diff --git a/objects.html b/objects.html
index 8a7aefd..1e18531 100755
--- a/objects.html
+++ b/objects.html
@@ -556,13 +556,23 @@ ail-leak is a MISP object available in JSON format at text
text
duplicate_number
counter
A description of the leak which could include the potential victim(s) or description of the leak.
+Number of known duplicates.
+
+
duplicate
text
Duplicate of the existing leaks.
+
sensor
-text
The AIL sensor uuid where the leak was processed and analysed.
--
original-date
datetime
When the information available in the leak was created. It’s usually before the first-seen.
--
last-seen
datetime
origin
link
The link where the leak is (or was) accessible at first-seen.
--
first-seen
datetime
original-date
datetime
When the information available in the leak was created. It’s usually before the first-seen.
++
sensor
text
The AIL sensor uuid where the leak was processed and analysed.
++
raw-data
text
text
text
A description of the leak which could include the potential victim(s) or description of the leak.
++
origin
text
The link where the leak is (or was) accessible at first-seen.
++
import
+description
text
The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
--
export
text
The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
+Description of the autonomous system
@@ -704,10 +714,10 @@ asn is a MISP object available in JSON format at
country
import
text
Country code of the main location of the autonomous system
+The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
@@ -724,10 +734,20 @@ asn is a MISP object available in JSON format at
description
subnet-announced
ip-src
Subnet announced
++
country
text
Description of the autonomous system
+Country code of the main location of the autonomous system
@@ -744,20 +764,10 @@ asn is a MISP object available in JSON format at
subnet-announced
ip-src
export
text
Subnet announced
--
first-seen
datetime
First time the ASN was seen
+The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format
first-seen
datetime
First time the ASN was seen
++
software
-text
datetime
datetime
Name of antivirus software
+Datetime
@@ -832,20 +852,20 @@ av-signature is a MISP object available in JSON format at
datetime
datetime
text
text
Datetime
+Free text value to attach to the file
text
software
text
Free text value to attach to the file
+Name of antivirus software
@@ -900,16 +920,6 @@ cookie is a MISP object available in JSON format at
text
text
A description of the cookie.
--
cookie-name
text
type
text
Type of cookie and how it’s used in this specific object. ['Session management', 'Personalization', 'Tracking', 'Exfiltration', 'Malicious Payload', 'Beaconing']
++
cookie-value
text
type
text
text
Type of cookie and how it’s used in this specific object. ['Session management', 'Personalization', 'Tracking', 'Exfiltration', 'Malicious Payload', 'Beaconing']
+A description of the cookie.
+
format
+text
Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
++
notification
text
text
text
A description of the credential(s)
--
type
text
password
text
Password
--
username
text
origin
password
text
Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
+Password
format
text
text
Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']
+A description of the credential(s)
++
origin
text
Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']
@@ -1086,16 +1106,6 @@ credit-card is a MISP object available in JSON format at
cc-number
cc-number
credit-card number as encoded on the card.
--
version
text
name
card-security-code
text
Name of the card owner.
--
expiration
datetime
Maximum date of validity
+Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
@@ -1136,6 +1136,26 @@ credit-card is a MISP object available in JSON format at
expiration
datetime
Maximum date of validity
++
cc-number
cc-number
credit-card number as encoded on the card.
++
issued
datetime
card-security-code
name
text
Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.
+Name of the card owner.
@@ -1194,10 +1214,10 @@ ddos is a MISP object available in JSON format at
dst-port
src-port
port
Destination port of the attack
+Port originating the attack
@@ -1214,50 +1234,20 @@ ddos is a MISP object available in JSON format at
text
text
Description of the DDoS
--
src-port
dst-port
port
Port originating the attack
+Destination port of the attack
protocol
text
first-seen
datetime
Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
--
total-bps
counter
Bits per second
--
total-pps
counter
Packets per second
+Beginning of the attack
@@ -1274,6 +1264,16 @@ ddos is a MISP object available in JSON format at
total-bps
counter
Bits per second
++
ip-dst
ip-dst
first-seen
datetime
protocol
text
Beginning of the attack
+Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']
++
total-pps
counter
Packets per second
++
text
text
Description of the DDoS
@@ -1332,16 +1352,6 @@ domain-ip is a MISP object available in JSON format at
last-seen
datetime
Last time the tuple has been seen
--
domain
domain
text
text
ip
ip-dst
A description of the tuple
+IP Address
ip
ip-dst
last-seen
datetime
IP Address
+Last time the tuple has been seen
++
text
text
A description of the tuple
@@ -1420,6 +1440,36 @@ elf is a MISP object available in JSON format at
type
text
Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
++
os_abi
text
Header operating system application binary interface (ABI) ['AIX', 'ARM', 'AROS', 'C6000_ELFABI', 'C6000_LINUX', 'CLOUDABI', 'FENIXOS', 'FREEBSD', 'GNU', 'HPUX', 'HURD', 'IRIX', 'MODESTO', 'NETBSD', 'NSK', 'OPENBSD', 'OPENVMS', 'SOLARIS', 'STANDALONE', 'SYSTEMV', 'TRU64']
++
number-sections
counter
Number of sections
++
entrypoint-address
text
type
text
Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']
--
arch
text
number-sections
counter
Number of sections
--
os_abi
text
Header operating system application binary interface (ABI) ['AIX', 'ARM', 'AROS', 'C6000_ELFABI', 'C6000_LINUX', 'CLOUDABI', 'FENIXOS', 'FREEBSD', 'GNU', 'HPUX', 'HURD', 'IRIX', 'MODESTO', 'NETBSD', 'NSK', 'OPENBSD', 'OPENVMS', 'SOLARIS', 'STANDALONE', 'SYSTEMV', 'TRU64']
--
sha512
+sha512
Secure Hash Algorithm 2 (512 bits)
++
flag
text
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
++
sha384
sha384
entropy
float
sha512/256
sha512/256
Entropy of the whole section
+Secure Hash Algorithm 2 (256 bits)
+
sha512/224
sha512/224
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
sha512/256
-sha512/256
entropy
float
Secure Hash Algorithm 2 (256 bits)
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
+Entropy of the whole section
@@ -1598,10 +1618,10 @@ elf-section is a MISP object available in JSON format at
text
text
size-in-bytes
size-in-bytes
Free text value to attach to the section
+Size of the section, in bytes
@@ -1618,28 +1638,18 @@ elf-section is a MISP object available in JSON format at
sha256
sha256
text
text
Secure Hash Algorithm 2 (256 bits)
+Free text value to attach to the section
+
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
--
sha224
sha224
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
flag
-text
sha256
sha256
Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']
+Secure Hash Algorithm 2 (256 bits)
+
+
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
+
send-date
-datetime
thread-index
email-thread-index
Date the email has been sent
--
mime-boundary
email-mime-boundary
MIME Boundary
--
return-path
text
Message return path
+Identifies a particular conversation thread
@@ -1746,20 +1746,10 @@ email is a MISP object available in JSON format at
from-display-name
email-src-display-name
reply-to
email-reply-to
Display name of the sender
--
cc
email-dst
Carbon copy
+Email address the reply will be sent to
@@ -1776,33 +1766,13 @@ email is a MISP object available in JSON format at
to
email-dst
send-date
datetime
Destination email address
+Date the email has been sent
-
thread-index
email-thread-index
Identifies a particular conversation thread
--
header
email-header
Full headers
-+
x-mailer
+email-x-mailer
X-Mailer generally tells the program that was used to draft and send the original email
++
from-display-name
email-src-display-name
Display name of the sender
++
message-id
email-message-id
reply-to
email-reply-to
cc
email-dst
Email address the reply will be sent to
+Carbon copy
from
email-src
return-path
text
Sender email address
+Message return path
++
to
email-dst
Destination email address
@@ -1856,10 +1856,30 @@ email is a MISP object available in JSON format at
x-mailer
email-x-mailer
from
email-src
X-Mailer generally tells the program that was used to draft and send the original email
+Sender email address
++
header
email-header
Full headers
++
mime-boundary
email-mime-boundary
MIME Boundary
@@ -1904,30 +1924,10 @@ file is a MISP object available in JSON format at
sha384
sha384
sha512
sha512
Secure Hash Algorithm 2 (384 bits)
--
entropy
float
Entropy of the whole file
--
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
+Secure Hash Algorithm 2 (512 bits)
@@ -1944,6 +1944,16 @@ file is a MISP object available in JSON format at
sha384
sha384
Secure Hash Algorithm 2 (384 bits)
++
sha512/256
sha512/256
authentihash
authentihash
malware-sample
malware-sample
Authenticode executable signature hash
--
state
text
State of the file ['Harmless', 'Signed', 'Revoked', 'Expired', 'Trusted']
--
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the file, in bytes
--
filename
filename
Filename on disk
--
pattern-in-file
pattern-in-file
Pattern that can be found in the file
--
md5
md5
[Insecure] MD5 hash (128 bits)
--
text
text
Free text value to attach to the file
--
sha256
sha256
Secure Hash Algorithm 2 (256 bits)
--
sha512
sha512
Secure Hash Algorithm 2 (512 bits)
+The file itself (binary)
@@ -2074,6 +1984,86 @@ file is a MISP object available in JSON format at
tlsh
tlsh
Fuzzy hash by Trend Micro: Locality Sensitive Hash
++
entropy
float
Entropy of the whole file
++
md5
md5
[Insecure] MD5 hash (128 bits)
++
size-in-bytes
size-in-bytes
Size of the file, in bytes
++
state
text
State of the file ['Harmless', 'Signed', 'Revoked', 'Expired', 'Trusted']
++
text
text
Free text value to attach to the file
++
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
++
authentihash
authentihash
Authenticode executable signature hash
++
ssdeep
ssdeep
malware-sample
malware-sample
sha256
sha256
The file itself (binary)
+Secure Hash Algorithm 2 (256 bits)
++
filename
filename
Filename on disk
++
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
pattern-in-file
pattern-in-file
Pattern that can be found in the file
@@ -2132,36 +2152,16 @@ geolocation is a MISP object available in JSON format at
country
region
text
Country.
+Region.
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
--
text
text
A generic description of the location.
--
first-seen
datetime
region
last-seen
datetime
When the location was seen for the last time.
++
altitude
float
The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.
++
country
text
Region.
+Country.
@@ -2192,20 +2212,20 @@ geolocation is a MISP object available in JSON format at
last-seen
datetime
latitude
float
When the location was seen for the last time.
+The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.
latitude
float
text
text
The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.
+A generic description of the location.
@@ -2260,10 +2280,20 @@ http-request is a MISP object available in JSON format at
url
url
content-type
other
Full HTTP Request URL
+The MIME type of the body of the request
++
host
hostname
The domain name of the server
@@ -2280,30 +2310,10 @@ http-request is a MISP object available in JSON format at
proxy-user
cookie
text
HTTP Proxy Username
--
content-type
other
The MIME type of the body of the request
--
user-agent
user-agent
The user agent string of the user agent
+An HTTP cookie previously sent by the server with Set-Cookie
@@ -2330,40 +2340,10 @@ http-request is a MISP object available in JSON format at
text
text
user-agent
user-agent
HTTP Request comment
--
method
http-method
HTTP Method invoked (one of GET, POST, PUT, HEAD, DELETE, OPTIONS, CONNECT)
--
cookie
text
An HTTP cookie previously sent by the server with Set-Cookie
--
host
hostname
The domain name of the server
+The user agent string of the user agent
@@ -2380,6 +2360,16 @@ http-request is a MISP object available in JSON format at
url
url
Full HTTP Request URL
++
basicauth-user
text
method
http-method
HTTP Method invoked (one of GET, POST, PUT, HEAD, DELETE, OPTIONS, CONNECT)
++
text
text
HTTP Request comment
++
proxy-user
text
HTTP Proxy Username
++
src-port
+port
Source port
++
dst-port
port
text
text
first-seen
datetime
Description of the tuple
--
ip
ip-dst
IP Address
--
src-port
port
Source port
+First time the tuple has been seen
@@ -2478,10 +2488,20 @@ ip-port is a MISP object available in JSON format at
first-seen
datetime
ip
ip-dst
First time the tuple has been seen
+IP Address
++
text
text
Description of the tuple
@@ -2526,6 +2546,16 @@ ja3 is a MISP object available in JSON format at
description
text
Type of detected software ie software, malware
++
ja3-fingerprint-md5
md5
ip-src
ip-src
first-seen
datetime
Source IP Address
--
description
text
Type of detected software ie software, malware
+First seen of the SSL/TLS handshake
@@ -2566,20 +2586,20 @@ ja3 is a MISP object available in JSON format at
ip-dst
ip-dst
ip-src
ip-src
Destination IP address
+Source IP Address
first-seen
datetime
ip-dst
ip-dst
First seen of the SSL/TLS handshake
+Destination IP address
@@ -2634,13 +2654,13 @@ macho is a MISP object available in JSON format at
number-sections
counter
type
text
Number of sections
+Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']
+
type
-text
Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']
--
name
text
number-sections
counter
Number of sections
++
sha512
+sha512
Secure Hash Algorithm 2 (512 bits)
++
sha384
sha384
entropy
float
sha512/256
sha512/256
Entropy of the whole section
+Secure Hash Algorithm 2 (256 bits)
+
sha512/224
sha512/224
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
sha512/256
-sha512/256
entropy
float
Secure Hash Algorithm 2 (256 bits)
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
+Entropy of the whole section
@@ -2792,6 +2802,16 @@ macho-section is a MISP object available in JSON format at
size-in-bytes
size-in-bytes
Size of the section, in bytes
++
text
text
sha512/224
sha512/224
Secure Hash Algorithm 2 (224 bits)
++
ssdeep
ssdeep
Fuzzy hash using context triggered piecewise hashes (CTPH)
++
sha256
sha256
sha512
sha512
sha1
sha1
Secure Hash Algorithm 2 (512 bits)
--
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
--
ssdeep
ssdeep
Fuzzy hash using context triggered piecewise hashes (CTPH)
+[Insecure] Secure Hash Algorithm 1 (160 bits)
@@ -2880,46 +2900,6 @@ microblog is a MISP object available in JSON format at
creation-date
datetime
Initial creation of the microblog post
--
removal-date
datetime
When the microblog post was removed
--
type
text
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
--
url
url
Original URL location of the microblog post
--
post
text
username
text
Username who posted the microblog post
--
username-quoted
text
Username who are quoted into the microblog post
--
modification-date
datetime
type
text
Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']
++
username
text
Username who posted the microblog post
++
removal-date
datetime
When the microblog post was removed
++
link
url
url
url
Original URL location of the microblog post
++
username-quoted
text
Username who are quoted into the microblog post
++
creation-date
datetime
Initial creation of the microblog post
++
ip_version
-counter
tcp-flags
text
IP version of this flow
+TCP flags of the flow
@@ -3028,46 +3048,16 @@ netflow is a MISP object available in JSON format at
tcp-flags
text
TCP flags of the flow
--
flow-count
packet-count
counter
Flows counted in this flow
+Packets counted in this flow
first-packet-seen
datetime
First packet seen in this flow
--
last-packet-seen
datetime
Last packet seen in this flow
--
src-as
AS
ip-dst
ip-dst
ip_version
counter
IP address destination of the netflow
+IP version of this flow
-
dst-as
AS
Destination AS number for this flow
-+
ip-protocol-number
-size-in-bytes
protocol
text
IP protocol number of this flow
+Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
++
flow-count
counter
Flows counted in this flow
@@ -3138,26 +3128,46 @@ netflow is a MISP object available in JSON format at
packet-count
counter
ip-protocol-number
size-in-bytes
Packets counted in this flow
+IP protocol number of this flow
protocol
text
last-packet-seen
datetime
Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']
+Last packet seen in this flow
dst-as
AS
Destination AS number for this flow
++
icmp-type
text
ICMP type of the flow (if the traffic is ICMP)
++
byte-count
counter
icmp-type
text
ip-dst
ip-dst
ICMP type of the flow (if the traffic is ICMP)
+IP address destination of the netflow
+
+
first-packet-seen
datetime
First packet seen in this flow
+
sensor_id
-text
Sensor information where the record was seen
--
time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS
--
rrname
text
Resource Record name of the queried resource
--
rrtype
text
rdata
text
Resource records of the queried resource
--
origin
text
Origin of the Passive DNS response
--
zone_time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
--
zone_time_last
datetime
text
text
time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS
+
bailiwick
text
Best estimate of the apex of the zone where this data is authoritative
++
sensor_id
text
Sensor information where the record was seen
++
origin
text
Origin of the Passive DNS response
+
bailiwick
+rdata
text
Best estimate of the apex of the zone where this data is authoritative
+Resource records of the queried resource
++
rrname
text
Resource Record name of the queried resource
++
text
text
+
+
zone_time_first
datetime
First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import
@@ -3374,16 +3394,6 @@ paste is a MISP object available in JSON format at
title
text
Title of the paste or post.
--
paste
text
url
url
Link to the original source of the paste or post.
--
last-seen
datetime
When the paste has been accessible or seen for the last time.
--
origin
text
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
--
first-seen
datetime
last-seen
datetime
When the paste has been accessible or seen for the last time.
++
url
url
Link to the original source of the paste or post.
++
title
text
Title of the paste or post.
++
origin
text
Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']
++
entrypoint-address
-text
Address of the entry point
--
pehash
pehash
Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
--
impfuzzy
impfuzzy
product-version
text
ProductVersion in the resources
++
number-sections
counter
Number of sections
++
imphash
imphash
Hash (md5) calculated from the import table
++
internal-filename
filename
InternalFilename in the resources
++
entrypoint-address
text
Address of the entry point
++
product-name
text
product-version
file-version
text
ProductVersion in the resources
+FileVersion in the resources
++
company-name
text
CompanyName in the resources
@@ -3532,26 +3592,6 @@ pe is a MISP object available in JSON format at
entrypoint-section-at-position
text
Name of the section and position of the section in the PE
--
internal-filename
filename
InternalFilename in the resources
--
compilation-timestamp
datetime
file-version
text
pehash
pehash
FileVersion in the resources
+Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/
-
legal-copyright
text
LegalCopyright in the resources
--
text
text
Free text value to attach to the PE
--
type
text
Type of PE ['exe', 'dll', 'driver', 'unknown']
-+
number-sections
-counter
Number of sections
--
company-name
type
text
CompanyName in the resources
+Type of PE ['exe', 'dll', 'driver', 'unknown']
imphash
imphash
entrypoint-section-at-position
text
Hash (md5) calculated from the import table
+Name of the section and position of the section in the PE
+
+
text
text
Free text value to attach to the PE
++
legal-copyright
text
LegalCopyright in the resources
+
sha512
+sha512
Secure Hash Algorithm 2 (512 bits)
++
sha384
sha384
entropy
float
sha512/256
sha512/256
Entropy of the whole section
+Secure Hash Algorithm 2 (256 bits)
+
sha512/224
sha512/224
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
characteristic
+text
Characteristic of the section ['read', 'write', 'executable']
++
name
text
sha512/256
sha512/256
entropy
float
Secure Hash Algorithm 2 (256 bits)
--
sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
--
size-in-bytes
size-in-bytes
Size of the section, in bytes
+Entropy of the whole section
@@ -3770,6 +3790,16 @@ pe-section is a MISP object available in JSON format at
size-in-bytes
size-in-bytes
Size of the section, in bytes
++
text
text
characteristic
text
sha512/224
sha512/224
Characteristic of the section ['read', 'write', 'executable']
+Secure Hash Algorithm 2 (224 bits)
++
ssdeep
ssdeep
Fuzzy hash using context triggered piecewise hashes (CTPH)
@@ -3800,30 +3840,10 @@ pe-section is a MISP object available in JSON format at
sha512
sha512
sha1
sha1
Secure Hash Algorithm 2 (512 bits)
--
sha224
sha224
Secure Hash Algorithm 2 (224 bits)
--
ssdeep
ssdeep
Fuzzy hash using context triggered piecewise hashes (CTPH)
+[Insecure] Secure Hash Algorithm 1 (160 bits)
@@ -3868,96 +3888,6 @@ person is a MISP object available in JSON format at
nationality
nationality
The nationality of a natural person.
--
place-of-birth
place-of-birth
Place of birth of a natural person.
--
last-name
last-name
Last name of a natural person.
--
date-of-birth
date-of-birth
Date of birth of a natural person (in YYYY-MM-DD format).
--
passport-country
passport-country
The country in which the passport was issued.
--
passport-expiration
passport-expiration
The expiration date of a passport.
--
passport-number
passport-number
The passport number of a natural person.
--
first-name
first-name
First name of a natural person.
--
text
text
A description of the person or identity.
--
redress-number
redress-number
passport-expiration
passport-expiration
The expiration date of a passport.
++
middle-name
middle-name
last-name
last-name
Last name of a natural person.
++
first-name
first-name
First name of a natural person.
++
date-of-birth
date-of-birth
Date of birth of a natural person (in YYYY-MM-DD format).
++
nationality
nationality
The nationality of a natural person.
++
passport-number
passport-number
The passport number of a natural person.
++
place-of-birth
place-of-birth
Place of birth of a natural person.
++
text
text
A description of the person or identity.
++
passport-country
passport-country
The country in which the passport was issued.
++
guti
-text
Globally Unique Temporary UE Identity (GUTI) is a temporary identification to not reveal the phone (user equipment in 3GPP jargon) composed of GUMMEI and the M-TMSI.
--
serial-number
text
Serial Number.
--
text
text
A description of the phone.
--
imei
text
msisdn
text
MSISDN (pronounced as /'em es ai es di en/ or misden) is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being Mobile Station International Subscriber Directory Number.
--
imsi
text
A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
--
last-seen
datetime
When the phone has been accessible or seen for the last time.
--
tmsi
text
last-seen
datetime
When the phone has been accessible or seen for the last time.
++
msisdn
text
MSISDN (pronounced as /'em es ai es di en/ or misden) is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being Mobile Station International Subscriber Directory Number.
++
imsi
text
A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.
++
gummei
text
serial-number
text
Serial Number.
++
guti
text
Globally Unique Temporary UE Identity (GUTI) is a temporary identification to not reveal the phone (user equipment in 3GPP jargon) composed of GUMMEI and the M-TMSI.
++
text
text
A description of the phone.
++
memory-allocations
-counter
r2-commit-version
text
Amount of memory allocations
--
gml
attachment
Graph export in G>raph Modelling Language format
--
local-references
counter
Amount of API calls inside a code section
--
ratio-api
float
Ratio: amount of API calls per kilobyte of code section
+Radare2 commit ID used to generate this object
@@ -4214,116 +4204,6 @@ r2graphity is a MISP object available in JSON format at
shortest-path-to-create-thread
counter
Shortest path to the first time the binary calls CreateThread
--
text
text
Description of the r2graphity object
--
get-proc-address
counter
Amount of calls to GetProcAddress
--
total-api
counter
Total amount of API calls
--
referenced-strings
counter
Amount of referenced strings
--
miss-api
counter
Amount of API call reference that does not resolve to a function offset
--
unknown-references
counter
Amount of API calls not ending in a function (Radare2 bug, probalby)
--
dangling-strings
counter
Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
--
callback-largest
counter
Largest callback
--
not-referenced-strings
counter
Amount of not referenced strings
--
ratio-string
float
Ratio: amount of referenced strings per kilobyte of code section
--
create-thread
counter
ratio-string
float
Ratio: amount of referenced strings per kilobyte of code section
++
ratio-api
float
Ratio: amount of API calls per kilobyte of code section
++
text
text
Description of the r2graphity object
++
ratio-functions
float
shortest-path-to-create-thread
counter
Shortest path to the first time the binary calls CreateThread
++
callback-largest
counter
Largest callback
++
gml
attachment
Graph export in G>raph Modelling Language format
++
local-references
counter
Amount of API calls inside a code section
++
miss-api
counter
Amount of API call reference that does not resolve to a function offset
++
not-referenced-strings
counter
Amount of not referenced strings
++
dangling-strings
counter
Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)
++
unknown-references
counter
Amount of API calls not ending in a function (Radare2 bug, probalby)
++
total-functions
counter
Total amount of functions in the file.
++
memory-allocations
counter
Amount of memory allocations
++
referenced-strings
counter
Amount of referenced strings
++
get-proc-address
counter
Amount of calls to GetProcAddress
++
callback-average
counter
r2-commit-version
text
Radare2 commit ID used to generate this object
--
total-functions
total-api
counter
Total amount of functions in the file.
+Total amount of API calls
@@ -4422,6 +4442,16 @@ regexp is a MISP object available in JSON format at
regexp-type
text
Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']
++
regexp
text
regexp-type
text
Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']
--
name
-reg-name
last-modified
datetime
Name of the registry key
+Last time the registry key has been modified
@@ -4520,10 +4540,10 @@ registry-key is a MISP object available in JSON format at
last-modified
datetime
data
reg-data
Last time the registry key has been modified
+Data stored in the registry key
@@ -4540,10 +4560,10 @@ registry-key is a MISP object available in JSON format at
data
reg-data
name
reg-name
Data stored in the registry key
+Name of the registry key
@@ -4588,20 +4608,20 @@ report is a MISP object available in JSON format at
summary
case-number
text
Free text summary of the report
+Case number
case-number
summary
text
Case number
+Free text summary of the report
@@ -4656,16 +4676,6 @@ rtir is a MISP object available in JSON format at
constituency
text
Constituency of the RTIR ticket
--
ip
ip-dst
queue
constituency
text
Queue of the RTIR ticket ['incident', 'investigations', 'blocks', 'incident reports']
--
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
+Constituency of the RTIR ticket
queue
text
Queue of the RTIR ticket ['incident', 'investigations', 'blocks', 'incident reports']
++
status
text
Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']
++
flags
-text
list of flag associated with the node.
--
nickname
text
address
ip-src
IP address of the Tor node seen.
--
fingerprint
text
router’s fingerprint.
--
first-seen
datetime
last-seen
datetime
When the Tor node designed by the IP address has been seen for the last time.
++
version_line
text
text
version
text
Tor node comment.
+parsed version of tor, this is None if the relay’s using a new versioning scheme.
++
flags
text
list of flag associated with the node.
++
address
ip-src
IP address of the Tor node seen.
++
document
text
Raw document from the consensus.
@@ -4844,35 +4874,25 @@ tor-node is a MISP object available in JSON format at
last-seen
datetime
When the Tor node designed by the IP address has been seen for the last time.
--
document
fingerprint
text
Raw document from the consensus.
--
version
text
parsed version of tor, this is None if the relay’s using a new versioning scheme.
+router’s fingerprint.
text
text
Tor node comment.
++
query_string
-text
Query (after path, preceded by '?')
--
host
hostname
Full hostname
--
last-seen
datetime
Last time this URL has been seen
--
domain
domain
resource_path
text
Path (between hostname:port and query)
--
domain_without_tld
text
Domain without Top-Level Domain
--
first-seen
datetime
last-seen
datetime
Last time this URL has been seen
++
fragment
text
scheme
text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
++
host
hostname
Full hostname
++
resource_path
text
Path (between hostname:port and query)
++
subdomain
text
credential
text
Credential (username, password)
++
text
text
Description of the URL
++
port
port
scheme
query_string
text
Scheme ['http', 'https', 'ftp', 'gopher', 'sip']
--
text
text
Description of the URL
+Query (after path, preceded by '?')
credential
domain_without_tld
text
Credential (username, password)
+Domain without Top-Level Domain
@@ -5100,6 +5120,16 @@ victim is a MISP object available in JSON format at
description
text
Description of the victim
++
classification
text
sectors
text
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial\xadservices', 'government\xadnational', 'government\xadregional', 'government\xadlocal', 'government\xadpublic\xadservices', 'healthcare', 'hospitality\xadleisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non\xadprofit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
--
name
text
The name of the victim targeted. The name can be an organisation or a group of organisations.
--
regions
text
sectors
text
The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial\xadservices', 'government\xadnational', 'government\xadregional', 'government\xadlocal', 'government\xadpublic\xadservices', 'healthcare', 'hospitality\xadleisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non\xadprofit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']
++
roles
text
description
name
text
Description of the victim
+The name of the victim targeted. The name can be an organisation or a group of organisations.
@@ -5198,20 +5218,30 @@ virustotal-report is a MISP object available in JSON format at
permalink
link
first-submission
datetime
Permalink Reference
+First Submission
first-submission
last-submission
datetime
First Submission
+Last Submission
++
permalink
link
Permalink Reference
@@ -5228,16 +5258,6 @@ virustotal-report is a MISP object available in JSON format at
last-submission
datetime
Last Submission
--
community-score
text
summary
text
Summary of the vulnerability
--
text
text
Description of the vulnerability
--
published
datetime
Initial publication date
--
modified
datetime
Last modification date
--
references
link
summary
text
Summary of the vulnerability
++
vulnerable_configuration
text
published
datetime
Initial publication date
++
text
text
Description of the vulnerability
++
modified
datetime
Last modification date
++
creation-date
+modification-date
datetime
Initial creation of the whois entry
--
registrant-name
whois-registrant-name
Registrant name
--
domain
domain
Domain of the whois entry
--
registrant-email
whois-registrant-email
Registrant email address
--
expiration-date
datetime
Expiration of the whois entry
+Last update of the whois entry
@@ -5454,10 +5434,40 @@ whois is a MISP object available in JSON format at
text
text
creation-date
datetime
Full whois entry
+Initial creation of the whois entry
++
domain
domain
Domain of the whois entry
++
registrant-name
whois-registrant-name
Registrant name
++
expiration-date
datetime
Expiration of the whois entry
@@ -5474,10 +5484,20 @@ whois is a MISP object available in JSON format at
modification-date
datetime
registrant-email
whois-registrant-email
Last update of the whois entry
+Registrant email address
++
text
text
Full whois entry
@@ -5522,80 +5542,10 @@ x509 is a MISP object available in JSON format at
raw-base64
text
validity-not-after
datetime
Raw certificate base64 encoded
--
serial-number
text
Serial number of the certificate
--
version
text
Version of the certificate
--
pubkey-info-algorithm
text
Algorithm of the public key
--
pubkey-info-modulus
text
Modulus of the public key
--
x509-fingerprint-md5
md5
[Insecure] MD5 hash (128 bits)
--
issuer
text
Issuer of the certificate
--
subject
text
Subject of the certificate
+Certificate invalid after that date
@@ -5612,20 +5562,20 @@ x509 is a MISP object available in JSON format at
validity-not-after
datetime
subject
text
Certificate invalid after that date
+Subject of the certificate
text
text
validity-not-before
datetime
Free text description of hte certificate
+Certificate invalid before that date
@@ -5642,10 +5592,20 @@ x509 is a MISP object available in JSON format at
x509-fingerprint-sha1
sha1
x509-fingerprint-md5
md5
[Insecure] Secure Hash Algorithm 1 (160 bits)
+[Insecure] MD5 hash (128 bits)
++
version
text
Version of the certificate
@@ -5662,10 +5622,70 @@ x509 is a MISP object available in JSON format at
validity-not-before
datetime
raw-base64
text
Certificate invalid before that date
+Raw certificate base64 encoded
++
pubkey-info-modulus
text
Modulus of the public key
++
pubkey-info-algorithm
text
Algorithm of the public key
++
x509-fingerprint-sha1
sha1
[Insecure] Secure Hash Algorithm 1 (160 bits)
++
serial-number
text
Serial number of the certificate
++
text
text
Free text description of hte certificate
++
issuer
text
Issuer of the certificate
@@ -5720,26 +5740,6 @@ yabin is a MISP object available in JSON format at
comment
comment
A description of Yara rule generated.
--
version
comment
yabin.py and regex.txt version used for the generation of the yara rules.
--
yara-hunt
yara
comment
comment
A description of Yara rule generated.
++
version
comment
yabin.py and regex.txt version used for the generation of the yara rules.
++