diff --git a/objects.html b/objects.html
index 1d7c87b..14e9051 100755
--- a/objects.html
+++ b/objects.html
@@ -572,20 +572,10 @@ ail-leak is a MISP object available in JSON format at origin
text
The link where the leak is (or was) accessible at first-seen.
--
last-seen
original-date
datetime
When the leak has been accessible or seen for the last time.
+When the information available in the leak was created. It’s usually before the first-seen.
@@ -602,6 +592,16 @@ ail-leak is a MISP object available in JSON format at
last-seen
datetime
When the leak has been accessible or seen for the last time.
++
duplicate_number
counter
duplicate
text
Duplicate of the existing leaks.
++
text
text
A description of the leak which could include the potential victim(s) or description of the leak.
++
origin
text
The link where the leak is (or was) accessible at first-seen.
++
sensor
text
text
text
A description of the leak which could include the potential victim(s) or description of the leak.
--
duplicate
text
Duplicate of the existing leaks.
--
original-date
datetime
When the information available in the leak was created. It’s usually before the first-seen.
--
type
text
comment
comment
permission
text
Comment about the set of android permission(s)
+Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']
permission
text
comment
comment
Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']
+Comment about the set of android permission(s)
@@ -768,6 +768,36 @@ annotation is a MISP object available in JSON format at
modification-date
datetime
Last update of the annotation
++
type
text
Type of the annotation ['Annotation', 'Executive Summary', 'Introduction', 'Conclusion', 'Disclaimer', 'Keywords', 'Acknowledgement', 'Other', 'Copyright', 'Authors', 'Logo']
++
text
text
Raw text of the annotation
++
creation-date
datetime
text
text
Raw text of the annotation
--
ref
link
type
text
Type of the annotation ['Annotation', 'Executive Summary', 'Introduction', 'Conclusion', 'Disclaimer', 'Keywords', 'Acknowledgement', 'Other', 'Copyright', 'Authors', 'Logo']
--
modification-date
datetime
Last update of the annotation
--
mp-export
-text
subnet-announced
ip-src
This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
+Subnet announced
@@ -886,10 +886,10 @@ asn is a MISP object available in JSON format at
description
mp-export
text
Description of the autonomous system
+This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
@@ -906,6 +906,26 @@ asn is a MISP object available in JSON format at
description
text
Description of the autonomous system
++
mp-import
text
The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
++
last-seen
datetime
mp-import
text
The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
--
subnet-announced
ip-src
Subnet announced
--
first-seen
datetime
software
signature
text
Name of antivirus software
+Name of detection signature
++
text
text
Free text value to attach to the file
@@ -1024,25 +1034,15 @@ av-signature is a MISP object available in JSON format at
text
software
text
Free text value to attach to the file
+Name of antivirus software
signature
text
Name of detection signature
--
account
-bank-account-nr
Account number
--
balance
text
The balance of the account after the suspicious transaction was processed.
--
status-code
text
Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']
--
branch
text
Branch code or name
--
date-balance
datetime
When the balance was reported.
--
closed
datetime
When the account was closed.
--
text
text
A description of the bank account.
--
client-_number
text
Client number as seen by the bank.
--
personal-account-type
text
Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']
--
swift
bic
SWIFT or BIC as defined in ISO 9362.
--
opened
datetime
When the account was opened.
--
comments
text
Comments about the bank account.
--
institution-code
text
Name of the bank or financial organisation.
--
currency-code
text
beneficiary-comment
branch
text
Comment about the final beneficiary.
+Branch code or name
non-banking-institution
boolean
account
bank-account-nr
A flag to define if this account belong to a non-banking organisation. If set to true, it’s a non-banking organisation.
+Account number
++
client-_number
text
Client number as seen by the bank.
++
institution-code
text
Name of the bank or financial organisation.
++
status-code
text
Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']
++
date-balance
datetime
When the balance was reported.
++
balance
text
The balance of the account after the suspicious transaction was processed.
++
opened
datetime
When the account was opened.
++
beneficiary
text
Final beneficiary of the bank account.
++
personal-account-type
text
Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']
++
iban
iban
IBAN of the bank account.
++
text
text
A description of the bank account.
@@ -1262,23 +1232,53 @@ bank-account is a MISP object available in JSON format at
beneficiary
text
swift
bic
Final beneficiary of the bank account.
+SWIFT or BIC as defined in ISO 9362.
iban
iban
beneficiary-comment
text
IBAN of the bank account.
+Comment about the final beneficiary.
+
+
comments
text
Comments about the bank account.
++
non-banking-institution
boolean
A flag to define if this account belong to a non-banking organisation. If set to true, it’s a non-banking organisation.
++
closed
datetime
When the account was closed.
+
source
-text
The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.
--
identifier
text
The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.
--
status
text
The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']
--
code
text
incident
text
The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.
--
sender
text
restriction
text
The text describing the rule for limiting distribution of the restricted alert message.
--
references
text
The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.
--
msgType
text
status
text
The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']
++
sent
datetime
source
text
The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.
++
note
text
The text describing the purpose or significance of the alert message.
++
identifier
text
The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.
++
restriction
text
The text describing the rule for limiting distribution of the restricted alert message.
++
incident
text
The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.
++
addresses
text
scope
references
text
The code denoting the intended distribution of the alert message. ['Public', 'Restricted', 'Private']
+The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.
note
scope
text
The text describing the purpose or significance of the alert message.
+The code denoting the intended distribution of the alert message. ['Public', 'Restricted', 'Private']
@@ -1488,130 +1488,10 @@ cap-info is a MISP object available in JSON format at
urgency
text
The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']
--
senderName
text
The text naming the originator of the alert message.
--
contact
text
The text describing the contact for follow-up and confirmation of the alert message.
--
parameter
text
A system-specific additional parameter associated with the alert message.
--
event
text
The text denoting the type of the subject event of the alert message.
--
web
link
The identifier of the hyperlink associating additional information with the alert message.
--
audience
text
The text describing the intended audience of the alert message.
--
category
text
The code denoting the category of the subject event of the alert message. ['Geo', 'Met', 'Safety', 'Security', 'Rescue', 'Fire', 'Health', 'Env', 'Transport', 'Infra', 'CBRNE', 'Other']
--
certainty
text
The code denoting the certainty of the subject event of the alert message. For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”. ['Likely', 'Possible', 'Unlikely', 'Unknown']
--
severity
text
The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']
--
headline
text
The text headline of the alert message.
--
expires
onset
datetime
The expiry time of the information of the alert message.
--
language
text
The code denoting the language of the info sub-element of the alert message.
+The expected time of the beginning of the subject event of the alert message.
@@ -1628,20 +1508,110 @@ cap-info is a MISP object available in JSON format at
description
instruction
text
The text describing the subject event of the alert message.
+The text describing the recommended action to be taken by recipients of the alert message.
instruction
parameter
text
The text describing the recommended action to be taken by recipients of the alert message.
+A system-specific additional parameter associated with the alert message.
++
effective
datetime
The effective time of the information of the alert message.
++
senderName
text
The text naming the originator of the alert message.
++
severity
text
The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']
++
event
text
The text denoting the type of the subject event of the alert message.
++
urgency
text
The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']
++
certainty
text
The code denoting the certainty of the subject event of the alert message. For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”. ['Likely', 'Possible', 'Unlikely', 'Unknown']
++
language
text
The code denoting the language of the info sub-element of the alert message.
++
web
link
The identifier of the hyperlink associating additional information with the alert message.
++
category
text
The code denoting the category of the subject event of the alert message. ['Geo', 'Met', 'Safety', 'Security', 'Rescue', 'Fire', 'Health', 'Env', 'Transport', 'Infra', 'CBRNE', 'Other']
@@ -1658,20 +1628,50 @@ cap-info is a MISP object available in JSON format at
onset
datetime
description
text
The expected time of the beginning of the subject event of the alert message.
+The text describing the subject event of the alert message.
effective
audience
text
The text describing the intended audience of the alert message.
++
headline
text
The text headline of the alert message.
++
contact
text
The text describing the contact for follow-up and confirmation of the alert message.
++
expires
datetime
The effective time of the information of the alert message.
+The expiry time of the information of the alert message.
@@ -1716,26 +1716,6 @@ cap-resource is a MISP object available in JSON format at
uri
link
The identifier of the hyperlink for the resource file.
--
size
text
The integer indicating the size of the resource file.
--
derefUri
attachment
digest
sha1
The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).
++
mimeType
mime-type
digest
sha1
uri
link
The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).
+The identifier of the hyperlink for the resource file.
size
text
The integer indicating the size of the resource file.
++
address
-btc
first-seen
datetime
Address used as a payment destination in a cryptocurrency
+First time this payment destination address has been seen
+
text
-text
address
btc
Free text value
+Address used as a payment destination in a cryptocurrency
+
first-seen
-datetime
text
text
First time this payment destination address has been seen
+Free text value
@@ -1902,16 +1902,6 @@ cookie is a MISP object available in JSON format at
cookie
cookie
Full cookie
--
type
text
text
text
A description of the cookie.
--
cookie-value
text
cookie
cookie
Full cookie
++
text
text
A description of the cookie.
++
username
+origin
text
Username related to the password(s)
--
format
text
Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
+Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
@@ -2020,10 +2010,10 @@ credential is a MISP object available in JSON format at
origin
type
text
Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
+Type of password(s) ['password', 'api-key', 'encryption-key', 'unknown']
@@ -2040,6 +2030,16 @@ credential is a MISP object available in JSON format at
username
text
Username related to the password(s)
++
notification
text
type
format
text
Type of password(s) ['password', 'api-key', 'encryption-key', 'unknown']
+Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
@@ -2098,10 +2098,20 @@ credit-card is a MISP object available in JSON format at
version
text
issued
datetime
Version of the card.
+Initial date of validity or issued date.
++
expiration
datetime
Maximum date of validity
@@ -2118,10 +2128,20 @@ credit-card is a MISP object available in JSON format at
issued
datetime
card-security-code
text
Initial date of validity or issued date.
+Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
++
version
text
Version of the card.
card-security-code
text
Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
--
expiration
datetime
Maximum date of validity
--
last-seen
-datetime
src-port
port
End of the attack
+Port originating the attack
+
+
ip-src
ip-src
IP address originating the attack
+
last-seen
+datetime
End of the attack
++
text
text
Description of the DDoS
++
protocol
text
Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
++
first-seen
datetime
ip-dst
ip-dst
Destination IP (victim)
++
total-bps
counter
text
text
Description of the DDoS
--
src-port
port
Port originating the attack
--
protocol
text
Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
--
ip-dst
ip-dst
Destination IP (victim)
--
domain-dst
domain
ip-src
ip-src
IP address originating the attack
--
CmdCode
-text
A decimal representation of the diameter Command Code.
--
SessionId
text
Username
ApplicationId
text
Username (in this case, usually the IMSI).
+Application-ID is used to identify for which Diameter application the message is applicable. Application-ID is a decimal representation.
++
Origin-Realm
text
Origin-Realm.
++
Destination-Realm
text
Destination-Realm.
@@ -2394,10 +2404,30 @@ diameter-attack is a MISP object available in JSON format at
Origin-Host
Destination-Host
text
Origin-Host.
+Destination-Host.
++
first-seen
datetime
When the attack has been seen for the first time.
++
Username
text
Username (in this case, usually the IMSI).
@@ -2424,55 +2454,25 @@ diameter-attack is a MISP object available in JSON format at
Origin-Realm
CmdCode
text
Origin-Realm.
--
ApplicationId
text
Application-ID is used to identify for which Diameter application the message is applicable. Application-ID is a decimal representation.
--
Destination-Host
text
Destination-Host.
--
Destination-Realm
text
Destination-Realm.
--
first-seen
datetime
When the attack has been seen for the first time.
+A decimal representation of the diameter Command Code.
Origin-Host
text
Origin-Host.
++
text
-text
ip
ip-dst
A description of the tuple
+IP Address
++
first-seen
datetime
First time the tuple has been seen
@@ -2542,25 +2552,15 @@ domain-ip is a MISP object available in JSON format at
first-seen
datetime
text
text
First time the tuple has been seen
+A description of the tuple
ip
ip-dst
IP Address
--
arch
-text
Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
--
number-sections
counter
entrypoint-address
type
text
Address of the entry point
+Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
++
text
text
Free text value to attach to the ELF
@@ -2640,23 +2640,23 @@ elf is a MISP object available in JSON format at
text
entrypoint-address
text
Free text value to attach to the ELF
+Address of the entry point
type
arch
text
Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
+Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
+
sha256
-sha256
text
text
Secure Hash Algorithm 2 (256 bits)
+Free text value to attach to the section
-
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
-+
sha512/224
+sha512/224
Secure Hash Algorithm 2 (224 bits)
++
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
++
ssdeep
ssdeep
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
++
size-in-bytes
size-in-bytes
text
text
Free text value to attach to the section
--
type
text
Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']
--
entropy
float
Entropy of the whole section
--
md5
md5
sha512/256
sha512/256
sha224
sha224
Secure Hash Algorithm 2 (256 bits)
+Secure Hash Algorithm 2 (224 bits)
name
text
Name of the section
--
sha512
sha512
sha224
sha224
type
text
Secure Hash Algorithm 2 (224 bits)
+Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']
++
sha256
sha256
Secure Hash Algorithm 2 (256 bits)
sha512/224
sha512/224
entropy
float
Secure Hash Algorithm 2 (224 bits)
+Entropy of the whole section
+
+
name
text
Name of the section
+
to
-email-dst
Destination email address
--
thread-index
email-thread-index
Identifies a particular conversation thread
--
from-display-name
email-src-display-name
screenshot
attachment
Screenshot of email
++
email-body
email-body
x-mailer
email-x-mailer
return-path
text
X-Mailer generally tells the program that was used to draft and send the original email
--
subject
email-subject
Subject
--
reply-to
email-reply-to
Email address the reply will be sent to
+Message return path
@@ -2966,10 +2936,70 @@ email is a MISP object available in JSON format at
cc
to
email-dst
Carbon copy
+Destination email address
++
attachment
email-attachment
Attachment
++
reply-to
email-reply-to
Email address the reply will be sent to
++
message-id
email-message-id
Message ID
++
thread-index
email-thread-index
Identifies a particular conversation thread
++
header
email-header
Full headers
++
x-mailer
email-x-mailer
X-Mailer generally tells the program that was used to draft and send the original email
@@ -2996,20 +3026,10 @@ email is a MISP object available in JSON format at
return-path
text
subject
email-subject
Message return path
--
message-id
email-message-id
Message ID
+Subject
@@ -3026,30 +3046,10 @@ email is a MISP object available in JSON format at
screenshot
attachment
cc
email-dst
Screenshot of email
--
attachment
email-attachment
Attachment
--
header
email-header
Full headers
+Carbon copy
@@ -3094,8 +3094,48 @@ file is a MISP object available in JSON format at
sha256
sha256
certificate
x509-fingerprint-sha1
Certificate value if the binary is signed with another authentication scheme than authenticode
++
text
text
Free text value to attach to the file
++
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
++
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
sha384
-sha384
Secure Hash Algorithm 2 (384 bits)
--
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
ssdeep
ssdeep
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
--
text
text
Free text value to attach to the file
--
entropy
float
Entropy of the whole file
--
md5
md5
[Insecure] MD5 hash (128 bits)
--
malware-sample
malware-sample
The file itself (binary)
--
state
text
State of the file ['Malicious', 'Harmless', 'Signed', 'Revoked', 'Expired', 'Trusted']
--
authentihash
authentihash
Authenticode executable signature hash
--
certificate
x509-fingerprint-sha1
Certificate value if the binary is signed with another authentication scheme than authenticode
--
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
mimetype
text
Mime type
--
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
--
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
--
size-in-bytes
size-in-bytes
authentihash
authentihash
Authenticode executable signature hash
++
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
state
text
State of the file ['Malicious', 'Harmless', 'Signed', 'Revoked', 'Expired', 'Trusted']
++
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
++
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
++
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
++
sha256
sha256
Secure Hash Algorithm 2 (256 bits)
++
malware-sample
malware-sample
The file itself (binary)
++
entropy
float
Entropy of the whole file
++
pattern-in-file
pattern-in-file
mimetype
mime-type
Mime type
++
address
+region
text
Address.
--
city
text
City.
--
zipcode
text
Zip Code.
--
last-seen
datetime
When the location was seen for the last time.
--
longitude
float
The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference
--
country
text
Country.
--
text
text
A generic description of the location.
--
latitude
float
The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.
--
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
+Region.
@@ -3432,10 +3352,90 @@ geolocation is a MISP object available in JSON format at
region
zipcode
text
Region.
+Zip Code.
++
address
text
Address.
++
latitude
float
The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.
++
city
text
City.
++
text
text
A generic description of the location.
++
country
text
Country.
++
longitude
float
The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference
++
last-seen
datetime
When the location was seen for the last time.
++
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
@@ -3490,30 +3490,10 @@ gtp-attack is a MISP object available in JSON format at
ipSrc
ip-src
IP source address.
--
text
GtpImei
text
A description of the GTP attack.
--
ipDest
ip-dst
IP destination address.
+GTP IMEI (International Mobile Equipment Identity).
@@ -3530,26 +3510,6 @@ gtp-attack is a MISP object available in JSON format at
PortSrc
port
Source port.
--
PortDest
text
Destination port.
--
GtpVersion
text
GtpImei
text
ipDest
ip-dst
GTP IMEI (International Mobile Equipment Identity).
+IP destination address.
PortDest
text
Destination port.
++
PortSrc
port
Source port.
++
first-seen
datetime
ipSrc
ip-src
IP source address.
++
text
text
A description of the GTP attack.
++
GtpServingNetwork
text
url
url
Full HTTP Request URL
++
host
hostname
proxy-user
text
HTTP Proxy Username
--
referer
referer
This is the address of the previous web page from which a link to the currently requested page was followed
--
method
http-method
HTTP Method invoked (one of GET, POST, PUT, HEAD, DELETE, OPTIONS, CONNECT)
--
proxy-password
text
HTTP Proxy Password
--
basicauth-password
text
HTTP Basic Authentication Password
--
content-type
other
The MIME type of the body of the request
--
uri
uri
Request URI
--
user-agent
user-agent
basicauth-password
text
HTTP Basic Authentication Password
++
method
http-method
HTTP Method invoked (one of GET, POST, PUT, HEAD, DELETE, OPTIONS, CONNECT)
++
content-type
other
The MIME type of the body of the request
++
basicauth-user
text
url
url
uri
uri
Full HTTP Request URL
+Request URI
++
proxy-password
text
HTTP Proxy Password
++
proxy-user
text
HTTP Proxy Username
++
referer
other
This is the address of the previous web page from which a link to the currently requested page was followed
@@ -3816,50 +3816,10 @@ ip-port is a MISP object available in JSON format at
domain
domain
ip
ip-dst
Domain
--
dst-port
port
Destination port
--
last-seen
datetime
Last time the tuple has been seen
--
text
text
Description of the tuple
--
src-port
port
Source port
+IP Address
@@ -3876,15 +3836,55 @@ ip-port is a MISP object available in JSON format at
ip
ip-dst
src-port
port
IP Address
+Source port
dst-port
port
Destination port
++
text
text
Description of the tuple
++
domain
domain
Domain
++
last-seen
datetime
Last time the tuple has been seen
++
description
-text
first-seen
datetime
Type of detected software ie software, malware
+First seen of the SSL/TLS handshake
++
ip-dst
ip-dst
Destination IP address
@@ -3944,6 +3954,16 @@ ja3 is a MISP object available in JSON format at
description
text
Type of detected software ie software, malware
++
ja3-fingerprint-md5
md5
ip-dst
ip-dst
Destination IP address
--
first-seen
datetime
First seen of the SSL/TLS handshake
--
ip-src
ip-src
commercial-name
legal-form
text
Commercial name of an entity.
+Legal form of an entity.
phone-number
phone-number
Phone number of an entity.
--
name
business
text
Name of an entity.
+Business area of an entity.
@@ -4072,20 +4062,30 @@ legal-entity is a MISP object available in JSON format at
legal-form
text
phone-number
phone-number
Legal form of an entity.
+Phone number of an entity.
business
commercial-name
text
Business area of an entity.
+Commercial name of an entity.
++
name
text
Name of an entity.
@@ -4130,26 +4130,6 @@ macho is a MISP object available in JSON format at
name
text
Binary’s name
--
text
text
Free text value to attach to the Mach-O file
--
number-sections
counter
entrypoint-address
text
Address of the entry point
++
name
text
Binary’s name
++
type
text
entrypoint-address
text
text
Address of the entry point
+Free text value to attach to the Mach-O file
@@ -4218,23 +4218,13 @@ macho-section is a MISP object available in JSON format at
sha256
sha256
text
text
Secure Hash Algorithm 2 (256 bits)
+Free text value to attach to the section
-
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
-+
sha512/224
+sha512/224
Secure Hash Algorithm 2 (224 bits)
++
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
++
ssdeep
ssdeep
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
++
size-in-bytes
size-in-bytes
text
text
Free text value to attach to the section
--
entropy
float
Entropy of the whole section
--
md5
md5
sha512/256
sha512/256
sha224
sha224
Secure Hash Algorithm 2 (256 bits)
+Secure Hash Algorithm 2 (224 bits)
name
text
Name of the section
--
sha512
sha512
sha224
sha224
sha256
sha256
Secure Hash Algorithm 2 (224 bits)
+Secure Hash Algorithm 2 (256 bits)
sha512/224
sha512/224
entropy
float
Secure Hash Algorithm 2 (224 bits)
+Entropy of the whole section
+
+
name
text
Name of the section
+
creation-date
-datetime
url
url
Initial creation of the microblog post
+Original URL location of the microblog post
removal-date
modification-date
datetime
When the microblog post was removed
+Last update of the microblog post
post
username-quoted
text
Raw post
+Username who are quoted into the microblog post
type
text
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
++
link
url
username-quoted
post
text
Username who are quoted into the microblog post
+Raw post
modification-date
removal-date
datetime
Last update of the microblog post
+When the microblog post was removed
type
text
creation-date
datetime
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
--
url
url
Original URL location of the microblog post
+Initial creation of the microblog post
@@ -4514,6 +4514,16 @@ mutex is a MISP object available in JSON format at
description
text
Description
++
operating-system
text
description
text
Description
--
src-port
-port
Source port of the netflow
--
dst-port
port
Destination port of the netflow
--
protocol
text
Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
--
direction
text
Direction of this flow ['Ingress', 'Egress']
--
tcp-flags
text
ip-dst
ip-dst
IP address destination of the netflow
--
ip-src
ip-src
IP address source of the netflow
--
ip_version
counter
ip-protocol-number
size-in-bytes
IP protocol number of this flow
++
flow-count
counter
dst-as
AS
protocol
text
Destination AS number for this flow
+Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
ip-protocol-number
size-in-bytes
src-port
port
IP protocol number of this flow
--
packet-count
counter
Packets counted in this flow
--
byte-count
counter
Bytes counted in this flow
--
src-as
AS
Source AS number for this flow
+Source port of the netflow
@@ -4732,6 +4652,56 @@ netflow is a MISP object available in JSON format at
packet-count
counter
Packets counted in this flow
++
ip-src
ip-src
IP address source of the netflow
++
byte-count
counter
Bytes counted in this flow
++
icmp-type
text
ICMP type of the flow (if the traffic is ICMP)
++
dst-port
port
Destination port of the netflow
++
last-packet-seen
datetime
icmp-type
src-as
AS
Source AS number for this flow
++
ip-dst
ip-dst
IP address destination of the netflow
++
dst-as
AS
Destination AS number for this flow
++
direction
text
ICMP type of the flow (if the traffic is ICMP)
+Direction of this flow ['Ingress', 'Egress']
@@ -4790,20 +4790,20 @@ passive-dns is a MISP object available in JSON format at
zone_time_first
datetime
rdata
text
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
+Resource records of the queried resource
+
bailiwick
text
count
counter
Best estimate of the apex of the zone where this data is authoritative
+How many authoritative DNS answers were received at the Passive DNS Server’s collectors with exactly the given set of values as answers.
@@ -4820,70 +4820,10 @@ passive-dns is a MISP object available in JSON format at
text
bailiwick
text
Description of the passive DNS record.
--
count
counter
How many authoritative DNS answers were received at the Passive DNS Server’s collectors with exactly the given set of values as answers.
--
time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS
--
zone_time_last
datetime
Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import.
--
rdata
text
Resource records of the queried resource
--
rrname
text
Resource Record name of the queried resource.
--
sensor_id
text
Sensor information where the record was seen
+Best estimate of the apex of the zone where this data is authoritative
@@ -4900,6 +4840,16 @@ passive-dns is a MISP object available in JSON format at
zone_time_last
datetime
Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import.
++
rrtype
text
zone_time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
++
rrname
text
Resource Record name of the queried resource.
++
text
text
Description of the passive DNS record.
++
time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS
++
sensor_id
text
Sensor information where the record was seen
++
title
-text
url
url
Title of the paste or post.
--
origin
text
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
--
last-seen
datetime
When the paste has been accessible or seen for the last time.
--
paste
text
Raw text of the paste or post
+Link to the original source of the paste or post.
@@ -4998,10 +4968,40 @@ paste is a MISP object available in JSON format at
url
url
last-seen
datetime
Link to the original source of the paste or post.
+When the paste has been accessible or seen for the last time.
++
origin
text
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
++
paste
text
Raw text of the paste or post
++
title
text
Title of the paste or post.
@@ -5046,20 +5046,10 @@ pe is a MISP object available in JSON format at
pehash
pehash
number-sections
counter
Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
--
product-name
text
ProductName in the resources
+Number of sections
@@ -5076,16 +5066,36 @@ pe is a MISP object available in JSON format at
number-sections
counter
product-version
text
Number of sections
+ProductVersion in the resources
type
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
++
imphash
imphash
Hash (md5) calculated from the import table
++
entrypoint-address
text
original-filename
filename
legal-copyright
text
OriginalFilename in the resources
+LegalCopyright in the resources
++
lang-id
text
Lang ID in the resources
++
file-version
text
FileVersion in the resources
++
company-name
text
CompanyName in the resources
++
pehash
pehash
Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
++
entrypoint-section-at-position
text
Name of the section and position of the section in the PE
@@ -5126,16 +5186,6 @@ pe is a MISP object available in JSON format at
type
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
--
file-description
text
imphash
imphash
Hash (md5) calculated from the import table
--
lang-id
product-name
text
Lang ID in the resources
+ProductName in the resources
file-version
text
original-filename
filename
FileVersion in the resources
--
entrypoint-section-at-position
text
Name of the section and position of the section in the PE
--
legal-copyright
text
LegalCopyright in the resources
--
company-name
text
CompanyName in the resources
+OriginalFilename in the resources
product-version
text
ProductVersion in the resources
--
sha256
-sha256
text
text
Secure Hash Algorithm 2 (256 bits)
+Free text value to attach to the section
-
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
-+
sha512/224
+sha512/224
Secure Hash Algorithm 2 (224 bits)
++
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
++
ssdeep
ssdeep
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
++
size-in-bytes
size-in-bytes
text
text
Free text value to attach to the section
--
entropy
float
Entropy of the whole section
--
md5
md5
characteristic
text
sha224
sha224
Characteristic of the section ['read', 'write', 'executable']
+Secure Hash Algorithm 2 (224 bits)
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
name
text
Name of the section ['.rsrc', '.reloc', '.rdata', '.data', '.text']
--
sha512
sha512
sha224
sha224
sha256
sha256
Secure Hash Algorithm 2 (224 bits)
+Secure Hash Algorithm 2 (256 bits)
sha512/224
sha512/224
characteristic
text
Secure Hash Algorithm 2 (224 bits)
+Characteristic of the section ['read', 'write', 'executable']
entropy
float
Entropy of the whole section
++
name
text
Name of the section ['.rsrc', '.reloc', '.rdata', '.data', '.text']
++
identity-card-number
-identity-card-number
The identity card number of a natural person.
--
passport-expiration
passport-expiration
The expiration date of a passport.
--
nationality
nationality
The nationality of a natural person.
--
middle-name
middle-name
Middle name of a natural person.
--
last-name
last-name
Last name of a natural person.
--
alias
text
Alias name or known as.
--
mothers-name
text
Mother name, father, second name or other names following country’s regulation.
--
passport-country
passport-country
passport-number
passport-number
The passport number of a natural person.
--
redress-number
redress-number
title
text
gender
gender
Title of the natural person such as Dr. or equivalent.
+The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']
social-security-number
text
last-name
last-name
Social security number
--
date-of-birth
date-of-birth
Date of birth of a natural person (in YYYY-MM-DD format).
+Last name of a natural person.
@@ -5582,10 +5492,60 @@ person is a MISP object available in JSON format at
place-of-birth
place-of-birth
social-security-number
text
Place of birth of a natural person.
+Social security number
++
passport-expiration
passport-expiration
The expiration date of a passport.
++
mothers-name
text
Mother name, father, second name or other names following country’s regulation.
++
date-of-birth
date-of-birth
Date of birth of a natural person (in YYYY-MM-DD format).
++
passport-number
passport-number
The passport number of a natural person.
++
nationality
nationality
The nationality of a natural person.
@@ -5602,15 +5562,55 @@ person is a MISP object available in JSON format at
gender
gender
place-of-birth
place-of-birth
The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']
+Place of birth of a natural person.
identity-card-number
identity-card-number
The identity card number of a natural person.
++
middle-name
middle-name
Middle name of a natural person.
++
title
text
Title of the natural person such as Dr. or equivalent.
++
alias
text
Alias name or known as.
++
imsi
+tmsi
text
A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
+Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.
serial-number
text
Serial Number.
--
last-seen
datetime
When the phone has been accessible or seen for the last time.
--
msisdn
text
tmsi
imsi
text
Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.
+A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
++
gummei
text
Globally Unique MME Identifier (GUMMEI) is composed from MCC, MNC and MME Identifier (MMEI).
@@ -5730,6 +5720,26 @@ phone is a MISP object available in JSON format at
serial-number
text
Serial Number.
++
last-seen
datetime
When the phone has been accessible or seen for the last time.
++
first-seen
datetime
gummei
text
Globally Unique MME Identifier (GUMMEI) is composed from MCC, MNC and MME Identifier (MMEI).
--
not-referenced-strings
+counter
Amount of not referenced strings
++
referenced-strings
counter
Amount of referenced strings
++
gml
attachment
Graph export in G>raph Modelling Language format
++
total-functions
counter
total-api
counter
Total amount of API calls
++
ratio-string
float
Ratio: amount of referenced strings per kilobyte of code section
++
callbacks
counter
Amount of callbacks (functions started as thread)
++
refsglobalvar
counter
create-thread
get-proc-address
counter
Amount of calls to CreateThread
+Amount of calls to GetProcAddress
dangling-strings
callback-largest
counter
Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
+Largest callback
++
memory-allocations
counter
Amount of memory allocations
@@ -5848,6 +5918,16 @@ r2graphity is a MISP object available in JSON format at
dangling-strings
counter
Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
++
miss-api
counter
total-api
counter
Total amount of API calls
--
not-referenced-strings
counter
Amount of not referenced strings
--
shortest-path-to-create-thread
counter
Shortest path to the first time the binary calls CreateThread
--
referenced-strings
counter
Amount of referenced strings
--
callbacks
counter
Amount of callbacks (functions started as thread)
--
local-references
counter
Amount of API calls inside a code section
--
callback-average
counter
Average size of a callback
--
callback-largest
counter
Largest callback
--
unknown-references
counter
Amount of API calls not ending in a function (Radare2 bug, probalby)
--
memory-allocations
counter
Amount of memory allocations
--
ratio-functions
float
Ratio: amount of functions per kilobyte of code section
--
get-proc-address
counter
Amount of calls to GetProcAddress
--
ratio-api
float
gml
attachment
local-references
counter
Graph export in G>raph Modelling Language format
+Amount of API calls inside a code section
ratio-string
unknown-references
counter
Amount of API calls not ending in a function (Radare2 bug, probalby)
++
create-thread
counter
Amount of calls to CreateThread
++
shortest-path-to-create-thread
counter
Shortest path to the first time the binary calls CreateThread
++
ratio-functions
float
Ratio: amount of referenced strings per kilobyte of code section
+Ratio: amount of functions per kilobyte of code section
++
callback-average
counter
Average size of a callback
@@ -6046,20 +6046,20 @@ regexp is a MISP object available in JSON format at
comment
comment
regexp
text
A description of the regular expression.
+regexp
regexp
text
comment
comment
regexp
+A description of the regular expression.
@@ -6134,13 +6134,13 @@ registry-key is a MISP object available in JSON format at
last-modified
datetime
root-keys
text
Last time the registry key has been modified
+Root key of the Windows registry (extracted from the key) ['HKCC', 'HKCR', 'HKCU', 'HKDD', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_CURRENT_USER', 'HKEY_DYN_DATA', 'HKEY_LOCAL_MACHINE', 'HKEY_PERFORMANCE_DATA', 'HKEY_USERS', 'HKLM', 'HKPD', 'HKU']
+
last-modified
+datetime
Last time the registry key has been modified
++
name
text
root-keys
text
Root key of the Windows registry (extracted from the key) ['HKCC', 'HKCR', 'HKCU', 'HKDD', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_CURRENT_USER', 'HKEY_DYN_DATA', 'HKEY_LOCAL_MACHINE', 'HKEY_PERFORMANCE_DATA', 'HKEY_USERS', 'HKLM', 'HKPD', 'HKU']
--
summary
+case-number
text
Free text summary of the report
+Case number
case-number
summary
text
Case number
+Free text summary of the report
@@ -6290,16 +6290,6 @@ rtir is a MISP object available in JSON format at
queue
text
Queue of the RTIR ticket ['incident', 'investigations', 'blocks', 'incident reports']
--
subject
text
ticket-number
text
ticket-number of the RTIR ticket
--
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
--
constituency
text
Constituency of the RTIR ticket
--
classification
text
queue
text
Queue of the RTIR ticket ['incident', 'investigations', 'blocks', 'incident reports']
++
constituency
text
Constituency of the RTIR ticket
++
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
++
ip
ip-dst
ticket-number
text
ticket-number of the RTIR ticket
++
saas-sandbox
+sandbox-type
text
A non-on-premise sandbox, also results are not publicly available ['forticloud-sandbox', 'joe-sandbox-cloud', 'symantec-cas-cloud']
--
on-premise-sandbox
text
The on-premise sandbox used ['cuckoo', 'symantec-cas-on-premise', 'bluecoat-maa', 'trendmicro-deep-discovery-analyzer', 'fireeye-ax', 'vmray', 'joe-sandbox-on-premise']
+The type of sandbox used ['on-premise', 'web', 'saas']
@@ -6428,6 +6418,26 @@ sandbox-report is a MISP object available in JSON format at
web-sandbox
text
A web sandbox where results are publicly available via an URL ['malwr', 'hybrid-analysis']
++
saas-sandbox
text
A non-on-premise sandbox, also results are not publicly available ['forticloud-sandbox', 'joe-sandbox-cloud', 'symantec-cas-cloud']
++
raw-report
text
sandbox-type
score
text
The type of sandbox used ['on-premise', 'web', 'saas']
+Score
@@ -6458,20 +6468,10 @@ sandbox-report is a MISP object available in JSON format at
web-sandbox
on-premise-sandbox
text
A web sandbox where results are publicly available via an URL ['malwr', 'hybrid-analysis']
--
score
text
Score
+The on-premise sandbox used ['cuckoo', 'symantec-cas-on-premise', 'bluecoat-maa', 'trendmicro-deep-discovery-analyzer', 'fireeye-ax', 'vmray', 'joe-sandbox-on-premise']
@@ -6516,10 +6516,20 @@ sb-signature is a MISP object available in JSON format at
software
signature
text
Name of Sandbox software
+Name of detection signature - set the description of the detection signature as a comment
++
text
text
Additional signature description
@@ -6536,25 +6546,15 @@ sb-signature is a MISP object available in JSON format at
text
software
text
Additional signature description
+Name of Sandbox software
signature
text
Name of detection signature - set the description of the detection signature as a comment
--
MapGmlc
+MapUssdCoding
text
MAP GMLC. Phone number.
+MAP USSD Content.
++
MapSmsTP-OA
text
MAP SMS TP-OA. Phone number.
++
SccpCgPC
text
Signaling Connection Control Part (SCCP) CgPC - Phone number.
@@ -6624,16 +6644,66 @@ ss7-attack is a MISP object available in JSON format at
text
MapSmsText
text
A description of the attack seen via SS7 logging.
+MAP SMS Text. Important indicators in SMS text.
++
MapGsmscfGT
text
MAP GSMSCF GT. Phone number.
++
MapSmscGT
text
MAP SMSC. Phone number.
++
SccpCgGT
text
Signaling Connection Control Part (SCCP) CgGT - Phone number.
++
MapSmsTP-PID
text
MAP SMS TP-PID.
MapUssdContent
text
MAP USSD Content.
++
MapSmsTypeNumber
text
MapUssdCoding
MapVersion
text
MAP USSD Content.
+Map version. ['1', '2', '3']
MapGsmscfGT
MapGmlc
text
MAP GSMSCF GT. Phone number.
+MAP GMLC. Phone number.
@@ -6674,30 +6744,20 @@ ss7-attack is a MISP object available in JSON format at
MapOpCode
text
text
MAP operation codes - Decimal value between 0-99.
+A description of the attack seen via SS7 logging.
SccpCgGT
MapMscGT
text
Signaling Connection Control Part (SCCP) CgGT - Phone number.
--
MapSmsText
text
MAP SMS Text. Important indicators in SMS text.
+MAP MSC GT. Phone number.
@@ -6724,16 +6784,6 @@ ss7-attack is a MISP object available in JSON format at
MapVersion
text
Map version. ['1', '2', '3']
--
Category
text
SccpCgPC
SccpCdSSN
text
Signaling Connection Control Part (SCCP) CgPC - Phone number.
+Signaling Connection Control Part (SCCP) - Decimal value between 0-255.
+
MapVlrGT
+text
MAP VLR GT. Phone number.
++
MapMsisdn
text
MapMscGT
MapOpCode
text
MAP MSC GT. Phone number.
--
MapUssdContent
text
MAP USSD Content.
--
MapSmscGT
text
MAP SMSC. Phone number.
--
SccpCdSSN
text
Signaling Connection Control Part (SCCP) - Decimal value between 0-255.
+MAP operation codes - Decimal value between 0-99.
MapSmsTP-PID
text
MAP SMS TP-PID.
--
MapVlrGT
text
MAP VLR GT. Phone number.
--
MapSmsTP-OA
text
MAP SMS TP-OA. Phone number.
--
address
-ip-src
IP address of the Tor node seen.
--
fingerprint
flags
text
router’s fingerprint.
+list of flag associated with the node.
@@ -6980,10 +6970,30 @@ tor-node is a MISP object available in JSON format at
text
nickname
text
Tor node comment.
+router’s nickname.
++
fingerprint
text
router’s fingerprint.
++
first-seen
datetime
When the Tor node designed by the IP address has been seen for the first time.
@@ -7000,23 +7010,23 @@ tor-node is a MISP object available in JSON format at
nickname
text
address
ip-src
router’s nickname.
+IP address of the Tor node seen.
version
text
text
parsed version of tor, this is None if the relay’s using a new versioning scheme.
+Tor node comment.
+
flags
-text
list of flag associated with the node.
--
last-seen
datetime
When the Tor node designed by the IP address has been seen for the last time.
--
version_line
text
first-seen
last-seen
datetime
When the Tor node designed by the IP address has been seen for the first time.
+When the Tor node designed by the IP address has been seen for the last time.
version
text
parsed version of tor, this is None if the relay’s using a new versioning scheme.
++
transmode-comment
+authorized
text
Comment describing transmode-code, if needed.
+Person who autorized the transaction.
amount
teller
text
The value of the transaction in local currency.
+Person who conducted the transaction.
@@ -7138,6 +7138,16 @@ transaction is a MISP object available in JSON format at
text
text
A description of the transaction.
++
location
text
text
amount
text
A description of the transaction.
+The value of the transaction in local currency.
+
date
-datetime
transaction-number
text
Date and time of the transaction.
+A unique number identifying a transaction.
transaction-number
transmode-comment
text
A unique number identifying a transaction.
+Comment describing transmode-code, if needed.
++
date
datetime
Date and time of the transaction.
@@ -7226,6 +7246,16 @@ url is a MISP object available in JSON format at
url
url
Full URL
++
host
hostname
domain
domain
Full domain
--
query_string
subdomain
text
Query (after path, preceded by '?')
+Subdomain
-
text
text
Description of the URL
--
credential
text
Credential (username, password)
-+
fragment
+credential
text
Fragment identifier is a short string of characters that refers to a resource that is subordinate to another, primary resource.
+Credential (username, password)
domain_without_tld
resource_path
text
Domain without Top-Level Domain
+Path (between hostname:port and query)
@@ -7316,10 +7316,10 @@ url is a MISP object available in JSON format at
last-seen
datetime
port
port
Last time this URL has been seen
+Port number
@@ -7336,45 +7336,65 @@ url is a MISP object available in JSON format at
subdomain
domain_without_tld
text
Subdomain
--
resource_path
text
Path (between hostname:port and query)
+Domain without Top-Level Domain
port
port
fragment
text
Port number
--
url
url
Full URL
+Fragment identifier is a short string of characters that refers to a resource that is subordinate to another, primary resource.
domain
domain
Full domain
++
text
text
Description of the URL
++
query_string
text
Query (after path, preceded by '?')
++
last-seen
datetime
Last time this URL has been seen
++
sectors
-text
user
target-user
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial services', 'government national', 'government regional', 'government local', 'government public services', 'healthcare', 'hospitality leisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non profit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
+The username(s) of the user targeted.
user
target-user
classification
text
The username(s) of the user targeted.
+The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']
++
regions
target-location
The list of regions or locations from the victim targeted. ISO 3166 should be used.
++
sectors
text
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial services', 'government national', 'government regional', 'government local', 'government public services', 'healthcare', 'hospitality leisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non profit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
@@ -7454,6 +7494,16 @@ victim is a MISP object available in JSON format at
node
target-machine
Name(s) of node that was targeted.
++
target-email
regions
target-location
The list of regions or locations from the victim targeted. ISO 3166 should be used.
--
external
target-external
External target organisations affected by this attack.
--
name
target-org
The name of the department(s) or organisation(s) targeted.
--
roles
text
node
target-machine
name
target-org
Name(s) of node that was targeted.
+The name of the department(s) or organisation(s) targeted.
classification
text
external
target-external
The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']
+External target organisations affected by this attack.
+
community-score
+detection-ratio
text
Community Score
+Detection Ratio
last-submission
datetime
Last Submission
--
permalink
link
Permalink Reference
--
first-submission
datetime
detection-ratio
last-submission
datetime
Last Submission
++
community-score
text
Detection Ratio
+Community Score
permalink
link
Permalink Reference
++
summary
-text
Summary of the vulnerability
--
state
text
State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed. ['Published', 'Embargo', 'Reviewed', 'Vulnerability ID Assigned', 'Reported', 'Fixed']
--
references
link
modified
datetime
Last modification date
--
vulnerable_configuration
text
The vulnerable configuration is described in CPE format
--
text
text
Description of the vulnerability
--
created
datetime
state
text
State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed. ['Published', 'Embargo', 'Reviewed', 'Vulnerability ID Assigned', 'Reported', 'Fixed']
++
published
datetime
text
text
Description of the vulnerability
++
modified
datetime
Last modification date
++
id
vulnerability
vulnerable_configuration
text
The vulnerable configuration is described in CPE format
++
summary
text
Summary of the vulnerability
++
creation-date
-datetime
Initial creation of the whois entry
--
domain
domain
Domain of the whois entry
--
nameserver
hostname
Nameserver
--
modification-date
datetime
registrant-name
whois-registrant-name
nameserver
hostname
Registrant name
--
registrant-email
whois-registrant-email
Registrant email address
--
expiration-date
datetime
Expiration of the whois entry
--
text
text
Full whois entry
+Nameserver
@@ -7868,6 +7828,26 @@ whois is a MISP object available in JSON format at
registrant-name
whois-registrant-name
Registrant name
++
expiration-date
datetime
Expiration of the whois entry
++
registrant-phone
whois-registrant-phone
registrant-email
whois-registrant-email
Registrant email address
++
domain
domain
Domain of the whois entry
++
text
text
Full whois entry
++
creation-date
datetime
Initial creation of the whois entry
++
registrant-org
whois-registrant-org
pubkey-info-size
text
Length of the public key (in bits)
--
x509-fingerprint-md5
x509-fingerprint-md5
pubkey-info-exponent
text
Exponent of the public key
--
x509-fingerprint-sha256
x509-fingerprint-sha256
Secure Hash Algorithm 2 (256 bits)
--
version
text
Version of the certificate
--
pubkey-info-modulus
text
Modulus of the public key
--
raw-base64
text
Raw certificate base64 encoded
--
serial-number
text
Serial number of the certificate
--
pubkey-info-algorithm
text
subject
serial-number
text
Subject of the certificate
--
validity-not-before
datetime
Certificate invalid before that date
--
x509-fingerprint-sha1
x509-fingerprint-sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
text
text
Free text description of hte certificate
+Serial number of the certificate
x509-fingerprint-sha1
x509-fingerprint-sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
pubkey-info-modulus
text
Modulus of the public key
++
validity-not-before
datetime
Certificate invalid before that date
++
subject
text
Subject of the certificate
++
pubkey-info-exponent
text
Exponent of the public key
++
text
text
Free text description of hte certificate
++
pubkey-info-size
text
Length of the public key (in bits)
++
version
text
Version of the certificate
++
x509-fingerprint-sha256
x509-fingerprint-sha256
Secure Hash Algorithm 2 (256 bits)
++
raw-base64
text
Raw certificate base64 encoded
++
comment
+whitelist
comment
A description of Yara rule generated.
+Whitelist name used to generate the rules.
@@ -8134,30 +8154,30 @@ yabin is a MISP object available in JSON format at
yara
yara-hunt
yara
Yara rule generated from -y.
+Wide yara rule generated from -yh.
whitelist
comment
comment
Whitelist name used to generate the rules.
+A description of Yara rule generated.
yara-hunt
yara
yara
Wide yara rule generated from -yh.
+Yara rule generated from -y.