diff --git a/objects.html b/objects.html index c97cbd9..fef209b 100755 --- a/objects.html +++ b/objects.html @@ -485,6 +485,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
last-seen
-datetime
When the leak has been accessible or seen for the last time.
--
type
text
origin
text
The link where the leak is (or was) accessible at first-seen.
++
duplicate_number
counter
Number of known duplicates.
++
first-seen
datetime
last-seen
datetime
When the leak has been accessible or seen for the last time.
++
raw-data
attachment
Raw data as received by the AIL sensor compressed and encoded in Base64.
++
sensor
text
origin
text
The link where the leak is (or was) accessible at first-seen.
--
raw-data
attachment
Raw data as received by the AIL sensor compressed and encoded in Base64.
--
duplicate
text
duplicate_number
counter
Number of known duplicates.
--
permission
-text
comment
comment
Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']
+Comment about the set of android permission(s)
comment
comment
permission
text
Comment about the set of android permission(s)
+Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']
@@ -778,13 +779,13 @@ annotation is a MISP object available in JSON format at
format
text
modification-date
datetime
Format of the annotation ['text', 'markdown', 'asciidoctor', 'MultiMarkdown', 'GFM', 'pandoc', 'Fountain', 'CommonWork', 'kramdown-rfc2629', 'rfc7328', 'Extra']
+Last update of the annotation
+
text
-text
Raw text of the annotation
--
modification-date
datetime
Last update of the annotation
--
creation-date
datetime
format
text
Format of the annotation ['text', 'markdown', 'asciidoctor', 'MultiMarkdown', 'GFM', 'pandoc', 'Fountain', 'CommonWork', 'kramdown-rfc2629', 'rfc7328', 'Extra']
++
text
text
Raw text of the annotation
++
last-seen
-datetime
Last time the ASN was seen
--
mp-import
description
text
The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
+Description of the autonomous system
country
mp-export
text
Country code of the main location of the autonomous system
--
asn
AS
Autonomous System Number
+This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
@@ -916,6 +897,36 @@ asn is a MISP object available in JSON format at
asn
AS
Autonomous System Number
++
export
text
The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
++
last-seen
datetime
Last time the ASN was seen
++
subnet-announced
ip-src
country
text
Country code of the main location of the autonomous system
++
first-seen
datetime
export
mp-import
text
The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
--
description
text
Description of the autonomous system
--
mp-export
text
This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
+The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format
@@ -1004,16 +1005,6 @@ av-signature is a MISP object available in JSON format at
software
text
Name of antivirus software
--
signature
text
datetime
datetime
software
text
Datetime
+Name of antivirus software
datetime
datetime
Datetime
++
comments
-text
Comments about the bank account.
--
account-name
text
A field to freely describe the bank account details.
--
status-code
text
Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']
--
date-balance
datetime
When the balance was reported.
--
swift
bic
SWIFT or BIC as defined in ISO 9362.
--
text
text
A description of the bank account.
--
branch
text
Branch code or name
--
beneficiary
text
Final beneficiary of the bank account.
--
personal-account-type
text
Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']
--
institution-code
institution-name
text
Name of the bank or financial organisation.
@@ -1182,56 +1093,6 @@ bank-account is a MISP object available in JSON format atcurrency-code
text
Currency of the account. ['USD', 'EUR']
--
closed
datetime
When the account was closed.
--
account
bank-account-nr
Account number
--
iban
iban
IBAN of the bank account.
--
beneficiary-comment
text
Comment about the final beneficiary.
--
report-code
text
balance
text
swift
bic
The balance of the account after the suspicious transaction was processed.
+SWIFT or BIC as defined in ISO 9362.
opened
personal-account-type
text
Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']
++
account
bank-account-nr
Account number
++
status-code
text
Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']
++
branch
text
Branch code or name
++
client-number
text
Client number as seen by the bank.
++
account-name
text
A field to freely describe the bank account details.
++
beneficiary
text
Final beneficiary of the bank account.
++
comments
text
Comments about the bank account.
++
closed
datetime
When the account was opened.
+When the account was closed.
@@ -1272,15 +1213,95 @@ bank-account is a MISP object available in JSON format at
client-_number
balance
text
Client number as seen by the bank.
+The balance of the account after the suspicious transaction was processed.
++
institution-code
text
Institution code of the bank.
++
iban
iban
IBAN of the bank account.
aba-rtn
aba-rtn
ABA routing transit number
++
text
text
A description of the bank account.
++
beneficiary-comment
text
Comment about the final beneficiary.
++
opened
datetime
When the account was opened.
++
date-balance
datetime
When the balance was reported.
++
currency-code
text
Currency of the account. ['USD', 'EUR']
++
note
+addresses
text
The text describing the purpose or significance of the alert message.
+The group listing of intended recipients of the alert message. (1) Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”. (2) Each recipient SHALL be identified by an identifier or an address. (3) Multiple space-delimited addresses MAY be included. Addresses including whitespace MUST be enclosed in double-quotes.
@@ -1340,33 +1361,13 @@ cap-alert is a MISP object available in JSON format at
restriction
status
text
The text describing the rule for limiting distribution of the restricted alert message.
+The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']
-
references
text
The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.
--
code
text
The code denoting the special handling of the alert message.
-+
sender
+restriction
text
The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.
--
addresses
text
The group listing of intended recipients of the alert message. (1) Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”. (2) Each recipient SHALL be identified by an identifier or an address. (3) Multiple space-delimited addresses MAY be included. Addresses including whitespace MUST be enclosed in double-quotes.
--
identifier
text
The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.
+The text describing the rule for limiting distribution of the restricted alert message.
@@ -1420,10 +1401,10 @@ cap-alert is a MISP object available in JSON format at
incident
references
text
The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.
+The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.
@@ -1440,13 +1421,53 @@ cap-alert is a MISP object available in JSON format at
status
sender
text
The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']
+The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.
+
+
incident
text
The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.
++
identifier
text
The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.
++
code
text
The code denoting the special handling of the alert message.
++
note
text
The text describing the purpose or significance of the alert message.
+
event
-text
The text denoting the type of the subject event of the alert message.
--
urgency
text
The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']
--
language
text
The code denoting the language of the info sub-element of the alert message.
--
eventCode
text
A system-specific code identifying the event type of the alert message.
--
effective
datetime
The effective time of the information of the alert message.
--
responseType
text
The code denoting the type of action recommended for the target audience. ['Shelter', 'Evacuate', 'Prepare', 'Execute', 'Avoid', 'Monitor', 'Assess', 'AllClear', 'None']
--
category
text
description
text
The text describing the subject event of the alert message.
--
senderName
text
severity
text
The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']
--
expires
datetime
The expiry time of the information of the alert message.
--
parameter
text
headline
text
The text headline of the alert message.
--
web
link
The identifier of the hyperlink associating additional information with the alert message.
--
onset
effective
datetime
The expected time of the beginning of the subject event of the alert message.
+The effective time of the information of the alert message.
@@ -1658,10 +1569,100 @@ cap-info is a MISP object available in JSON format at
instruction
responseType
text
The text describing the recommended action to be taken by recipients of the alert message.
+The code denoting the type of action recommended for the target audience. ['Shelter', 'Evacuate', 'Prepare', 'Execute', 'Avoid', 'Monitor', 'Assess', 'AllClear', 'None']
++
web
link
The identifier of the hyperlink associating additional information with the alert message.
++
urgency
text
The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']
++
eventCode
text
A system-specific code identifying the event type of the alert message.
++
description
text
The text describing the subject event of the alert message.
++
onset
datetime
The expected time of the beginning of the subject event of the alert message.
++
language
text
The code denoting the language of the info sub-element of the alert message.
++
expires
datetime
The expiry time of the information of the alert message.
++
event
text
The text denoting the type of the subject event of the alert message.
++
headline
text
The text headline of the alert message.
instruction
text
The text describing the recommended action to be taken by recipients of the alert message.
++
severity
text
The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']
++
derefUri
-attachment
The base-64 encoded data content of the resource file.
--
size
text
uri
link
digest
sha1
The identifier of the hyperlink for the resource file.
+The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).
resourceDesc
text
The text describing the type and content of the resource file.
--
mimeType
mime-type
digest
sha1
derefUri
attachment
The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).
+The base-64 encoded data content of the resource file.
++
resourceDesc
text
The text describing the type and content of the resource file.
++
uri
link
The identifier of the hyperlink for the resource file.
@@ -1814,13 +1835,13 @@ coin-address is a MISP object available in JSON format at
first-seen
datetime
address
btc
First time this payment destination address has been seen
+Address used as a payment destination in a cryptocurrency
+
address
-btc
first-seen
datetime
Address used as a payment destination in a cryptocurrency
+First time this payment destination address has been seen
+
cookie-name
-text
Name of the cookie (if splitted)
--
cookie
cookie
cookie-name
text
Name of the cookie (if splitted)
++
format
+origin
text
Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
+Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
++
notification
text
Mention of any notification(s) towards the potential owner(s) of the credential(s) ['victim-notified', 'service-notified', 'none']
@@ -2020,20 +2051,10 @@ credential is a MISP object available in JSON format at
password
format
text
Password
--
origin
text
Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
+Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
@@ -2050,10 +2071,10 @@ credential is a MISP object available in JSON format at
notification
password
text
Mention of any notification(s) towards the potential owner(s) of the credential(s) ['victim-notified', 'service-notified', 'none']
+Password
@@ -2098,10 +2119,10 @@ credit-card is a MISP object available in JSON format at
issued
datetime
comment
comment
Initial date of validity or issued date.
+A description of the card.
@@ -2128,20 +2149,10 @@ credit-card is a MISP object available in JSON format at
comment
comment
A description of the card.
--
version
card-security-code
text
Version of the card.
+Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
@@ -2158,10 +2169,20 @@ credit-card is a MISP object available in JSON format at
card-security-code
version
text
Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
+Version of the card.
++
issued
datetime
Initial date of validity or issued date.
@@ -2206,13 +2227,23 @@ ddos is a MISP object available in JSON format at
last-seen
datetime
dst-port
port
End of the attack
+Destination port of the attack
+
+
total-pps
counter
Packets per second
+
dst-port
-port
ip-dst
ip-dst
Destination port of the attack
+Destination IP (victim)
src-port
port
Port originating the attack
++
last-seen
datetime
End of the attack
++
ip-src
ip-src
total-pps
counter
protocol
text
Packets per second
+Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
protocol
text
Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
--
ip-dst
ip-dst
Destination IP (victim)
--
src-port
port
Port originating the attack
--
CmdCode
+category
text
A decimal representation of the diameter Command Code.
+Category. ['Cat0', 'Cat1', 'Cat2', 'Cat3', 'CatSMS']
@@ -2374,6 +2395,46 @@ diameter-attack is a MISP object available in JSON format at
Destination-Realm
text
Destination-Realm.
++
CmdCode
text
A decimal representation of the diameter Command Code.
++
Username
text
Username (in this case, usually the IMSI).
++
Origin-Realm
text
Origin-Realm.
++
text
text
category
IdrFlags
text
Category. ['Cat0', 'Cat1', 'Cat2', 'Cat3', 'CatSMS']
+IDR-Flags.
@@ -2414,26 +2475,6 @@ diameter-attack is a MISP object available in JSON format at
Destination-Realm
text
Destination-Realm.
--
Origin-Realm
text
Origin-Realm.
--
SessionId
text
IdrFlags
text
IDR-Flags.
--
Destination-Host
text
Username
text
Username (in this case, usually the IMSI).
--
first-seen
-datetime
First time the tuple has been seen
--
last-seen
datetime
ip
ip-dst
IP Address
--
domain
domain
ip
ip-dst
IP Address
++
first-seen
datetime
First time the tuple has been seen
++
number-sections
-counter
Number of sections
--
arch
entrypoint-address
text
Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
+Address of the entry point
@@ -2650,10 +2661,20 @@ elf is a MISP object available in JSON format at
entrypoint-address
arch
text
Address of the entry point
+Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']
++
number-sections
counter
Number of sections
@@ -2698,20 +2719,10 @@ elf-section is a MISP object available in JSON format at
md5
md5
[Insecure] MD5 hash (128 bits)
--
flag
type
text
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
+Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']
@@ -2728,66 +2739,6 @@ elf-section is a MISP object available in JSON format at
text
text
Free text value to attach to the section
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
--
entropy
float
Entropy of the whole section
--
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
type
text
Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']
--
sha384
sha384
sha512
sha512
sha512/256
sha512/256
Secure Hash Algorithm 2 (512 bits)
+Secure Hash Algorithm 2 (256 bits)
@@ -2818,6 +2769,16 @@ elf-section is a MISP object available in JSON format at
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
ssdeep
ssdeep
name
text
text
Name of the section
+Free text value to attach to the section
size-in-bytes
size-in-bytes
Size of the section, in bytes
++
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
++
flag
text
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
entropy
float
Entropy of the whole section
++
name
text
Name of the section
++
from
-email-src
Sender email address
--
email-body
email-body
Body of the email
--
to
email-dst
Destination email address
--
attachment
email-attachment
Attachment
--
return-path
text
screenshot
attachment
Screenshot of email
--
reply-to
email-reply-to
Email address the reply will be sent to
--
cc
email-dst
Carbon copy
--
x-mailer
email-x-mailer
X-Mailer generally tells the program that was used to draft and send the original email
--
thread-index
email-thread-index
Identifies a particular conversation thread
--
mime-boundary
email-mime-boundary
MIME Boundary
--
message-id
email-message-id
Message ID
--
subject
email-subject
reply-to
email-reply-to
Email address the reply will be sent to
++
thread-index
email-thread-index
Identifies a particular conversation thread
++
attachment
email-attachment
Attachment
++
x-mailer
email-x-mailer
X-Mailer generally tells the program that was used to draft and send the original email
++
header
email-header
screenshot
attachment
Screenshot of email
++
message-id
email-message-id
Message ID
++
mime-boundary
email-mime-boundary
MIME Boundary
++
to-display-name
email-dst-display-name
from-display-name
email-src-display-name
to
email-dst
Display name of the sender
+Destination email address
++
from
email-src
Sender email address
cc
email-dst
Carbon copy
++
email-body
email-body
Body of the email
++
from-display-name
email-src-display-name
Display name of the sender
++
md5
-md5
[Insecure] MD5 hash (128 bits)
--
certificate
x509-fingerprint-sha1
Certificate value if the binary is signed with another authentication scheme than authenticode
--
malware-sample
malware-sample
The file itself (binary)
--
authentihash
authentihash
Authenticode executable signature hash
--
sha512/224
sha512/224
text
text
Free text value to attach to the file
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
--
size-in-bytes
size-in-bytes
Size of the file, in bytes
--
mimetype
mime-type
Mime type
--
entropy
float
Entropy of the whole file
--
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
filename
filename
Filename on disk
--
pattern-in-file
pattern-in-file
Pattern that can be found in the file
--
sha384
sha384
sha512
sha512
sha512/256
sha512/256
Secure Hash Algorithm 2 (512 bits)
+Secure Hash Algorithm 2 (256 bits)
@@ -3264,6 +3155,16 @@ file is a MISP object available in JSON format at
size-in-bytes
size-in-bytes
Size of the file, in bytes
++
ssdeep
ssdeep
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
++
malware-sample
malware-sample
The file itself (binary)
++
text
text
Free text value to attach to the file
++
sha224
sha224
pattern-in-file
pattern-in-file
Pattern that can be found in the file
++
entropy
float
Entropy of the whole file
++
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
++
mimetype
mime-type
Mime type
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
authentihash
authentihash
Authenticode executable signature hash
++
certificate
x509-fingerprint-sha1
Certificate value if the binary is signed with another authentication scheme than authenticode
++
filename
filename
Filename on disk
++
address
+text
Address.
++
longitude
float
The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference
++
latitude
float
city
text
City.
++
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
++
last-seen
datetime
country
region
text
Country.
--
city
text
City.
+Region.
@@ -3382,26 +3433,16 @@ geolocation is a MISP object available in JSON format at
address
country
text
Address.
+Country.
text
text
A generic description of the location.
--
first-seen
datetime
longitude
float
text
text
The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference
+A generic description of the location.
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
--
region
text
Region.
--
GtpInterface
+text
GTP interface. ['S5', 'S11', 'S10', 'S8', 'Gn', 'Gp']
++
GtpImsi
text
PortSrc
port
PortDest
text
Source port.
+Destination port.
@@ -3510,16 +3541,6 @@ gtp-attack is a MISP object available in JSON format at
GtpMessageType
text
GTP defines a set of messages between two associated GSNs or an SGSN and an RNC. Message type is described as a decimal value.
--
text
text
ipDest
ip-dst
IP destination address.
++
first-seen
datetime
GtpMsisdn
text
PortSrc
port
GTP MSISDN.
--
GtpInterface
text
GTP interface. ['S5', 'S11', 'S10', 'S8', 'Gn', 'Gp']
+Source port.
GtpImei
text
GTP IMEI (International Mobile Equipment Identity).
++
GtpVersion
text
PortDest
GtpMsisdn
text
Destination port.
+GTP MSISDN.
++
GtpMessageType
text
GTP defines a set of messages between two associated GSNs or an SGSN and an RNC. Message type is described as a decimal value.
ipDest
ip-dst
IP destination address.
--
GtpImei
text
GTP IMEI (International Mobile Equipment Identity).
--
host
-hostname
content-type
other
The domain name of the server
+The MIME type of the body of the request
@@ -3668,10 +3689,10 @@ http-request is a MISP object available in JSON format at
proxy-password
text
url
url
HTTP Proxy Password
+Full HTTP Request URL
@@ -3688,10 +3709,10 @@ http-request is a MISP object available in JSON format at
uri
uri
basicauth-user
text
Request URI
+HTTP Basic Authentication Username
@@ -3708,10 +3729,10 @@ http-request is a MISP object available in JSON format at
user-agent
user-agent
uri
uri
The user agent string of the user agent
+Request URI
@@ -3728,6 +3749,16 @@ http-request is a MISP object available in JSON format at
host
hostname
The domain name of the server
++
proxy-user
text
content-type
other
user-agent
user-agent
The MIME type of the body of the request
+The user agent string of the user agent
++
proxy-password
text
HTTP Proxy Password
url
url
Full HTTP Request URL
--
basicauth-user
text
HTTP Basic Authentication Username
--
ip
+ip-dst
IP Address
++
src-port
port
Source port
++
dst-port
port
Destination port
++
last-seen
datetime
dst-port
port
domain
domain
Destination port
+Domain
ip
ip-dst
IP Address
--
src-port
port
Source port
--
domain
domain
Domain
--
ja3-fingerprint-md5
-md5
description
text
Hash identifying source
--
ip-dst
ip-dst
Destination IP address
+Type of detected software ie software, malware
@@ -3954,20 +3965,30 @@ ja3 is a MISP object available in JSON format at
ip-src
ip-src
ip-dst
ip-dst
Source IP Address
+Destination IP address
description
text
ja3-fingerprint-md5
md5
Type of detected software ie software, malware
+Hash identifying source
++
ip-src
ip-src
Source IP Address
@@ -4022,36 +4043,6 @@ legal-entity is a MISP object available in JSON format at
phone-number
phone-number
Phone number of an entity.
--
commercial-name
text
Commercial name of an entity.
--
text
text
A description of the entity.
--
business
text
name
commercial-name
text
Name of an entity.
+Commercial name of an entity.
++
phone-number
phone-number
Phone number of an entity.
name
text
Name of an entity.
++
text
text
A description of the entity.
++
name
-text
Binary’s name
--
number-sections
counter
Number of sections
--
entrypoint-address
text
name
text
Binary’s name
++
text
text
number-sections
counter
Number of sections
++
md5
-md5
[Insecure] MD5 hash (128 bits)
--
sha512/224
sha512/224
text
text
Free text value to attach to the section
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
--
entropy
float
Entropy of the whole section
--
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
sha384
sha384
sha512
sha512
sha512/256
sha512/256
Secure Hash Algorithm 2 (512 bits)
+Secure Hash Algorithm 2 (256 bits)
@@ -4318,6 +4279,16 @@ macho-section is a MISP object available in JSON format at
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
ssdeep
ssdeep
name
text
text
Name of the section
+Free text value to attach to the section
size-in-bytes
size-in-bytes
Size of the section, in bytes
++
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
entropy
float
Entropy of the whole section
++
name
text
Name of the section
++
username-quoted
-text
Username who are quoted into the microblog post
--
type
text
removal-date
datetime
url
url
When the microblog post was removed
+Original URL location of the microblog post
@@ -4426,30 +4437,10 @@ microblog is a MISP object available in JSON format at
username
text
removal-date
datetime
Username who posted the microblog post
--
url
url
Original URL location of the microblog post
--
link
url
Link into the microblog post
+When the microblog post was removed
@@ -4466,6 +4457,16 @@ microblog is a MISP object available in JSON format at
username
text
Username who posted the microblog post
++
post
text
link
url
Link into the microblog post
++
username-quoted
text
Username who are quoted into the microblog post
++
name
+description
text
name of the mutex
+Description
@@ -4534,10 +4555,10 @@ mutex is a MISP object available in JSON format at
description
name
text
Description
+name of the mutex
@@ -4592,60 +4613,10 @@ netflow is a MISP object available in JSON format at
protocol
text
flow-count
counter
Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
--
last-packet-seen
datetime
Last packet seen in this flow
--
ip-src
ip-src
IP address source of the netflow
--
dst-as
AS
Destination AS number for this flow
--
src-as
AS
Source AS number for this flow
--
direction
text
Direction of this flow ['Ingress', 'Egress']
+Flows counted in this flow
@@ -4662,36 +4633,6 @@ netflow is a MISP object available in JSON format at
ip-protocol-number
size-in-bytes
IP protocol number of this flow
--
flow-count
counter
Flows counted in this flow
--
ip-dst
ip-dst
IP address destination of the netflow
--
dst-port
port
icmp-type
text
ICMP type of the flow (if the traffic is ICMP)
--
packet-count
counter
byte-count
counter
protocol
text
Bytes counted in this flow
+Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
+
direction
text
Direction of this flow ['Ingress', 'Egress']
++
ip-protocol-number
size-in-bytes
IP protocol number of this flow
++
dst-as
AS
Destination AS number for this flow
++
ip-dst
ip-dst
IP address destination of the netflow
++
icmp-type
text
ICMP type of the flow (if the traffic is ICMP)
++
last-packet-seen
datetime
Last packet seen in this flow
++
ip-src
ip-src
IP address source of the netflow
++
src-as
AS
Source AS number for this flow
++
byte-count
counter
Bytes counted in this flow
++
zone_time_last
-datetime
Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import.
--
rrtype
text
Resource Record type as seen by the passive DNS. ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']
--
bailiwick
text
Best estimate of the apex of the zone where this data is authoritative
--
text
text
Description of the passive DNS record.
--
zone_time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
--
rdata
text
Resource records of the queried resource
--
sensor_id
text
Sensor information where the record was seen
--
count
counter
How many authoritative DNS answers were received at the Passive DNS Server’s collectors with exactly the given set of values as answers.
--
origin
text
Origin of the Passive DNS response
--
time_first
datetime
rdata
text
Resource records of the queried resource
++
time_last
datetime
text
text
Description of the passive DNS record.
++
zone_time_last
datetime
Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import.
++
origin
text
Origin of the Passive DNS response
++
zone_time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
++
count
counter
How many authoritative DNS answers were received at the Passive DNS Server’s collectors with exactly the given set of values as answers.
++
bailiwick
text
Best estimate of the apex of the zone where this data is authoritative
++
sensor_id
text
Sensor information where the record was seen
++
rrtype
text
Resource Record type as seen by the passive DNS. ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']
++
last-seen
-datetime
When the paste has been accessible or seen for the last time.
--
first-seen
datetime
When the paste has been accessible or seen for the first time.
--
paste
origin
text
Raw text of the paste or post
+Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
origin
text
url
url
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
+Link to the original source of the paste or post.
@@ -4998,15 +4999,35 @@ paste is a MISP object available in JSON format at
url
url
last-seen
datetime
Link to the original source of the paste or post.
+When the paste has been accessible or seen for the last time.
++
paste
text
Raw text of the paste or post
first-seen
datetime
When the paste has been accessible or seen for the first time.
++
legal-copyright
+type
text
LegalCopyright in the resources
--
product-name
text
ProductName in the resources
--
number-sections
counter
Number of sections
+Type of PE ['exe', 'dll', 'driver', 'unknown']
@@ -5086,6 +5087,56 @@ pe is a MISP object available in JSON format at
lang-id
text
Lang ID in the resources
++
impfuzzy
impfuzzy
Fuzzy Hash (ssdeep) calculated from the import table
++
original-filename
filename
OriginalFilename in the resources
++
pehash
pehash
Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
++
file-version
text
FileVersion in the resources
++
text
text
product-name
text
ProductName in the resources
++
imphash
imphash
Hash (md5) calculated from the import table
++
entrypoint-section-at-position
text
type
file-description
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
+FileDescription in the resources
pehash
pehash
legal-copyright
text
Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
--
original-filename
filename
OriginalFilename in the resources
+LegalCopyright in the resources
imphash
imphash
number-sections
counter
Hash (md5) calculated from the import table
+Number of sections
+
impfuzzy
impfuzzy
Fuzzy Hash (ssdeep) calculated from the import table
--
file-version
text
FileVersion in the resources
--
file-description
text
FileDescription in the resources
--
lang-id
text
Lang ID in the resources
--
md5
-md5
[Insecure] MD5 hash (128 bits)
--
sha512/224
sha512/224
text
text
Free text value to attach to the section
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
--
entropy
float
Entropy of the whole section
--
sha512/256
sha512/256
Secure Hash Algorithm 2 (256 bits)
--
sha384
sha384
sha512
sha512
sha512/256
sha512/256
Secure Hash Algorithm 2 (512 bits)
+Secure Hash Algorithm 2 (256 bits)
@@ -5364,6 +5325,16 @@ pe-section is a MISP object available in JSON format at
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
ssdeep
ssdeep
characteristic
text
text
Characteristic of the section ['read', 'write', 'executable']
+Free text value to attach to the section
++
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
size-in-bytes
size-in-bytes
Size of the section, in bytes
++
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
entropy
float
Entropy of the whole section
++
name
text
sha224
sha224
characteristic
text
Secure Hash Algorithm 2 (224 bits)
+Characteristic of the section ['read', 'write', 'executable']
@@ -5442,10 +5463,20 @@ person is a MISP object available in JSON format at
first-name
first-name
middle-name
middle-name
First name of a natural person.
+Middle name of a natural person.
++
title
text
Title of the natural person such as Dr. or equivalent.
@@ -5462,6 +5493,126 @@ person is a MISP object available in JSON format at
social-security-number
text
Social security number
++
last-name
last-name
Last name of a natural person.
++
first-name
first-name
First name of a natural person.
++
place-of-birth
place-of-birth
Place of birth of a natural person.
++
passport-country
passport-country
The country in which the passport was issued.
++
text
text
A description of the person or identity.
++
redress-number
redress-number
The Redress Control Number is the record identifier for people who apply for redress through the DHS Travel Redress Inquiry Program (DHS TRIP). DHS TRIP is for travelers who have been repeatedly identified for additional screening and who want to file an inquiry to have erroneous information corrected in DHS systems.
++
mothers-name
text
Mother name, father, second name or other names following country’s regulation.
++
passport-expiration
passport-expiration
The expiration date of a passport.
++
passport-number
passport-number
The passport number of a natural person.
++
identity-card-number
identity-card-number
The identity card number of a natural person.
++
gender
gender
The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']
++
alias
text
passport-expiration
passport-expiration
The expiration date of a passport.
--
text
text
A description of the person or identity.
--
identity-card-number
identity-card-number
The identity card number of a natural person.
--
title
text
Title of the natural person such as Dr. or equivalent.
--
mothers-name
text
Mother name, father, second name or other names following country’s regulation.
--
social-security-number
text
Social security number
--
place-of-birth
place-of-birth
Place of birth of a natural person.
--
last-name
last-name
Last name of a natural person.
--
gender
gender
The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']
--
middle-name
middle-name
Middle name of a natural person.
--
redress-number
redress-number
The Redress Control Number is the record identifier for people who apply for redress through the DHS Travel Redress Inquiry Program (DHS TRIP). DHS TRIP is for travelers who have been repeatedly identified for additional screening and who want to file an inquiry to have erroneous information corrected in DHS systems.
--
passport-country
passport-country
The country in which the passport was issued.
--
passport-number
passport-number
The passport number of a natural person.
--
imei
+imsi
text
International Mobile Equipment Identity (IMEI) is a number, usually unique, to identify 3GPP and iDEN mobile phones, as well as some satellite phones.
+A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
@@ -5670,13 +5691,13 @@ phone is a MISP object available in JSON format at
first-seen
datetime
gummei
text
When the phone has been accessible or seen for the first time.
+Globally Unique MME Identifier (GUMMEI) is composed from MCC, MNC and MME Identifier (MMEI).
+
gummei
-text
Globally Unique MME Identifier (GUMMEI) is composed from MCC, MNC and MME Identifier (MMEI).
--
imsi
text
A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
--
text
text
imei
text
International Mobile Equipment Identity (IMEI) is a number, usually unique, to identify 3GPP and iDEN mobile phones, as well as some satellite phones.
++
serial-number
text
first-seen
datetime
When the phone has been accessible or seen for the first time.
++
msisdn
text
create-thread
counter
Amount of calls to CreateThread
--
not-referenced-strings
counter
Amount of not referenced strings
--
local-references
counter
Amount of API calls inside a code section
--
r2-commit-version
text
Radare2 commit ID used to generate this object
--
callbacks
counter
Amount of callbacks (functions started as thread)
--
callback-largest
counter
Largest callback
--
ratio-string
float
Ratio: amount of referenced strings per kilobyte of code section
--
ratio-api
float
Ratio: amount of API calls per kilobyte of code section
--
refsglobalvar
counter
ratio-functions
float
Ratio: amount of functions per kilobyte of code section
--
get-proc-address
counter
Amount of calls to GetProcAddress
--
referenced-strings
counter
Amount of referenced strings
--
memory-allocations
counter
Amount of memory allocations
--
text
text
Description of the r2graphity object
--
dangling-strings
counter
Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
--
miss-api
counter
ratio-functions
float
Ratio: amount of functions per kilobyte of code section
++
total-functions
counter
shortest-path-to-create-thread
dangling-strings
counter
Shortest path to the first time the binary calls CreateThread
+Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
gml
attachment
get-proc-address
counter
Graph export in G>raph Modelling Language format
+Amount of calls to GetProcAddress
@@ -5988,6 +5879,126 @@ r2graphity is a MISP object available in JSON format at
ratio-string
float
Ratio: amount of referenced strings per kilobyte of code section
++
referenced-strings
counter
Amount of referenced strings
++
shortest-path-to-create-thread
counter
Shortest path to the first time the binary calls CreateThread
++
create-thread
counter
Amount of calls to CreateThread
++
ratio-api
float
Ratio: amount of API calls per kilobyte of code section
++
gml
attachment
Graph export in G>raph Modelling Language format
++
callback-largest
counter
Largest callback
++
memory-allocations
counter
Amount of memory allocations
++
callbacks
counter
Amount of callbacks (functions started as thread)
++
local-references
counter
Amount of API calls inside a code section
++
text
text
Description of the r2graphity object
++
r2-commit-version
text
Radare2 commit ID used to generate this object
++
callback-average
counter
not-referenced-strings
counter
Amount of not referenced strings
++
total-api
counter
regexp-type
text
Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']
--
regexp
text
regexp
--
comment
comment
regexp
text
regexp
++
regexp-type
text
Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']
++
hive
+text
Hive used to store the registry key (file on disk)
++
data
text
Data stored in the registry key
++
root-keys
text
data
text
Data stored in the registry key
--
key
regkey
hive
text
Hive used to store the registry key (file on disk)
--
case-number
+summary
text
Case number
+Free text summary of the report
summary
case-number
text
Free text summary of the report
+Case number
@@ -6290,6 +6311,36 @@ rtir is a MISP object available in JSON format at
subject
text
Subject of the RTIR ticket
++
ip
ip-dst
IPs automatically extracted from the RTIR ticket
++
constituency
text
Constituency of the RTIR ticket
++
classification
text
constituency
text
Constituency of the RTIR ticket
--
ip
ip-dst
IPs automatically extracted from the RTIR ticket
--
subject
text
Subject of the RTIR ticket
--
status
text
web-sandbox
on-premise-sandbox
text
A web sandbox where results are publicly available via an URL ['malwr', 'hybrid-analysis']
+The on-premise sandbox used ['cuckoo', 'symantec-cas-on-premise', 'bluecoat-maa', 'trendmicro-deep-discovery-analyzer', 'fireeye-ax', 'vmray', 'joe-sandbox-on-premise']
@@ -6418,10 +6439,30 @@ sandbox-report is a MISP object available in JSON format at
results
permalink
link
Permalink reference
++
sandbox-type
text
Freetext result values
+The type of sandbox used ['on-premise', 'web', 'saas']
++
web-sandbox
text
A web sandbox where results are publicly available via an URL ['malwr', 'hybrid-analysis']
@@ -6438,26 +6479,6 @@ sandbox-report is a MISP object available in JSON format at
on-premise-sandbox
text
The on-premise sandbox used ['cuckoo', 'symantec-cas-on-premise', 'bluecoat-maa', 'trendmicro-deep-discovery-analyzer', 'fireeye-ax', 'vmray', 'joe-sandbox-on-premise']
--
permalink
link
Permalink reference
--
saas-sandbox
text
sandbox-type
results
text
The type of sandbox used ['on-premise', 'web', 'saas']
+Freetext result values
@@ -6516,16 +6537,6 @@ sb-signature is a MISP object available in JSON format at
software
text
Name of Sandbox software
--
signature
text
datetime
datetime
software
text
Datetime
+Name of Sandbox software
datetime
datetime
Datetime
++
MapVlrGT
+MapUssdCoding
text
MAP VLR GT. Phone number.
--
MapSmscGT
text
MAP SMSC. Phone number.
--
text
text
A description of the attack seen via SS7 logging.
+MAP USSD Content.
SccpCgGT
MapMscGT
text
Signaling Connection Control Part (SCCP) CgGT - Phone number.
+MAP MSC GT. Phone number.
MapSmsTP-PID
SccpCdGT
text
MAP SMS TP-PID.
+Signaling Connection Control Part (SCCP) CdGT - Phone number.
+
+
MapGsmscfGT
text
MAP GSMSCF GT. Phone number.
+
MapMsisdn
+MapUssdContent
text
MAP MSISDN. Phone number.
+MAP USSD Content.
MapVersion
text
Map version. ['1', '2', '3']
++
MapApplicationContext
text
MAP application context in OID format.
++
SccpCdSSN
text
Signaling Connection Control Part (SCCP) - Decimal value between 0-255.
++
MapSmsTP-OA
text
MapSmsTypeNumber
text
MAP SMS TypeNumber.
--
MapImsi
text
MAP IMSI. Phone number starting with MCC/MNC.
--
MapSmsText
text
MAP SMS Text. Important indicators in SMS text.
--
MapMscGT
text
MAP MSC GT. Phone number.
--
MapUssdCoding
text
MAP USSD Content.
--
Category
text
MapApplicationContext
MapSmsTP-PID
text
MAP application context in OID format.
+MAP SMS TP-PID.
MapOpCode
MapSmsTypeNumber
text
MAP operation codes - Decimal value between 0-99.
+MAP SMS TypeNumber.
MapVersion
SccpCgGT
text
Map version. ['1', '2', '3']
--
MapGmlc
text
MAP GMLC. Phone number.
+Signaling Connection Control Part (SCCP) CgGT - Phone number.
@@ -6804,43 +6785,43 @@ ss7-attack is a MISP object available in JSON format at
MapUssdContent
MapGmlc
text
MAP USSD Content.
+MAP GMLC. Phone number.
SccpCdSSN
text
text
Signaling Connection Control Part (SCCP) - Decimal value between 0-255.
+A description of the attack seen via SS7 logging.
MapGsmscfGT
MapSmsText
text
MAP GSMSCF GT. Phone number.
+MAP SMS Text. Important indicators in SMS text.
SccpCdGT
MapOpCode
text
Signaling Connection Control Part (SCCP) CdGT - Phone number.
+MAP operation codes - Decimal value between 0-99.
+
MapMsisdn
text
MAP MSISDN. Phone number.
++
MapImsi
text
MAP IMSI. Phone number starting with MCC/MNC.
++
MapVlrGT
text
MAP VLR GT. Phone number.
++
MapSmscGT
text
MAP SMSC. Phone number.
++
comment
+comment
A description of the stix2-pattern.
++
stix2-pattern
stix2-pattern
A timesketch timeline object based on mandatory field in timesketch to describe a log entry..
+comment |
-comment |
++ + | ++timesketch-timeline is a MISP object available in JSON format at this location The JSON format can be freely reused in your application or automatically enabled in MISP. + | +
Object attribute | +MISP attribute type | +Description | +Disable correlation | +|||||
---|---|---|---|---|---|---|---|---|
message |
+text |
- A description of the stix2-pattern. +Informative message of the event + |
+
+ + |
+|||||
datetime |
+datetime |
+
+ When the log entry was seen + |
+
+ + |
+|||||
timestamp |
+timestamp-microsec |
+
+ When the log entry was seen in microseconds since Unix epoch + |
+
+ + |
+|||||
timestamp_desc |
+text |
+
+ Text explaining what type of timestamp is it |
@@ -6950,40 +7049,30 @@ tor-node is a MISP object available in JSON format at text |
-text |
+address |
+ip-src |
- Tor node comment. - |
-
- - |
-
version |
-text |
-
- parsed version of tor, this is None if the relay’s using a new versioning scheme. +IP address of the Tor node seen. |
|
|||||
first-seen |
-datetime |
+version_line |
+text |
- When the Tor node designed by the IP address has been seen for the first time. +versioning information reported by the node. |
- +
|
|||
flags |
+fingerprint |
text |
- list of flag associated with the node. +router’s fingerprint. |
@@ -7010,23 +7099,33 @@ tor-node is a MISP object available in JSON format at document |
+version |
text |
- Raw document from the consensus. +parsed version of tor, this is None if the relay’s using a new versioning scheme. + |
+
+ + |
+
text |
+text |
+
+ Tor node comment. |
|
|||||
address |
-ip-src |
+first-seen |
+datetime |
- IP address of the Tor node seen. +When the Tor node designed by the IP address has been seen for the first time. |
- +
|
|||
text |
-
- versioning information reported by the node. - |
-
- - |
-||||||
published |
datetime |
@@ -7060,15 +7149,25 @@ tor-node is a MISP object available in JSON format at fingerprint |
+flags |
text |
- router’s fingerprint. +list of flag associated with the node. |
|
||
document |
+text |
+
+ Raw document from the consensus. + |
+
+ + |
+
transmode-code
-text
How the transaction was conducted.
--
from-country
text
Origin country of a transaction.
--
transmode-comment
text
date
datetime
Date and time of the transaction.
++
date-posting
datetime
Date of posting, if different from date of transaction.
++
transmode-code
text
How the transaction was conducted.
++
teller
text
amount
to-funds-code
text
The value of the transaction in local currency.
+Type of funds used to finalize a transaction. ['A Deposit', 'C Currency exchange', 'D Casino chips', 'E Bank draft', 'F Money order', 'G Traveler’s cheques', 'H Life insurance policy', 'I Real estate', 'J Securities', 'K Cash', 'O Other', 'P Cheque']
+
location
from-country
text
Location where the transaction took place.
+Origin country of a transaction.
@@ -7208,16 +7317,6 @@ transaction is a MISP object available in JSON format at
to-funds-code
text
Type of funds used to finalize a transaction. ['A Deposit', 'C Currency exchange', 'D Casino chips', 'E Bank draft', 'F Money order', 'G Traveler’s cheques', 'H Life insurance policy', 'I Real estate', 'J Securities', 'K Cash', 'O Other', 'P Cheque']
--
authorized
text
date
datetime
location
text
Date and time of the transaction.
+Location where the transaction took place.
date-posting
datetime
amount
text
Date of posting, if different from date of transaction.
+The value of the transaction in local currency.
@@ -7286,70 +7385,10 @@ url is a MISP object available in JSON format at
last-seen
datetime
Last time this URL has been seen
--
host
hostname
Full hostname
--
scheme
credential
text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
--
text
text
Description of the URL
--
first-seen
datetime
First time this URL has been seen
--
tld
text
Top-Level Domain
--
fragment
text
Fragment identifier is a short string of characters that refers to a resource that is subordinate to another, primary resource.
+Credential (username, password)
@@ -7366,30 +7405,10 @@ url is a MISP object available in JSON format at
subdomain
text
url
url
Subdomain
--
resource_path
text
Path (between hostname:port and query)
--
credential
text
Credential (username, password)
+Full URL
@@ -7406,16 +7425,36 @@ url is a MISP object available in JSON format at
url
url
host
hostname
Full URL
+Full hostname
text
text
Description of the URL
++
last-seen
datetime
Last time this URL has been seen
++
domain
domain
fragment
text
Fragment identifier is a short string of characters that refers to a resource that is subordinate to another, primary resource.
++
tld
text
Top-Level Domain
++
subdomain
text
Subdomain
++
scheme
text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
++
query_string
text
resource_path
text
Path (between hostname:port and query)
++
first-seen
datetime
First time this URL has been seen
++
classification
-text
The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']
--
description
text
node
target-machine
Name(s) of node that was targeted.
--
regions
target-location
The list of regions or locations from the victim targeted. ISO 3166 should be used.
--
user
target-user
regions
target-location
The list of regions or locations from the victim targeted. ISO 3166 should be used.
++
sectors
text
ip-address
ip-dst
IP address(es) of the node targeted.
++
classification
text
The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']
++
name
target-org
The name of the department(s) or organisation(s) targeted.
++
node
target-machine
Name(s) of node that was targeted.
++
target-email
name
target-org
The name of the department(s) or organisation(s) targeted.
--
ip-address
ip-dst
IP address(es) of the node targeted.
--
last-submission
-datetime
detection-ratio
text
Last Submission
+Detection Ratio
+
permalink
link
first-submission
datetime
Permalink Reference
+First Submission
@@ -7652,20 +7751,20 @@ virustotal-report is a MISP object available in JSON format at
detection-ratio
text
permalink
link
Detection Ratio
+Permalink Reference
+
first-submission
last-submission
datetime
First Submission
+Last Submission
@@ -7710,6 +7809,46 @@ vulnerability is a MISP object available in JSON format at
vulnerable_configuration
text
The vulnerable configuration is described in CPE format
++
modified
datetime
Last modification date
++
id
vulnerability
Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.
++
state
text
State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed. ['Published', 'Embargo', 'Reviewed', 'Vulnerability ID Assigned', 'Reported', 'Fixed']
++
published
datetime
state
text
State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed. ['Published', 'Embargo', 'Reviewed', 'Vulnerability ID Assigned', 'Reported', 'Fixed']
--
references
link
modified
datetime
Last modification date
--
created
datetime
vulnerable_configuration
text
The vulnerable configuration is described in CPE format
--
id
vulnerability
Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.
--
registrar
-whois-registrar
registrant-email
whois-registrant-email
Registrar of the whois entry
+Registrant email address
registrant-phone
whois-registrant-phone
domain
domain
Registrant phone number
+Domain of the whois entry
@@ -7868,26 +7967,6 @@ whois is a MISP object available in JSON format at
registrant-name
whois-registrant-name
Registrant name
--
text
text
Full whois entry
--
creation-date
datetime
registrant-phone
whois-registrant-phone
Registrant phone number
++
registrant-org
whois-registrant-org
registrant-email
whois-registrant-email
registrar
whois-registrar
Registrant email address
+Registrar of the whois entry
domain
domain
text
text
Domain of the whois entry
+Full whois entry
++
registrant-name
whois-registrant-name
Registrant name
@@ -7986,100 +8085,10 @@ x509 is a MISP object available in JSON format at
x509-fingerprint-sha1
x509-fingerprint-sha1
x509-fingerprint-md5
x509-fingerprint-md5
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
pubkey-info-algorithm
text
Algorithm of the public key
--
raw-base64
text
Raw certificate base64 encoded
--
text
text
Free text description of hte certificate
--
serial-number
text
Serial number of the certificate
--
version
text
Version of the certificate
--
validity-not-after
datetime
Certificate invalid after that date
--
validity-not-before
datetime
Certificate invalid before that date
--
pubkey-info-modulus
text
Modulus of the public key
--
x509-fingerprint-sha256
x509-fingerprint-sha256
Secure Hash Algorithm 2 (256 bits)
+[Insecure] MD5 hash (128 bits)
@@ -8096,16 +8105,6 @@ x509 is a MISP object available in JSON format at
issuer
text
Issuer of the certificate
--
subject
text
pubkey-info-size
serial-number
text
Length of the public key (in bits)
+Serial number of the certificate
x509-fingerprint-md5
x509-fingerprint-md5
raw-base64
text
[Insecure] MD5 hash (128 bits)
+Raw certificate base64 encoded
++
x509-fingerprint-sha256
x509-fingerprint-sha256
Secure Hash Algorithm 2 (256 bits)
++
version
text
Version of the certificate
++
text
text
Free text description of hte certificate
++
validity-not-before
datetime
Certificate invalid before that date
++
pubkey-info-algorithm
text
Algorithm of the public key
++
x509-fingerprint-sha1
x509-fingerprint-sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
validity-not-after
datetime
Certificate invalid after that date
++
issuer
text
Issuer of the certificate
++
pubkey-info-modulus
text
Modulus of the public key
++
pubkey-info-size
text
Length of the public key (in bits)
@@ -8174,20 +8273,10 @@ yabin is a MISP object available in JSON format at
yara
yara
Yara rule generated from -y.
--
whitelist
comment
comment
Whitelist name used to generate the rules.
+A description of Yara rule generated.
@@ -8204,13 +8293,13 @@ yabin is a MISP object available in JSON format at
comment
comment
yara
yara
A description of Yara rule generated.
+Yara rule generated from -y.
+
whitelist
comment
Whitelist name used to generate the rules.
++