From 2848aa1c1ea80f553b4fb5de8be4955f5cca8184 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Mon, 23 Oct 2017 20:29:23 +0200
Subject: [PATCH] Objects updated
---
objects.html | 3214 +-
objects.pdf | 98057 +++++++++++++++++++++++++------------------------
2 files changed, 51450 insertions(+), 49821 deletions(-)
diff --git a/objects.html b/objects.html
index ce3d5dc..3c77416 100755
--- a/objects.html
+++ b/objects.html
@@ -523,26 +523,6 @@ ail-leak is a MISP object available in JSON format at type
text
Type of information leak as discovered and classified by an AIL module. ['Credential', 'CreditCards', 'Mail', 'Onion', 'Phone', 'Keys']
--
text
text
-
-
sensor
text
last-seen
datetime
+
+
first-seen
datetime
original-date
datetime
+
+
origin
url
original-date
datetime
text
text
last-seen
-datetime
type
text
+
Type of information leak as discovered and classified by an AIL module. ['Credential', 'CreditCards', 'Mail', 'Onion', 'Phone', 'Keys']
+
text
-text
-
-
software
text
-
-
signature
text
text
text
+
+
software
text
+
+
cookie-value
+text
+
+
cookie
cookie
+
+
cookie-name
text
cookie
cookie
-
-
type
text
cookie-value
text
-
-
cc-number
-cc-number
-
-
card-security-code
text
expiration
datetime
-
-
issued
datetime
-
-
version
text
issued
datetime
+
+
name
text
cc-number
cc-number
+
+
comment
comment
expiration
datetime
+
+
last-seen
-datetime
-
-
total-bps
counter
-
-
protocol
text
src-port
port
-
-
first-seen
last-seen
datetime
@@ -955,8 +925,8 @@ ddos is a MISP object available in JSON format at
total-pps
counter
ip-dst
ip-dst
text
-text
-
-
ip-src
ip-src
ip-dst
ip-dst
total-bps
counter
+
+
total-pps
counter
+
+
text
text
+
+
src-port
port
+
+
first-seen
datetime
first-seen
-datetime
-
-
domain
domain
ip
ip-dst
+
+
text
text
ip
ip-dst
first-seen
datetime
type
-text
Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
--
text
text
arch
text
Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
--
entrypoint-address
text
number-sections
counter
number-sections
-counter
type
text
Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
++
arch
text
Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
++
entrypoint-address
text
md5
-md5
sha1
sha1
+
+
sha512/224
sha512/224
+
+
sha224
sha224
+
+
entropy
float
+
+
flag
text
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
++
sha512
sha512
+
+
size-in-bytes
size-in-bytes
+
+
sha512/256
sha512/256
sha224
-sha224
name
text
+
+
sha256
sha256
sha512/256
-sha512/256
md5
md5
+
+
ssdeep
ssdeep
+
+
sha384
sha384
sha512/224
sha512/224
-
-
flag
text
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
--
sha1
sha1
-
-
sha384
sha384
-
-
size-in-bytes
size-in-bytes
-
-
entropy
float
-
-
sha256
sha256
-
-
ssdeep
ssdeep
-
-
name
text
-
-
sha512
sha512
-
-
reply-to
-email-reply-to
-
-
send-date
datetime
-
-
from-display-name
email-src-display-name
-
-
attachment
email-attachment
-
-
thread-index
email-thread-index
-
-
message-id
email-message-id
-
-
from
email-src
-
-
to-display-name
email-dst-display-name
-
-
subject
email-subject
return-path
text
-
-
header
email-header
-
-
mime-boundary
email-mime-boundary
-
-
cc
email-dst
-
-
to
email-dst
from-display-name
email-src-display-name
+
+
send-date
datetime
+
+
reply-to
email-reply-to
+
+
attachment
email-attachment
+
+
from
email-src
+
+
header
email-header
+
+
x-mailer
email-x-mailer
mime-boundary
email-mime-boundary
+
+
thread-index
email-thread-index
+
+
return-path
text
+
+
to-display-name
email-dst-display-name
+
+
message-id
email-message-id
+
+
cc
email-dst
+
+
sha512
-sha512
-
-
tlsh
tlsh
-
-
sha224
sha224
-
-
malware-sample
malware-sample
-
-
sha512/256
sha512/256
-
-
authentihash
authentihash
-
-
sha512/224
sha512/224
-
-
filename
filename
-
-
sha1
sha1
-
-
pattern-in-file
pattern-in-file
-
-
mimetype
state
text
+
sha384
sha384
sha1
sha1
+
+
sha512/224
sha512/224
+
+
sha224
sha224
text
-text
pattern-in-file
pattern-in-file
+
+
tlsh
tlsh
+
+
sha512
sha512
+
ssdeep
-ssdeep
sha512/256
sha512/256
+
+
text
text
+
+
authentihash
authentihash
+
+
malware-sample
malware-sample
+
+
sha256
sha256
sha256
-sha256
ssdeep
ssdeep
+
+
sha384
sha384
+
+
mimetype
text
+
+
filename
filename
latitude
-float
text
text
text
-text
-
-
region
text
longitude
float
country
text
+
first-seen
datetime
latitude
float
country
-text
first-seen
datetime
+
longitude
float
+
text
-text
-
-
url
url
-
-
content-type
other
-
-
cookie
text
-
-
user-agent
user-agent
-
-
method
http-method
-
-
host
hostname
-
-
uri
uri
proxy-password
text
-
-
basicauth-password
text
-
-
basicauth-user
text
proxy-user
url
url
+
+
cookie
text
@@ -2071,6 +2001,36 @@ http-request is a MISP object available in JSON format at
content-type
other
+
+
user-agent
user-agent
+
+
text
text
+
+
referer
referer
basicauth-password
text
+
+
proxy-password
text
+
+
host
hostname
+
+
proxy-user
text
+
+
method
http-method
+
+
text
-text
dst-port
port
text
+text
+
+
src-port
port
dst-port
port
-
-
ip-dst
+ip-dst
+
+
ip-src
ip-src
+
+
first-seen
datetime
ip-src
ip-src
-
-
ip-dst
ip-dst
-
-
text
+text
+
+
number-sections
counter
type
text
Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']
--
text
name
text
+
name
+type
text
+
Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']
@@ -2403,38 +2413,8 @@ macho-section is a MISP object available in JSON format at
md5
md5
-
-
text
text
-
-
sha224
sha224
-
-
sha512/256
sha512/256
sha1
sha1
sha1
-sha1
sha224
sha224
sha384
-sha384
-
-
size-in-bytes
size-in-bytes
-
-
entropy
float
sha256
sha256
sha512
sha512
ssdeep
-ssdeep
size-in-bytes
size-in-bytes
+
+
sha512/256
sha512/256
text
+text
+
+
name
text
sha512
sha512
sha256
sha256
+
+
md5
md5
+
+
ssdeep
ssdeep
+
+
sha384
sha384
post
+text
+
+
username-quoted
text
type
text
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
--
link
url
url
@@ -2601,8 +2611,8 @@ microblog is a MISP object available in JSON format at
username
text
link
url
url
-url
removal-date
datetime
post
+username
text
@@ -2651,10 +2661,10 @@ microblog is a MISP object available in JSON format at
removal-date
datetime
type
text
+
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
@@ -2699,8 +2709,8 @@ netflow is a MISP object available in JSON format at
dst-as
AS
first-packet-seen
datetime
packet-count
+ip_version
counter
@@ -2719,18 +2729,18 @@ netflow is a MISP object available in JSON format at
src-as
AS
byte-count
counter
+
last-packet-seen
datetime
ip-dst
ip-dst
first-packet-seen
+last-packet-seen
datetime
@@ -2759,16 +2769,6 @@ netflow is a MISP object available in JSON format at
icmp-type
text
-
-
ip-src
ip-src
ip-dst
ip-dst
-
-
byte-count
counter
-
-
flow-count
packet-count
counter
@@ -2819,10 +2799,10 @@ netflow is a MISP object available in JSON format at
protocol
text
src-as
AS
Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
+
@@ -2839,7 +2819,7 @@ netflow is a MISP object available in JSON format at
ip_version
flow-count
counter
dst-as
AS
+
+
icmp-type
text
+
+
protocol
text
Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
++
count
-counter
zone_time_first
datetime
+
+
time_first
datetime
+
+
time_last
datetime
+
+
zone_time_last
datetime
origin
+text
+
+
sensor_id
text
+
+
count
counter
+
+
bailiwick
text
origin
rrtype
text
-
-
time_first
datetime
+
Resource Record type as seen by the passive DNS ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']
zone_time_last
datetime
-
-
time_last
datetime
-
-
zone_time_first
datetime
-
-
sensor_id
text
-
-
rrtype
text
Resource Record type as seen by the passive DNS ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']
--
title
+url
url
+
+
paste
text
@@ -3085,10 +3105,10 @@ paste is a MISP object available in JSON format at
url
url
origin
text
+
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
@@ -3105,7 +3125,7 @@ paste is a MISP object available in JSON format at
paste
title
text
origin
text
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
--
impfuzzy
-impfuzzy
text
text
+
imphash
imphash
-
-
internal-filename
original-filename
filename
@@ -3193,46 +3193,6 @@ pe is a MISP object available in JSON format at
text
text
-
-
pehash
pehash
-
-
entrypoint-address
text
-
-
entrypoint-section-at-position
text
-
-
file-description
text
type
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
--
product-version
lang-id
text
@@ -3283,13 +3233,13 @@ pe is a MISP object available in JSON format at
original-filename
filename
file-version
text
+
product-name
+entrypoint-address
text
@@ -3313,6 +3263,26 @@ pe is a MISP object available in JSON format at
product-version
text
+
+
type
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
++
number-sections
counter
file-version
impfuzzy
impfuzzy
+
+
internal-filename
filename
+
+
imphash
imphash
+
+
product-name
text
@@ -3333,7 +3333,7 @@ pe is a MISP object available in JSON format at
lang-id
entrypoint-section-at-position
text
pehash
pehash
+
+
md5
-md5
-
-
text
text
-
-
sha224
sha224
-
-
characteristic
text
Characteristic of the section ['read', 'write', 'executable']
--
sha512/256
sha512/256
sha1
sha1
sha1
-sha1
sha224
sha224
sha384
-sha384
-
-
size-in-bytes
size-in-bytes
-
-
entropy
float
sha256
sha256
characteristic
text
Characteristic of the section ['read', 'write', 'executable']
++
sha512
sha512
ssdeep
-ssdeep
size-in-bytes
size-in-bytes
+
+
sha512/256
sha512/256
text
+text
+
+
name
text
sha512
sha512
sha256
sha256
+
+
md5
md5
+
+
ssdeep
ssdeep
+
+
sha384
sha384
first-name
+first-name
+
+
redress-number
redress-number
passport-country
passport-country
nationality
nationality
+
+
place-of-birth
place-of-birth
place-of-birth
-place-of-birth
-
-
last-name
last-name
-
-
first-name
first-name
passport-expiration
passport-expiration
middle-name
-middle-name
-
-
passport-number
passport-number
nationality
nationality
middle-name
middle-name
passport-expiration
-passport-expiration
last-name
last-name
+
+
passport-country
passport-country
msisdn
-text
-
-
imei
text
-
-
text
text
last-seen
datetime
guti
-text
-
-
first-seen
datetime
serial-number
imei
text
+
+
tmsi
text
@@ -3787,6 +3777,26 @@ phone is a MISP object available in JSON format at
guti
text
+
+
msisdn
text
+
+
gummei
text
last-seen
datetime
-
-
tmsi
serial-number
text
text
text
+
+
text
-text
-
-
callback-average
counter
-
-
ratio-functions
float
-
-
gml
attachment
-
-
callback-largest
total-functions
counter
@@ -3915,126 +3885,6 @@ r2graphity is a MISP object available in JSON format at
create-thread
counter
-
-
shortest-path-to-create-thread
counter
-
-
referenced-strings
counter
-
-
miss-api
counter
-
-
callbacks
counter
-
-
total-functions
counter
-
-
total-api
counter
-
-
ratio-string
float
-
-
not-referenced-strings
counter
-
-
r2-commit-version
text
-
-
local-references
counter
-
-
refsglobalvar
counter
-
-
memory-allocations
counter
get-proc-address
counter
-
-
ratio-api
float
referenced-strings
counter
+
+
text
text
+
+
r2-commit-version
text
+
+
get-proc-address
counter
+
+
refsglobalvar
counter
+
+
callback-largest
counter
+
+
create-thread
counter
+
+
not-referenced-strings
counter
+
+
callbacks
counter
+
+
ratio-string
float
+
+
callback-average
counter
+
+
total-api
counter
+
+
local-references
counter
+
+
gml
attachment
+
+
shortest-path-to-create-thread
counter
+
+
miss-api
counter
+
+
unknown-references
counter
ratio-functions
float
+
+
comment
+comment
+
+
regexp-type
text
comment
comment
-
-
data
-reg-data
data-type
reg-datatype
Registry value type ['REG_NONE', 'REG_SZ', 'REG_EXPAND_SZ', 'REG_BINARY', 'REG_DWORD', 'REG_DWORD_LITTLE_ENDIAN', 'REG_DWORD_BIG_ENDIAN', 'REG_LINK', 'REG_MULTI_SZ', 'REG_RESOURCE_LIST', 'REG_FULL_RESOURCE_DESCRIPTOR', 'REG_RESOURCE_REQUIREMENTS_LIST', 'REG_QWORD', 'REG_QWORD_LITTLE_ENDIAN']
++
name
reg-name
data-type
-reg-datatype
data
reg-data
Registry value type ['REG_NONE', 'REG_SZ', 'REG_EXPAND_SZ', 'REG_BINARY', 'REG_DWORD', 'REG_DWORD_LITTLE_ENDIAN', 'REG_DWORD_BIG_ENDIAN', 'REG_LINK', 'REG_MULTI_SZ', 'REG_RESOURCE_LIST', 'REG_FULL_RESOURCE_DESCRIPTOR', 'REG_RESOURCE_REQUIREMENTS_LIST', 'REG_QWORD', 'REG_QWORD_LITTLE_ENDIAN']
+
name
reg-name
-
-
classification
+text
+
+
subject
text
+
+
queue
text
subject
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
++
ticket-number
text
ticket-number
text
-
-
classification
text
-
-
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
--
last-seen
-datetime
-
-
text
text
-
-
first-seen
datetime
-
-
version_line
text
-
-
nickname
text
version
text
+
+
flags
text
address
ip-src
first-seen
datetime
+
+
text
text
+
+
last-seen
datetime
+
+
description
text
+
+
version_line
text
address
+ip-src
+
+
fingerprint
text
description
text
-
-
version
text
-
-
domain
-domain
-
-
last-seen
datetime
-
-
text
text
domain_without_tld
text
+
+
tld
text
+
+
subdomain
text
+
+
url
url
query_string
text
port
port
scheme
+text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
++
first-seen
datetime
tld
last-seen
datetime
+
+
query_string
text
+
+
domain
domain
+
+
fragment
text
@@ -4635,36 +4695,6 @@ url is a MISP object available in JSON format at
scheme
text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
--
fragment
text
-
-
port
port
-
-
resource_path
text
subdomain
text
-
-
domain_without_tld
text
-
-
sectors
-text
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial\xadservices', 'government\xadnational', 'government\xadregional', 'government\xadlocal', 'government\xadpublic\xadservices', 'healthcare', 'hospitality\xadleisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non\xadprofit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
--
classification
text
roles
text
-
-
description
text
roles
text
+
+
sectors
text
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial\xadservices', 'government\xadnational', 'government\xadregional', 'government\xadlocal', 'government\xadpublic\xadservices', 'healthcare', 'hospitality\xadleisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non\xadprofit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
++
regions
text
last-submission
datetime
-
-
detection-ratio
text
community-score
text
-
-
permalink
link
last-submission
datetime
+
+
first-submission
datetime
community-score
text
+
+
text
-text
published
datetime
summary
-text
-
-
vulnerable_configuration
text
published
datetime
text
text
+
+
summary
text
registar
-whois-registrar
domain
domain
creation-date
-datetime
registrant-phone
whois-registrant-phone
text
-text
registrant-name
whois-registrant-name
registrant-name
-whois-registrant-name
registar
whois-registrar
domain
-domain
text
text
registrant-phone
-whois-registrant-phone
creation-date
datetime
text
-text
-
-
x509-fingerprint-sha1
sha1
-
-
version
text
issuer
text
-
-
pubkey-info-modulus
text
x509-fingerprint-sha256
sha256
raw-base64
-text
-
-
serial-number
text
-
-
validity-not-before
datetime
validity-not-after
datetime
pubkey-info-exponent
text
+
+
pubkey-info-algorithm
text
+
+
text
text
+
+
x509-fingerprint-sha1
sha1
pubkey-info-exponent
+pubkey-info-modulus
text
@@ -5285,8 +5275,8 @@ x509 is a MISP object available in JSON format at
x509-fingerprint-sha256
sha256
issuer
text
pubkey-info-algorithm
+raw-base64
text
+
+
validity-not-after
datetime
+
+
serial-number
text
@@ -5353,6 +5363,26 @@ yabin is a MISP object available in JSON format at
yara-hunt
yara
+
+
comment
comment
+
+
yara
yara
comment
comment
-
-
yara-hunt
yara
-
-