Hash (md5) calculated from the PE import table
+From ca88d8056bba7be009c0f08578b8e98e5b166586 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Tue, 13 Oct 2020 22:52:54 +0200
Subject: [PATCH] chg: [objects] updated
---
objects.html | 565 +-
objects.pdf | 83655 +++++++++++++++++++++++++++----------------------
2 files changed, 47200 insertions(+), 37020 deletions(-)
diff --git a/objects.html b/objects.html
index d240f4b..d836930 100755
--- a/objects.html
+++ b/objects.html
@@ -562,6 +562,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
imphash
imphash
Hash (md5) calculated from the PE import table
++
+
malware-sample
malware-sample
telfhash
telfhash
telfhash - Symbol hash for ELF files.
++
+
text
text
GitLab user. Gitlab.com user or self-hosted GitLab instance.
++ + | ++gitlab-user is a MISP object available in JSON format at this location The JSON format can be freely reused in your application or automatically enabled in MISP. + | +
Object attribute | +MISP attribute type | +Description | +Disable correlation | +Multiple | +
---|---|---|---|---|
avatar_url |
+link |
+
+ Avatar url of the GitLab User + |
+
+ + |
+
+ + |
+
id |
+text |
+
+ GitLab User id + |
+
+ + |
+
+ + |
+
name |
+text |
+
+ Complete Name of the GitLab User Id + |
+
+ + |
+
+ + |
+
state |
+text |
+
+ State of the GitLab User ['active', 'inactive', 'blocked'] + |
+
+ + |
+
+ + |
+
username |
+text |
+
+ Username of the GitLab User + |
+
+ + |
+
+ + |
+
web_url |
+link |
+
+ Profile url of the GitLab User + |
+
+ + |
+
+ + |
+
Intel 471 vulnerability intelligence object.
++ + | ++intel471-vulnerability-intelligence is a MISP object available in JSON format at this location The JSON format can be freely reused in your application or automatically enabled in MISP. + | +
Object attribute | +MISP attribute type | +Description | +Disable correlation | +Multiple | +
---|---|---|---|---|
activity-location-open-source |
+boolean |
+
+ The vulnerability is being discussed in open source. + |
+
+ + |
+
+ + |
+
activity-location-private |
+boolean |
+
+ The vulnerability is being discussed in private/direct communications. + |
+
+ + |
+
+ + |
+
activity-location-underground |
+boolean |
+
+ The vulnerability is being discussed in the underground. + |
+
+ + |
+
+ + |
+
countermeasures |
+text |
+
+ Summary of countermeasures to protect against the vulnerability. + |
+
+ + |
+
+ + |
+
cve-id |
+text |
+
+ The vulnerability’s CVE ID. + |
+
+ + |
+
+ + |
+
cvss-score-v2 |
+float |
+
+ CVSS score (version 2). + |
+
+ + |
+
+ + |
+
cvss-score-v3 |
+float |
+
+ CVSS score (version 3). + |
+
+ + |
+
+ + |
+
detection |
+text |
+
+ Detection signatures/definitions exist for the vulnerability. + |
+
+ + |
+
+ + |
+
exploit-status-available |
+boolean |
+
+ Exploit code for the vulnerability is available. + |
+
+ + |
+
+ + |
+
exploit-status-not-observed |
+boolean |
+
+ Exploit code or usage has not been observed for the vulnerability. + |
+
+ + |
+
+ + |
+
exploit-status-productized |
+boolean |
+
+ There is a module for the vulnerability in commercial exploit kits or network security tools. + |
+
+ + |
+
+ + |
+
exploit-status-weaponized |
+boolean |
+
+ The vulnerability has been used in an attack or has been included in an exploit kit. + |
+
+ + |
+
+ + |
+
interest-level-disclosed-publicly |
+boolean |
+
+ The vulnerability has been disclosed publicly. + |
+
+ + |
+
+ + |
+
interest-level-exploit-sought |
+boolean |
+
+ An exploit for the vulnerability is being sought. + |
+
+ + |
+
+ + |
+
interest-level-researched-publicly |
+boolean |
+
+ The vulnerability has been researched or documented publicly. + |
+
+ + |
+
+ + |
+
modified |
+datetime |
+
+ Last modification date. + |
+
+ + |
+
+ + |
+
patch-status |
+text |
+
+ Availability of a patch for the vulnerability. + |
+
+ + |
+
+ + |
+
product-name |
+text |
+
+ Product name. + |
+
+ + |
+
+ + |
+
proof-of-concept |
+text |
+
+ Proof of concept code or demonstration exists. + |
+
+ + |
+
+ + |
+
published |
+datetime |
+
+ Initial publication date. + |
+
+ + |
+
+ + |
+
references |
+link |
+
+ External references. + |
+
+ + |
+
+ + |
+
risk-level |
+text |
+
+ Risk level of the vulnerability. + |
+
+ + |
+
+ + |
+
summary |
+text |
+
+ Summary of the vulnerability. + |
+
+ + |
+
+ + |
+
underground-activity-status |
+text |
+
+ Indicates if underground activity has been observed for the vulnerability. + |
+
+ + |
+
+ + |
+
underground-activity-summary |
+text |
+
+ Description of underground activity related to the vulnerability. + |
+
+ + |
+
+ + |
+
vendor-name |
+text |
+
+ Vendor name. + |
+
+ + |
+
+ + |
+
vulnerability-status |
+text |
+
+ The status of vulnerability. + |
+
+ + |
+
+ + |
+
vulnerability-type |
+text |
+
+ The type of vulnerability. + |
+
+ + |
+
+ + |
+
vulnerable-configuration |
+text |
+
+ Vulnerable configuration in CPE format. + |
+
+ + |
+
+ + |
+