the type of message extracted from the forensic-evidence. ['SMS', 'MMS', 'Instant Message (IM)', 'Voice Message']

date and the time when the message was sent.

date and time when the message was received.

Source of the message.(Contact details)

Destination of the message.(Contact details)

Application used to send the message.

Subject of the message if any.

Message exchanged.

External references

Comments.

The URL saved as bookmark.

date and time when the URL was added to favorites.

Book mark name.

Title of the web page

Browser used to access the URL. ['IE', 'Safari', 'Chrome', 'Firefox', 'Opera mini', 'Chromium']

Domain of the URL.

IP of the URL domain.

Comments.

The website URL that created the cookie.

date and time when the cookie was created.

Name of the cookie

Value assigned to the cookie.

Browser on which the cookie was created. ['IE', 'Safari', 'Chrome', 'Firefox', 'Opera mini', 'Chromium']

Domain of the URL that created the cookie.

IP of the domain that created the URL.

Comments.

The URL used to download the file.

date and time when the file was downloaded.

Name of the file downloaded.

Location the file was downloaded to.

Id of the attribute file where the information is gathered from.

The downloaded file itself.

Comments.

The URL accessed.

date and the time when the URL was accessed.

where the URL was referred from

Title of the web page

Domain of the URL.

IP of the URL domain.

Browser used to access the URL. ['IE', 'Safari', 'Chrome', 'Firefox', 'Opera mini', 'Chromium']

Comments.

The domain of the search engine. ['Google', 'Yahoo', 'Bing', 'Alta Vista', 'MSN']

the search word or sentence.

date and time when the search was conducted.

Browser used. ['IE', 'Safari', 'Chrome', 'Firefox', 'Opera mini', 'Chromium']

User name or ID associated with the search.

Comments.

The AIL sensor uuid where the leak was processed and analysed.

Duplicate of the existing leaks.

Number of known duplicates.

The link where the leak is (or was) accessible at first-seen.

A description of the leak which could include the potential victim(s) or description of the leak.

When the information available in the leak was created. It’s usually before the first-seen.

When the leak has been accessible or seen for the last time.

When the leak has been accessible or seen for the first time.

Raw data as received by the AIL sensor compressed and encoded in Base64.

AIS Organisation Name.

AIS Administrative Area represented using ISO-3166-2.

AIS IndustryType. ['Chemical Sector', 'Commercial Facilities Sector', 'Communications Sector', 'Critical Manufacturing Sector', 'Dams Sector', 'Defense Industrial Base Sector', 'Emergency Services Sector', 'Energy Sector', 'Financial Services Sector', 'Food and Agriculture Sector', 'Government Facilities Sector', 'Healthcare and Public Health Sector', 'Information Technology Sector', 'Nuclear Reactors, Materials, and Waste Sector', 'Transportation Systems Sector', 'Water and Wastewater Systems Sector', 'Other']

AIS Country represented using ISO-3166-1_alpha-2.

Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']

Comment about the set of android permission(s)

Raw text of the annotation

Reference(s) to the annotation

Type of the annotation ['Annotation', 'Executive Summary', 'Introduction', 'Conclusion', 'Disclaimer', 'Keywords', 'Acknowledgement', 'Other', 'Copyright', 'Authors', 'Logo']

Format of the annotation ['text', 'markdown', 'asciidoctor', 'MultiMarkdown', 'GFM', 'pandoc', 'Fountain', 'CommonWork', 'kramdown-rfc2629', 'rfc7328', 'Extra']

Initial creation of the annotation

Last update of the annotation

An attachment to support the annotation

Anonymisation (or pseudo-anonymisation) method(s) used ["hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.", 'hash - A hash function maps each attribute to a new (not necessarily unique) attribute.', 'permutation - Maps each original value to a unique new value.', "prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ", 'shift - Adds a fixed offset to each value/attribute.', 'enumeration - Map each original value to a new value such that their ordering is preserved.', 'partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.', 'updated - Checksums are recalculated to reflect changes made to other fields.', 'truncation - Field is shortened, losing data at the end.', 'encryption - Attribute is encrypted.']

Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute

Initialisation vector for the encryption function used to anonymise the attribute

Keyed-hash function used to anonymise the attribute ['hmac-sha1', 'hmac-md5', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512']

Encryption function or algorithm used to anonymise the attribute ['aes128', 'aes-128-cbc', 'aes-128-cfb', 'aes-128-cfb1', 'aes-128-cfb8', 'aes-128-ctr', 'aes-128-ecb', 'aes-128-ofb', 'aes192', 'aes-192-cbc', 'aes-192-cfb', 'aes-192-cfb1', 'aes-192-cfb8', 'aes-192-ctr', 'aes-192-ecb', 'aes-192-ofb', 'aes-256-cfb', 'aes-256-cfb1', 'aes-256-cfb8', 'aes-256-ctr', 'aes-256-ecb', 'aes-256-ofb', 'bf', 'bf-cbc', 'bf-cfb', 'bf-ecb', 'bf-ofb', 'blowfish', 'camellia128', 'camellia-128-cbc', 'camellia-128-cfb', 'camellia-128-cfb1', 'camellia-128-cfb8', 'camellia-128-ctr', 'camellia-128-ecb', 'camellia-128-ofb', 'camellia192', 'camellia-192-cbc', 'camellia-192-cfb', 'camellia-192-cfb1', 'camellia-192-cfb8', 'camellia-192-ctr', 'camellia-192-ecb', 'camellia-192-ofb', 'camellia256', 'camellia-256-cbc', 'camellia-256-cfb', 'camellia-256-cfb1', 'camellia-256-cfb8', 'camellia-256-ctr', 'camellia-256-ecb', 'camellia-256-ofb', 'cast', 'cast5-cbc', 'cast5-cfb', 'cast5-ecb', 'cast5-ofb', 'cast-cbc', 'des', 'des3', 'des-cbc', 'des-cfb', 'des-ecb', 'des-ede', 'des-ede3', 'des-ede3-cbc', 'des-ede3-cfb', 'des-ede3-ofb', 'des-ede-cbc', 'des-ede-cfb', 'des-ede-ofb', 'des-ofb', 'desx', 'gost89', 'gost89-cnt', 'idea', 'idea-cbc', 'idea-cfb', 'idea-ecb', 'idea-ofb', 'rc2', 'rc2-40-cbc', 'rc2-64-cbc', 'rc2-cbc', 'rc2-cfb', 'rc2-ecb', 'rc2-ofb', 'rc4', 'rc4-40', 'rc4-64', 'rc5', 'rc5-cbc', 'rc5-cfb', 'rc5-ecb', 'rc5-ofb', 'seed', 'seed-cbc', 'seed-cfb', 'seed-ecb', 'seed-ofb', 'sm4', 'sm4-cbc', 'sm4-cfb', 'sm4-ctr', 'sm4-ecb', 'sm4-ofb']

Regular expression to perfom the anonymisation (reversible or not)

Description of the anonymisation technique or tool used

Level of knowledge of the organisation who created this object ['Only the anonymised data is known', 'Deanonymised data is known']

Autonomous System Number

Description of the autonomous system

Country code of the main location of the autonomous system

Subnet announced

First time the ASN was seen

Last time the ASN was seen

The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format

The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format

The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format

This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format

CAPEC ID.

Name of the attack pattern.

Summary description of the attack pattern.

Prerequisites for the attack pattern to succeed.

Solutions for the attack pattern to be countered.

Weakness related to the attack pattern.

Free text description of the signer info

Issuer of the certificate

Version of the certificate

Url

Content type

Program name

Digest algorithm

Signature algorithm ['SHA1_WITH_RSA_ENCRYPTION', 'SHA256_WITH_RSA_ENCRYPTION']

Name of antivirus software

Name of detection signature

Free text value to attach to the file

Datetime

A description of the bank account.

Name of the bank or financial organisation.

Institution code of the bank.

SWIFT or BIC as defined in ISO 9362.

Branch code or name

A flag to define if this account belong to a non-banking organisation. If set to true, it’s a non-banking organisation.

Account number

Currency of the account. ['USD', 'EUR']

ABA routing transit number

A field to freely describe the bank account details.

IBAN of the bank account.

Client number as seen by the bank.

Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']

When the account was opened.

When the account was closed.

The balance of the account after the suspicious transaction was processed.

When the balance was reported.

Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']

Final beneficiary of the bank account.

Comment about the final beneficiary.

Comments about the bank account.

Report code of the bank account. ['CTR Cash Transaction Report', 'STR Suspicious Transaction Report', 'EFT Electronic Funds Transfer', 'IFT International Funds Transfer', 'TFR Terror Financing Report', 'BCR Border Cash Report', 'UTR Unusual Transaction Report', 'AIF Additional Information File – Can be used for example to get full disclosure of transactions of an account for a period of time without reporting it as a CTR.', 'IRI Incoming Request for Information – International', 'ORI Outgoing Request for Information – International', 'IRD Incoming Request for Information – Domestic', 'ORD Outgoing Request for Information – Domestic']

Expected Autonomous System Number

Detected Autonomous System Number

BGP Hijack details

Country code of the main location of the attacking autonomous system

Subnet announced

First time the Prefix hijack was seen

Last time the Prefix hijack was seen

A Bitcoin transaction number in a sequence of transactions

Date and time of transaction

Value in BTC at date/time displayed in field 'time'

Value in EUR with conversion rate as of date/time displayed in field 'time'

Value in USD with conversion rate as of date/time displayed in field 'time'

A Bitcoin transactional address

A Bitcoin wallet address

Value in BTC at date/time displayed in field 'time'

Value of received BTC

Value of sent BTC

Date and time of lookup/conversion

The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.

The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.

The time and date of the origination of the alert message.

The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']

The code denoting the nature of the alert message. ['Alert', 'Update', 'Cancel', 'Ack', 'Error']

The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.

The code denoting the intended distribution of the alert message. ['Public', 'Restricted', 'Private']

The text describing the rule for limiting distribution of the restricted alert message.

The group listing of intended recipients of the alert message. (1) Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”. (2) Each recipient SHALL be identified by an identifier or an address. (3) Multiple space-delimited addresses MAY be included. Addresses including whitespace MUST be enclosed in double-quotes.

The code denoting the special handling of the alert message.

The text describing the purpose or significance of the alert message.

The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.

The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.

The code denoting the language of the info sub-element of the alert message.

The code denoting the category of the subject event of the alert message. ['Geo', 'Met', 'Safety', 'Security', 'Rescue', 'Fire', 'Health', 'Env', 'Transport', 'Infra', 'CBRNE', 'Other']

The text denoting the type of the subject event of the alert message.

The code denoting the type of action recommended for the target audience. ['Shelter', 'Evacuate', 'Prepare', 'Execute', 'Avoid', 'Monitor', 'Assess', 'AllClear', 'None']

The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']

The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']

The code denoting the certainty of the subject event of the alert message. For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”. ['Likely', 'Possible', 'Unlikely', 'Unknown']

The text describing the intended audience of the alert message.

A system-specific code identifying the event type of the alert message.

The effective time of the information of the alert message.

The expected time of the beginning of the subject event of the alert message.

The expiry time of the information of the alert message.

The text naming the originator of the alert message.

The text headline of the alert message.

The text describing the subject event of the alert message.

The text describing the recommended action to be taken by recipients of the alert message.

The identifier of the hyperlink associating additional information with the alert message.

The text describing the contact for follow-up and confirmation of the alert message.

A system-specific additional parameter associated with the alert message.

The text describing the type and content of the resource file.

The identifier of the MIME content type and sub-type describing the resource file.

The integer indicating the size of the resource file.

The identifier of the hyperlink for the resource file.

The base-64 encoded data content of the resource file.

The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).

Bitcoin address used as a payment destination in a cryptocurrency

Monero address used as a payment destination in a cryptocurrency

The (uppercase) symbol of the cryptocurrency used. Symbol should be from https://coinmarketcap.com/all/views/all/ ['BTC', 'ETH', 'BCH', 'XRP', 'MIOTA', 'DASH', 'BTG', 'LTC', 'ADA', 'XMR', 'ETC', 'NEO', 'NEM', 'EOS', 'XLM', 'BCC', 'LSK', 'OMG', 'QTUM', 'ZEC', 'USDT', 'HSR', 'STRAT', 'WAVES', 'PPT', 'ETN']

Last time this payment destination address has been seen

First time this payment destination address has been seen

Last time the balances and totals have been updated

Current balance of address

Total transactions performed

Total balance received

Total balance sent

Free text value

Location of the command functionality ['Bundled', 'Module', 'Libraries', 'Unknown']

How the commands are triggered ['Local', 'Network', 'Unknown']

Description of the command functionalities

command code

description of the command

Full cookie

Name of the cookie (if splitted)

Value of the cookie (if splitted)

A description of the cookie.

Type of cookie and how it’s used in this specific object. ['Session management', 'Personalization', 'Tracking', 'Exfiltration', 'Malicious Payload', 'Beaconing']

Cortex summary object (summary) in JSON

Cortex report object (full report) in JSON

When the Cortex analyser was started

Cortex analyser/worker name

Name of the cortex server

Result of the cortex job

Cortex Taxonomy Namespace

Cortex Taxonomy Predicate

Cortex Taxonomy Value

Cortex Taxonomy Level ['info', 'safe', 'suspicious', 'malicious']

URL to the Cortex job

The name used to identify the course of action.

The type of the course of action. ['Perimeter Blocking', 'Internal Blocking', 'Redirection', 'Redirection (Honey Pot)', 'Hardening', 'Patching', 'Eradication', 'Rebuilding', 'Training', 'Monitoring', 'Physical Access Restrictions', 'Logical Access Restrictions', 'Public Disclosure', 'Diplomatic Actions', 'Policy Actions', 'Other']

A description of the course of action.

The objective of the course of action.

The stage of the threat management lifecycle that the course of action is applicable to. ['Remedy', 'Response', 'Further Analysis Required']

The estimated cost of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']

The estimated impact of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']

The estimated efficacy of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']

Eventid of the session in the cowrie honeypot

System origin in cowrie honeypot

Username related to the password(s)

Password

Session id

When the event happened

Message of the cowrie honeypot

Protocol used in the cowrie honeypot

Cowrie sensor name

Source IP address of the session

Destination IP address of the session

Source port of the session

Destination port of the session

isError

Input of the session

SSH MAC supported in the sesssion

SSH public-key algorithm supported in the session

SSH symmetric encryption algorithm supported in the session

SSH compression algorithm supported in the session

A description of the credential(s)

Username related to the password(s)

Password

Type of password(s) ['password', 'api-key', 'encryption-key', 'unknown']

Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']

Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']

Mention of any notification(s) towards the potential owner(s) of the credential(s) ['victim-notified', 'service-notified', 'none']

International Issuer Number (First eight digits of the credit card number

Name of the bank which have issued the card

Version of the card.

A description of the card.

Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.

Name of the card owner.

Initial date of validity or issued date.

Maximum date of validity

credit-card number as encoded on the card.

Bits per second

Description of the DDoS

Destination domain (victim)

Destination IP (victim)

IP address originating the attack

Destination port of the attack

Port originating the attack

Beginning of the attack

Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']

Packets per second

End of the attack

Description of the Device

Name of the Device

Alias of the Device

Type of the device ['PC', 'Mobile', 'Laptop', 'HID', 'TV', 'IoT', 'Hardware', 'Other']

OS of the device

Version of the device/ OS

Device IP address

Device DNS Name

Device MAC address

Date of device analysis

An attachment

Category. ['Cat0', 'Cat1', 'Cat2', 'Cat3', 'CatSMS']

Application-ID is used to identify for which Diameter application the message is applicable. Application-ID is a decimal representation.

Session-ID.

A decimal representation of the diameter Command Code.

Origin-Host.

Destination-Host.

Origin-Realm.

Destination-Realm.

Username (in this case, usually the IMSI).

IDR-Flags.

A description of the attack seen.

When the attack has been seen for the first time.

A description of the records

Domain name

IP Address sassociated with A Records

Domain associated with MX Record

Domain associated with NS Records

A description of the tuple

Last time the tuple has been seen

First time the tuple has been seen

Registration date of domain

Domain name

IP Address

Address of the entry point

Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']

Number of sections

Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']