading free and open source threat intelligence platform. MISP supports and enables information sharing of a wide range of information related to threat intelligence, including, but not limited to, cyber security indicators, financial intelligence and any custom-defined intelligence between sharing communities. The MISP open source software is now a key component of the default toolchain of a wide range of organisations within the private sector, CSIRT/CERT community, military and intelligence sectors. The formats developed over the past 8 years within the MISP project framework are now the de-facto standards which allow interoperability between many open source and proprietary tools in an effort to support security operations.
|
||||||
|
|
|
||||||
3
about.md
3
about.md
|
|
@ -38,6 +38,7 @@ A host of proprietary and open source software are implementing and using the MI
|
||||||
|
|
||||||
# Contact
|
# Contact
|
||||||
|
|
||||||
|
~~~
|
||||||
CIRCL
|
CIRCL
|
||||||
c/o securitymadein.lu
|
c/o securitymadein.lu
|
||||||
16, bd d'Avranches
|
16, bd d'Avranches
|
||||||
|
|
@ -45,4 +46,4 @@ Luxembourg, L-1160
|
||||||
Luxembourg
|
Luxembourg
|
||||||
(+352) 247 88444
|
(+352) 247 88444
|
||||||
info@misp-project.org
|
info@misp-project.org
|
||||||
|
~~~
|
||||||
|
|
|
||||||
|
|
@ -798,7 +798,7 @@
|
||||||
<br>threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
<br>threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
||||||
<dt>External analysis</dt>
|
<dt>External analysis</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha256, filename, filename|md5, filename|sha1, filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised</dd>
|
<br>md5, sha1, sha256, filename, filename|md5, filename|sha1, filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
||||||
<dt>Financial fraud</dt>
|
<dt>Financial fraud</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone-number, comment, text, other, hex, anonymised</dd>
|
<br>btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone-number, comment, text, other, hex, anonymised</dd>
|
||||||
|
|
@ -807,16 +807,16 @@
|
||||||
<br>text, link, comment, other, hex, anonymised</dd>
|
<br>text, link, comment, other, hex, anonymised</dd>
|
||||||
<dt>Network activity</dt>
|
<dt>Network activity</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised</dd>
|
<br>ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
||||||
<dt>Other</dt>
|
<dt>Other</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
<br>comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
||||||
<dt>Payload delivery</dt>
|
<dt>Payload delivery</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, whois-registrant-email, anonymised</dd>
|
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, whois-registrant-email, anonymised</dd>
|
||||||
<dt>Payload installation</dt>
|
<dt>Payload installation</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, other, mime-type, anonymised</dd>
|
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, other, mime-type, anonymised</dd>
|
||||||
<dt>Payload type</dt>
|
<dt>Payload type</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>comment, text, other, anonymised</dd>
|
<br>comment, text, other, anonymised</dd>
|
||||||
|
|
@ -996,7 +996,7 @@
|
||||||
<br>threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
<br>threat-actor, campaign-name, campaign-id, whois-registrant-phone, whois-registrant-email, whois-registrant-name, whois-registrant-org, whois-registrar, whois-creation-date, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other, dns-soa-email, anonymised</dd>
|
||||||
<dt>External analysis</dt>
|
<dt>External analysis</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha256, filename, filename|md5, filename|sha1, filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised</dd>
|
<br>md5, sha1, sha256, filename, filename|md5, filename|sha1, filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-address, mac-eui-64, hostname, domain, domain|ip, url, user-agent, regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file, pattern-in-traffic, pattern-in-memory, vulnerability, weakness, attachment, malware-sample, link, comment, text, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, github-repository, other, cortex, anonymised, community-id</dd>
|
||||||
<dt>Financial fraud</dt>
|
<dt>Financial fraud</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone-number, comment, text, other, hex, anonymised</dd>
|
<br>btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, phone-number, comment, text, other, hex, anonymised</dd>
|
||||||
|
|
@ -1005,16 +1005,16 @@
|
||||||
<br>text, link, comment, other, hex, anonymised</dd>
|
<br>text, link, comment, other, hex, anonymised</dd>
|
||||||
<dt>Network activity</dt>
|
<dt>Network activity</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised</dd>
|
<br>ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject</dd>
|
||||||
<dt>Other</dt>
|
<dt>Other</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
<br>comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised</dd>
|
||||||
<dt>Payload delivery</dt>
|
<dt>Payload delivery</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, whois-registrant-email, anonymised</dd>
|
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-src, email-dst, email-subject, email-attachment, email-body, url, user-agent, AS, pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, link, malware-type, comment, text, hex, vulnerability, weakness, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other, hostname|port, email-dst-display-name, email-src-display-name, email-header, email-reply-to, email-x-mailer, email-mime-boundary, email-thread-index, email-message-id, mobile-application-id, whois-registrant-email, anonymised</dd>
|
||||||
<dt>Payload installation</dt>
|
<dt>Payload installation</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, other, mime-type, anonymised</dd>
|
<br>md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash, filename, filename|md5, filename|sha1, filename|sha224, filename|sha256, filename|sha384, filename|sha512, filename|sha512/224, filename|sha512/256, filename|authentihash, filename|ssdeep, filename|tlsh, filename|imphash, filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-memory, stix2-pattern, yara, sigma, vulnerability, weakness, attachment, malware-sample, malware-type, comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, mobile-application-id, other, mime-type, anonymised</dd>
|
||||||
<dt>Payload type</dt>
|
<dt>Payload type</dt>
|
||||||
<dd style="margin-left: 8">
|
<dd style="margin-left: 8">
|
||||||
<br>comment, text, other, anonymised</dd>
|
<br>comment, text, other, anonymised</dd>
|
||||||
|
|
|
||||||
|
|
@ -535,11 +535,11 @@ Internet-Draft MISP core format August 2018
|
||||||
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
||||||
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
||||||
regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file,
|
regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file,
|
||||||
pattern-in-traffic, pattern-in-memory, vulnerability, attachment,
|
pattern-in-traffic, pattern-in-memory, vulnerability, weakness,
|
||||||
malware-sample, link, comment, text, x509-fingerprint-sha1, x509-
|
attachment, malware-sample, link, comment, text, x509-fingerprint-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-
|
||||||
hassh-md5, hasshserver-md5, github-repository, other, cortex,
|
fingerprint-md5, hassh-md5, hasshserver-md5, github-repository,
|
||||||
anonymised
|
other, cortex, anonymised, community-id
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
|
@ -563,7 +563,7 @@ Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
||||||
hostname|port, bro, zeek, anonymised
|
hostname|port, bro, zeek, anonymised, community-id, email-subject
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
|
|
@ -581,9 +581,9 @@ Internet-Draft MISP core format August 2018
|
||||||
src, email-dst, email-subject, email-attachment, email-body, url,
|
src, email-dst, email-subject, email-attachment, email-body, url,
|
||||||
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, x509-
|
link, malware-type, comment, text, hex, vulnerability, weakness,
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
||||||
hostname|port, email-dst-display-name, email-src-display-name,
|
hostname|port, email-dst-display-name, email-src-display-name,
|
||||||
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
||||||
email-thread-index, email-message-id, mobile-application-id,
|
email-thread-index, email-message-id, mobile-application-id,
|
||||||
|
|
@ -598,9 +598,9 @@ Internet-Draft MISP core format August 2018
|
||||||
filename|ssdeep, filename|tlsh, filename|imphash,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
||||||
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
||||||
vulnerability, attachment, malware-sample, malware-type, comment,
|
vulnerability, weakness, attachment, malware-sample, malware-type,
|
||||||
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5,
|
||||||
fingerprint-sha256, mobile-application-id, other, mime-type,
|
x509-fingerprint-sha256, mobile-application-id, other, mime-type,
|
||||||
anonymised
|
anonymised
|
||||||
|
|
||||||
Payload type
|
Payload type
|
||||||
|
|
@ -931,11 +931,11 @@ Internet-Draft MISP core format August 2018
|
||||||
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
||||||
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
||||||
regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file,
|
regkey, regkey|value, AS, snort, bro, zeek, pattern-in-file,
|
||||||
pattern-in-traffic, pattern-in-memory, vulnerability, attachment,
|
pattern-in-traffic, pattern-in-memory, vulnerability, weakness,
|
||||||
malware-sample, link, comment, text, x509-fingerprint-sha1, x509-
|
attachment, malware-sample, link, comment, text, x509-fingerprint-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
sha1, x509-fingerprint-md5, x509-fingerprint-sha256, ja3-
|
||||||
hassh-md5, hasshserver-md5, github-repository, other, cortex,
|
fingerprint-md5, hassh-md5, hasshserver-md5, github-repository,
|
||||||
anonymised
|
other, cortex, anonymised, community-id
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
|
@ -960,7 +960,7 @@ Internet-Draft MISP core format August 2018
|
||||||
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
||||||
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
||||||
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
||||||
hostname|port, bro, zeek, anonymised
|
hostname|port, bro, zeek, anonymised, community-id, email-subject
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
|
|
@ -978,9 +978,9 @@ Internet-Draft MISP core format August 2018
|
||||||
src, email-dst, email-subject, email-attachment, email-body, url,
|
src, email-dst, email-subject, email-attachment, email-body, url,
|
||||||
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, x509-
|
link, malware-type, comment, text, hex, vulnerability, weakness,
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
sha256, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
||||||
hostname|port, email-dst-display-name, email-src-display-name,
|
hostname|port, email-dst-display-name, email-src-display-name,
|
||||||
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
||||||
email-thread-index, email-message-id, mobile-application-id,
|
email-thread-index, email-message-id, mobile-application-id,
|
||||||
|
|
@ -995,9 +995,9 @@ Internet-Draft MISP core format August 2018
|
||||||
filename|ssdeep, filename|tlsh, filename|imphash,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
||||||
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
||||||
vulnerability, attachment, malware-sample, malware-type, comment,
|
vulnerability, weakness, attachment, malware-sample, malware-type,
|
||||||
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
comment, text, hex, x509-fingerprint-sha1, x509-fingerprint-md5,
|
||||||
fingerprint-sha256, mobile-application-id, other, mime-type,
|
x509-fingerprint-sha256, mobile-application-id, other, mime-type,
|
||||||
anonymised
|
anonymised
|
||||||
|
|
||||||
Payload type
|
Payload type
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue